欢迎光临
感受代码之美

centos7基于nginx搭建v2ray服务端配置vmess+tls+websocket完全手册

一直都是使用自建shadowsocks科学上网,服务很稳定,虽然v2ray出现了很久,但是没花心思研究两者之间有什么区别。后来无意间查询自己手机的上网记录,出现下图信息,我感觉还是让上网更隐蔽一点更好。

shadowsocks-tcp.jpg

怎么让手机上网记录看起来更正常一点呢?v2ray服务端配置vmess+tls+websocket就是一种解决方式,下面是我使用这种方式之后手机上网记录信息:

v2ray-ssl上网记录

接下来就是我实现上述情形的解决过程记录。

1.环境准备

  • VPS : 推荐一下DigitalOcean
  • 一个域名,推荐去godaddy注册,注册之前最好找一下优惠券;
  • vps部署Nginx并启用tls安装证书;

相关文章推荐:

请继续下一步之前,先依次完成下列步骤:

  • 注册一个自己的VPS服务器;
  • 注册一个自己的域名并解析到自己的VPS;
  • 登录VPS并安装部署Nginx;
  • 完成域名的https SSL安全证书启用;

只有完成上面的步骤在继续下面操作,才能实现v2ray服务端配置vmess+tls+websocket。

我的环境:

  • 服务器系统:Digitalocean CentOS 7.5 x64 ;
  • v2ray版本:v4.17.0;
  • nginx版本:nginx/1.14.2 (CentOS);
  • 证书:Let’s Encrypt certbot-0.31.0;
  • v2rayN:2.22

2.安装v2ray

安装过程很简单,只要能正常连接自己的VPS并进行登录,然后执行一下安装命令即可,安装过程参考:从零开始:史上最详尽V2Ray搭建图文教程,重要的接下来的配置过程。

3.配置v2ray服务端

假设你的域名是v2ray.com,并将二级域名hi.v2ray.com解析到你的VPS。

执行下面的命令,开始配置v2ray:

[[email protected] ~]# vi /etc/v2ray/config.json 

i键编辑文件,把内容更改为下面的内容:

{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "port": 33684,
      "listen": "127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "0c67ca68-63ad-40c5-898e-9cf1925c8694",
            "level": 1,
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/etc/nginx/html"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {},
      "tag": "direct"
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/8",
          "10.0.0.0/8",
          "100.64.0.0/10",
          "127.0.0.0/8",
          "169.254.0.0/16",
          "172.16.0.0/12",
          "192.0.0.0/24",
          "192.0.2.0/24",
          "192.168.0.0/16",
          "198.18.0.0/15",
          "198.51.100.0/24",
          "203.0.113.0/24",
          "::1/128",
          "fc00::/7",
          "fe80::/10"
        ],
        "outboundTag": "blocked"
      }
    ]
  }
}

3.配置Nginx

执行下面的命令,开始配置nginx:

[[email protected] ~]# vi /etc/nginx/conf.d/v2ray.conf 

i键编辑文件,把内容更改为下面的内容:

server {
    listen 443 ssl http2 default_server;
    server_name hi.v2ray.com;

    ssl_certificate /etc/letsencrypt/live/hi.v2ray.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/hi.v2ray.com/privkey.pem;

    root /etc/nginx/html;
    index index.html;

    location /etc/nginx/html {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:27321;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }
}

4.重启v2ray、nginx服务

systemctl restart v2ray

systemctl restart nginx

客户端配置json

如果你通过Json文件配置,则客户端的json配置内容:

{
  "log": {
    "loglevel": "warning"
  },
  "inbound": {
    "port": 1080,
    "listen": "127.0.0.1",
    "protocol": "socks",
    "settings": {
      "auth": "noauth",
      "udp": false
    }
  },
  "inboundDetour": [
    {
        "port": 8128,
        "listen": "127.0.0.1",
        "protocol": "http",
        "settings": {}
    }
  ],
  "outbound": {
    "protocol": "vmess",
    "settings": {
      "vnext": [{
        "address": "hi.v2ray.com",
        "port": 443,
        "users": [{ 
            "id": "0c67ca68-63ad-40c5-898e-9cf1925c8694",
            "level": 1,
            "alterId": 64,
            "security": "aes-128-gcm"
        }]
      }]
    },
    "streamSettings":{
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
            "serverName": "hi.v2ray.com"
        },
        "wsSettings": {
            "path": "/etc/nginx/html"
        }
    },
    "tag": "forgin"
  },
  "outboundDetour": [
    {
        "protocol": "freedom",
        "settings": {},
        "tag": "direct"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
        "domainStrategy": "IPIfNonMatch",
        "rules": [
            {
                "type": "chinaip",
                "outboundTag": "direct"
            },
            {
                "type": "chinasites",
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "ip": [
                    "0.0.0.0/8",
                    "10.0.0.0/8",
                    "100.64.0.0/10",
                    "127.0.0.0/8",
                    "169.254.0.0/16",
                    "172.16.0.0/12",
                    "192.0.0.0/24",
                    "192.0.2.0/24",
                    "192.168.0.0/16",
                    "198.18.0.0/15",
                    "198.51.100.0/24",
                    "203.0.113.0/24",
                    "::1/128",
                    "fc00::/7",
                    "fe80::/10"
                ],
                "outboundTag": "direct"
            }
        ]
    }
  },
  "policy": {
    "levels": {
      "0": {"uplinkOnly": 0}
    }
  }
}

5.客户端界面配置

这里我是用v2rayN,配置如下:

v2rayn-config.jpg

6.常见问题

1)使用v2ray访问谷歌提示异常流量
2)启用cloudflare cdn之后v2ray报403错误

参考文章:

  1. v2ray + websocket + web + nginx 配置与使用
转载请注明来源:四个空格 » centos7基于nginx搭建v2ray服务端配置vmess+tls+websocket完全手册

评论 4

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    你好,请问v2ray可以配置多用户吗?我想同时给我几个好友用

    VK3601H2个月前 (03-14)Reply
    • 可以配置多用户,修改clients数组,增加一个即可。

      michael2个月前 (03-19)Reply
  2. #2

    你好,可以用这个方法让MTProxy隐蔽一点吗?

    Lee2周前 (05-10)Reply