欢迎光临
感受代码之美

2021最新在CentOS上基于nginx搭建v2ray服务端配置vmess+tls+websocket详细教程(图文)

为了让v2ray服务安全、稳定的运行,这里选择以vmess+tls+websocket的方式进行搭建。这种方式需要你提前配备域名、VPS,并把域名解析到你的VPS对应的ip地址。

1.环境准备

2.系统信息

  • 系统:CentOS Linux release 8.3.2011
  • 这里使用的root用户

Tips: Debian系统用户参考2021最新在Debian系统基于nginx搭建v2ray服务端配置vmess+tls+websocket详细教程(图文)这篇文章。

3.搭建步骤

3.1连接VPS

这篇文章里有使用xshell远程连接VPS的细节。

3.2更新

yum update

3.3安装curl

yum -y install curl

3.4安装v2ray

使用curl进行安装

// 安裝執行檔和 .dat 資料檔
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

在安装过程中,会打印详细的安装说明,里面有使用的配置文件信息,在/usr/local/etc/v2ray/config.json这个位置,如下:

# /etc/systemd/system/v2ray.service
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target

[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target

如果不是安装,只是更新,使用如下命令:

// 只更新 .dat 資料檔
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)

然后编辑/usr/local/etc/v2ray/config.json文件内容如下:

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [{
            "port": 21923,
            "protocol": "vmess",
            "settings": {
                "clients": [{
                        "id": "27848739-7e62-4138-9fd3-098a63964b6b",
                        "level": 1,
                        "alterId": 4
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/jd"
                }
            }
        }
    ],

    "outbounds": [{
            "protocol": "freedom"
        }
    ]
}

3.5 启动v2ray服务

#启动命令
systemctl start v2ray

#加入开机自启
systemctl enable v2ray

3.6 安装nginx

安装先决条件:

yum install yum-utils

编辑仓库文件

vi /etc/yum.repos.d/nginx.repo

内容如下:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

执行安装

yum -y install nginx

新建网页目录

这里在假设是/root/www

mkdir -p /root/www

新建首页

/root/www目录下新建一个index.html文件,

vi index.html

内容如下:

<html>
   <title>欢迎访问四个空格</title>
   <body>
     <a href="https://www.4spaces.org/install-v2ray-on-debian-2021/">四个空格</a>
   </body>
</html>

新建配置文件

如果/etc/nginx/conf.d目录下已经有一个default.conf文件,可以在那个基础上改或删除掉像下面一样新建。

/etc/nginx/conf.d目录下新建(sudo vi /etc/nginx/conf.d/v2ray.conf)v2ray.conf(v1.xxxx.com请求替换为你自己的域名),内容如下:

server{
    listen 80;
    server_name v1.xxxx.com;
    index index.html;
    root /root/www/;
}

如果出现403之类的错误,参考: Nginx 403 forbidden错误常见情形盘点

启动nginx服务

systemctl start nginx

systemctl enable nginx

#查看nginx启动状态
systemctl status nginx

在浏览器里访问v1.xxxx.com,如果正常则说明nginx配置没问题。

3.7 安装certbot并申请ssl证书

详细的申请证书流程参考: certbot instructions – Nginx on Debian 10 (buster)。具体如下:

安装snapd

这里我是CentOS 8,CentOS 7或其他版本参考下方参考文章来源:

# 添加EPEL
$ sudo dnf install epel-release
$ sudo dnf upgrade

执行安装snapd命令:

sudo yum install snapd

设置snapd开机自启:

sudo systemctl enable --now snapd.socket

设置软链:

sudo ln -s /var/lib/snapd/snap /snap

确保snapd为最新版本

sudo snap install core; sudo snap refresh core

删除certbot-auto以及相关CentOS包

sudo dnf remove certbot

sudo yum remove certbot

安装certbot

sudo snap install --classic certbot

创建软链

sudo ln -s /snap/bin/certbot /usr/bin/certbot

申请证书

运行sudo certbot --nginx开始申请证书,如下:

install-v2ray-on-debian-2021-1.jpg

稍等一会,会提示证书安装成功! 你会发现nginx的配置已经更改,我的/etc/nginx/conf.d/v2ray.conf文件被自动修改为以下内容:

server{
    server_name v1.xxxx.com;
    index index.html;
    root /root/www/;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/v1.xxxx.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v1.xxxx.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server{
    if ($host = v1.xxxx.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name v1.xxxx.com;
    return 404; # managed by Certbot


}

此时,在浏览器里访问v1.xxxx.com已经是https开头的了。

3.8 添加v2ray转发

/etc/nginx/conf.d/v2ray.conf更改为以下内容:

server{
    server_name v1.xxxx.com;
    index index.html;
    root /root/www/;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/v1.xxxx.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v1.xxxx.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

   ## 添加这部分内容,21923对应/usr/local/etc/v2ray/config.json 里面inbounds端口
   ## /jd客户端配置的时候需要,对应/usr/local/etc/v2ray/config.json streamSettings里的path
    location /jd {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:21923;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }
}
server{
    if ($host = v1.xxxx.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name v1.xxxx.com;
    return 404; # managed by Certbot


}

然后运行systemctl restart nginx重启nginx。

3.9 客户端v2rayN配置

大体截图:

v2ray客户端配置

如果连接出错,检查是否开启了SELinux,参考: nginx upstream permission denied错误解决

3.10 使用Google BBR开启加速

细节参考: Debian 9/10快速开启Google BBR实现v2ray高效单边加速

观看Youtube 4k高清视频,播放速度还可以:

racknerd-youtube-4k.jpg

3.11 优化网络,隐藏真实IP

细节参考: KVM架构VPS通过Cloudflare WARP添加额外IPv4/IPv6获得原生IP,隐藏真实IP,解锁Netflix和Google验证码

4. 问题交流

在学习的过程中遇到任何问题都可以加入Telegram群组进行交流-> 加入群组

参考:

  1. install certbot with Nginx on CentOS/RHEL 8
  2. Install nginx on RHEL/CentOS?
  3. Installing snap on CentOS
赞(2)
未经允许禁止转载:四个空格 » 2021最新在CentOS上基于nginx搭建v2ray服务端配置vmess+tls+websocket详细教程(图文)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址