纯手动 v2ray + Nginx + websocket + TLS + cloudflare 配置指南

Contents

纯手动配置相对安全的 v2ray 其实相当简单,无非校准服务器时间,DNS 设置,安装 HTTPS 证书,安装服务器端软件,安装客户端软件,修改两个配置文件。

1. 准备工作

1.1. 服务器时间

 v2ray 对可服务器 & 客户端之间的时间差比较敏感,最好调整到一致,相差不要太大,否则,你所有配置都OK的情况下,也是徒劳无功。

  • 查询服务器当前时间
date -R
Thu, 09 Apr 2020 16:14:45 +0800
  •  更新服务器时间 
date --set="2020-04-09 12:00"
Thu Apr  9 12:00:00 HKT 2020
  • 同步服务器时间
# 中国国家授时中心:210.72.145.44
# NTP服务器(上海) :ntp.api.bz

ntpdate -u ntp.api.bz
 9 Apr 16:18:57 ntpdate[28885]: adjust time server 17.253.84.253 offset 0.002491 sec

 

1.2. 编译安装 nginx

 关于nginx 编译安装可参考本站前文 https://crossfw.com/linux/5-openssl-nginx-http2.html#h2-1-2-1-nginx 

 

1.3. 域名设置

将域名解析指定到 cloudflare 的好处在于,最最悲剧的时候,你可以打开 cloudflare 的 cdn, 平安渡过危险期,虽然伪装 https 的访问形式足够安全,但在最最危险的时候,还是建议套用 cloudflare cdn,虽然网速变得巨慢,也好过没有。

只要点开 图标, 云就变为黄色,代表 cdn 启用,一般来说,一分钟以内能同步全球。

 

1.4. TLS 设置

参考本站前文 https://crossfw.com/linux/4-let-s-encrypt.html 前半部分即可。

 

2. 安装 v2ray 服务器

2.1. 安装 v2ray 服务器

wget https://install.direct/go.sh
chmod 755 go.sh
./go.sh

 安装完成后的信息参考如下:

Installing V2Ray v4.23.1 on x86_64
Downloading V2Ray: https://github.com/v2ray/v2ray-core/releases/download/v4.23.1/v2ray-linux-64.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   629  100   629    0     0    907      0 --:--:-- --:--:-- --:--:--   906
100 11.6M  100 11.6M    0     0  3027k      0  0:00:03  0:00:03 --:--:-- 5217k
./go.sh: line 144: unzip: command not found
Updating software repo
Installing unzip
Selecting previously unselected package unzip.
(Reading database ... 63505 files and directories currently installed.)
Preparing to unpack .../unzip_6.0-21ubuntu1_amd64.deb ...
Unpacking unzip (6.0-21ubuntu1) ...
Setting up unzip (6.0-21ubuntu1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Archive:  /tmp/v2ray/v2ray.zip
  inflating: /usr/bin/v2ray/geoip.dat  
  inflating: /usr/bin/v2ray/geosite.dat  
  inflating: /usr/bin/v2ray/v2ctl    
  inflating: /usr/bin/v2ray/v2ray    
PORT:32911
UUID:ba1a7c4a-32b6-4c03-b4fe-e48458dae27b
Archive:  /tmp/v2ray/v2ray.zip
  inflating: /etc/systemd/system/v2ray.service  
Created symlink /etc/systemd/system/multi-user.target.wants/v2ray.service → /etc/systemd/system/v2ray.service.
V2Ray v4.23.1 is installed.

 启动 v2ray 服务端

systemctl start v2ray

使用 netstat -tln 可以查看服务端口

 

2.2. 配置 nginx

由于通过 nginx 使用二级域名反代,之前已在cloudflare 设置了二级域名。nginx.conf 参考如下:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name  你的二级域名;
        ssl_protocols TLSv1.2 TLSv1.3;

        ssl_certificate      /root/.acme.sh/xxx.com/ccc.com.cer;
        ssl_certificate_key  /root/.acme.sh/xxx.com/xxx.com.key;

        ssl_certificate      /root/.acme.sh/xxx.com_ecc/xxx.com.cer;
        ssl_certificate_key  /root/.acme.sh/xxx.com_ecc/xxx.com.key;

        error_page 400 https://www.xxx.com/game/index.html;
        error_page 403 https://www.xxx.com/game/index.html;

        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions

        ssl_ecdh_curve secp384r1;
        ssl_dhparam /root/.acme.sh/xxx.com/dhparams.pem;

        ssl_prefer_server_ciphers  on;
	ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384';

	add_header Strict-Transport-Security "max-age=63072000;  includeSubdomains; preload";

	location / {
        	root  /var/www/game;
        	index  index.html index.htm;
		proxy_redirect off;
   	 	proxy_pass http://127.0.0.1:12345; #你的反代端口
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection "upgrade";
    		proxy_set_header Host $host;

		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
      }

}

 

2.3. 配置 v2ray 服务器

/etc/v2ray/config.json

主要增加 streamSeetings 那一段就可以了: 

{
  "inbounds": [{
    "port": 12345, #端口
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "xxxxxxxx-xxxxxxxxxxx-xxxxxxxxxx-xxx",#你的id
          "level": 1,
          "alterId": 64
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "kcpSettings": null,
      "wsSettings": {
        "path": "/"
      },
      "tcpSettings": null,
      "tlsSettings": {},
      "security": ""
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}

 

 重启 nginx & v2ray。

2.4. 配置 v2ray 客户端

可到 https://github.com/2dust/v2rayN/releases/latest 下载最新版本的 v2rayN-Core 版本,

 如图所示涉及即可: 

 

 

 

 

 

  • 我在这里:  
  • 首页
  • Linux
  • 纯手动 v2ray + Nginx + websocket + TLS + cloudflare 配置指南