最后更新:2023-06-05
VMESS-TLS/VMESS-TLS-WS安装配置教程参考这里
一、安装,参考官方指南
安装xray
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
查看运行状态
systemctl status xray
设置开机运行并启动xray
systemctl enable --now xray
若出现权限之类的报错,可能需要编辑文件 vi /etc/systemd/system/xray.service ,将User=nobody 修改为User=root 。嫌麻烦的话,直接运行以下命令安装
sudo bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
升级的话也只需运行安装脚本。
二、VLESS-XTLS-Vision配置(需自备域名)
申请证书,参考这里 1.4点或这里第5点
1、服务器端配置
编辑服务器端配置文件 vi /usr/local/etc/xray/config.json ,实际使用中需删除注释。
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid", //你的UUID
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "/root/cert/cert.crt", //你的证书
"keyFile": "/root/cert/private.key" //你的私钥
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}ID可以使用以下命令生成
xray uuid
测试配置文件
/usr/local/bin/xray -test -config /usr/local/etc/xray/config.json
说明:服务器端口可以为443外的端口,但使用443的话,必须确保不被其他应用占用。
与其他应用共用443端口,参考这里
2、客户端配置
客户端配置文件config.json
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 1080,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 1081,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "", //你的域名
"port": 443,
"users": [
{
"id": "UUID", //你的UUID
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "", //你的域名
"allowInsecure": false,
"fingerprint": "chrome"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
} 三、VLESS-XTLS-uTLS-REALITY配置 (无需自备域名)
1、服务器端配置
编辑服务器端配置文件 vi /usr/local/etc/xray/config.json ,实际使用中需删除注释。
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "UUID", // 你的UUID
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false, // 若为 true,输出调试信息
"dest": "www.amazon.com:443", // 参考目标网站见下述3点
"xver": 0,
"serverNames": [ // 客户端可用的 serverName 列表
"www.amazon.com"
],
"privateKey": "private key", //服务端执行 xray x25519 生成的私钥
"shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端
"78985179e30d4fc6" // 0 到 f,长度为 2 的倍数,长度上限为 16,可留空
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
} 2、客户端配置文件
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1080,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"listen": "127.0.0.1",
"port": 1081,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "", // 你VPS服务器的IP
"port": 443,
"users": [
{
"id": "UUID", // 与服务端一致
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"fingerprint": "chrome", // 使用 uTLS 库模拟客户端 TLS 指纹
"serverName": "www.amazon.com", // 与服务端一致
"publicKey": "Public key", // 服务端执行 xray x25519 生成,私钥对应的公钥
"shortId": "78985179e30d4fc6", // 与服务端一致
"spiderX": "" // 爬虫初始路径与参数,建议每个客户端不同
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}3、可参考的网站域名
gateway.icloud.com
itunes.apple.com
download-installer.cdn.mozilla.net
addons.mozilla.org
www.microsoft.com
www.lovelive-anime.jp
www.speedtest.net
www.speedtest.org
swdist.apple.com
swcdn.apple.com
updates.cdn-apple.com
mensura.cdn-apple.com
osxapps.itunes.apple.com
aod.itunes.apple.com
cdn-dynmedia-1.microsoft.com
update.microsoft
software.download.prss.microsoft.com
s0.awsstatic.com
d1.awsstatic.com
images-na.ssl-images-amazon.com
m.media-amazon.com
player.live-video.net
dl.google.com
www.google-analytics.com
四、客户端使用
2、nekoray,基于 Qt 的跨平台代理配置管理器 (后端 xray / sing-box),目前支持 Windows / Linux 开箱即用。支持的协议很多,如vmess、vless、tuic、hysteria、naiveproxy、trojan等。
下面是VLESS-XTLS-uTLS-REALITY的配置
3、clash.meta是一款用Go开发的基于规则分流的适用于Linux/MacOS/Windows等多平台的客户端,支持vmess、vless、tuic、hysteria、trojan协议等 。配置文件config.yaml参考这里 五.2点 ,根据自己实际情况修改。
4、sing-box 是新一代的通用网络代理平台,基本上目前流行的协议都支持,支持基于规则的分流、支持TUN等,支持的平台也很全,有网络代理平台的“瑞士军刀”之称,参考这里。
说明:防火墙放行相关的端口,如443等。sudo ufw allow 443
评论
发表评论