Xray安装配置Vless-XHTTP
- 获取链接
- X
- 电子邮件
- 其他应用
Xray项目2024年底推出了XHTTP协议,能更好地穿透GFW。本教程参考这里 。Xray安装配置Vless-XTLS教程参考这里。
本教程在ubuntu-24.04全新VPS测试通过。下面的配置为极简配置,完整配置参考这里 。
需要准备二个域名,如 reality.mydomain.com ,cdn.mydomain.com ,并托管到cloudfalre。后面的域名需要点亮橙色云朵,并启用grpc,参考这里 第一点。
curl https://get.acme.sh | shalias acme.sh=~/.acme.sh/acme.shapt install socatacme.sh --set-default-ca --server letsencryptacme.sh --issue -d reality.mydomain.com -d cdn.mydomain.com -k ec-256 --standalonemkdir -p /root/certacme.sh --installcert -d reality.mydomain.com --ecc --key-file /root/cert/private.key --fullchain-file /root/cert/cert.crt2、安装xray,参考这里
sudo bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u rootsystemctl enable --now xray编辑xray服务器端配置文件 nano /usr/local/etc/xray/config.json
{
"log": {
"loglevel": "info"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "16fe7d6d-3093-46e5-a3c6-d39eebcfcb0d",
"level": 0,
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "10001",
"xver": 0
}
]
},
"streamSettings": {
"network": "raw",
"security": "reality",
"realitySettings": {
"show": false,
"target": "10002",
"xver": 0,
"serverNames": [
"reality.mydomain.com"
],
"privateKey": "IAtdyFOuYA8SLWCp_WXd2t_9V2omeni7KjIbdPbw2HM",
"shortIds": [
""
]
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls", "quic"],
"metadataOnly": false,
"routeOnly": true
}
}
},
{
"listen": "127.0.0.1",
"port": 10001,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "757a5187-1318-49a2-ad7a-7fea7921016d",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"host": "",
"path": "/cdnxyz",
"mode": "auto"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls", "quic"],
"metadataOnly": false,
"routeOnly": true
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}将红色的内容修改为自己的,Private key用xray x25519命令生成,相应的Public key填写到客户端。此配置的路由策略屏蔽了对中国IP的访问,如不需要的话可以删除。
3、编译安装nginx
apt install make gcc libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
wget --no-check-certificate https://nginx.org/download/nginx-1.26.3.tar.gz && tar -xvf nginx-1.26.3.tar.gz && cd nginx-1.26.3 ./configure --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_modulemake && sudo make install默认安装路径在 /usr/local/nginx,配置文件 /usr/local/nginx/conf/nginx.conf ,执行文件 /usr/local/nginx/sbin/nginx
编辑自启动配置文件 nano /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.targetsudo systemctl enable --now nginx编辑nginx配置文件 nano /usr/local/nginx/conf/nginx.conf
#user www-data;
worker_processes 1;
error_log /logs/error.log;
pid /logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
sendfile on;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
client_max_body_size 0;
gzip on;
access_log off;
add_header X-Content-Type-Options nosniff;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server {
listen 10002 ssl;
http2 on;
server_name reality.mydomain.com;
ssl_certificate /root/cert/cert.crt;
ssl_certificate_key /root/cert/private.key;
location / {
proxy_pass http://127.0.0.1:8887;
}
}
server {
listen 10002 ssl;
http2 on;
server_name cdn.mydomain.com;
ssl_certificate /root/cert/cert.crt;
ssl_certificate_key /root/cert/private.key;
location / {
proxy_pass http://127.0.0.1:1200;
}
location /cdnxyz {
grpc_pass 127.0.0.1:10001;
grpc_set_header Host $host;
}
}
server {
listen 80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}
}将红色字体的内容修改为自己的,path与xray服务器配置文件中的一致。
4、用docker安装二个应用,分别对应上述nginx配置文件中的8887及1200端口,这个可根据自己所安装应用的实际端口进行修改 。
curl https://get.docker.com/ | shsystemctl enable --now docker安装photopea
docker run -d --restart unless-stopped --name photopea -p 8887:8887 ramuses/photopea:latest安装rsshub
docker run -d --restart=always --name rsshub -p 1200:1200 diygod/rsshub重启nginx及xray服务
systemctl restart nginxsystemctl restart xray若没有报错信息,则安装正常。浏览器访问https://reality.mydomain.com/ 及 https://cdn.mydomain.com/ 也应该正常。
5、xray客户端配置文件config.json,有下面的五种配置方式,对应上面xray服务器端一种配置方式。将下述配置文件中的域名,UUID,path,Public key等换成自己的 。
(1)、XTLS(Vision)+Reality 直连
{ "log": { "loglevel": "warning" }, "inbounds": [ { "tag": "socks", "port": 10808, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ], "routeOnly": false }, "settings": { "auth": "noauth", "udp": true, "allowTransparent": false } } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "vnext": [ { "address": "你的VPS的IP", "port": 443, "users": [ { "id": "16fe7d6d-3093-46e5-a3c6-d39eebcfcb0d", "encryption": "none", "flow": "xtls-rprx-vision" } ] } ] }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "serverName": "reality.mydomain.com", "fingerprint": "chrome", "show": false, "publicKey": "8eB4Jd0OwoxT4CKPdisgmBq4h9V22Fa4_MAQeICrhQk", "shortId": "" } } }, { "tag": "direct", "protocol": "freedom" }, { "tag": "block", "protocol": "blackhole" } ] }
(2)、xhttp+Reality 直连
{ "log": { "loglevel": "warning" }, "inbounds": [ { "tag": "socks", "port": 10808, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ], "routeOnly": false }, "settings": { "auth": "noauth", "udp": true, "allowTransparent": false } } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "vnext": [ { "address": "你的VPS的IP", "port": 443, "users": [ { "id": "757a5187-1318-49a2-ad7a-7fea7921016d", "encryption": "none" } ] } ] }, "streamSettings": { "network": "xhttp", "security": "reality", "xhttpSettings": { "path": "/cdnxyz" }, "realitySettings": { "serverName": "reality.mydomain.com", "fingerprint": "chrome", "show": false, "publicKey": "8eB4Jd0OwoxT4CKPdisgmBq4h9V22Fa4_MAQeICrhQk", "shortId": "" } } }, { "tag": "direct", "protocol": "freedom" }, { "tag": "block", "protocol": "blackhole" } ] }
(3)、上行 xhttp+TLS+CDN | 下行 xhttp+Reality (上下行不同SNI)
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"routeOnly": false
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "cdn.mydomain.com",
"port": 443,
"users": [
{
"id": "757a5187-1318-49a2-ad7a-7fea7921016d",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "cdn.mydomain.com",
"alpn": [
"h2"
],
"fingerprint": "chrome"
},
"xhttpSettings": {
"path": "/cdnxyz",
"host": "cdn.mydomain.com",
"extra": {
"downloadSettings": {
"address": "reality.mydomain.com",
"port": 443,
"network": "xhttp",
"security": "reality",
"realitySettings": {
"show": false,
"serverName": "reality.mydomain.com",
"fingerprint": "chrome",
"publicKey": "8eB4Jd0OwoxT4CKPdisgmBq4h9V22Fa4_MAQeICrhQk",
"shortId": ""
},
"xhttpSettings": {
"host": "",
"path": "/cdnxyz",
"mode": "auto"
}
}
}
}
}
},
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}(4)、xhttp+TLS 过CDN
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"routeOnly": false
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "cdn.mydomain.com",
"port": 443,
"users": [
{
"id": "757a5187-1318-49a2-ad7a-7fea7921016d",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "cdn.mydomain.com",
"alpn": [
"h2"
],
"fingerprint": "chrome"
},
"xhttpSettings": {
"path": "/cdnxyz",
"host": "cdn.mydomain.com",
"mode": "auto"
}
}
},
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}(5)、上行 xhttp+Reality | 下行 xhttp+TLS+CDN (上下行不同SNI)
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"routeOnly": false
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "你的VPS的IP",
"port": 443,
"users": [
{
"id": "757a5187-1318-49a2-ad7a-7fea7921016d",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "reality",
"xhttpSettings": {
"path": "/cdnxyz",
"mode": "auto",
"extra": {
"downloadSettings": {
"address": "cdn.mydomain.com",
"port": 443,
"network": "xhttp",
"security": "tls",
"tlsSettings": {
"serverName": "cdn.mydomain.com",
"allowInsecure": false,
"alpn": [
"h2"
],
"fingerprint": "chrome"
},
"xhttpSettings": {
"host": "cdn.mydomain.com",
"path": "/cdnxyz",
"mode": "auto"
}
}
}
},
"realitySettings": {
"serverName": "reality.mydomain.com",
"fingerprint": "chrome",
"publicKey": "8eB4Jd0OwoxT4CKPdisgmBq4h9V22Fa4_MAQeICrhQk",
"shortId": ""
}
}
},
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}6、支持xhttp的图形客户端,v2rayNG
(1)、XTLS(Vision)+Reality 直连
(2)、xhttp+Reality 直连
(3)、上行 xhttp+TLS+CDN | 下行 xhttp+Reality (上下行不同SNI)
点击传输协议-auto右侧的三点,将上述5.(3)配置文件中的"extra"里面的内容复制进来
(4)、xhttp+TLS 过CDN
(5)、上行 xhttp+Reality | 下行 xhttp+TLS+CDN (上下行不同SNI)
- 获取链接
- X
- 电子邮件
- 其他应用
评论
发表评论