Youtube:
https://youtu.be/TleF1xwK61U
#安装xray
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
#xray配置文件路径
/usr/local/etc/xray/config.json
#xray配置文件
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "443",
"network": "udp",
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // run `xray uuid` to generate
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "8003",
"xver": 1,
"serverNames": [
"" // server name
],
"privateKey": "", // run `xray x25519` to generate
"shortIds": [
"" // 0 to f, length is a multiple of 2, maximum length is 16
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
}
#检查xray配置
xray -test -config /usr/local/etc/xray/config.json
#重启xray并查看xray运行情况
systemctl restart xray && systemctl status xray
#安装 caddy
apt install -y sudo debian-keyring debian-archive-keyring apt-transport-https curl && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list && apt update && apt install caddy
#默认配置文件目录
/etc/caddy/caddy.json
#caddy配置文件
{
"apps": {
"http": {
"servers": {
"srvh1": {
"listen": [":80"],
"routes": [{
"handle": [{
"handler": "static_response",
"headers": {
"Location": ["https://{http.request.host}{http.request.uri}"]
},
"status_code": 301
}]
}],
"protocols": ["h1"]
},
"srvh2": {
"listen": ["127.0.0.1:8003"],
"listener_wrappers": [{
"wrapper": "proxy_protocol",
"allow": ["127.0.0.1/32"]
}, {
"wrapper": "tls"
}],
"routes": [
{
"handle": [{
"handler": "headers",
"response": {
"set": {
"Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"],
"Alt-Svc": ["h3=\":443\"; ma=2592000"]
}
}
},
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"tls": {}
},
"upstreams": [{
"dial": "xx.com:443" //伪装网站
}],
"headers": {
"request": {
"set": {
"Host": ["{http.reverse_proxy.upstream.hostport}"]
}
}
}
}]
}],
"tls_connection_policies": [{
"match": {
"sni": ["yourdomain.com"] //你的域名
},
"cipher_suites": ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"],
"curves": ["x25519", "secp521r1", "secp384r1", "secp256r1"],
"alpn": ["h3", "h2", "http/1.1"]
}],
"protocols": ["h1", "h2", "h3"]
}
}
},
"tls": {
"certificates": {
"automate": ["yourdomain.com"] //你的域名
},
"automation": {
"policies": [{
"issuers": [{
"module": "acme",
"email": "[email protected]"
}]
}]
}
}
}
}
#测试配置文件
caddy validate --config /etc/caddy/caddy.json
#启动服务端
caddy run --config /etc/caddy/caddy.json
//得到“certificate obtained successfully ” “releasing lock”
#80或者2019占用
caddy stop
再启动
#关闭caddy
ctrl+c
#后台运行caddy:
caddy start --config /etc/caddy/caddy.json
caddy常用指令:
前台运行caddy:
caddy run
后台运行caddy:
caddy start
停止caddy:
caddy stop
重载配置:
caddy reload
咋不能看
视频在ybt还没有开放
caddy运行失败了 报错: tls stapling OCSP {“error”: “no OCSP stapling
不知是哪里的问题
warnign不是error,应该没问题的
因为letencrypt从5月开始放弃了对OCSP证书链的自持,转向了CRLs,而nginx开没有开始支持验证CRLs。不影响使用的
Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation information via the Online Certificate Status Protocol (OCSP).
老哥,能测一下为什么reality开启vision后,真延迟会翻一倍吗?
这个是powershell测真延迟的脚本
“`
while ($true) {
$start = Get-Date
try {
$response = Invoke-WebRequest -Uri “ht删tp://ww删w.cloudflare.com/cdn-cgi/trace” -TimeoutSec 5 -ErrorAction Stop
$end = Get-Date
$duration = ($end – $start).TotalMilliseconds
$lines = $response.Content -split “`n”
$ip = $lines | Where-Object { $_ -like “ip=*” }
$colo = $lines | Where-Object { $_ -like “colo=*” }
$loc = $lines | Where-Object { $_ -like “loc=*” }
Write-Host “[$($start.ToString(‘HH:mm:ss.fff’))] $ip $colo $loc | Duration: $([math]::Round($duration, 2)) ms”
} catch {
$end = Get-Date
$duration = ($end – $start).TotalMilliseconds
Write-Host “[$($start.ToString(‘HH:mm:ss.fff’))] Request failed: $_ | Duration: $([math]::Round($duration, 2)) ms”
}
Start-Sleep -Milliseconds 500
}
“`
reality的握手延迟会高,确实的
直接跳本机的静态页面可以么?没理解candy的伪装网站为什么要跳另一个大站,毕竟reality用的域名也是自己的
伪装是个代理,多域名网站