#VPS购买连接
VKVM官网
#安装sudo
apt install sudo
#Nginx安装
sudo apt update && sudo apt upgrade -y && apt-get install -y gcc g++ libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev wget sudo make curl socat cron && wget https://nginx.org/download/nginx-1.27.1.tar.gz && tar -xvf nginx-1.27.1.tar.gz && cd nginx-1.27.1 && ./configure –prefix=/usr/local/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –with-http_stub_status_module –with-http_ssl_module –with-http_realip_module –with-http_sub_module –with-stream –with-stream_ssl_module –with-stream_ssl_preread_module –with-http_v2_module && make && make install && cd
#service路径
/lib/systemd/system
#重启nginx
systemctl daemon-reload && systemctl enable nginx.service
#nginx配置路径
/etc/nginx/
#安装acme:
curl https://get.acme.sh | sh
#添加软链接:
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#切换CA机构:
acme.sh –set-default-ca –server letsencrypt
#cloudflare API
export CF_Key=你的API Token
export CF_Email=你的Cloudflare注册邮箱
#申请证书:
acme.sh –issue –dns dns_cf -d 你的域名
#安装证书
acme.sh –install-cert -d 你的域名 –ecc \
–key-file /etc/ssl/private/private.key \
–fullchain-file /etc/ssl/private/fullchain.cer \
–reloadcmd “systemctl force-reload nginx”
#Xray安装
bash -c “$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)” @ install -u root
#Xray 配置路径
/usr/local/etc/xray
章节:
00:00 前言
00:59 Reality原理
04:27 VPS推荐
06:31 解析域名
06:51 安装nginx
08:12 申请证书
09:47 安装和配置xray配置
12:48 配置v2rayN
14:25 伪装网站
#nginx.service配置文件
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g ‘daemon on; master_process on;’
ExecStart=/usr/sbin/nginx -g ‘daemon on; master_process on;’
ExecReload=/usr/sbin/nginx -g ‘daemon on; master_process on;’ -s reload
ExecStop=-/sbin/start-stop-daemon –quiet –stop –retry QUIT/5 –pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
#nginx配置文件
user root;
worker_processes auto;
error_log /usr/local/nginx/logs/error.log notice;
pid /usr/local/nginx/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main ‘[$time_local] $proxy_protocol_addr “$http_referer” “$http_user_agent”‘;
access_log /usr/local/nginx/logs/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
“” close;
}
map $proxy_protocol_addr $proxy_forwarded_elem {
~^[0-9.]+$ “for=$proxy_protocol_addr”;
~^[0-9A-Fa-f:.]+$ “for=\”[$proxy_protocol_addr]\””;
default “for=unknown”;
}
map $http_forwarded $proxy_add_forwarded {
“~^(,[ \\t]*)*([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\”([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\”))?(;([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\”([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\”))?)*([ \\t]*,([ \\t]*([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\”([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\”))?(;([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\”([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\”))?)*)?)*$” “$http_forwarded, $proxy_forwarded_elem”;
default “$proxy_forwarded_elem”;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:8003 ssl default_server;
ssl_reject_handshake on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:10m;
ssl_early_data on;
}
server {
listen 127.0.0.1:8003 ssl proxy_protocol;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
server_name xx.com; # 填由 Nginx 加载的 SSL 证书中包含的域名,建议将域名指向服务端的 IP
ssl_certificate /etc/ssl/private/fullchain.cer;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 valid=60s;
resolver_timeout 2s;
location / {
sub_filter $proxy_host $host;
sub_filter_once off;
set $website www.lovelive-anime.jp;
proxy_pass https://$website;
resolver 1.1.1.1;
proxy_set_header Host $proxy_host;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_set_header Early-Data $ssl_early_data;
}
}
}
#xray配置文件
{
“log”: {
“loglevel”: “warning”
},
“routing”: {
“domainStrategy”: “IPIfNonMatch”,
“rules”: [
{
“type”: “field”,
“port”: “443”,
“network”: “udp”,
“outboundTag”: “block”
},
{
“type”: “field”,
“ip”: [
“geoip:cn”,
“geoip:private”
],
“outboundTag”: “block”
}
]
},
“inbounds”: [
{
“listen”: “0.0.0.0”,
“port”: 443,
“protocol”: “vless”,
“settings”: {
“clients”: [
{
“id”: “”, // run `xray uuid` to generate
“flow”: “xtls-rprx-vision”
}
],
“decryption”: “none”
},
“streamSettings”: {
“network”: “tcp”,
“security”: “reality”,
“realitySettings”: {
“show”: false,
“dest”: “8003”,
“xver”: 1,
“serverNames”: [
“” // server name
],
“privateKey”: “”, // run `xray x25519` to generate
“shortIds”: [
“” // 0 to f, length is a multiple of 2, maximum length is 16
]
}
},
“sniffing”: {
“enabled”: true,
“destOverride”: [
“http”,
“tls”,
“quic”
]
}
}
],
“outbounds”: [
{
“protocol”: “freedom”,
“tag”: “direct”
},
{
“protocol”: “blackhole”,
“tag”: “block”
}
],
“policy”: {
“levels”: {
“0”: {
“handshake”: 2,
“connIdle”: 120
}
}
}
}
0 条评论