#VPS购买连接
VKVM官网
#安装sudo
apt install sudo
#Nginx安装
sudo apt update && sudo apt upgrade -y && apt-get install -y gcc g++ libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev wget sudo make curl socat cron && wget https://nginx.org/download/nginx-1.27.1.tar.gz && tar -xvf nginx-1.27.1.tar.gz && cd nginx-1.27.1 && ./configure --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module && make && make install && cd
#service路径
/lib/systemd/system
#重启nginx
systemctl daemon-reload && systemctl enable nginx.service
#nginx配置路径
/etc/nginx/
#安装acme:
curl https://get.acme.sh | sh
#添加软链接:
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#切换CA机构:
acme.sh --set-default-ca --server letsencrypt
#cloudflare API
export CF_Key=你的API Token export CF_Email=你的Cloudflare注册邮箱
#申请证书:
acme.sh --issue --dns dns_cf -d 你的域名
#安装证书
acme.sh --install-cert -d 你的域名 --ecc \ --key-file /etc/ssl/private/private.key \ --fullchain-file /etc/ssl/private/fullchain.cer \ --reloadcmd "systemctl force-reload nginx"
#Xray安装
bash -c “$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)” @ install -u root
#Xray 配置路径
/usr/local/etc/xray
章节:
00:00 前言
00:59 Reality原理
04:27 VPS推荐
06:31 解析域名
06:51 安装nginx
08:12 申请证书
09:47 安装和配置xray配置
12:48 配置v2rayN
14:25 伪装网站
#nginx.service配置文件
[Unit] Description=A high performance web server and a reverse proxy server Documentation=man:nginx(8) After=network.target nss-lookup.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;' ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid TimeoutStopSec=5 KillMode=mixed [Install] WantedBy=multi-user.target
#nginx配置文件
user root;
worker_processes auto;
error_log /usr/local/nginx/logs/error.log notice;
pid /usr/local/nginx/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
access_log /usr/local/nginx/logs/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
map $proxy_protocol_addr $proxy_forwarded_elem {
~^[0-9.]+$ "for=$proxy_protocol_addr";
~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
default "for=unknown";
}
map $http_forwarded $proxy_add_forwarded {
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
default "$proxy_forwarded_elem";
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:8003 ssl default_server;
ssl_reject_handshake on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:10m;
ssl_early_data on;
}
server {
listen 127.0.0.1:8003 ssl proxy_protocol;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
server_name xx.com; # 填由 Nginx 加载的 SSL 证书中包含的域名,建议将域名指向服务端的 IP
ssl_certificate /etc/ssl/private/fullchain.cer;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 valid=60s;
resolver_timeout 2s;
location / {
sub_filter $proxy_host $host;
sub_filter_once off;
set $website www.lovelive-anime.jp;
proxy_pass https://$website;
resolver 1.1.1.1;
proxy_set_header Host $proxy_host;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_set_header Early-Data $ssl_early_data;
}
}
}
#xray配置文件
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "443",
"network": "udp",
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // run `xray uuid` to generate
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "8003",
"xver": 1,
"serverNames": [
"" // server name
],
"privateKey": "", // run `xray x25519` to generate
"shortIds": [
"" // 0 to f, length is a multiple of 2, maximum length is 16
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
}
视频可以分享一下吗?
已分享
你好,我到/usr/local/etc/xray这步,etc里面没有xray这个文件,找不到config.json 配置文件,所以xray uuid就没办法运行了。这种情况该如何处理,查了很多资料都弄明白。谢谢!
那你应该是没有正确安装xray
按照这个教程,chatGPT、perplexity.ai这种的网站无法访问,是怎么回事?其他的网站是正常的,换其他节点也是正常的,我确定是节点的问题
这种应该是IP的问题,ip被这些网站ban了,和协议没关系的
nginx -t的时候提示[warn] “ssl_stapling” ignored, no OCSP responder URL in the certificate “/etc/ssl/private/fullchain.cer”
请问这个怎么解决
证书是怎么申请的?
忽略应该也是可以正常使用的
偷自己是要申请证书的,偷别人的不用
这个可以忽略,没关系的
warn不是error
请教一下,伪装网站有什么要求吗?
没有特别的要求,尽量符合自己的流量特征
能否提供几个适合作为伪装的网站呢?我发现用speed.cloudflare.com会被墙Ipv4
xray使用reality可以和nginxproxymanager搭配使用吗?443还是由xray监听,xray回落8003到nginxproxymanager。nginxproxymanager申请域名和配置反代很方便。
当然可以啊,nginxproxymanager只是替代nginx,和xray不冲突