方案设计
主要问题
任何协议,任何IP都有可能被封.
CDN技术
简单来说CDN服务器代理了我们的访问原服务器的流量. 由于CDN服务器具有众多的IP, 而且更容易伪装成网页访问, 因此用来分发请求可以减少被封的可能.
请求<->CDN集群<->服务器
解决方案
websocket代理
由于CDN服务的特殊性, 必须伪装成正常的网页访问, 所以必须使用websocket代理.
宝塔linux面板
简化安装过程,尤其是安装证书那一块. 由于ssl证书的安装比较繁琐, 用caddy的时候也出现了问题.
安装
wget -O install.sh http://download.bt.cn/install/install-ubuntu.sh && sudo bash install.sh
查看端口占用
ss -lntpd
netstat -tnlp
lsof -i tcp:22
fuser
默认的安装方式会出错,改用用DNS安装ssl证书.
开启反向代理,把这个网站做的更像一回事.
再站点的配置页面修改nginx的配置文件.
1 | |
V2ray
现在网上的垃圾太多了, 搜索一个V2ray的配置好累~
Server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70{
"log": {
"access": "",
"error": "",
"loglevel": "debug"
},
"inbounds": [
{
"tag": "vmess-in",
"port": 10000,
"listen": null,
"protocol": "vmess",
"sniffing": null,
"settings": {
"auth": null,
"udp": false,
"ip": null,
"clients": [
{
"id": "*",
"alterId": 64,
"email": "t@t.tt",
"security": null
}
]
},
"streamSettings": {
"network": "ws",
"security": "",
"tlsSettings": {
"allowInsecure": true,
"serverName": null
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/ray",
"headers": null
},
"httpSettings": null,
"quicSettings": null
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": { },
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": { },
"tag": "blocked"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"vmess-in"
],
"outboundTag": "direct"
}
]
}
}Client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"port": 10086,
"listen": "0.0.0.0",
"tag": "socks-in",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"mux": {
"concurrency": 32,
"enabled": true
},
"protocol": "vmess",
"settings": {
"vnext": [
{
"users": [
{
//注:填写uuid
"id": "UUID",
"alterId": 64,
"security": "auto"
}
],
//注:填写域名、端口
"address": "domain.Name",
"port": 1234
}
]
},
"streamSettings": {
"tlsSettings": {
"allowInsecure": false
},
"wsSettings": {
"headers": {
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.4489.62 Safari/537.36",
//注:填写对应头部
"Host": "HOST",
"Accept-Encoding": "gzip",
"Pragma": "no-cache"
},
//注:ws路径
"path": "/PATH/"
},
"network": "ws",
"security": "tls"
},
"tag": "proxy"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"settings": {},
"tag": "dicert"
}
],
"routing": {
//注:全域名规则匹配
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
//注:填写对应域名和host
"domain:domain.Name"
],
"outboundTag": "dicert"
},
{
"type": "field",
"inboundTag": [
"socks-in",
"http-in"
],
"outboundTag": "proxy"
}
]
},
"other": {}
}
V2rayN客户端生成的配置文件没有out的规则, 之前一直傻乎乎的以为有默认配置.
路由表
rules 对应一个数组,数组中每个元素是一个规则。对于每一个连接,路由将根据这些规则依次进行判断,当一个规则生效时,即将这个连接转发至它所指定的outboundTag.1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22"routing": {
//注:全域名规则匹配
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
//注:填写对应域名和host
"domain:domain.Name"
],
"outboundTag": "dicert"
},
{
"type": "field",
"inboundTag": [
"socks-in",
"http-in"
],
"outboundTag": "proxy"
}
]
}
总结
目前websocket+tls+cdn应该是最好的选择,然而使用cloudflare速度太慢,需要考虑使用国内的CDN服务商.
参考
v2ray + CDN
V2RAY配置WebSocket + TLS + Web
V2ray Templates
V2ray 配置
