5.4 KiB
Executable File
5.4 KiB
Executable File
v2ray和trojan的翻墙配置
v2ray
-
准备工作:
- 一个域名;
- 一台vps(国外的);
- 证书(参考2.自动获取域名证书及DNS设置)
-
环境:
- linux;
- nginx;
- 证书已申请好,域名解析到服务器;
- 时间准确;
- 端口443放行。
-
安装v2ray
bash <(curl -L -s https://install.direct/go.sh) bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)这个路径在这里:
- 应用:/usr/local/bin/v2ray
- 配置文件:/usr/local/etc/v2ray/config.json
-
v2ray配置文件
{ "stats": {}, "api": { "tag": "api", "services": [ "StatsService" ] }, "policy": { "levels": { "0": { "statsUserUplink": true, "statsUserDownlink": true } }, "system": { "statsInboundUplink": true, "statsInboundDownlink": true } }, "log" : { "access": "/var/log/v2ray/access.log", "error": "/var/log/v2ray/error.log", "loglevel": "warning" }, "inbounds": [ { "tag": "tcp", //不能改 "port": 15105, //v2ray应用的端口 "protocol": "vmess", //不能改,用的vmess协议 "settings": { "clients": [ //用户信息。如果是多用户,可添加。 { "email": "a98268t3-y26c-4m4c", //随便填 "id": "a98268e3-526c-414c-ac79-aea14b5a68c9", //uuid生成器生成 "level": 0, "alterId": 64 }, { "email": "2856e4id-pa84-4h8a", "id": "2856e40d-7a84-438a-9f2a-68b932c0ed64", "level": 0, "alterId": 64 } ] }, "streamSettings": { //这是很重要的, "network": "ws", //必须是ws认证 "wsSettings": { "path": "/dongshan" //这个path随便填,只要与nginx和客户端填写的一致 } }, "sniffing": { //这个也很重要 "enabled": true, "destOverride": [ "http", "tls" //必须是tls ] } }, { "listen": "127.0.0.1", //流量统计用的 "port": 10085, "protocol": "dokodemo-door", "settings": { "address": "127.0.0.1" }, "tag": "api" } ], //到此结束。后面的照抄 "outbounds": [ { "protocol": "freedom", "settings": {} } ], "routing": { "settings": { "rules": [ { "inboundTag": [ "api" ], "outboundTag": "api", "type": "field" } ] }, "strategy": "rules" }
} ```
- nginx配置文件:
server {
listen 443 ssl http2; #443后面一定加上ssl
listen [::]:443 http2;
ssl_certificate /data/i.disbaidu.com.crt; #这是证书的位置
ssl_certificate_key /data/i.disbaidu.com.key; #这是证书的位置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
server_name i.disbaidu.com; #域名地址
index index.html index.htm;
root /home/wwwroot/3DCEList; #这个随便
error_page 400 = /400.html;
# Config for 0-RTT in TLSv1.3
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
location /
{
proxy_pass https://ftp.udx.icscoe.jp/Linux/;
}
location /dongshan #这就是v2ray的重要的配置
{
proxy_redirect off;
proxy_pass http://127.0.0.1:15105; #端口就是在v2ray里面填写的;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Config for 0-RTT in TLSv1.3
proxy_set_header Early-Data $ssl_early_data;
}
}
server {
listen 80;
server_name i.disbaidu.com;
return 301 https://i.disbaidu.com$request_uri;
}
-
客户端配置:
参考一个配置,其余的大差不差:
-
v2ray加入开机启动:
systemctl enable v2ray.service