背景: v2ray的vmess本身是一款稳定、安全的协议,在稳定安全的基础上,大家还会对速度和性能有更高的追求。在此背景下,诞生了Trojan及vless之类的协议,vless的实现思想和trojan类似。而xray是在v2ray-core的基础上实现了vmess和vless的功能合集,而且还增加对xtls的支持。
像trojan的设计是直接使用HTTPS通信,会占用443端口,如果你的VPS服务器除了科学上网工具,还同时搭建了网站的话,这就会产生冲突。
今天这个xray的搭建教程,是通过SNI回落的方式,来实现将xray的vless使用443端口,作为统一的网络通信入口。80端口会跳转到443端口。然后通过SNI回落,来将不同域名及协议进行分流:也就是vmess协议的流量,会回落到vmess的监听端口;网站对应的域名,会回落到网站对应的端口地址。从而实现vless、vmess、网站共存,443端口复用的目的。
结果预期:
- 可实现vless协议的代理服务;
- 可实现vmess协议的代理服务;
- 可通过443端口来实现网站服务的正常访问;
v2ray搭建脚本说明
使用到的安装脚本,是xray社区的官方脚本:https://github.com/XTLS/Xray-install; 该脚本在执行时会提供info和error 等信息,请仔细查看执行过程中打印的信息。
简要使用:
- 安装和更新xray-core及geodata
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
- 只安装xray-core,不安装geodata
// 只更新 .dat 資料檔 bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata
- 移除/卸载xray
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge
环境信息
- 系统:Debian GNU/Linux 10
- 这里使用的root用户
- xray-core版本:v1.5.4,地址:https://github.com/XTLS/Xray-core/releases ;
- v2rayN:5.9,地址:https://github.com/2dust/v2rayN/releases ;
开始搭建
下面我搭建过程中涉及的域名your-domain.com,请在实际执行过程中,换成你自己的域名。
1 连接VPS
这篇文章里有使用xshell远程连接VPS的细节。
2 更新VPS环境
apt update
3 安装curl
apt install -y curl
4 安装xray
使用curl进行安装
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
上面的脚本执行日志的细节如下:
root@racknerd-2092ac:~# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 141 100 141 0 0 1226 0 --:--:-- --:--:-- --:--:-- 1226 100 29581 100 29581 0 0 98933 0 --:--:-- --:--:-- --:--:-- 98933 info: Installing Xray v1.5.4 for x86_64 Reading package lists... Done Building dependency tree... Done Reading state information... Done Suggested packages: zip The following NEW packages will be installed: unzip 0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded. Need to get 171 kB of archives. After this operation, 394 kB of additional disk space will be used. Get:1 http://ftp.us.debian.org/debian bullseye/main amd64 unzip amd64 6.0-26 [171 kB] Fetched 171 kB in 0s (451 kB/s) Selecting previously unselected package unzip. (Reading database ... 27963 files and directories currently installed.) Preparing to unpack .../unzip_6.0-26_amd64.deb ... Unpacking unzip (6.0-26) ... Setting up unzip (6.0-26) ... Processing triggers for mailcap (3.69) ... Processing triggers for man-db (2.9.4-2) ... info: unzip is installed. Downloading Xray archive: https://github.com/XTLS/Xray-core/releases/download/v1.5.4/Xray-linux-64.zip % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 656 100 656 0 0 2420 0 --:--:-- --:--:-- --:--:-- 2429 100 9703k 100 9703k 0 0 6260k 0 0:00:01 0:00:01 --:--:-- 9985k info: Extract the Xray package to /tmp/tmp.VGDYskiu7y and prepare it for installation. rm: cannot remove '/etc/systemd/system/xray.service.d/10-donot_touch_multi_conf.conf': No such file or directory rm: cannot remove '/etc/systemd/system/xray@.service.d/10-donot_touch_multi_conf.conf': No such file or directory info: Systemd service files have been installed successfully! warning: The following are the actual parameters for the xray service startup. warning: Please make sure the configuration file path is correctly set. # /etc/systemd/system/xray.service [Unit] Description=Xray Service Documentation=https://github.com/xtls After=network.target nss-lookup.target [Service] User=root #CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE #NoNewPrivileges=true ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json Restart=on-failure RestartPreventExitStatus=23 LimitNPROC=10000 LimitNOFILE=1000000 [Install] WantedBy=multi-user.target # /etc/systemd/system/xray.service.d/10-donot_touch_single_conf.conf # In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there. # Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html [Service] ExecStart= ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json installed: /usr/local/bin/xray installed: /usr/local/share/xray/geoip.dat installed: /usr/local/share/xray/geosite.dat installed: /usr/local/etc/xray/config.json installed: /var/log/xray/ installed: /var/log/xray/access.log installed: /var/log/xray/error.log installed: /etc/systemd/system/xray.service installed: /etc/systemd/system/xray@.service removed: /tmp/tmp.VGDYskiu7y info: Xray v1.5.4 is installed. You may need to execute a command to remove dependent software: apt purge curl unzip Created symlink /etc/systemd/system/multi-user.target.wants/xray.service → /etc/systemd/system/xray.service. info: Enable and start the Xray service
从日志里,我们可以看到安装使用的配置文件信息:/usr/local/etc/xray/config.json。
5 安装nginx
执行安装
apt install -y nginx
新建网页目录
这里在假设是/root/www。
mkdir -p /root/www
新建首页
在/root/www目录下新建一个index.html文件,
vi /root/www/index.html
内容如下:
<html> <title>欢迎访问四个空格</title> <head><meta charset="UTF-8"></head> <body> <a href="https://www.4spaces.org/install-v2ray-v-4-44-on-debian-2022/">四个空格</a> </body> </html>
新建配置文件
注: 不同版本的nginx配置文件可能有区别,我的是nginx/1.18.0,配置文件/etc/nginx/sites-enabled/default。或者你的配置文件可能在/etc/nginx/conf.d/default.conf。
输入vi /etc/nginx/sites-enabled/default命令,编辑nginx配置文件为如下内容:
server{ listen 80; server_name www.your-domain.com your-domain.com blog.your-domain.com; index index.html; root /root/www/; }
这里你可能需要将/etc/nginx/nginx.conf中第一行user www-data改为user root,即当前用户。
启动nginx服务
#启动Nginx并设置为开机自启 systemctl start nginx;systemctl enable nginx #查看nginx启动状态 systemctl status nginx
说明:配置文件中,www.your-domain.com、your-domain.com作为网站域名使用,通过443端口作为入口,在xray回落配置里,域名分流指向网站目录。而blog.your-domain.com是根据vmess协议分流到代理服务端口。
在浏览器里访问your-domain.com,如果正常则说明nginx配置没问题,这是是没有加密的,不带HTTPS的网址:http://www.your-domain.com。
6.6 安装certbot并申请ssl证书
具体如下:
安装snapd
apt install -y snapd
确保snapd为最新版本
snap install core; snap refresh core
安装certbot
snap install --classic certbot
创建软链
ln -s /snap/bin/certbot /usr/bin/certbot
申请证书
运行certbot --nginx开始申请证书,申请时,选择为多个域名申请证书时,各域名对应数字用英文逗号或空格分隔,如下:
如上图,执行过程中出现Successfully received certificate表示获取证书成功,并显示了证书的保存路径。
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/your-domain/fullchain.pem Key is saved at: /etc/letsencrypt/live/your-domain/privkey.pem This certificate expires on 2022-07-20.
6.7 更改Nginx和xray配置文件信息
xray配置
将/usr/local/etc/xray/config.json更改为以下内容:
{ "log": { "loglevel": "warning", "access": "/var/log/xray/access.log", "error": "/var/log/xray/error.log" }, "inbounds": [{ "port": 443, "protocol": "vless", "settings": { "clients": [{ "id": "e2b89a7a-6a6b-47f1-9e17-09c6d1e5a746", "flow": "xtls-rprx-direct" } ], "decryption": "none", "fallbacks": [{ "name": "blog.your-domain.com", "path": "/vmessws", "dest": 6000, "xver": 1 }, { "dest": 6001, "xver": 1 }, { "alpn": "h2", "dest": 6002, "xver": 1 }, { "name": "your-domain.com", "dest": 6003, "xver": 1 }, { "name": "your-domain.com", "alpn": "h2", "dest": 6004, "xver": 1 } ] }, "streamSettings": { "network": "tcp", "security": "xtls", "xtlsSettings": { "alpn": [ "h2", "http/1.1" ], "certificates": [{ "certificateFile": "/etc/letsencrypt/live/your-domain.com/fullchain.pem", "keyFile": "/etc/letsencrypt/live/your-domain.com/privkey.pem" } ] } } }, { "port": 6000, "listen": "127.0.0.1", "protocol": "vmess", "settings": { "clients": [{ "id": "2f726dac-6a7a-430d-8870-fb5634cf500c" } ] }, "streamSettings": { "network": "ws", "wsSettings": { "acceptProxyProtocol": true, "path": "/vmessws" } } } ], "outbounds": [{ "protocol": "freedom" } ] }
将上面的域名换成自己的域名。
nginx配置
配置文件/etc/nginx/site-enabled/default:
set_real_ip_from 127.0.0.1; real_ip_header proxy_protocol; server { listen 127.0.0.1:6001 proxy_protocol default_server; listen 127.0.0.1:6002 proxy_protocol default_server http2; index index.html; root /root/www/; } server { listen 127.0.0.1:6003 proxy_protocol; listen 127.0.0.1:6004 proxy_protocol http2; server_name your-domain.com; index index.html; root /root/www/; } server{ if ($host = www.your-domain.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = blog.your-domain.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = your-domain.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name www.your-domain.com your-domain.com blog.your-domain.com; return 404; # managed by Certbot }
重启xray及nginx服务
#重启xray systemctl restart xray #重启nginx systemctl restart nginx
至此xray的搭建完成。
6.8 客户端v2rayN配置
vless协议配置大体截图:
使用vmess协议链接的配置截图:
Cloudflare要不要启用CDN?
启用后比较慢,针对国内,作用可能会隐藏真实IP,除非IP被墙,大概率你是不需要启用的。
声明:欢迎分享本文,转载请保留出处!