0%

Ubuntu下对于Websocket/HTTP2+TLS+web与mtproto的探索

首先你需要有caddy。

Caddy其实是特别傻瓜化的东西,它本身其实特别绿色纯净版,在CaddyServer里面勾选http.forwardproxy还有http.proxyprotocol,hook.service可以要也可以不要。

下载下来之后随便放在什么home之类的就可以了,要用的时候在和caddy一样的地方写一个Caddyfile,然后执行caddy它就会读取Caddyfile然后执行。

如果你想要ws+tls+web,那么Caddyfile里面填:

1
yourdomain.com
2
{
3
  log ./caddy.log
4
  root /www/public
5
  proxy /test localhost:10000 {
6
    websocket
7
    header_upstream -Origin
8
  }
9
}

把yourdomain.com改成你自己的域名,/www/public是你放网页的地方,proxy是把 yourdomain.com/test 指向10000端口反代。

另一边填:

1
{
2
  "inbound": {
3
    "port": 10000,
4
    "listen":"127.0.0.1",
5
    "protocol": "vmess",
6
    "settings": {
7
      "clients": [
8
        {
9
          "id": "你的uuid",
10
          "alterId": 64
11
        }
12
      ]
13
    },
14
    "streamSettings": {
15
      "network": "ws",
16
      "wsSettings": {
17
      "path": "/test"
18
      }
19
    }
20
  },
21
  "outbound": {
22
    "protocol": "freedom",
23
    "settings": {}
24
  }
25
}

其中uuid换成自己的就可以了。


如果是h2+tls+web的话,那么Caddyfile里面填:

1
https://yourdomain.com {
2
  root /www/public
3
  proxy /test https://localhost:10000 {
4
    insecure_skip_verify
5
    header_upstream X-Forwarded-Proto "https"
6
    header_upstream Host "yourdomain.com"
7
  }
8
  header / {
9
    Strict-Transport-Security "max-age=31536000;"
10
    X-XSS-Protection "1; mode=block"
11
    X-Content-Type-Options "nosniff"
12
    X-Frame-Options "DENY"
13
  }
14
}

然后你需要sudo -i切换到root模式,然后软链caddy的证书过来。

1
ln -s /etc/ssl/caddy/acme/acme-v02.api.letsencrypt.org/sites/<yourdomain.com>/<yourdomain.com>.crt /etc/v2ray/v2ray.crt
2
3
ln -s /etc/ssl/caddy/acme/acme-v02.api.letsencrypt.org/sites/<yourdomain.com>/<yourdomain.com>.key /etc/v2ray/v2ray.key

把命令里面的两个yourdomain.com都换成自己的域名。

然后另一边填:

1
{
2
  "log" : {
3
    "access": "/var/log/v2ray/access.log",
4
    "error": "/var/log/v2ray/error.log",
5
    "loglevel": "warning"
6
  },
7
8
  "inbound": {
9
    "port": 10000,
10
    "listen": "127.0.0.1",
11
    "protocol": "vmess",
12
    "settings": {
13
      "clients": [
14
        {
15
          "id": "你的uuid",
16
          "level": 1,
17
          "alterId": 64
18
        }
19
      ]
20
    },
21
22
    "streamSettings": {
23
      "network": "h2",
24
      "security": "tls",
25
      "httpSettings": {
26
        "path": "/test",
27
        "host": ["yourdomain.com"]
28
      },
29
      "tlsSettings": {
30
        "serverName": "yourdomain.com",
31
        "certificates": [
32
        {
33
          "certificateFile": "/etc/v2ray/v2ray.crt",
34
          "keyFile": "/etc/v2ray/v2ray.key"
35
        }
36
      ]
37
    }
38
  }
39
},
40
41
"outbound": {
42
  "protocol": "freedom",
43
  "settings": {}
44
},
45
"outboundDetour": [
46
  {
47
    "protocol": "blackhole",
48
    "settings": {},
49
    "tag": "blocked"
50
  }
51
],
52
53
"routing": {
54
  "strategy": "rules",
55
  "settings": {
56
    "rules": [
57
      {
58
        "type": "field",
59
        "ip": [
60
          "0.0.0.0/8",
61
          "10.0.0.0/8",
62
          "100.64.0.0/10",
63
          "127.0.0.0/8",
64
          "169.254.0.0/16",
65
          "172.16.0.0/12",
66
          "192.0.0.0/24",
67
          "192.0.2.0/24",
68
          "192.168.0.0/16",
69
          "198.18.0.0/15",
70
          "198.51.100.0/24",
71
          "203.0.113.0/24",
72
          "::1/128",
73
          "fc00::/7",
74
          "fe80::/10"
75
        ],
76
        "outboundTag": "blocked"
77
      }
78
    ]
79
  }
80
}
81
}

如果ws需要加上mtproto服务的话:

1
{
2
  "inbounds": [
3
    {
4
      "port": 10000,
5
      "listen":"127.0.0.1",
6
      "protocol": "vmess",
7
      "settings": {
8
        "clients": [
9
          {
10
            "id": "你的uuid",
11
            "alterId": 64
12
          }
13
        ]
14
      },
15
      "streamSettings": {
16
        "network": "ws",
17
        "wsSettings": {
18
        "path": "/test"
19
        }
20
      }
21
    },
22
    {
23
      "tag": "tg-in", 
24
      "port": 10001, 
25
      "protocol": "mtproto", 
26
      "settings": {
27
        "users": [
28
          {
29
            "secret": "你的uuid"
30
          }
31
        ]
32
      }
33
    }
34
  ], 
35
  "outbounds": [
36
    {
37
      "protocol": "freedom", 
38
      "settings": { }
39
    }, 
40
    {
41
      "tag": "tg-out", 
42
      "protocol": "mtproto", 
43
      "settings": { }
44
    }
45
  ], 
46
  "routing": {
47
    "rules": [
48
      {
49
        "type": "field", 
50
        "inboundTag": [
51
          "tg-in"
52
        ], 
53
        "outboundTag": "tg-out"
54
      }
55
    ]
56
  }
57
}

如果h2需要加上mtproto的话:

1
{
2
  "inbounds": [
3
    {
4
      "port": 10000,
5
      "listen": "127.0.0.1",
6
      "protocol": "vmess",
7
      "settings": {
8
        "clients": [
9
          {
10
            "id": "你的uuid",
11
            "level": 1,
12
            "alterId": 64
13
          }
14
        ]
15
      },
16
  
17
      "streamSettings": {
18
        "network": "h2",
19
        "security": "tls",
20
        "httpSettings": {
21
          "path": "/test",
22
          "host": ["yourdomain.com"]
23
        },
24
        "tlsSettings": {
25
          "serverName": "yourdomain.com",
26
          "certificates": [
27
          {
28
            "certificateFile": "/etc/v2ray/v2ray.crt",
29
            "keyFile": "/etc/v2ray/v2ray.key"
30
          }
31
        ]
32
      }
33
    }
34
  },
35
    {
36
      "tag": "tg-in", 
37
      "port": 10001, 
38
      "protocol": "mtproto", 
39
      "settings": {
40
        "users": [
41
          {
42
            "secret": "你的uuid"
43
          }
44
        ]
45
      }
46
    }
47
  ], 
48
  "outbounds": [
49
    {
50
      "protocol": "freedom", 
51
      "settings": { }
52
    }, 
53
    {
54
      "tag": "tg-out", 
55
      "protocol": "mtproto", 
56
      "settings": { }
57
    }
58
  ], 
59
  "routing": {
60
    "rules": [
61
      {
62
        "type": "field", 
63
        "inboundTag": [
64
          "tg-in"
65
        ], 
66
        "outboundTag": "tg-out"
67
      }
68
    ]
69
  }
70
}

以上。