搞之前先贴上官方文档
0x00 准备工作
- VPS一台(visa信用卡可以在
google cloud撸一年vps) - 一个域名
- 申请一年免费证书(可以在阿里云申请免费域名,也可以用
Let's Encrypt申请免费证书并自动更新)
0x01 一键安装配置v2ray
bash <(curl -L -s https://install.direct/go.sh)
v2ray配置文件路径/etc/v2ray/conf.json
注:json不支持注释,此处如果复制,需要删除每行#以及后面内容1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39{
"inbounds": [{
"port": 12345, #修改监听端口
"listen": "127.0.0.1", #增加监听地址
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "bd034e62-4e0c-40c7-a39b-bac3a750aa96", #用uuidgen生成uuid后修改此处
"level": 1,
"alterId": 64
}
]
}, #ws配置开始
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ads" #修改此处的路径并记录,后面在nginx中需要用到
}
} #ws配置结束
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
0x02 安装并配置nginx
yum install nginx,在/etc/nginx/conf.d/中增加v2ray.conf文件,内容如下1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32server { #此server强制80跳转到443
listen 80;
server_name www.abc.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name www.abc.com;
ssl_certificate /etc/nginx/ssl/v2ray.pem; #域名证书存放路径
ssl_certificate_key /etc/nginx/ssl/v2ray.key; #域名key存放路径
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location = /ads { #此处location为v2ray中配置的path
proxy_pass http://127.0.0.1:12345;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
# 优化操作1 将除了ads以外的请求重定向到百度,也可以重定向到其他域名,如个人博客之类的
location / {
rewrite .* https://www.baidu.com/ permanent;
}
}
- 优化操作2 隐藏nginx版本号
在/etc/nginx/nginx.conf的http段增加server_tokens off;