note/tech/v2ray和trojan的翻墙配置.md

# v2ray和trojan的翻墙配置

## v2ray
0. 准备工作：
	* 一个域名；
	* 一台vps（国外的）；
	* 证书（参考[2.自动获取域名证书及DNS设置](:/0a677545c7cc4464a4c0d361354997b6)）

1. 环境：
	* linux；
	* nginx；
	* 证书已申请好，域名解析到服务器；
	* 时间准确；
	* 端口443放行。
2. 安装v2ray
	```shell
	bash <(curl -L -s https://install.direct/go.sh)
	bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

	```

	这个路径在这里：
	* 应用：/usr/local/bin/v2ray 
	* 配置文件：/usr/local/etc/v2ray/config.json
	
3. v2ray配置文件
	```json
	{
    "stats": {},
    "api": {
        "tag": "api",
        "services": [
            "StatsService"
        ]
    },
    "policy": {
        "levels": {
            "0": {
                "statsUserUplink": true,
                "statsUserDownlink": true
            }
        },
        "system": {
            "statsInboundUplink": true,
            "statsInboundDownlink": true
        }
    },
    "log" : {
     "access": "/var/log/v2ray/access.log",
     "error": "/var/log/v2ray/error.log",
     "loglevel": "warning"
   },
    "inbounds": [
        {
            "tag": "tcp",				//不能改
            "port": 15105,				//v2ray应用的端口
            "protocol": "vmess",			//不能改，用的vmess协议
            "settings": {
                "clients": [			//用户信息。如果是多用户，可添加。
                    {
                        "email": "a98268t3-y26c-4m4c",		//随便填
                        "id": "a98268e3-526c-414c-ac79-aea14b5a68c9",	//uuid生成器生成
                        "level": 0,
                        "alterId": 64
                    },
					{
                        "email": "2856e4id-pa84-4h8a",
                        "id": "2856e40d-7a84-438a-9f2a-68b932c0ed64",
                        "level": 0,
                        "alterId": 64
                    }
                ]
            },
            "streamSettings": {			//这是很重要的，
                                "network": "ws",	//必须是ws认证
                                "wsSettings": {
                                "path": "/dongshan"	//这个path随便填，只要与nginx和客户端填写的一致
                                }
                        },
                         "sniffing": {		//这个也很重要
                                "enabled": true,
                                "destOverride": [
                                        "http",
                                        "tls"	//必须是tls
                                ]
                        }
        },
        {
            "listen": "127.0.0.1",			//流量统计用的
            "port": 10085,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "127.0.0.1"
            },
            "tag": "api"
        }
    ],						//到此结束。后面的照抄
    "outbounds": [
        {
            "protocol": "freedom",
            "settings": {}
        }
    ],
    "routing": {
        "settings": {
            "rules": [
                {
                    "inboundTag": [
                        "api"
                    ],
                    "outboundTag": "api",
                    "type": "field"
                }
            ]
        },
        "strategy": "rules"
    }
}
	```
	
4. nginx配置文件：
```ini
    server {
        listen 443 ssl http2;	#443后面一定加上ssl
        listen [::]:443 http2;
        ssl_certificate       /data/i.disbaidu.com.crt;	#这是证书的位置
        ssl_certificate_key   /data/i.disbaidu.com.key; #这是证书的位置
        ssl_protocols         TLSv1.2 TLSv1.3;
        ssl_ciphers           TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
        server_name i.disbaidu.com;	#域名地址
        index index.html index.htm;
        root  /home/wwwroot/3DCEList;	#这个随便
        error_page 400 = /400.html;

        # Config for 0-RTT in TLSv1.3
        ssl_early_data on; 
        ssl_stapling on; 
        ssl_stapling_verify on; 
        add_header Strict-Transport-Security "max-age=31536000";
	
        location /
        {
                proxy_pass https://ftp.udx.icscoe.jp/Linux/;
        }
        location /dongshan		#这就是v2ray的重要的配置
        {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:15105;		#端口就是在v2ray里面填写的；
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        # Config for 0-RTT in TLSv1.3
        proxy_set_header Early-Data $ssl_early_data;
        }
}
    server {
        listen 80; 
        server_name i.disbaidu.com;
        return 301 https://i.disbaidu.com$request_uri;
   }   
```

5. 客户端配置：

	参考一个配置，其余的大差不差：
![8debbf7f96e4af1a044300a337d38022.png](:/006a9e1c5fb3495b83b624ee02d9f1fa)

6. v2ray加入开机启动：
	`systemctl enable v2ray.service`
	

## Trojan的配置