blog
blog copied to clipboard
Published
20 hours ago •
duyuanch
duyuanch
v2ray+websocket+tls+nginx 伪装流量科学上网(干货)
v2ray websocket tls nginx 伪装流量科学上网(干货)
本教程所需要的工具
购买vps
关闭防火墙
systemctl stop firewalld
开启Google BBR加速(可选)
https://github.com/shellhub/blog/issues/54
安装v2ray
bash <(curl -L -s https://install.direct/go.sh) # 官方脚本安装
# 配置v2ray配置文件
cat <<EOT > /etc/v2ray/config.json
{
"inbounds": [
{
"port": 9876,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
EOT
/usr/bin/v2ray/v2ray -test -config=/etc/v2ray/config.json # 测试v2ray文件是否正确
systemctl restart v2ray # 重启v2ray服务
安装免费ssl证书
yum install epel-release -y
yum update -y
yum install certbot -y
# 生成证书
certbot certonly --standalone --agree-tos -n -d www.duyuanchao.me -d duyuanchao.me -m [email protected]
# 自动更新ssl证书
echo "0 0 1 */2 * service nginx stop; certbot renew; service nginx start;" | crontab
安装nginx
yum install nginx -y # 安装nginx
systemctl status nginx # 查看nginx状态
systemctl start nginx # 启动nginx服务器
配置nginx
cat <<EOT > /etc/nginx/conf.d/default.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
# config ssl
ssl_certificate /etc/letsencrypt/live/www.duyuanchao.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.duyuanchao.me/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name duyuanchao.me; # config server_name
location /ray { # config path
if (\$http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:9876; # config proxy_pass
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOT
nginx -t # 检查配置文件是否正确
systemctl restart nginx # 重启nginx
setsebool -P httpd_can_network_connect 1 && setenforce 0 # 部分linux系统需要运行这个命令
安装网页模版
推荐网站模版
- https://www.free-css.com/free-css-templates
- https://colorlib.com/wp/templates/
cd /usr/share/nginx/html/
yum install wget unzip -y
wget website.zip
unzip website.zip
mv website/* .
防火墙优化
yum install ufw -y
ufw status # 查看防火墙状态
ufw disable # 关闭防火墙
ufw enable # 开启防火墙
ufw allow 443/tcp # 开启 443/tcp端口
