Ubuntu下对于Websocket/HTTP2+TLS+web与mtproto的探索

发表于 分类于 阅读次数:
这里描述了三种模式:ws+tls+web,h2+tls+web,甚至ws+tls+web+mtproto或者h2+tls+web+mtproto。

首先你需要有caddy。

Caddy其实是特别傻瓜化的东西,它本身其实特别绿色纯净版,在CaddyServer里面勾选http.forwardproxy还有http.proxyprotocol,hook.service可以要也可以不要。

下载下来之后随便放在什么home之类的就可以了,要用的时候在和caddy一样的地方写一个Caddyfile,然后执行caddy它就会读取Caddyfile然后执行。

如果你想要ws+tls+web,那么Caddyfile里面填:

1
2
3
4
5
6
7
8
9
yourdomain.com
{
  log ./caddy.log
  root /www/public
  proxy /test localhost:10000 {
    websocket
    header_upstream -Origin
  }
}

把yourdomain.com改成你自己的域名,/www/public是你放网页的地方,proxy是把 yourdomain.com/test 指向10000端口反代。

另一边填:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
  "inbound": {
    "port": 10000,
    "listen":"127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "你的uuid",
          "alterId": 64
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "wsSettings": {
      "path": "/test"
      }
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  }
}

其中uuid换成自己的就可以了。

如果是h2+tls+web的话,那么Caddyfile里面填:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
https://yourdomain.com {
  root /www/public
  proxy /test https://localhost:10000 {
    insecure_skip_verify
    header_upstream X-Forwarded-Proto "https"
    header_upstream Host "yourdomain.com"
  }
  header / {
    Strict-Transport-Security "max-age=31536000;"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
  }
}

然后你需要sudo -i切换到root模式,然后软链caddy的证书过来。

1
2
3
ln -s /etc/ssl/caddy/acme/acme-v02.api.letsencrypt.org/sites/<yourdomain.com>/<yourdomain.com>.crt /etc/v2ray/v2ray.crt

ln -s /etc/ssl/caddy/acme/acme-v02.api.letsencrypt.org/sites/<yourdomain.com>/<yourdomain.com>.key /etc/v2ray/v2ray.key

把命令里面的两个yourdomain.com都换成自己的域名。

然后另一边填:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },

  "inbound": {
    "port": 10000,
    "listen": "127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "你的uuid",
          "level": 1,
          "alterId": 64
        }
      ]
    },

    "streamSettings": {
      "network": "h2",
      "security": "tls",
      "httpSettings": {
        "path": "/test",
        "host": ["yourdomain.com"]
      },
      "tlsSettings": {
        "serverName": "yourdomain.com",
        "certificates": [
        {
          "certificateFile": "/etc/v2ray/v2ray.crt",
          "keyFile": "/etc/v2ray/v2ray.key"
        }
      ]
    }
  }
},

"outbound": {
  "protocol": "freedom",
  "settings": {}
},
"outboundDetour": [
  {
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }
],

"routing": {
  "strategy": "rules",
  "settings": {
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/8",
          "10.0.0.0/8",
          "100.64.0.0/10",
          "127.0.0.0/8",
          "169.254.0.0/16",
          "172.16.0.0/12",
          "192.0.0.0/24",
          "192.0.2.0/24",
          "192.168.0.0/16",
          "198.18.0.0/15",
          "198.51.100.0/24",
          "203.0.113.0/24",
          "::1/128",
          "fc00::/7",
          "fe80::/10"
        ],
        "outboundTag": "blocked"
      }
    ]
  }
}
}

如果ws需要加上mtproto服务的话:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
  "inbounds": [
    {
      "port": 10000,
      "listen":"127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "你的uuid",
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/test"
        }
      }
    },
    {
      "tag": "tg-in", 
      "port": 10001, 
      "protocol": "mtproto", 
      "settings": {
        "users": [
          {
            "secret": "你的uuid"
          }
        ]
      }
    }
  ], 
  "outbounds": [
    {
      "protocol": "freedom", 
      "settings": { }
    }, 
    {
      "tag": "tg-out", 
      "protocol": "mtproto", 
      "settings": { }
    }
  ], 
  "routing": {
    "rules": [
      {
        "type": "field", 
        "inboundTag": [
          "tg-in"
        ], 
        "outboundTag": "tg-out"
      }
    ]
  }
}

如果h2需要加上mtproto的话:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
{
  "inbounds": [
    {
      "port": 10000,
      "listen": "127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "你的uuid",
            "level": 1,
            "alterId": 64
          }
        ]
      },
  
      "streamSettings": {
        "network": "h2",
        "security": "tls",
        "httpSettings": {
          "path": "/test",
          "host": ["yourdomain.com"]
        },
        "tlsSettings": {
          "serverName": "yourdomain.com",
          "certificates": [
          {
            "certificateFile": "/etc/v2ray/v2ray.crt",
            "keyFile": "/etc/v2ray/v2ray.key"
          }
        ]
      }
    }
  },
    {
      "tag": "tg-in", 
      "port": 10001, 
      "protocol": "mtproto", 
      "settings": {
        "users": [
          {
            "secret": "你的uuid"
          }
        ]
      }
    }
  ], 
  "outbounds": [
    {
      "protocol": "freedom", 
      "settings": { }
    }, 
    {
      "tag": "tg-out", 
      "protocol": "mtproto", 
      "settings": { }
    }
  ], 
  "routing": {
    "rules": [
      {
        "type": "field", 
        "inboundTag": [
          "tg-in"
        ], 
        "outboundTag": "tg-out"
      }
    ]
  }
}

以上。