SS 最佳的替代品,从 0 开始部署 v2ray 梯子(2)

前言

承接上一篇 SS 最佳的替代品,从 0 开始部署 v2ray 梯子(1)
上一篇文章有说到,以 v2ray 做基础,辅以 websocket + TLS + nginx 的加密形式,最后再加上 CDN 是目前最安全有效的梯子方式,鉴于最近 GFW 抓的比较严,大家可以试试这个。


申请域名和申请免费 HTTPS 证书

注册域名/配置域名解析

到阿里云/腾讯云/godaddy之类的注册个域名,因为我已经有域名了,怎么注册域名,此处省略,此处推荐阿里云,可参考以下链接:
https://wanwang.aliyun.com/domain
https://jingyan.baidu.com/article/eae078275794701fec548515.html
https://blog.csdn.net/ldq7777/article/details/82823997


怎么配置域名解析?看下面这几篇
https://wanwang.aliyun.com/domain/dns?spm=5176.13359817.h2v3icoap.366.77095af5QJT22t&aly_as=zmkhc__4
https://help.aliyun.com/document_detail/102231.html?spm=5176.71615.741494.btn4.21715a71cBakun
https://help.aliyun.com/knowledge_detail/39397.html?spm=5176.13394938.0.0.43a22fc3ihtv5Y
https://help.aliyun.com/knowledge_detail/39783.html?spm=5176.13394938.0.0.43a22fc3ihtv5Y
https://jingyan.baidu.com/article/48b558e3f25e6d7f38c09aec.html

申请免费 HTTPS 证书

注册完域名后,到下面链接申请免费证书
https://yundun.console.aliyun.com/?spm=5176.2020520154.aliyun_sidebar.194.36a91e43FHnFGs&p=cas#/overview/cn-hangzhou

98948-vicv5sy7dar.png

08915-cinqe4viv64.png

14329-125qo9rmziz.png

56950-7y0rxvm0m3o.png

65664-tht0m8d0oe.png

25880-08be14pjwhfv.png

42519-opff9hp0a5.png

06716-f09d2xfn59i.png

92179-odia6mf9twj.png

77383-r9gqbxhw1js.png

下载证书待用

证书审核通过后,进入证书控制台页面,切记要等证书审核通过并签发下来后再继续下一步,要不然验证可能不通过
https://yundun.console.aliyun.com/?spm=5176.6660585.774526198.1.27046bf8XYq86S&p=cas#/overview/cn-hangzhou

32444-ykd76057sx.png

12730-i4la6eptms.png


使用 Xshell 连接 VPS 做配置

使用 Xshell 把刚下载的证书上传到 VPS 待用

使用以下命令创建对应目录并进入,注意看清楚,我这个目录用我的域名来创建...你的随你喜欢

[[email protected] ~]# mkdir -p /root/.acme.sh/itwordsweb.top && cd /root/.acme.sh/itwordsweb.top

安装 xftp 客户端并上传证书
xftp 客户端下载(怎么安装就不说了吧):
链接:https://pan.baidu.com/s/1HEEvLhODTwL6jcrmbM4wQw
提取码:e5tk

69784-gg4taf2h21d.png

76272-v70i28jkvcb.png

94175-ru4gxiujz79.png

54264-417paflcvbl.png

安装 nginx,依次执行下面命令

此处介绍下 vi 用法,vi 打开一个文件,按 a 或 i 来编辑内容,编辑完按 q 退出编辑,再按 :wq 保存内容并退出文件

[[email protected] ~]# cd /usr/local/src/
[[email protected] src]# yum -y install gcc pcre-devel.x86_64 openssl-devel.x86_64 zlib-devel
[[email protected] src]# wget http://nginx.org/download/nginx-1.16.0.tar.gz
[[email protected] src]# tar xvf nginx-1.16.0.tar.gz
[[email protected] src]# cd nginx-1.16.0/
[[email protected] src]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-threads --with-file-aio
[[email protected] src]# make && make install
[[email protected] src]# vi /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
  mkdir -p /dev/shm/nginx_temp
  daemon $NGINX_SBIN -c $NGINX_CONF
  RETVAL=$?
  echo
  return $RETVAL
}
stop()
{
  echo -n $"Stopping $prog: "
  killproc -p $NGINX_PID $NGINX_SBIN -TERM
  rm -rf /dev/shm/nginx_temp
  RETVAL=$?
  echo
  return $RETVAL
}
reload()
{
  echo -n $"Reloading $prog: "
  killproc -p $NGINX_PID $NGINX_SBIN -HUP
  RETVAL=$?
  echo
  return $RETVAL
}
restart()
{
  stop
  start
}
configtest()
{
  $NGINX_SBIN -c $NGINX_CONF -t
  return 0
}
case "$1" in
  start)
      start
      ;;
  stop)
      stop
      ;;
  reload)
      reload
      ;;
  restart)
      restart
      ;;
  configtest)
      configtest
      ;;
  *)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
[[email protected] src]# chmod 755 /etc/init.d/nginx 
[[email protected] src]# chkconfig --add nginx
[[email protected] src]# chkconfig nginx on
[[email protected] src]# mkdir -p /data/nginx/v2ray
[[email protected] src]# mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
[[email protected] src]# vi /usr/local/nginx/conf/nginx.conf
user nobody;
worker_processes 1;
events {
    worker_connections 1024;
}
http {
    include mime.types;
    default_type  application/octet-stream;
    sendfile on;
    keepalive_timeout  65;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    include /usr/local/nginx/conf/conf.d/*.conf;
}
[[email protected] src]# mkdir /usr/local/nginx/conf/conf.d
[[email protected] src]# vi /usr/local/nginx/conf/conf.d/v2ray.conf
upstream v2ray {
    server 127.0.0.1:10000 weight=1;
}
server {
    listen 443 ssl;
    ssl on;
    ssl_certificate /root/.acme.sh/itwordsweb.top/2859897_www.itwordsweb.top.pem;
    ssl_certificate_key /root/.acme.sh/itwordsweb.top/2859897_www.itwordsweb.top.key;
    # 以上两句中的域名要改为你的域名,或者说你的证书文件
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    server_name itwordsweb.top www.itwordsweb.top;
    # 以上改为你的域名
    access_log /data/nginx/v2ray/access.log main;
    error_log /data/nginx/v2ray/error.log error;
    location /top {
        proxy_redirect off;
        proxy_pass http://v2ray;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }
}
[[email protected] src]# /usr/local/nginx/sbin/nginx -t
[[email protected] src]# systemctl start nginx

编辑 v2ray 的配置文件并重启 v2ray

具体改了哪里,参考着你原来的来比较咯

[[email protected] itwordsweb.top]# mkdir -p /data/v2ray/log/
[[email protected] itwordsweb.top]# vi /etc/v2ray/config.json
{
    "log": {
        "access": "/data/v2ray/log/access.log",
        "error": "/data/v2ray/log/error.log",
        "loglevel": "warning"
    },
    "inbound": {
        "port": 10000,
        "protocol": "vmess",
        "settings": {
            "clients": [
                {
                    "id": "5893b9d0-8d21-c1aa-1ed3-b8742d1ac548",
                    "level": 1,
                    "alterId": 64
                }
            ]
        },
        "streamSettings": {
          "network": "ws",
          "wsSettings": {
          "path": "/top"
        }
      }
    },
    "outbound": {
        "protocol": "freedom",
        "settings": {}
    },
    "inboundDetour": [],
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}
[[email protected] itwordsweb.top]# systemctl restart v2ray

配置防火墙规则(假如你在上一篇中配置了防火墙的话,这步需要操作一下)

[[email protected] itwordsweb.top]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
[[email protected] itwordsweb.top]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
[[email protected] itwordsweb.top]# service iptables save
[[email protected] itwordsweb.top]# systemctl restart iptables
[[email protected] itwordsweb.top]# systemctl enable iptables

配置 v2ray 客户端

63424-7ylmee2rr2v.png


配置谷歌浏览器

插件下载地址
https://github.com/FelisCatus/SwitchyOmega/releases

规则地址
https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt

79369-4gna3jg3jkv.png

86408-liq8zrhqtjj.png

24524-tm8yg3x8x7s.png

12083-yj30fo1huc.png

92981-73n4bi7mbbh.png

78688-ldwopsrxr5.png

43813-a2dbvety9kf.png

15916-pgqh2q8hdug.png


测试

43395-sknnzgh3vig.png

33038-8vesxfz91i5.png


最后再注册海外 CDN 服务商 cloudflare 账号并配置

注册

如何注册?此处还是不讲,参考下面地址
https://dash.cloudflare.com
https://support.cloudflare.com/hc/zh-cn/categories/200275218-入门

cloudflare 管理平台配置 CDN

先到 cloudflare 加入域名
https://dash.cloudflare.com

39582-pg5myopucu.png

62729-rjwg3o5lbr.png

60856-v2li8411rtp.png

65137-8343y5wf3kt.png

84336-516pmk6zh5p.png

现在到阿里云域名解析平台修改 DNS 服务器配置

https://dc.console.aliyun.com/next/index#/domain/list/all-domain

80659-tij4gxvmy2d.png

42318-drloppxn4cw.png

76037-1lf3fusekyt.png

85589-p8psqxooqe.png

44500-dn8d2ryn30m.png

03916-c8wwhilpb56.png

返回 cloudflare 页面

82743-1pb21g2fcpb.png

34453-8fbzns0ly5e.png

91125-1erff1oz6hl.png


最后

等待一段时间,让 CDN 生效
再次测试能不能正常使用


vultrsslinuxv2ray梯子

我来吐槽

*

*

已有 11 条评论

  1. he

    [[email protected] ~]# /usr/local/nginx/sbin/nginx -t
    nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/conf/conf.d/v2ray.conf:6
    nginx: [emerg] unknown log format "main" in /usr/local/nginx/conf/conf.d/v2ray.conf:14
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    你好,参照你的配置,进行倒数第二个指令时出现问题了,请问下怎么处理

    1. lance

      nginx配置文件问题,留下你的QQ,远程帮你看下
      或者把你配置文件内容贴上来,我看下

  2. 1

    你好,请问这种办法能用在已经被ban的vps主机上吗?

      1. 1

        能只使用CDN+v2ray来实现吗?

        1. lance

          CDN要结合域名才能使用,而不用https做加密,那安全性还是不够

  3. 路人

    大佬问下,这种方法对提升网速有用吗

    1. lance

      其实v2ray的速度会比ss慢一点,但有个好处就是,基本不用担心被墙
      至于速度,上了CDN,可能会有所提升也不一定
      我的用了2年,还没问题

      1. 路人

        大佬,配置完了出现这个问题咋弄
        [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://kgshuai.top:1417/top): > dial tcp: lookup kgshuai.top: no such host] > v2ray.com/core/common/retry: all retry attempts failed

        1. lance

          没配置好,需要协助可以留下QQ,我远程帮你看下