有玩家说,使用经典的wss模式(nginx+tls+websocket+v2ray-vmess/vless)部分地区会被封端口,而使用httpupgrade模式没问题。我们这篇就来配置v2ray的httpupgrade模式(nginx+tls+httpupgrade+v2ray-vmess)
准备工作:
一台vps带公网IP,ubuntu 18.04+ 即可,root用户
一个解析到你vps公网IP的域名【如 vmess.v2ray.one】
第一部分 [ 手动配置v2ray ]
# 配置系统时区为东八区
rm -f /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# ubuntu官方源安装nginx和依赖包并设置开机启动
apt clean all && apt update
apt install nginx curl pwgen openssl netcat cron uuid-runtime -y
systemctl enable nginx
systemctl start nginx
ufw disable
# 开始部署之前,我们先配置一下需要用到的参数,如下:
# “域名,端口,uuid,ws路径,ssl证书目录“
# “ngin和v2ray配置文件目录“
#1.设置你的解析好的域名,如本例子中的vmess.v2ray.one
domainName="vmess.v2ray.one"
#2.随机生成v2ray需要用到的服务端口
port="`shuf -i 20000-65000 -n 1`"
#3.随机生成一个uuid
uuid="`uuidgen`"
#4.随机生成一个websocket需要使用的path
path="/`pwgen -A0 6 8 | xargs |sed 's/ /\//g'`"
#5.以时间为基准随机创建一个存放ssl证书的目录
ssl_dir="$(mkdir -pv "/usr/local/etc/v2ray/ssl/`date +"%F-%H-%M-%S"`" |awk -F"'" END'{print $2}')"
#6.定义nginx和v2ray配置文件路径
nginxConfig="/etc/nginx/conf.d/v2ray.conf"
v2rayConfig="/usr/local/etc/v2ray/config.json"
# 检测域名解析是否正确
#域名解析正确不会输出任何内容,如果不正确会退出当前终端
local_ip="$(curl ifconfig.me 2>/dev/null;echo)"
resolve_ip="$(host "$domainName" | awk '{print $NF}')"
if [ "$local_ip" != "$resolve_ip" ];then echo "域名解析不正确";exit 9;fi
# 使用v2ray官方命令安装v2ray,并设置开机启动
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --version 5.16.1
systemctl enable v2ray
# 安装acme,并申请加密证书
#会提示安装socat,这里使用alpn模式,不用理会
source ~/.bashrc
if nc -z localhost 443;then /etc/init.d/nginx stop;fi
if nc -z localhost 443;then lsof -i :443 | awk 'NR==2{print $1}' | xargs -i killall {};sleep 1;fi
if ! [ -d /root/.acme.sh ];then curl https://get.acme.sh | sh;fi
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d "$domainName" -k ec-256 --alpn
~/.acme.sh/acme.sh --installcert -d "$domainName" --fullchainpath $ssl_dir/v2ray.crt --keypath $ssl_dir/v2ray.key --ecc
chown www-data.www-data $ssl_dir/v2ray.*
# 把续签证书命令添加到计划任务
echo -n '#!/bin/bash
/etc/init.d/nginx stop
wait;"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" &> /root/renew_ssl.log
wait;/etc/init.d/nginx start
' > /usr/local/bin/ssl_renew.sh
chmod +x /usr/local/bin/ssl_renew.sh
(crontab -l;echo "15 03 * * * /usr/local/bin/ssl_renew.sh") | crontab
# 配置nginx,执行如下命令即可添加nginx配置文件
echo "
server {
listen 80;
server_name "$domainName";
return 301 https://"'$host$request_uri'";
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name "$domainName";
ssl_certificate $ssl_dir/v2ray.crt;
ssl_certificate_key $ssl_dir/v2ray.key;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:"!"MD5;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
root /usr/share/nginx/html;
location "$path" {
proxy_redirect off;
proxy_pass http://127.0.0.1:"$port";
proxy_http_version 1.1;
proxy_set_header Upgrade "'"$http_upgrade"'";
proxy_set_header Connection '"'upgrade'"';
proxy_set_header Host "'"$http_host"'";
}
}
" > $nginxConfig
# 配置v2ray,执行如下命令即可添加v2ray配置文件
echo '
{
"log": {
"error": {
"level": "Debug",
"type": "File",
"path": "/var/log/v2ray/error.log"
},
"access": {
"level": "Warning",
"type": "File",
"path": "/var/log/v2ray/access.log"
}
},
"inbound": {
"port": '$port',
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"users": [
'"\"$uuid\""'
]
},
"streamSettings":{
"transport": "httpupgrade",
"transportSettings": {
"path": '"\"$path\""'
}
}
},
"outbound": {
"protocol": "freedom"
}
}
' > $v2rayConfig
#重置v2ray服务配置,httpupgrade需要jsonv5格式
echo '
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json -format jsonv5
Restart=on-failure
RestartPreventExitStatus=23
ReStartSec=1
[Install]
WantedBy=multi-user.target
' > /etc/systemd/system/v2ray.service
systemctl daemon-reload
# 完工,你现在只需要重启v2ray和nginx即可
systemctl restart v2ray
systemctl status -l v2ray
/usr/sbin/nginx -t && systemctl restart nginx
# 输出配置信息
echo
echo "域名: $domainName"
echo "UUID: $uuid"
echo "协议:vmess"
echo "安全: tls"
echo "传输: httpupgrade"
echo "路径: $path"
#客户端添加使用,以v2rayN客户端为例
v2rayN 客户端下载链接:https://github.com/2dust/v2rayN/releases/download/6.45/v2rayN-With-Core.zip