Xray-core
Xray-core copied to clipboard
XTLS
v2ray 如何启用链式代理
我有一台服务器(ip已被墙,目前配置只有vmess+ws+CDN能用,其他失效),还有一个万人骑的机场(shadowsocks,chacha20-ietf-poly1305,我不能部署这台服务器的,只能使用),我的目的是以这个机场来过GFW然后再到我的服务器再访问目的网站,听说链式代理很NB,我的服务器配置如下,谁能提供下v2ray客户端和服务端的配置方法,顺便把那个vless和Trojan的给精简删了吧反正没法使用,我是小白哈
-----------------------xray----config.json---------------------- {
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"port": 443, //端口
"protocol": "vless", //协议类型
"settings": {
"clients": [
{
"id": "2443a6a6-ba06-44be-b88c-8abe1ee99738", //替换为你的uuid
"flow": "xtls-rprx-vision" //流控
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 10010, //Trojan协议的分流端口
"xver": 1
},
{
"path": "/vlessws", //vless+ws的分流路径
"dest": 10011, //分流端口
"xver": 1
},
{
"path": "/vmessws", //vmess+ws的分流路径
"dest": 10012, //分流端口
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true, //服务端接收到的 SNI 与证书域名不匹配即拒绝 TLS 握手
"fingerprint": "360", //TLS指纹伪装,伪装为chrome浏览器指纹
"allowInsecure": false, //不允许不安全连接(仅用于客户端)
"alpn": [
"http/1.1","h2"
],
"certificates": [
{
"ocspStapling": 3600, //OCSP 装订更新,与证书热重载的时间间隔
"certificateFile": "/etc/ssl/private/cert.crt", //证书位置,绝对路径
"keyFile": "/etc/ssl/private/private.key" //私钥位置,绝对路径
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"port": 10010, //trojan节点的分流端口
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "pass" //替换为你的密码
}
],
"fallbacks": [
{
"alpn": "h2", //h2回落
"dest": 81, //h2回落端口
"xver": 1
},
{
"dest": 82, //http/1.1回落端口
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true
}
}
},
{
"port": 10011, //vless+ws节点的分流端口
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "ba44ec0a-ff3b-43f7-997f-1f3de0de4d9b" //替换为你的uuid
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, //若使用Nginx/Caddy等反代WS,需要删掉这行
"path": "/vlessws" //ws的路径,需要和分流的一致
}
}
},
{
"port": 10012, //vmess+ws节点的分流端口
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "082d06de-374b-4524-8d44-d64f04d16342" //替换为你的uuid
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, //若使用Nginx/Caddy等反代WS,需要删掉这行
"path": "/vmessws" //ws的路径,需要和分流的一致
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
------------------------------nginx-------nginx.conf----------------------- user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;
events { worker_connections 768; }
http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65;
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri; #HTTP自动跳转HTTPS
}
server {
listen 127.0.0.1:82 proxy_protocol default_server;
listen 127.0.0.1:81 http2 proxy_protocol default_server;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
server_name _;
return 404;
} #限定域名访问,返回404
server {
server_name boop.yuming.mom; #你的域名
listen 127.0.0.1:82 proxy_protocol; #HTTP/1.1本地监听端口
listen 127.0.0.1:81 http2 proxy_protocol; #H2本地监听端口
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS
proxy_pass https://www.hao123.com; #伪装网址
proxy_ssl_server_name on;
proxy_redirect off;
sub_filter_once off;
sub_filter "www.hao123.com" $server_name; #伪装网址
proxy_set_header Host "www.hao123.com"; #伪装网址
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language "zh-CN";
}
}
}
既然你在问我也在你这挂一个问题吧0.0
为什么我的链式代理不生效呢????
{
"tag": "isp",
"protocol": "socks",
"proxySettings":
{
"tag": "sg",
"transportLayer": true
},
"settings":
{
"servers":
[
{
"address": "",
"ota": false,
"port": ,
"level": 1,
"users":
[
{
"user": "",
"pass": "",
"level": 1
}
]
}
]
}
},
{
"tag": "sg",
"protocol": "vmess",
"settings":
{
"vnext":
[
{
"address": "",
"port": ,
"users":
[
{
"id": "",
"alterId": 0,
"email": "",
"security": "auto"
}
]
}
]
},
"streamSettings":
{
"network": "ws",
"wsSettings":
{
"path": "",
"headers":
{
"Host": ""
}
}
},
"mux":
{
"enabled": false,
"concurrency": -1
}
}
啊哈哈,我已经解决了,我是搞错协议了 使用proxySetting和sockop都可以 "proxySettings": { "tag": "us-cc", "transportLayer": true }
"streamSettings": { "sockopt": { "dialerProxy": "us-cc" } }
- Shadowsocks is blocked by GFW.
- Vmess protocol is operational.
Proxy chain employs Vmess to circumvent the GFW, subsequently utilizing the Shadowsocks IP for website access.
{
"outbounds": [
{
"tag": "shadowsocks",
"protocol": "shadowsocks",
"settings": {
"servers": [
{}
]
},
"streamSettings": {
"network": "tcp",
"sockopt": {
"dialerProxy": "proxy"
}
}
},
{
"protocol": "vmess",
"settings": {},
"tag": "proxy"
}
]
}
