安装v2ray/nginx
v2ray安装可以参考Ubuntu中v2ray客户端配置实例.
Nginx安装推荐使用OneinStack一键安装脚本
准备好使用的域名,这里以**v.fuckgfw.cn
**为例。
v2ray/nginx服务端配置
v2ray安装好后,服务端配置**/etc/v2ray/config.json
**如下:
{
"inbounds": [{
"port": 99999, //代理端口号
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [{
"id": "5c1eed18-fse4-41fs-9as9-e85s45bds9ef",
"level": 1,
"alterId": 64
}]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/fcgfw" //代理目录
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}, {
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}]
}
}
使用OneinStack一键脚本新建一个站点,域名为v.fuckgfw.cn
,采用SSL加密模式,完成后编辑**/usr/local/nginx/conf/vhost/v.fuckgfw.cn.conf
**文件
参考以下修改:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/v.fuckgfw.cn.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/v.fuckgfw.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name v.fuckgfw.cn;
access_log off;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
location /fcgfw { //与上面v2ray配置的代理目录一致
proxy_redirect off;
proxy_pass http://127.0.0.1:99999; //与上面v2ray配置端口号一致
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 86400s;
proxy_send_timeout 60s;
}
}
按照上面修改好nginx与v2ray配置后,重启服务。
service nginx reload
service v2ray restart
v2ray客户端配置
以v2rayN为例
- 地址:v.fuckgfw.cn
- 端口:443
- 用户ID:5c1eed18-fse4-41fs-9as9-e85s45bds9ef
- 额外ID:64
- 加密方式:auto
- 传输协议:ws
- 别名:v.fuckgfw.cn
- 伪装类型:none
- 伪装域名:v.fuckgfw.cn
- 路径:/fcgfw
- 底层传输安全:tls
- 跳过证书验证:false