V2Ray簡單搭建
科技發展日新月異,以下關於客戶端於服務器的配置應該已經廢棄了,較新的配置示例請參閱官方倉庫 v2ray-examples 。
參考:V2Ray 簡化文檔和V2Ray 官方文檔。我用的打包好的版本,下載就能直接跑。配置文件默認放在程序目錄,名字是 config.json。
服務端配置如下,其中 uuid 可以用命令行工具 uuidgen 生成或到 uuidgenerator 獲取。
{
"log":{
"access": "/root/v2ray/access.log",
"error": "/root/v2ray/error.log",
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbound": {
"port": 1111, // 服务器监听端口
"listen": "0.0.0.0",
"protocol": "vmess", // 主传入协议
"settings": {
"clients": [
{
"id": "564032s1-ec9a-4c25-9e7a-9f4as8092c4d"
}
]
}
},
"outbound": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
客戶端:
{
"log": {
"access": "/home/42/Programs/v2ray/access.log",
"error": "/home/42/Programs/v2ray/error.log",
"loglevel": "warning"
},
"inbound": [
{
"listen": "127.0.0.1",
"port": 1080,
"tag": "socks-inbound",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "http-in",
"listen": "127.0.0.1",
"port": 1081,
"protocol": "http"
}
],
"outbound": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "111.111.111.111",
"port": 1111,
"users": [
{
"id": "564032s1-ec9a-4c25-9e7a-9f4as8092c4d"
}
]
}
]
},
"tag": "proxy"
},
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:category-ads"
],
"outboundTag": "blocked"
}
]
}
}
xfce 口味的 Fedora,在應用程式選單/設定值/工作階段與初始啟動/應用程式自動啟動中加入指令 /home/42/Programs/v2ray/v2ray run -config /home/42/Programs/v2ray/config.json 即可開機自啟。服務器自動啟動可以複製 systemd/system/v2ray.service 來實現:
sudo cp systemd/system/v2ray.service /etc/systemd/system/v2.service #查看 ExecStart= 行的命令,最好修改為絕對路徑,如 ExecStart=/my/path/to/v2 run -config /my/path/to/v2/config.json #啟用開機啟動 sudo systemctl enable v2
V2Ray Nginx WebSocket tsl配置
服務端配置
{
"log": {
"loglevel": "warning",
"access": "/root/v2ray/access.log",
"error": "/root/v2ray/error.log"
},
"inbound": {
"port": 10000,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "564032s1-ec9a-4c25-9e7a-9f4as8092c4d"
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ftBazz"
}
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
}
}
客戶端配置
{
"log": {
"loglevel": "warning",
"access": "/home/42/Programs/v2ray/access.log",
"error": "/home/42/Programs/v2ray/error.log"
},
"inbound": [
{
"listen": "127.0.0.1",
"port": 1080,
"tag": "socks-inbound",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "http-in",
"listen": "127.0.0.1",
"port": 1081,
"protocol": "http"
}
],
"outbound": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "yourDomin.info",
"port": 443,
"users": [
{
"id": "564032s1-ec9a-4c25-9e7a-9f4as8092c4d"
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"headers": {
"Host": "YOUR.DOMAIN"
},
"path": "/YOUR_RANDOM_PATH"
}
},
"tag": "proxy"
}
],
"dns": {
// Static hosts, similar to hosts file.
"hosts": {
// The following settings help to eliminate DNS poisoning in mainland China.
// It is safe to comment these out if this is not the case for you.
//"domain:github.io": "pages.github.com"
},
"servers": [
"45.90.28.136",
"45.90.30.136"
{
"address": "114.114.114.114",
"port": 53,
// List of domains that use this DNS first.
"domains": [
"geosite:cn"
]
},
"8.8.8.8"
"localhost"
]
},
"routing": {
"strategy": "rules",
"settings": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
}
}
}
Nginx 配置
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/v2ray/v2ray.crt;
ssl_certificate_key /etc/v2ray/v2ray.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name yourDomin.info;
location /YOUR_RANDOM_PATH {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;#假设WebSocket监听在环回地址的10000端口上
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
生成Let's Encrypt的證書:
#安裝 acme curl https://get.acme.sh | sh #centos6 被提示安裝 yum install socat #生成證書(生成證書時 acme 需要使用80端口) sudo ~/.acme.sh/acme.sh --issue -d yourDomin.info --standalone -k ec-256 #將證書和密鑰安裝到 /etc/v2ray mkdir /etc/v2ray sudo ~/.acme.sh/acme.sh --installcert -d yourDomin.info --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc #至此證書已生成完畢,Let's Encrypt 的證書有效期 90 天,更新命令如下 sudo ~/.acme.sh/acme.sh --renew -d yourDomin.info --force --ecc
在 Termux 中運行 v2fly
由於 golang 的網絡模塊寫死了 /etc/resolv.conf 來解析域名,所以在使用 ws 協議且未做 DNS 配置時,便會出現如下報錯:
2020/09/09 06:32:42 [Warning] [1366338444] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://YOUR.TARGET.DOMAIN/): > dial tcp: lookup YOUR.TARGET.DOMAIN on [::1]:53: read udp [::1]:58084->[::1]:53: read: connection refused v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://YOUR.TARGET.DOMAIN/): > dial tcp: lookup YOUR.TARGET.DOMAIN on [::1]:53: read udp [::1]:33167->[::1]:53: read: connection refused v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://YOUR.TARGET.DOMAIN/): > dial tcp: lookup YOUR.TARGET.DOMAIN on [::1]:53: read udp [::1]:52240->[::1]:53: read: connection refused v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://YOUR.TARGET.DOMAIN/): > dial tcp: lookup YOUR.TARGET.DOMAIN on [::1]:53: read udp [::1]:40725->[::1]:53: read: connection refused v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://YOUR.TARGET.DOMAIN/): > dial tcp: lookup YOUR.TARGET.DOMAIN on [::1]:53: read udp [::1]:38532->[::1]:53: read: connection refused] > v2ray.com/core/common/retry: all retry attempts failed
最簡單的解決辦法是利用 Termux 提供的用了模仿正常 Linux 環境的 termux-chroot 命令。
pkg install proot termux-chroot ./v2ray -config config.conf
另外三個方法,一是修改 go 的源碼,然後自己打包 v2ray;二是配置 v2ray 的 DNS;三是在 Termux 中編譯。都不簡單。參考:V2ray在非标准linux环境中的DNS域名解析问题;再次探讨 #633 安卓上运行ARM版本,不能使用域名,只能使用IP的问题
雖然 aarch64 構架的手機用 linux-arm64-v8a.zip 這個包也沒問題,但是如果你想打出安卓包也是可以的。方法如下:
#1, 備好梯子 #2, 安裝 golang https://golang.org/doc/install #3, 獲取 v2ray 源碼並解壓 go get -u -v v2ray.com/core/... # 也可以從 github 獲取 #4, 構建可執行文件 cd $(go env GOPATH)/src/v2ray.com/core/main env CGO_ENABLED=0 GOOS=android GOARCH=arm64 go build -o $HOME/v2ray -ldflags "-s -w" cd $(go env GOPATH)/src/v2ray.com/core/infra/control/main env CGO_ENABLED=0 GOOS=android GOARCH=arm64 go build -o $HOME/v2ctl -tags confonly -ldflags "-s -w" #如果網絡不好,可以嘗試 export GOPROXY=https://goproxy.io #更多構建信息參考官方 https://www.v2fly.org/developer/intro/compile.html#%E5%89%8D%E5%BA%8F%E5%B7%A5%E4%BD%9C #及 Go (Golang) GOOS and GOARCH https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63
一個 vmess 鏈接轉換成 config.json (僅供參考)
vmess://YXV0bqo4ZjllYTYyMC44Z1k1L1QyM2MtxDVjMCtxNmFhYjBjqDFhMmJAYXBwLdNvbWlvaHV3LmxpdzU6NDQz?remarks=NodeName&path=/&obfs=websocket&tls=1
{
"policy": null,
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{
"tag": "proxy",
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"ip": null,
"address": null,
"clients": null,
"decryption": null
},
"streamSettings": null
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "YOUR.TARGET.DOMAIN",
"port": 443,
"users": [
{
"id": "8f9wa620-8x95-423q-85h0-16akb0c81a2n",
"alterId": 0,
"email": "[email protected]",
"security": "auto",
"encryption": null
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": null
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": null,
"headers": null
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": false,
"concurrency": 8
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"vnext": null,
"servers": null,
"response": null
},
"streamSettings": null,
"mux": null
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"vnext": null,
"servers": null,
"response": {
"type": "http"
}
},
"streamSettings": null,
"mux": null
}
],
"stats": null,
"api": null,
"dns": null,
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": null,
"inboundTag": [
"api"
],
"outboundTag": "api",
"ip": null,
"domain": null
}
]
}
}
本文更新於 2024/04/19。