安装及配置 v2ray

基于 ubuntu 22.04 搭建 Nginx + TLS + VMess + WebSocket + HTTP/2

前提

• 墙外 VPS

安装基础环境

• 安装 V2ray

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

• 安装 Nginx

apt install nginx

配置 V2ray 服务

• 添加用户

useradd -s /usr/sbin/nologin v2ray

• 自动启动

systemctl enable v2ray

• 修改服务启动用户

vim /etc/systemd/system/v2ray.service

添加以下内容

[Service]
User=v2ray

配置 Nginx + TLS

• 创建 Nginx 配置

vim /etc/nginx/sites-available/example.com.conf

将以下内容粘贴到文件中

server {
        listen 80;
        listen [::]:80;


        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name example.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}

• 启用配置

ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
nginx -t
nginx -s reload

• 配置 SSL 证书

# 安装 acme.sh
curl https://get.acme.sh | sh -s [email protected]
# 生成证书并验证域名
acme.sh --issue -d example.com --nginx
# 安装证书
acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"
# 查看证书
acme.sh --info -d example.com

• 配置 Nginx + TLS

将以下内容添加到 Nginx 配置文件

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    root /var/www/html/;

    ssl_certificate       /root/.acme.sh/example.com_ecc/fullchain.cer;
    ssl_certificate_key   /root/.acme.sh/example.com_ecc/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols         TLSv1.2 TLSv1.3;
    ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    server_name           example.com;
    location /vvray {
        if ($http_upgrade != "websocket") {
            return 404;
        }
        proxy_redirect off;
        proxy_pass http://127.0.0.1:12345;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        # Show real IP in v2ray access.log
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

• 重新加载 Nginx 配置

nginx -t
nginx -s reload

启动 V2ray

• 配置文件

vim /usr/local/etc/v2ray/config.json

将以下内容添加到文件中

{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1", // 不再向外直接开放
      "port": 12345, // 与 nginx 反向代理端口一致
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "xxx" // 可通过 v2ray uuid 命令生成
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/vvray" // 与 nginx 反向代理一致
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom"
    }
  ]
}

• 启动服务

systemctl start v2ray

客户端

• clash 配置

proxies:
  - name: 'xxx'
    type: vmess
    server: example.com
    port: 443
    uuid: 43cb6fce-a840-a468-afe5-99151333b8dd
    alterId: 0
    cipher: auto
    tls: true
    skip-cert-verify: true
    network: ws
    ws-opts:
      path: /vvray
    # headers: # 按需配置
    #   Host: example.com
    #   User-Agent: 'xxx'