憶の年

v2ray配置 WebSocket+TLS+Nginx
安装方法参照官方安装以下只给出WebSocket+TLS+Nginx的配置文件服务端配置{ "log...
扫描右侧二维码阅读全文
13
2018/08

v2ray配置 WebSocket+TLS+Nginx

请注意,本文编写于 464 天前,最后修改于 408 天前,其中某些信息可能已经过时。

安装方法参照官方安装
以下只给出WebSocket+TLS+Nginx的配置文件

服务端配置

{
  "log": {
    "access": "/var/log/v2ray/access.log", 
    "error": "/var/log/v2ray/error.log", 
    //可能取值 "none" "info" "warning" "error" 其中"debug"记录的数据最多,"error"记录的最少 "none"表示不记录任何内容 默认值为"warning"
    "loglevel": "debug" 
  },
  //注"policy"字段需要core≥3.1
  "policy": {
    "levels": {
      "0": {
        "uplinkOnly": 0,
        "downlinkOnly": 0,
        "connIdle": 150,
        "handshake": 4
      }
    }
  },
  "inbound": {
    //默认值为"0.0.0.0"
    "listen": "127.0.0.1", //监听ip
    "port": 39005,   //监听端口
    "protocol": "vmess", 
    "settings": {
      "clients": [
        {
          "id": "7f43b638-dc47-11e7-9296-cec278b6b50a",  //自行修改UID
          //"level"字段与"policy"字段中的"levels"字段中的对应,默认值:0,注:需要core≥3.1
          "level": 1, 
          "alterId": 64
        }
      ]
    }, 
    "streamSettings": {
      "network": "ws", 
      "security": "auto", 
      "wsSettings": {
        "path": "/PATH/", 
        "headers": {
          "Host": "ip.nuei.cn"   //自行修改
        }
      }
    }
  }, 
  "outbound": {
    "protocol": "freedom", 
    "settings": { }
  }, 
  "outboundDetour": [
    {
      "protocol": "blackhole", 
      "settings": { }, 
      "tag": "blocked"
    }
  ], 
  "routing": {
    "strategy": "rules", 
    "settings": {
      "rules": [
        {
          "type": "field", 
          "ip": [
            "0.0.0.0/8", 
            "10.0.0.0/8", 
            "100.64.0.0/10", 
            "127.0.0.0/8", 
            "169.254.0.0/16", 
            "172.16.0.0/12", 
            "192.0.0.0/24", 
            "192.0.2.0/24", 
            "192.168.0.0/16", 
            "198.18.0.0/15", 
            "198.51.100.0/24", 
            "203.0.113.0/24", 
            "::1/128", 
            "fc00::/7", 
            "fe80::/10"
          ], 
          "outboundTag": "blocked"
        }
      ]
    }
  }
}

nginx配置

我的nginx是bt面板安装的

server
{
    listen 80;
    listen 443 ssl http2;
    server_name esc.ac.cn;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/esc.ac.cn;
    
    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /etc/letsencrypt/live/esc.ac.cn/fullchain.pem; #自行更改ssl证书目录
    ssl_certificate_key    /etc/letsencrypt/live/esc.ac.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    
    location /PATH/  #服务端"path": "/PATH/",一样
    {
        proxy_pass http://127.0.0.1:39005; 反向代理v2ray监听ip和端口
            proxy_http_version                    1.1;
            proxy_redirect                        off;
            proxy_set_header  Host                $http_host;
            proxy_set_header  Upgrade            $http_upgrade;
            proxy_set_header  Connection        "upgrade";
        

    }
    
  

    
    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }
    
    access_log  /www/wwwlogs/esc.ac.cn.log;
    error_log  /www/wwwlogs/esc.ac.cn.error.log;
}

客户端

{
    "inbound": {
        "port": 1086, //浏览器设置socks代理端口
        "listen": "127.0.0.1",//浏览器设置socks代理地址
        "protocol": "socks",
        "settings": {
            "auth": "noauth",
            "udp": true
        }
    },
    "outbound": {
        "protocol": "vmess",
        "settings": {
            "vnext": [
                {
                    "address": "esc.ac.cn", //nginx绑定的域名
                    "port": 443, //nginx监听的端口
                    "users": [ {
                            "id": "7f43b638-dc47-11e7-9296-cec27850a",  //和服务端一样
                            "level": 1, //和服务端一样
                            "alterId": 64 //和服务端一样
                        } ]
                }
            ]
        },
        "streamSettings": {
            "network": "ws",
            "security": "tls",
            "tlsSettings": {
                "serverName": "esc.ac.cn"
            },
            "wsSettings": {
                "path": "/PATH/" //服务端 nginx 客户端必须一样
            }
        },
        "mux": {
        "concurrency": 6,
        "enabled": true
        }
    },
    "outboundDetour": [
        {
            "protocol": "freedom",
            "settings": {},
            "tag": "direct"
        }
    ],
      // 注"policy"字段需要core≥3.1
    "policy": {
    "levels": {
      "0": {
        "uplinkOnly": 0,
        "downlinkOnly": 0,
        "connIdle": 150,
        "handshake": 4
      }
    }
  },
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "direct"
                }
            ]
        }
    }
}
最后修改:2018 年 10 月 07 日 09 : 21 PM

发表评论