├── renew-cert.sh ├── LICENSE ├── README.md └── auto-config.sh /renew-cert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ $# -ne 1 ]; then 5 | echo "Usage: $0 domain_name" >&2 6 | exit 1 7 | fi 8 | 9 | do_name=$1 10 | 11 | systemctl stop nginx 12 | ~/.acme.sh/acme.sh --renew -d $do_name --ecc 13 | ~/.acme.sh/acme.sh --installcert -d $do_name --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc 14 | systemctl start nginx 15 | echo 16 | echo "SSL cert renew is done!" 17 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Chenjie (Jack) Ni 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # v2ray-tls-websocket-nginx 2 | Are we doomed in the year of 2019? Is it gonna be like The Wandering Earth🌎? Fortunately, here comes the V2Ray to the rescue, which is powered by the [Project V](https://v2ray.com/). 3 | 4 | > If you want to keep a *secret*, you must also hide it from *yourself*. (Shadowsocks) 5 | 6 | ## Tutorial (highly recommended) 7 | 8 | * [V2Ray 白话文教程](https://toutyrater.github.io/) (Mandarin) 9 | * [V2Ray Official Doc](https://v2ray.com/en/index.html) (English) 10 | 11 | ## Prerequisites 12 | 13 | * Ubuntu 18.04 14 | * Run as `root` user 15 | * A cup of Java :) 16 | 17 | ## Usage 18 | 19 | ### Set up from scratch 20 | 21 | ``` 22 | $ bash auto-config.sh domain_name 23 | ``` 24 | 25 | ### Renew SSL certificate 26 | 27 | ``` 28 | $ bash renew-cert.sh domain_name 29 | ``` 30 | 31 | Note: `domain_name` should have DNS A record configured pointing at the _public_ IPv4 address (not the private one in VPC) of the VM/VPS. 32 | 33 | ## Configs 34 | 35 | | Key | Value | 36 | |---|---| 37 | | Server IP | `` | 38 | | Protocol | `Vmess` | 39 | | Port | `443` | 40 | | UUID | `b831381d-6324-4d53-ad4f-8cda48b30811` | 41 | | AlterId | `64` | 42 | | Encryption | `auto` | 43 | | TLS | `YES` | 44 | | TLS Domain Name | `` | 45 | | Network | `websocket` or `ws` | 46 | | Websocket Path | `/ws/` | 47 | 48 | ## Extra Info 49 | 50 | * Nginx: `/etc/nginx` 51 | * Websocket port (internal): `10000` 52 | * Log files: `/var/log/v2ray` (loglevel: info) 53 | * V2Ray config: `/etc/v2ray/config.json` 54 | * Let’s Encrypt [certificate duration](https://letsencrypt.org/2015/11/09/why-90-days.html): `90 days` 55 | -------------------------------------------------------------------------------- /auto-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ $# -ne 1 ]; then 5 | echo "Usage: $0 domain_name" >&2 6 | exit 1 7 | fi 8 | 9 | do_name=$1 10 | 11 | apt-get update && apt-get -y upgrade 12 | apt-get -y install nginx socat 13 | hostnamectl set-hostname $do_name 14 | bash <(curl -L -s https://install.direct/go.sh) 15 | curl https://get.acme.sh | sh 16 | systemctl stop nginx 17 | ~/.acme.sh/acme.sh --issue -d $do_name --standalone -k ec-256 18 | ~/.acme.sh/acme.sh --installcert -d $do_name --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc 19 | cat <>/etc/nginx/sites-available/ssl 20 | server { 21 | listen 443 ssl default_server; 22 | listen [::]:443 ssl default_server; 23 | root /var/www/html; 24 | index index.html index.htm index.nginx-debian.html; 25 | ssl on; 26 | ssl_certificate /etc/v2ray/v2ray.crt; 27 | ssl_certificate_key /etc/v2ray/v2ray.key; 28 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 29 | ssl_ciphers HIGH:!aNULL:!MD5; 30 | server_name $do_name; 31 | 32 | location /ws/ { 33 | proxy_redirect off; 34 | proxy_pass http://127.0.0.1:10000; 35 | proxy_http_version 1.1; 36 | proxy_set_header Upgrade \$http_upgrade; 37 | proxy_set_header Connection "upgrade"; 38 | proxy_set_header Host \$http_host; 39 | proxy_set_header X-Real-IP \$remote_addr; 40 | proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; 41 | } 42 | } 43 | EOF 44 | ln -s /etc/nginx/sites-available/ssl /etc/nginx/sites-enabled/ 45 | rm -f /etc/v2ray/config.json 46 | cat <>/etc/v2ray/config.json 47 | { 48 | "log": { 49 | "access": "/var/log/v2ray/access.log", 50 | "error": "/var/log/v2ray/error.log", 51 | "loglevel": "info" 52 | }, 53 | "inbounds": [ 54 | { 55 | "port": 10000, 56 | "listen":"127.0.0.1", 57 | "protocol": "vmess", 58 | "settings": { 59 | "clients": [ 60 | { 61 | "id": "b831381d-6324-4d53-ad4f-8cda48b30811", 62 | "alterId": 64, 63 | "security": "auto", 64 | "level": 0 65 | } 66 | ] 67 | }, 68 | "streamSettings": { 69 | "network": "ws", 70 | "wsSettings": { 71 | "path": "/ws/" 72 | } 73 | } 74 | } 75 | ], 76 | "outbounds": [ 77 | { 78 | "protocol": "freedom", 79 | "settings": {} 80 | } 81 | ] 82 | } 83 | EOF 84 | 85 | systemctl restart nginx 86 | systemctl enable nginx 87 | systemctl restart v2ray 88 | systemctl enable v2ray 89 | 90 | netstat -lntp 91 | echo "done, enjoy!" 92 | 93 | 94 | --------------------------------------------------------------------------------