配置v2ray+nginx+ws访问国际网络

发表于 | 分类于 | | 浏览 75
字数统计: 502 | 阅读时长 ≈ 2

搞之前先贴上官方文档

0x00 准备工作

  1. VPS一台(visa信用卡可以在google cloud撸一年vps)
  2. 一个域名
  3. 申请一年免费证书(可以在阿里云申请免费域名,也可以用Let's Encrypt申请免费证书并自动更新)

0x01 一键安装配置v2ray

bash <(curl -L -s https://install.direct/go.sh)

v2ray配置文件路径/etc/v2ray/conf.json
注:json不支持注释,此处如果复制,需要删除每行#以及后面内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
  "inbounds": [{
    "port": 12345,    #修改监听端口
    "listen": "127.0.0.1",  #增加监听地址
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "bd034e62-4e0c-40c7-a39b-bac3a750aa96", #用uuidgen生成uuid后修改此处
          "level": 1,
          "alterId": 64
        }
      ]
    }, #ws配置开始
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/ads"  #修改此处的路径并记录,后面在nginx中需要用到
        }
      } #ws配置结束
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}

0x02 安装并配置nginx

yum install nginx,在/etc/nginx/conf.d/中增加v2ray.conf文件,内容如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
server { #此server强制80跳转到443
    listen 80;
    server_name www.abc.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    listen       443 ssl;
    server_name  www.abc.com;

    ssl_certificate    /etc/nginx/ssl/v2ray.pem;  #域名证书存放路径
    ssl_certificate_key    /etc/nginx/ssl/v2ray.key; #域名key存放路径
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    location = /ads {  #此处location为v2ray中配置的path
       proxy_pass       http://127.0.0.1:12345;
       proxy_redirect             off;
       proxy_http_version         1.1;
       proxy_set_header Upgrade   $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_set_header Host      $http_host;
    }

    # 优化操作1 将除了ads以外的请求重定向到百度,也可以重定向到其他域名,如个人博客之类的
    location / {
       rewrite .* https://www.baidu.com/ permanent;
    }
}

  • 优化操作2 隐藏nginx版本号
    /etc/nginx/nginx.confhttp段增加server_tokens off;
Powered By Valine
v1.5.2
0%