centos7基于nginx搭建v2ray服务端配置vmess+tls+websocket完全手册
一直都是使用自建shadowsocks科学上网,服务很稳定,虽然v2ray出现了很久,但是没花心思研究两者之间有什么区别。后来无意间查询自己手机的上网记录,出现下图信息,我感觉还是让上网更隐蔽一点更好。
怎么让手机上网记录看起来更正常一点呢?v2ray服务端配置vmess+tls+websocket就是一种解决方式,下面是我使用这种方式之后手机上网记录信息:
接下来就是我实现上述情形的解决过程记录。
1.环境准备
VPS : 推荐一下DigitalOcean;
一个域名,推荐去godaddy注册,注册之前最好找一下优惠券;
vps部署Nginx并启用tls安装证书;
相关文章推荐:
请继续下一步之前,先依次完成下列步骤:
注册一个自己的VPS服务器;
注册一个自己的域名并解析到自己的VPS;
登录VPS并安装部署Nginx;
完成域名的https SSL安全证书启用;
只有完成上面的步骤在继续下面操作,才能实现v2ray服务端配置vmess+tls+websocket。
我的环境:
服务器系统:Digitalocean CentOS 7.5 x64 ;
v2ray版本:v4.17.0;
nginx版本:nginx/1.14.2 (CentOS);
证书:Let’s Encrypt certbot-0.31.0;
v2rayN:2.22
2.安装v2ray
安装过程很简单,只要能正常连接自己的VPS并进行登录,然后执行一下安装命令即可,安装过程参考:从零开始:史上最详尽V2Ray搭建图文教程,重要的接下来的配置过程。
3.配置v2ray服务端
假设你的域名是v2ray.com,并将二级域名hi.v2ray.com解析到你的VPS。
执行下面的命令,开始配置v2ray:
[root@ss-us ~]# vi /etc/v2ray/config.json
按i键编辑文件,把内容更改为下面的内容:
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 33684,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "0c67ca68-63ad-40c5-898e-9cf1925c8694",
"level": 1,
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/etc/nginx/html"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"rules": [
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "blocked"
}
]
}}3.配置Nginx
执行下面的命令,开始配置nginx:
[root@ss-us ~]# vi /etc/nginx/conf.d/v2ray.conf
按i键编辑文件,把内容更改为下面的内容:
server{
listen 80;
server_name hi.aitlp.com;
return 301 https://$server_name$request_uri;}server {
listen 443 ssl http2 default_server;
server_name hi.v2ray.com;
ssl_certificate /etc/letsencrypt/live/hi.v2ray.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hi.v2ray.com/privkey.pem;
root /etc/nginx/html;
index index.html;
location /etc/nginx/html {
proxy_redirect off;
proxy_pass http://127.0.0.1:27321;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}}4.重启v2ray、nginx服务
systemctl restart v2ray systemctl restart nginx
客户端配置json
如果你通过Json文件配置,则客户端的json配置内容:
{
"log": {
"loglevel": "warning"
},
"inbound": {
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": false
}
},
"inboundDetour": [
{
"port": 8128,
"listen": "127.0.0.1",
"protocol": "http",
"settings": {}
}
],
"outbound": {
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "hi.v2ray.com",
"port": 443,
"users": [{
"id": "0c67ca68-63ad-40c5-898e-9cf1925c8694",
"level": 1,
"alterId": 64,
"security": "aes-128-gcm"
}]
}]
},
"streamSettings":{
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "hi.v2ray.com"
},
"wsSettings": {
"path": "/etc/nginx/html"
}
},
"tag": "forgin"
},
"outboundDetour": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
}
],
"routing": {
"strategy": "rules",
"settings": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "chinaip",
"outboundTag": "direct"
},
{
"type": "chinasites",
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "direct"
}
]
}
},
"policy": {
"levels": {
"0": {"uplinkOnly": 0}
}
}}5.客户端界面配置
这里我是用v2rayN,配置如下:
6.常见问题
1)使用v2ray访问谷歌提示异常流量;
2)启用cloudflare cdn之后v2ray报403错误;
参考文章:
评论专区