38

配置Xray+REALITY+NginxSNI分流

 1 year ago
source link: https://vpsxb.net/4037/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

配置Xray+REALITY+NginxSNI分流 | VPS小白

> 实用教程 > 配置Xray+REALITY+NginxSNI分流
202206191902179.png

reality是最近新出的一个协议,目前还没有正式发布,不过现在可以通过编译开发版本的xray来体验。

安装需要用到的软件包:




  1. apt -y update
  2. apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx


安装golang:





  1. curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz
  2. tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
  3. echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh
  4. source /etc/profile.d/golang.sh


克隆xray的源码:





  1. git clone https://github.com/XTLS/Xray-core.git
  2. cd Xray-core


编译linux平台的二进制文件:





  1. go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main


编译windows平台的二进制文件:





  1. env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
  2. go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main


复制编译好的文件:





  1. cp xray /usr/local/bin/


新建xray需要用到的目录:





  1. mkdir -p /usr/local/etc/xray


新建systemd服务:





  1. systemctl edit --full --force xray.service


写入如下配置:





  1. [Unit]
  2. Description=xray-core service
  3. Documentation=https://github.com/XTLS/Xray-core
  4. After=network.target nss-lookup.target
  5. [Service]
  6. CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
  7. AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
  8. ExecStart=/usr/local/bin/xray run -c /usr/local/etc/xray/config.json
  9. Restart=on-failure
  10. RestartPreventExitStatus=23
  11. LimitNOFILE=infinity
  12. [Install]
  13. WantedBy=multi-user.target


新建xray的配置文件:





  1. nano /usr/local/etc/xray/config.json


写入如下配置:





  1.   "log": {
  2.     "loglevel": "warning"
  3.   "inbounds": [
  4.       "listen": "127.0.0.1",
  5.       "port": 52001,
  6.       "protocol": "vless",
  7.       "settings": {
  8.       "clients": [
  9.           "id": "1bd974eb-3206-48dd-9c6c-42246e356492",
  10.           "flow": "xtls-rprx-vision"
  11.       "decryption": "none"
  12.       "streamSettings": {
  13.         "network": "tcp",
  14.         "tcpSettings": {
  15.           "acceptProxyProtocol": true
  16.         "security": "reality",
  17.         "realitySettings": {
  18.           "show": false,
  19.           "dest": "www.cloudflare.com:443",
  20.           "xver": 0,
  21.           "serverNames": [
  22.             "www.cloudflare.com"
  23.           "privateKey": "GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE",
  24.           "shortIds": [
  25.   "outbounds": [
  26.       "protocol": "freedom"


注意事项:


1、uuid执行如下命令生成:





  1. xray uuid


2、privateKey执行如下命令生成:





  1. xray x25519


回显类似于:





  1. Private key: GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE
  2. Public key: 9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk


3、我配置里面用的网站是cloudflare,你也可以换成别的,但是目标网站有一个最低标准:国外网站,支持TLSv1.3与HTTP2。


4、尽量找与你VPS服务器延迟低的网站,因为需要和目标站TLS握手,如果目标站与你VPS服务器的延迟太高,会影响速度。


启动xray并设置开机自启:





  1. systemctl enable --now xray


确保服务正常运行,注意这里的版本号还是显示的1.7.5,这个可以忽略掉,因为源码里面的版本号还没来得及改:


oFL8sO0.png
 接下来编辑nginx的主配置文件:







  1. nano /etc/nginx/nginx.conf


写入如下配置,用于sni分流,注意这里启用了proxy_protocol:





  1. stream {
  2.         map $ssl_preread_server_name $backend {
  3.                 www.cloudflare.com reality;
  4.         upstream reality {
  5.                 server 127.0.0.1:52001;
  6.         server {
  7.                 listen 443      reuseport;
  8.                 listen [::]:443 reuseport;
  9.                 proxy_pass      $backend;
  10.                 ssl_preread     on;
  11.                 proxy_protocol  on;


重载nginx使配置生效:





  1. systemctl reload nginx


至此,服务端的配置就全部完成了。


将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:





  1.   "inbounds": [
  2.       "port": 30080,
  3.       "protocol": "socks",
  4.       "settings": {
  5.         "auth": "noauth",
  6.         "udp": true
  7.   "outbounds": [
  8.       "tag": "proxy",
  9.       "protocol": "vless",
  10.       "settings": {
  11.         "vnext": [
  12.             "address": "1.2.3.4", // 你的VPS服务器IP
  13.             "port": 443,
  14.             "users": [
  15.                 "id": "1bd974eb-3206-48dd-9c6c-42246e356492",
  16.                 "flow": "xtls-rprx-vision",
  17.                 "encryption": "none"
  18.       "streamSettings": {
  19.         "network": "tcp",
  20.         "security": "reality",
  21.         "realitySettings": {
  22.           "show": false,
  23.           "fingerprint": "chrome",
  24.           "serverName": "www.cloudflare.com",
  25.           "publicKey": "9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk",
  26.           "shortId": "",
  27.           "spiderX": ""
  28.       "tag": "block",
  29.       "protocol": "blackhole",
  30.       "settings": {}
  31.       "tag": "direct",
  32.       "protocol": "freedom",
  33.       "settings": {}
  34.   "routing": {
  35.     "domainStrategy": "IPOnDemand",
  36.     "rules": [
  37.         "type": "field",
  38.         "outboundTag": "block",
  39.         "domain": ["geosite:category-ads-all"]
  40.         "type": "field",
  41.         "outboundTag": "direct",
  42.         "domain": ["geosite:cn"]
  43.         "type": "field",
  44.         "outboundTag": "direct",
  45.         "ip": [
  46.           "geoip:cn",
  47.           "geoip:private"


启动客户端:





  1. ./xray run -c config.json

也可以看看:https://github.com/XTLS/REALITY








VPS小白 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 
转载请注明原文链接
 


        

        

            

                report
            

        

    







        
Recommend

        



                

    
About Joyk

    
 





Aggregate valuable and interesting links.

Joyk means Joy of geeK