├── DOCKER.md ├── README.md ├── assets ├── config.yml ├── freenom.png ├── nameserver.png ├── nginx配置文件.txt ├── 客户端配置文件.json └── 服务端配置文件.json └── v2 ├── Dockerfile-main ├── Dockerfile-nginx ├── docker-compose.yml └── index.js /DOCKER.md: -------------------------------------------------------------------------------- 1 | ## 安装与使用 2 | 首先安装docker和docker-compose,并且确保80 443端口未被占用(关闭nginx apache之类的,使用netstat -lnp查看),关闭cf云朵 3 | ### 安装BBR加速 4 | bbr脚本在[这里](https://github.com/chiakge/Linux-NetSpeed),建议装BBR PLUS,用着还行,安装BBRplus的时候可能会提示是否删除其余内核,选否,重启即可.建议先安装BBR加速,因为安装完了需要重启才行 5 | - 安装docker 6 | - curl -fsSL https://get.docker.com -o get-docker.sh 7 | - sh get-docker.sh 8 | - 安装docker-compose 9 | - curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose 10 | - chmod +x /usr/local/bin/docker-compose 11 | - 安装git 12 | - apt install git -y 13 | `git clone https://github.com/jueinin/v2ray-websocket-nginx-cloudflare-CDN.git` 14 | `cd v2ray-websocket-nginx-cloudflare-CDN/v2` 15 | 然后编辑Dockerfile-main,修改$V2RAY_DOMAIN为你的域名(一定确保域名解析到这个机器的ip,关闭cf的云朵!),其他的参数最好也改一下 16 | 17 | `docker-compose up -d ` 18 | 19 | 过一分钟等自动申请证书完毕后执行`docker container restart nginx` (因为才入了个门docker,不太清楚怎么控制启动顺序,只能启动失败后重启一下了) 20 | 21 | 看看是不是可以了,客户端配置文件在`/root/config/client.json` 改个名本地用v2跑一下即可连上 22 | 记得手机客户端连接的话,手动设置时证书域名这个不要填,否则就算连上了速度也不超过10kb,原因未知 23 | 24 | 在vultr多个机器上测试通过.*三分钟*部署完成 25 | 26 | 机器重启后要重新开docker才行,进入目录 `docker-compose up -d `然后`docker container restart nginx` 27 | 28 | 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # v2ray-websocket-nginx-cloudflare-CDN 2 | 3 | 一个v2ray+websocket+nginx+cloudflare CDN的简单教程,大概是目前最安全的科学上网方式吧 4 | 5 | # 懒人福利 6 | 建议使用docker快速部署,而不是下面手动复制粘贴的办法 7 | 8 | 整了个简单的docker,两行命令跑一下即可,简单快速,适合快速部署,并且适应各种环境,详情见[这里](./DOCKER.md) 9 | 10 | 11 | ### 第一步整个机器 12 | 这个就不用多说了,买个就是了,不知道在哪买可以上[主机百科](https://www.zhujiwiki.com)随便挑一个 13 | 最好有一点点linux使用基础.建议使用xshell连接SSH,配合xftp直接本地编辑好文件然后传上去,命令行编辑文件感觉不太爽 14 | 15 | ### 第二步申请域名 16 | 可以买一个,也可以[在freenom免费申请一个](https://www.freenom.com),申请完成后应看到这样的图 17 | ![pic](./assets/freenom.png) 18 | 19 | 20 | ### 第三步申请cloudflare账号 21 | 申请的时候会给一串nameServer地址,进入freenom的管理后台填上去就行 22 | ![pic](./assets/nameserver.png)到这里就把DNS交给cloudflare管理了 23 | 24 | ### 第四步 安装配置v2ray 25 | 在ubuntu20测试通过 26 | - 强烈建议新手使用vscode的remote SSH来编辑这些配置文件,用起来比vim简单得多,出问题的概率大大降低,[vscode 远程ssh教程](https://www.jianshu.com/p/0f2fb935a9a1) 27 | - `apt install curl socat -y` 28 | - `bash <(curl -L -s https://install.direct/go.sh)` 安装v2ray 29 | - 生成证书 30 | - 注意证书需要占用80端口去申请,确保申请的时候未被占用,把nginx,apache之类的先关掉 `systemctl stop nginx` 31 | - `wget -O - https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | INSTALLONLINE=1 sh` 32 | - `V2RAY_DOMAIN=你的域名` 33 | - `~/.acme.sh/acme.sh --issue -d $V2RAY_DOMAIN --standalone -k ec-256` 34 | - `~/.acme.sh/acme.sh --installcert -d $V2RAY_DOMAIN --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc` 35 | - 生成的证书在`/etc/v2ray`目录下 36 | 并且放到了指定位置 37 | - 安装nginx 38 | - `apt install nginx` 39 | - 复制粘贴小小的修改几个配置文件即可 40 | - 把[v2ray服务端文件](./assets/服务端配置文件.json)内容直接替换 `/etc/v2ray`下的config.json的内容,服务端的配置文件就解决了 41 | - 然后处理nginx的配置文件,直接把[nginx配置文件文件](./assets/nginx配置文件.txt)的内容替换掉 `/etc/nginx/sites-available/default`这个文件的内容,此时要确定下输入https加域名能跑得起来才行. 42 | 44 | - 推荐使用clash客户端,[clash配置文件示例](./assets/config.yml) 把域名改成你自己的,然后把文件放到你的nginx root目录(/var/www/html)里即可通过url访问 45 | - `systemctl restart nginx` 46 | - `systemctl restart v2ray` 47 | - 然后可以尝试连接一下,不出意外应该可以了 *没错就是这么快!* 48 | 49 | ### 在cloudflare页面把云朵打勾即可 50 | 51 | ### 安装BBR加速 52 | bbr脚本在[这里](https://github.com/chiakge/Linux-NetSpeed),建议装BBR PLUS,用着还行,安装BBR plus内核时会弹出两次确认框,选择`no`即可 53 | 54 | ### tips 55 | 国内腾讯云香港轻量,电信cn2 gia路线,联通移动直连,目前30M的速度差不多能跑满,24/月,可以考虑一下 56 | 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /assets/freenom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jueinin/v2ray-websocket-nginx-cloudflare-CDN/0a3cd3f22af8d6d103982f3b45bd5992455d9319/assets/freenom.png -------------------------------------------------------------------------------- /assets/nameserver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jueinin/v2ray-websocket-nginx-cloudflare-CDN/0a3cd3f22af8d6d103982f3b45bd5992455d9319/assets/nameserver.png -------------------------------------------------------------------------------- /assets/nginx配置文件.txt: -------------------------------------------------------------------------------- 1 | 2 | server { 3 | listen 80 default_server; 4 | listen [::]:80 default_server; 5 | root /var/www/html; 6 | index index.html index.htm; # 默认的80端口配置 7 | server_name _; 8 | location / { 9 | try_files $uri $uri/ =404; 10 | } 11 | } 12 | server { 13 | listen 443 ssl; 14 | ssl on; 15 | ssl_certificate /etc/v2ray/v2ray.crt; 16 | ssl_certificate_key /etc/v2ray/v2ray.key;#这里按那个白话文教程把证书及密钥保存到这里直接用 方便 17 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 18 | ssl_ciphers HIGH:!aNULL:!MD5; 19 | server_name YOURDOMAIN.NAME; #填写域名,不填好像也行,问题不大 20 | location = /ccc { 21 | proxy_redirect off; 22 | proxy_pass http://127.0.0.1:10086;#端口与服务端一致 23 | proxy_http_version 1.1; 24 | proxy_set_header Upgrade $http_upgrade; 25 | proxy_set_header Connection "upgrade"; 26 | proxy_set_header Host $http_host; 27 | } 28 | #下面的是我做的反向代理,这个做不做都行,不过保密性更好一些 29 | location / { 30 | proxy_pass https://www.viewster.com; 31 | proxy_set_header X-Real-IP $remote_addr; 32 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /assets/客户端配置文件.json: -------------------------------------------------------------------------------- 1 | { 2 | "inbounds": [ 3 | { 4 | "port": 1080, 5 | "listen": "127.0.0.1", 6 | "protocol": "http", 7 | "sniffing": { 8 | "enabled": true, 9 | "destOverride": ["http", "tls"] 10 | }, 11 | "settings": {} 12 | } 13 | ], 14 | "outbounds": [ 15 | { 16 | "protocol": "vmess", 17 | "settings": { 18 | "vnext": [ 19 | { 20 | "address": "填写自己的域名", 21 | "port": 443, 22 | "users": [ 23 | { 24 | "id": "d45a79b4-6094-41cf-923d-42731e7ecf3e", 25 | "alterId": 4, 26 | "level": 1, 27 | "security": "auto" 28 | } 29 | ] 30 | } 31 | ] 32 | }, 33 | "streamSettings": { 34 | "network": "ws", 35 | "security": "tls", 36 | "wsSettings": { 37 | "path": "/ccc" 38 | } 39 | } 40 | }, 41 | { 42 | "protocol": "freedom", 43 | "setting": {}, 44 | "tag": "free" 45 | } 46 | ], 47 | "routing": { 48 | "domainStrategy": "IPOnDemand", 49 | "rules":[ 50 | { 51 | "type": "field", 52 | "ip": [ 53 | "geoip:cn","geoip:private" 54 | ], 55 | "outboundTag": "free" 56 | } 57 | ] 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /assets/服务端配置文件.json: -------------------------------------------------------------------------------- 1 | { 2 | "inbounds": [ 3 | { 4 | "port": 10086, 5 | "protocol": "vmess", 6 | "settings": { 7 | "clients": [ 8 | { 9 | "id": "d45a79b4-6094-41cf-923d-42731e7ecf3e", 10 | "alterId": 4, 11 | "level": 1 12 | } 13 | ] 14 | }, 15 | "streamSettings": { 16 | "network": "ws", 17 | "wsSettings": { 18 | "path": "/ccc" 19 | } 20 | } 21 | } 22 | ], 23 | "outbounds": [ 24 | { 25 | "protocol": "freedom", 26 | "settings": {} 27 | }, 28 | { 29 | "protocol": "blackhole", 30 | "settings": {}, 31 | "tag": "blocked" 32 | } 33 | ], 34 | "routing": { 35 | "rules": [ 36 | { 37 | "type": "field", 38 | "ip": [ 39 | "geoip:private" 40 | ], 41 | "outboundTag": "blocked" 42 | } 43 | ] 44 | } 45 | } 46 | 47 | -------------------------------------------------------------------------------- /v2/Dockerfile-main: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | WORKDIR /app 3 | COPY index.js /app/index.js 4 | ENV V2RAY_ID d45a79b4-6094-41cf-923d-42731e7ecf3e 5 | ENV V2RAY_WS_PATH "/ccc" 6 | ENV V2RAY_SERVER_PORT 10086 7 | ENV V2RAY_CLIENT_PORT 1080 #客户端socks端口,用clash的话可以忽略 8 | ENV V2RAY_DOMAIN example.com 9 | # 这里必须改成自己的域名,上面的安全起见也可以改一改 10 | VOLUME /app/config 11 | EXPOSE 80 12 | RUN apt update && apt install nodejs curl socat wget cron -y && mkdir test && nodejs index.js 13 | # 构建时不能使用volume存储,使用test临时文件夹代替 14 | CMD mv ./test/* ./config && wget -O - https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | INSTALLONLINE=1 sh && ~/.acme.sh/acme.sh --issue -d $V2RAY_DOMAIN --standalone -k ec-256 \ 15 | && ~/.acme.sh/acme.sh --installcert -d $V2RAY_DOMAIN --fullchainpath /app/config/v2ray.crt --keypath /app/config/v2ray.key --ecc \ 16 | && echo "tls ok" \ 17 | && tail -f /dev/null -------------------------------------------------------------------------------- /v2/Dockerfile-nginx: -------------------------------------------------------------------------------- 1 | FROM nginx 2 | EXPOSE 80 443 -------------------------------------------------------------------------------- /v2/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | v2: 4 | image: v2ray/official 5 | container_name: v2 6 | volumes: 7 | - /root/config:/etc/v2ray 8 | networks: 9 | - my-net 10 | depends_on: 11 | - main 12 | nginx: 13 | build: 14 | context: . 15 | dockerfile: Dockerfile-nginx 16 | container_name: nginx 17 | volumes: 18 | - /root/config:/etc/nginx/conf.d 19 | - /root/config:/etc/v2ray 20 | networks: 21 | - my-net 22 | ports: 23 | - 443:443 24 | - 81:80 25 | depends_on: 26 | - main 27 | main: 28 | build: 29 | context: . 30 | dockerfile: Dockerfile-main 31 | container_name: v2-main 32 | volumes: 33 | - /root/config:/app/config 34 | ports: 35 | - 80:80 # 这个容器必须得占用个80端口去申请证书 36 | networks: 37 | - my-net 38 | 39 | 40 | networks: 41 | my-net: 42 | driver: bridge -------------------------------------------------------------------------------- /v2/index.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | const server = { 3 | "inbounds": [ 4 | { 5 | "port": Number(process.env.V2RAY_SERVER_PORT), 6 | "protocol": "vmess", 7 | "settings": { 8 | "clients": [ 9 | { 10 | "id": process.env.V2RAY_ID, 11 | "alterId": 4, 12 | "level": 1 13 | } 14 | ] 15 | }, 16 | "streamSettings": { 17 | "network": "ws", 18 | "wsSettings": { 19 | "path": process.env.V2RAY_WS_PATH 20 | } 21 | } 22 | } 23 | ], 24 | "outbounds": [ 25 | { 26 | "protocol": "freedom", 27 | "settings": {} 28 | }, 29 | { 30 | "protocol": "blackhole", 31 | "settings": {}, 32 | "tag": "blocked" 33 | } 34 | ], 35 | "routing": { 36 | "rules": [ 37 | { 38 | "type": "field", 39 | "ip": [ 40 | "geoip:private" 41 | ], 42 | "outboundTag": "blocked" 43 | } 44 | ] 45 | } 46 | }; 47 | const client = { 48 | "inbounds": [ 49 | { 50 | "port": Number(process.env.V2RAY_CLIENT_PORT), 51 | "listen": "0.0.0.0", 52 | "protocol": "http", 53 | "sniffing": { 54 | "enabled": true, 55 | "destOverride": ["http", "tls"] 56 | }, 57 | "settings": {} 58 | } 59 | ], 60 | "outbounds": [ 61 | { 62 | "protocol": "vmess", 63 | "settings": { 64 | "vnext": [ 65 | { 66 | "address": process.env.V2RAY_DOMAIN, 67 | "port": 443, 68 | "users": [ 69 | { 70 | "id": process.env.V2RAY_ID, 71 | "alterId": 4, 72 | "level": 1, 73 | "security": "auto" 74 | } 75 | ] 76 | } 77 | ] 78 | }, 79 | "streamSettings": { 80 | "network": "ws", 81 | "security": "tls", 82 | "wsSettings": { 83 | "path": process.env.V2RAY_WS_PATH 84 | } 85 | } 86 | }, 87 | { 88 | "protocol": "freedom", 89 | "setting": {}, 90 | "tag": "free" 91 | } 92 | ], 93 | "routing": { 94 | "domainStrategy": "IPOnDemand", 95 | "rules": [ 96 | { 97 | "type": "field", 98 | "ip": [ 99 | "geoip:cn", "geoip:private" 100 | ], 101 | "outboundTag": "free" 102 | } 103 | ] 104 | } 105 | }; 106 | const nginxConf=` 107 | 108 | server { 109 | listen 80 default_server; 110 | listen [::]:80 default_server; 111 | 112 | root /var/www/html; 113 | 114 | index index.html index.htm index.nginx-debian.html; 115 | 116 | server_name _; 117 | 118 | location / { 119 | try_files $uri $uri/ =404; 120 | } 121 | } 122 | 123 | server { 124 | listen 443 ssl; 125 | ssl on; 126 | ssl_certificate /etc/v2ray/v2ray.crt; 127 | ssl_certificate_key /etc/v2ray/v2ray.key;#这里按那个白话文教程把证书及密钥保存到这里直接用 方便 128 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 129 | ssl_ciphers HIGH:!aNULL:!MD5; 130 | server_name ${process.env.V2RAY_DOMAIN}; #这个问题不大,随便填可以 131 | location = ${process.env.V2RAY_WS_PATH} { #与服务端客户端一致 132 | proxy_redirect off; 133 | proxy_pass http://v2:${process.env.V2RAY_SERVER_PORT};#端口与服务端一致 134 | proxy_http_version 1.1; 135 | proxy_set_header Upgrade $http_upgrade; 136 | proxy_set_header Connection "upgrade"; 137 | proxy_set_header Host $http_host; 138 | } 139 | location / { 140 | proxy_pass https://www.viewster.com; 141 | proxy_set_header X-Real-IP $remote_addr; 142 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 143 | } 144 | } 145 | ` 146 | // 写入服务端配置文件和nginx配置文件,然后通过volume把客户端配置文件吐出来 147 | fs.writeFileSync("/app/test/config.json",JSON.stringify(server,null,4)) 148 | fs.writeFileSync("/app/test/default.conf", nginxConf); 149 | fs.writeFileSync('/app/test/client.json', JSON.stringify(client, null, 4)); 150 | console.log('write success!!!!!!!!!!!!!!!!!!!'); 151 | 152 | 153 | --------------------------------------------------------------------------------