推荐使用一键脚本(七合一共存脚本+伪装博客)
- VLESS+TCP+TLS
- VLESS+TCP+xtls-rprx-origin
- VLESS+TCP+xtls-rprx-direct【推荐】
- VLESS+WS+TLS
- VMess+TCP+TLS
- VMess+WS+TLS
- Trojan【推荐】
- Trojan-Go+WS
wget -N --no-check-certificate "https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh" && chmod 700 /root/install.sh && /root/install.sh
手动搭建lnmp+wordpress+v2ray(多合一)
如果需要搭建博客又需要v2ray,那么就需要手动搭建
安装lnmp+wordpress
给Nginx添加模块
为了能够实现VLESS + 多 HTTPS 站点共存,复用 443 端口,ngixn需要添加两个模块stream_ssl_preread_module和http_realip_module
使用lnmp的话,修改lnmp.conf配置文件(/root/lnmp1.7/lnmp.conf)
Nginx_Modules_Options='--with-stream_ssl_preread_module --with-http_realip_module'
cd /root/lnmp1.7&&./upgrade.sh nginx
再输入当前版本即可
安装v2ray
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
安装最新发行的 geoip.dat 和 geosite.dat
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
移除 V2Ray
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove
注意事项
- 权限不足:v2ray不以root权限运行,所以别把证书放在root目录下面,另外把证书权限都设置成644
v2ray的七合一配置文件
{
"log": {
"loglevel": "debug"
},
"inbounds":[
{
"port": 443,
"protocol": "vless",
"tag":"VLESSTCP",
"settings": {
"clients": [
{
"id": "68b0fb83-4574-4204-8856-64c248715c97",
"add":"bananazone.top",
"flow":"xtls-rprx-direct",
"email": "bananazone.top_VLESS_XTLS/TLS-direct_TCP"
}
],
"decryption": "none",
"fallbacks": [
{"dest":31296,"xver":0},{"path":"/bananaws","dest":31297,"xver":1},{"path":"/bananatcp","dest":31298,"xver":1},{"path":"/bananavws","dest":31299,"xver":1}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/usr/local/etc/v2ray/ssl/bananatest.top.fullchain.cer",
"keyFile": "/usr/local/etc/v2ray/ssl/bananatest.top.key"
}
]
}
}
},
{
"port": 31297,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "68b0fb83-4574-4204-8856-64c248715c97",
"email": "bananazone.top_vless_ws"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/bananaws"
}
}
},
{
"port": 31298,
"listen": "127.0.0.1",
"protocol": "vmess",
"tag":"VMessTCP",
"settings": {
"clients": [
{
"id": "68b0fb83-4574-4204-8856-64c248715c97",
"alterId": 1,
"email": "bananazone.top_vmess_tcp"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/bananatcp"
]
}
}
}
}
},
{
"port": 31299,
"protocol": "vmess",
"tag":"VMessWS",
"settings": {
"clients": [
{
"id": "68b0fb83-4574-4204-8856-64c248715c97",
"alterId": 1,
"add": "bananazone.top",
"email": "bananazone.top_vmess_ws"
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/bananavws"
}
}
}],
"outbounds": [
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"tag": "IPv4-out"
}
],
"routing":{
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "blocked"
}
]
},
"dns": {
"servers": [
"74.82.42.42",
"8.8.8.8",
"8.8.4.4",
"1.1.1.1",
"localhost"
]
}
}
Nginx配置
在主配置文件nginx.conf的events和http之间插入stream_ssl_preread模块
stream {
map $ssl_preread_server_name $name {
v2.exp.com(域名) vless;
1.exp.com(域名) https1;
2.exp.com(域名) https2;
}
upstream vless {
server 127.0.0.1:350; #vless服务端
}
upstream https1 {
server 127.0.0.1:352; #https网站1端口
}
upstream https2 {
server 127.0.0.1:353; #https网站2端口
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $name;
ssl_preread on; #开启 ssl_preread
}
}
额外添加的nginx配置(回落端口)
server {
listen 81;
server_name v2.bananatest.top;
root /usr/local/nginx/conf/html;##伪装博客——https://raw.githubusercontent.com/mack-a/v2ray-agent/master/fodder/blog/unable/html.zip
}
server {
listen 80;
server_name v2.bananatest.top;
return 301 https://v2.bananatest.top;
}
server {
listen 80;
server_name bananatest.top;
return 301 https://bananatest.top;
}
server
{
listen 352 ssl;
server_name bananatest.top;##你的域名
ssl_certificate /usr/ssl/bananatest.top.fullchain.cer; ##证书位置
ssl_certificate_key /usr/ssl/bananatest.top.key; ##证书位置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;
root /home/wwwroot/default;
#set_real_ip_from 127.0.0.1;
#real_ip_header proxy_protocol;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php { deny all; }
include enable-php.conf;
location /nginx_status
{
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf){
expires 30d;
}
location ~ .*\.(js|css)?
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/access.log;
}
注意事项
- 回落端口(81)不需要开启SSL就可以支持 HTTPS 访问
- 端和客户端核心需要一致,不然会导致连接不上
- 如果套cloudflare的CDN的话,单独解析域名,显示的是cloudflare的,但是连着套了CDN的v2ray查出来的IP就是原服务器ip
Comments | NOTHING