V2Ray手动安装记录

网上各种一键脚本鱼龙混杂,相比之下手动安装稍微繁琐一些,但是安全性有保障。

总体思路就是V2Ray在服务器内监听本地端口,web服务器负责转发websocket。本文介绍Nginx和Caddy两种配置方式。

V2Ray

安装

这里使用官方Linux安装脚本

apt install curl unzip -y
bash <(curl -L -s https://install.direct/go.sh)

修改配置文件

然后修改V2Ray配置文件

vi /etc/v2ray/config.json

将以下内容覆盖到配置文件中

{
    "inbound":{
        "port":10010,
        "listen":"127.0.0.1",
        "protocol":"vmess",
        "settings":{
            "clients":[
                {
                    "id":"uuid",
                    "alterId":0
                }
            ]
        },
        "streamSettings":{
            "network":"ws",
            "wsSettings":{
                "path":"/path"
            }
        }
    },
    "outbound":{
        "protocol":"freedom",
        "settings":{

        }
    }
}

注意修改上述配置文件中的uuidpath,uuid建议在Online UUID Generator生成。

然后重启V2Ray服务

sudo systemctl restart v2ray

Nginx

安装

apt install nginx -y

申请SSL证书

使用Nginx需要自己申请证书, 可以利用acme.sh申请免费SSL证书, 申请完成后将证书和密钥安装到/etc/v2ray目录中

acme.sh --installcert -d example.com -d *.example.com --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc

配置虚拟主机文件

touch /etc/nginx/sites-available/example.com.conf
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
vi /etc/nginx/sites-available/example.com.conf

复制下面内容,然后粘贴进去

server
    {
        listen 80;
        server_name example.com;
        return 301 https://$host$request_uri;
        server_tokens off;
    }

server
    {
        listen 443 ssl http2 fastopen=128 reuseport;
        server_name example.com;
        ssl_certificate /etc/v2ray/v2ray.crt;
        ssl_certificate_key /etc/v2ray/v2ray.key;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        add_header Strict-Transport-Security max-age=15768000;
        server_tokens off;
        ssl_stapling on;
        ssl_stapling_verify on;
        
        location / {
        try_files $uri $uri/ =404;
        }
        
        location /path {
          proxy_redirect off;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header Host $http_host;
          proxy_intercept_errors on;
          if ($http_upgrade = "websocket" ){
             proxy_pass http://127.0.0.1:10010;
          }
        }
    }

然后:wq保存,重启Nginx即可

systemctl restart nginx

Caddy

安装

mkdir /etc/caddy
wget https://github.com/mholt/caddy/releases/download/v0.11.0/caddy_v0.11.0_linux_amd64.tar.gz
tar zxvf caddy_v0.11.0_linux_amd64.tar.gz -C /etc/caddy caddy
chmod +x /etc/caddy/caddy

配置

touch /etc/caddy/caddy.conf
vi /etc/caddy/caddy.conf

复制下面内容,然后粘贴进去

example.com
{
  tls [email protected]
  log /etc/caddy/caddy.log
  proxy /path 127.0.0.1:10010 {
    websocket
    header_upstream -Origin
  }
}

设置守护进程

使用Supervisor守护Caddy

apt install supervisor
touch /etc/supervisor/conf.d/caddy.conf
vi /etc/supervisor/conf.d/caddy.conf

复制下面内容,然后粘贴进去

[program:caddy]
user=root
command=/etc/caddy/caddy -conf /etc/caddy/caddy.conf -agree
startsecs=1
startretries=100
autorstart=true
autorestart=true

然后:wq保存即可

更新配置命令:supervisorctl update all
启动:supervisorctl start caddy
重启:supervisorctl restart caddy
停止:supervisorctl stop caddy

暂无评论

发送评论 编辑评论

上一篇
下一篇