v2-ws-tls-cf


vps安装锐速

wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

cloudflare解析

将域名添加到cloudflare

将域名服务商处的dns更换为cloudflare提供的

在dns中添加解析记录

解析vps ip的A记录(name分别为@和www)

选择dns only(将云朵点灭)

v2ray配置文件

{
"inbound": {
    "protocol": "vmess",
    "listen": "127.0.0.1",
 "port": 8964,
 "settings": {"clients": [
        {"id": "***********************************************"}
    ]},
 "streamSettings": {
 "network": "ws",
 "wsSettings": {"path": "/***************************"}
    }
},
"outbound": {"protocol": "freedom"}
}

id生成器生成id并填入id处

随机路径生成器生成path并填入path处

将配置文件保存为config.json

nginx配置文件

server {
    ### 1:
    server_name *************************;
    listen 80;
    rewrite ^(.*) https://$server_name$1 permanent;
    if ($request_method  !~ ^(POST|GET)$) { return  501; }
    autoindex off;
    server_tokens off;
}
server {
    ### 2:
    ssl_certificate /etc/letsencrypt/live/******************/fullchain.pem;
    ### 3:
    ssl_certificate_key /etc/letsencrypt/live/***********************/privkey.pem;
    ### 4:
    location /*********************
    {
        proxy_pass http://127.0.0.1:8964;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_requests 25600;
        keepalive_timeout 300 300;
        proxy_buffering off;
        proxy_buffer_size 8k;
    }
    listen 443 ssl http2;
    server_name $server_name;
    charset utf-8;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:60m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 10s;
    # Security settings
    if ($request_method  !~ ^(POST|GET)$) { return 501; }
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security max-age=31536000 always;
    autoindex off;
    server_tokens off;
    index index.html index.htm index.php;
    root /usr/share/nginx/html;
    location ~ .*\.(js|jpg|JPG|jpeg|JPEG|css|bmp|gif|GIF|png)$ { access_log off; }
}

将 #1 #2 #3 处的星号换成带www的域名

将 #4 处的星号换成填在v2ray配置处的路径

将nginx的配置文件保存为default.conf

登录vps,配置SSL证书

1.安装certbot

yum install -y python36 && pip3 install certbot

显示 Successfully installed 说明安装成功

2.停止防火墙

systemctl stop firewalld && systemctl disable firewalld

3.申请SSL证书

certbot certonly --standalone --agree-tos -n -d ************* -d ******* -m *********@********

第一个星号处填www的域名

第二个星号处填不带www的域名

第三个星号处填邮箱地址

4.配置证书自动更新

echo "0 0 1 */2 * service nginx stop; certbot renew; service nginx start;" | crontab

安装v2ray和nginx

1.添加yum源

sudo rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

2.安装

yum install -y nginx && yum install -y curl && bash -c "$(curl -L -s https://install.direct/go.sh)"

3.关闭SELinux

setsebool -P httpd_can_network_connect 1 && setenforce 0

将配置文件上传到vps

1.将v2ray配置文件上传到 /etc/v2ray

2.将nginx配置文件上传到 /etc/nginx/conf.d

3.去下载一个网站模板,将网站文件放置在/usr/share/nginx/html

启动v2raynginx

service v2ray start

service nginx start

v2ray命令

启动 service v2ray start

重启 service v2ray restart

查看状态 service v2ray status

停止 service v2ray stop

测试配置文件 /usr/bin/v2ray/v2ray -test -config=/etc/v2ray/config.json

nginx命令

启动 service nginx start

重启 service nginx restart

查看状态 service nginx status

停止 service nginx stop

测试配置文件 nginx -t

去cloudflare点亮云朵,并保证SSL中的加密方式为Full,以及Edge Certificates为Active

填写v2ray客户端

地址填写带www的域名

端口 443

ID为v2ray配置文件中的id

额外id 0

加密方式 auto

传输协议 ws

伪装域名 填写带www的域名

路径为v2ray配置文件中的path

底层传输安全 tls

安装fail2ban

yum install epel-release

yum -y install fail2ban

systemctl start fail2ban

systemctl enable fail2ban

文章作者: Misaka
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 Misaka !
 上一篇
JNU-mentohust JNU-mentohust
本文基于华科大的mentohust、新路由3(d2版本)、Pandorabox与树莓派3b+ 锐捷验证算法猜测为V2 文件链接 1.此处提供的 Pandorabox 固件仅适用于新路由3(d2版本) 2.此处提供的 mentohust 源代
2019-11-22 Misaka
本篇 
v2-ws-tls-cf v2-ws-tls-cf
vps安装锐速wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"
2019-10-22 Misaka
  目录