欢迎光临
感受代码之美

2021最新基于nginx搭建v2ray服务端配置vmess+tls+websocket详细教程(图文)

查询直接使用TCP方式运行v2ray上网记录如下图:

直接使用TCP方式运行v2ray上网记录

vmess+tls+websocket的方式运行v2ray上网记录如下图:

v2ray-ssl上网记录

为了让v2ray服务安全、稳定的运行,这里选择以vmess+tls+websocket的方式进行搭建。这种方式需要你提前配备域名、VPS,并把域名解析到你的VPS对应的ip地址。

1.环境准备

2.系统信息

  • 系统:Debian GNU/Linux 10
  • 这里使用的root用户

3.搭建步骤

3.1连接VPS

这篇文章里有使用xshell远程连接VPS的细节。

3.2更新

apt update

3.3安装curl

apt install curl

3.4安装v2ray

使用curl进行安装

// 安裝執行檔和 .dat 資料檔
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

在安装过程中,会打印详细的安装说明,里面有使用的配置文件信息,在/usr/local/etc/v2ray/config.json这个位置,如下:

# /etc/systemd/system/v2ray.service
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target

[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target

如果不是安装,只是更新,使用如下命令:

// 只更新 .dat 資料檔
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)

然后编辑/usr/local/etc/v2ray/config.json文件内容如下:

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [{
            "port": 21602,
            "protocol": "vmess",
            "settings": {
                "clients": [{
                        "id": "27848739-7e62-4138-9fd3-098a63964b6b",
                        "level": 1,
                        "alterId": 4
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/v2ray"
                }
            }
        }
    ],

    "outbounds": [{
            "protocol": "freedom"
        }
    ]
}

Debian环境下vi删除键不管用?参考: 解决Debian下Vi编辑器的方向键和退格键失灵的问题

我自己的v2ray配置如下:

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [{
            "port": 21619,
            "protocol": "vmess",
            "settings": {
                "clients": [{
                        "id": "80eab74a-59e2-4ad7-b6c4-b0b909b7c0f3",
                        "level": 1,
                        "alterId": 4
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/weixin"
                }
            }
        }
    ],
    "outbounds": [{
            "protocol": "freedom",
            "settings": {},
            "tag": "direct"
        }, {
            "protocol": "freedom",
            "settings": {
                "domainStrategy": "UseIPv4"
            },
            "tag": "ip4-out"
        }
    ],
    "routing": {
        "rules": [{
                "type": "field",
                "domain": [
                    "domain:google.com"
                ],
                "outboundTag": "ip4-out"
            }
        ]
    }
}

3.5 启动v2ray服务

#启动命令
systemctl start v2ray

#加入开机自启
systemctl enable v2ray

3.6 安装nginx

这里安装当前最新稳定版本,首先设置仓库地址:

echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | tee /etc/apt/sources.list.d/nginx.list

执行安装

apt install nginx

新建网页目录

这里在假设是/root/www

mkdir -p /root/www

新建首页

/root/www目录下新建一个index.html文件,

vi index.html

内容如下:

<html>
   <title>欢迎使用v2ray</title>
</html>

新建配置文件

/etc/nginx/conf.d目录下新建v2ray.conf(v1.xxxx.com请求替换为你自己的域名),内容如下:

server{
    listen 80;
    server_name v1.xxxx.com;
    index index.html;
    root /root/www/;
}

这里你可能需要将/etc/nginx/nginx.conf中第一行user www-data改为user root,即当前用户。

启动nginx服务

systemctl start nginx

systemctl enable nginx

#查看nginx启动状态
systemctl status nginx

在浏览器里访问v1.xxxx.com,如果正常则说明nginx配置没问题。

3.7 安装certbot并申请ssl证书

详细的申请证书流程参考: certbot instructions – Nginx on Debian 10 (buster)。具体如下:

安装snapd

apt install snapd

确保snapd为最新版本

snap install core; snap refresh core

安装certbot

snap install --classic certbot

创建软链

ln -s /snap/bin/certbot /usr/bin/certbot

申请证书

运行certbot --nginx开始申请证书,如下:

install-v2ray-on-debian-2021-1.jpg

稍等一会,会提示证书安装成功! 你会发现nginx的配置已经更改,我的/etc/nginx/conf.d/v2ray.conf文件被自动修改为以下内容:

server{
    server_name v1.xxxx.com;
    index index.html;
    root /root/www/;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/v1.xxxx.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v1.xxxx.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server{
    if ($host = v1.xxxx.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name v1.xxxx.com;
    return 404; # managed by Certbot


}

此时,在浏览器里访问v1.xxxx.com已经是https开头的了。

3.8 添加v2ray转发

/etc/nginx/conf.d/v2ray.conf更改为以下内容:

server{
    server_name v1.xxxx.com;
    index index.html;
    root /root/www/;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/v1.xxxx.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v1.xxxx.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

   ## 添加这部分内容,21602对应/usr/local/etc/v2ray/config.json 里面inbounds端口
   ## /v2ray客户端配置的时候需要,对应usr/local/etc/v2ray/config.json streamSettings里的path
    location /v2ray {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:21602;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }
}
server{
    if ($host = v1.xxxx.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name v1.xxxx.com;
    return 404; # managed by Certbot


}

然后运行systemctl restart nginx重启nginx。

3.9 客户端v2rayN配置

大体截图:

v2ray客户端配置

3.10 使用Google BBR开启加速

细节参考: Debian 9/10快速开启Google BBR实现v2ray高效单边加速

观看Youtube 4k高清视频,播放速度还可以:

racknerd-youtube-4k.jpg

3.11 优化网络,隐藏真实IP

细节参考: KVM架构VPS通过Cloudflare WARP添加额外IPv4/IPv6获得原生IP,隐藏真实IP,解锁Netflix和Google验证码

4. 问题交流

在学习的过程中遇到任何问题都可以加入Telegram群组进行交流-> 加入群组

参考:

https://certbot.eff.org/lets-encrypt/debianbuster-nginx
https://nginx.org/en/linux_packages.html#mainline

赞(2)
未经允许禁止转载:四个空格 » 2021最新基于nginx搭建v2ray服务端配置vmess+tls+websocket详细教程(图文)

评论 30

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    感谢楼主,可用!

    012个月前 (06-08)Reply
    • 很高兴对你有帮助!

      michael2个月前 (06-08)Reply
  2. #2

    请问有ios小火箭的配置教程吗?

    012个月前 (06-10)Reply
  3. #3

    可以通过二维码的方式来配置,不用了。~

    012个月前 (06-10)Reply
  4. #4

    请问这样设置完会自动更新证书吗?

    乔治2个月前 (06-11)Reply
    • 可以通过定时任务的方式实现更新,参考:https://www.4spaces.org/nginx-lets-encrypt-ssl/

      michael2个月前 (06-12)Reply
      • 很高兴收到你的回复,感谢!

        乔治2个月前 (06-13)Reply
  5. #5

    会不会被GOV 监控异常流量?

    Moopa1个月前 (06-18)Reply
    • 现在显示的是ssl流量,跟正常上网没两样。

      michael1个月前 (06-19)Reply
  6. #6

    #查看nginx启动状态 Active: active (running)
    但是上不了网页,后续申请证书也失败了,是namesilo里需要设置什么吗?

    ghsxyz1个月前 (06-23)Reply
    • 估计是域名解析的不对,没申请证书之前能访问吗

      michael1个月前 (06-24)Reply
      • 也不行,后来看了下似乎是端口没开放,输入下面两个指令就好了,但总感觉哪里不对劲。
        sudo iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
        sudo iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

        ghsxyz1个月前 (06-25)Reply
        • 是不是你的VPS供应商对端口有限制,需要自行开放端口?

          michael1个月前 (06-29)Reply
  7. #7

    运行 certbot –nginx 提示
    Error while running nginx -c /etc/nginx/nginx.conf -t.

    nginx: [emerg] unexpeted end of file, expecting “}” in /etc/nginx/conf.d/v2ray.conf:6
    nginx: configuration file /etc/nginx/nginx.conf test failed
    不会解决

    kexibushini1个月前 (06-28)Reply
    • nginx配置文件有错误,仔细核对下,或者发我截图我帮你看下。

      michael1个月前 (06-28)Reply
  8. #8

    楼楼,有trojan 的搭建脚本吗

    alu1个月前 (06-28)Reply
  9. #9

    您好,大神,我在设置nginx仓库地址那一步卡住了,显示:
    -bash: lsb_release: command not found
    deb http://nginx.org/packages/debian nginx

    请问怎么处理啊,大神。我系统是Debian 10 x86_64

    wintell1个月前 (07-01)Reply
    • sudo apt install lsb-core

      michael1个月前 (07-01)Reply
      • 大神,还是报错了,麻烦您看看哈
        【第一次安装,显示错误】——
        Reading package lists… Done
        Building dependency tree
        Reading state information… Done
        Package lsb-core is not available, but is referred to by another package.
        This may mean that the package is missing, has been obsoleted, or
        is only available from another source

        E: Package ‘lsb-core’ has no installation candidate

        【再次安装,显示错误】——
        E: Malformed entry 1 in list file /etc/apt/sources.list.d/nginx.list (Component)
        E: The list of sources could not be read.

        wintell1个月前 (07-01)Reply
      • 谢谢大神,这个问题搞定了

        wintell1个月前 (07-01)Reply
  10. #10

    您好,大佬,我启动nginx后,xshell就断开了,ssh端口连不上,tcp不可用。请问该如何解决呢?我系统是Debian 10 x86_64

    wintell1个月前 (07-01)Reply
    • IP能ping通吗,可以在电报群里发下情况,回复的及时点,或者发邮件。

      michael1个月前 (07-01)Reply
      • 谢谢大神,这问题搞定了,原来是我之前upgrade ca-certificates 的时候
        A new version (/tmp/filecih8Cn) of configuration file /etc/ssh/sshd_config is available, but the version installed currently has been locally modified. │
        把这个文件也升级了

        wintell1个月前 (07-02)Reply
  11. #11

    启动nginx服务后浏览器上不去vi网址,是哪里出了问题呢,是不能用除了com以外的域名吗

    w1个月前 (07-01)Reply
  12. #12

    大神,我完全按照教程来做,也自己弄了个图文网页,但是把整个教程全做一遍后,网页能打开,但是没有内容,是空白的,请问是哪里出问题了呢

    wintell1个月前 (07-02)Reply
    • 网页就是空白的,我只写了个标题

      michael4周前 (07-07)Reply
  13. #13

    大神,我Debian 10 x86_64,v2ray启动不了,报错
    v2ray.service – V2Ray Service
    Loaded: loaded (/etc/systemd/system/v2ray.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/v2ray.service.d
    └─10-donot_touch_single_conf.conf
    Active: failed (Result: exit-code) since Thu 2021-07-01 21:51:42 EDT; 1h 41min ago
    Docs: https://www.v2fly.org/
    Process: 20229 ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json (code=exited, status=23)
    Main PID: 20229 (code=exited, status=23)

    Jul 01 21:51:42 clean-echo-1.localdomain systemd[1]: Started V2Ray Service.
    Jul 01 21:51:42 clean-echo-1.localdomain v2ray[20229]: V2Ray 4.40.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.16.5 linux/amd64)
    Jul 01 21:51:42 clean-echo-1.localdomain v2ray[20229]: A unified platform for anti-censorship.
    Jul 01 21:51:42 clean-echo-1.localdomain v2ray[20229]: 2021/07/01 21:51:42 [Info] main/jsonem: Reading config: /usr/local/etc/v2ray/config.json
    Jul 01 21:51:42 clean-echo-1.localdomain v2ray[20229]: main: failed to create server > proxy/vmess/inbound: failed to get VMess user > proxy/vmess: failed to parse ID > encoding/hex: invalid byte: U+0073 ‘s’
    Jul 01 21:51:42 clean-echo-1.localdomain systemd[1]: v2ray.service: Main process exited, code=exited, status=23/n/a
    Jul 01 21:51:42 clean-echo-1.localdomain systemd[1]: v2ray.service: Failed with result ‘exit-code’.
    ~

    wintell1个月前 (07-02)Reply
    • 可以在Telegram上发下你的配置信息,我帮你看看。

      michael4周前 (07-07)Reply
  14. #14

    [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://我设置的路径): 301 Moved Permanently > websocket: bad handshake] > v2ray.com/core/common/retry: all retry attempts failed
    请问:这个如何解决?另教程上的路径 location /v2ray { <====这个是要在哪里建立文件?还是随便自己写个路径,只要两个配置文件的路径一致就可以?在服务器中不需要建立实际路径与文件

    愚者3周前 (07-09)Reply
    • 路径是 /etc/nginx/conf.d/ 下面,文件名随便取,不会可以邮件或telgram联系,我帮你看看

      michael3周前 (07-12)Reply