v2ray部署:vless+ws+tls

部署前

首先先需要做较时，因为v2ray需要服务端和客户端时间差不超过90s，所以我们需要更改服务器时区为上海Asia/ShangHai

timedatectl set-timezone Asia/Shanghai

然后看一下时间，是否能对得上

root@instance-1:~# date -R
Tue, 13 Dec 2022 14:32:38 +0800
┌─[hacker@eden]-[~]
└──╼ $date -R
Tue, 13 Dec 2022 14:32:59 +0800

然后是技术框架主要为:

v2ray(vless)+ws+tls

如此主要是为了逃避GFW，所以需要域名、证书、境外vps这就不用我多说了吧

搭建

搭建很简单，直接下载安装脚本，然后bash安装即可

curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
root@instance-1:~# bash install-release.sh 
info: Installing V2Ray v5.1.0 for x86_64
Downloading V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v5.1.0/v2ray-linux-64.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 10.5M  100 10.5M    0     0  25.1M      0 --:--:-- --:--:-- --:--:--  279M
Downloading verification file for V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v5.1.0/v2ray-linux-64.zip.dgst
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  zip
The following NEW packages will be installed:
  unzip
0 upgraded, 1 newly installed, 0 to remove and 10 not upgraded.
Need to get 172 kB of archives.
After this operation, 393 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 unzip amd64 6.0-26+deb11u1 [172 kB]
Fetched 172 kB in 0s (8231 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = (unset),
	LC_CTYPE = "UTF-8",
	LANG = "C.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
Selecting previously unselected package unzip.
(Reading database ... 67671 files and directories currently installed.)
Preparing to unpack .../unzip_6.0-26+deb11u1_amd64.deb ...
Unpacking unzip (6.0-26+deb11u1) ...
Setting up unzip (6.0-26+deb11u1) ...
Processing triggers for man-db (2.9.4-2) ...
info: unzip is installed.
info: Extract the V2Ray package to /tmp/tmp.TDWyDLCLop and prepare it for installation.
info: Systemd service files have been installed successfully!
warning: The following are the actual parameters for the v2ray service startup.
warning: Please make sure the configuration file path is correctly set.
# /etc/systemd/system/v2ray.service
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target

[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf
# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost!  # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json

installed: /usr/local/bin/v2ray
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/[email protected]
removed: /tmp/tmp.TDWyDLCLop
info: V2Ray v5.1.0 is installed.
You may need to execute a command to remove dependent software: apt purge curl unzip
Please execute the command: systemctl enable v2ray; systemctl start v2ray

然后启动，并设置开机自启

systemctl enable --now v2ray

然后查看是否启动及状态

root@instance-1:~# systemctl status v2ray
● v2ray.service - V2Ray Service
     Loaded: loaded (/etc/systemd/system/v2ray.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/v2ray.service.d
             └─10-donot_touch_single_conf.conf
     Active: active (running) since Tue 2022-12-13 14:26:37 CST; 12min ago
       Docs: https://www.v2fly.org/
   Main PID: 24821 (v2ray)
      Tasks: 7 (limit: 4693)
     Memory: 17.9M
        CPU: 51ms
     CGroup: /system.slice/v2ray.service
             └─24821 /usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json

Dec 13 14:26:37 instance-1 systemd[1]: Started V2Ray Service.
Dec 13 14:26:37 instance-1 v2ray[24821]: V2Ray 5.1.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.19 linux/amd64)
Dec 13 14:26:37 instance-1 v2ray[24821]: A unified platform for anti-censorship.
Dec 13 14:26:37 instance-1 v2ray[24821]: 2022/12/13 14:26:37 [Warning] V2Ray 5.1.0 started
Dec 13 14:26:42 instance-1 systemd[1]: /etc/systemd/system/v2ray.service:7: Special user nobody configured, this is not safe!

到这，你的v2ray依然不可用，因为配置文件还是空的，需要根据自己情况定制config.json

v2ray默认的配置文件路径在

/usr/local/etc/v2ray/config.json

关于配置文件，有一个v2ray配置文件样例的项目，如果你是新手可以参考一些:

我先给出我的服务端配置文件, 这里需要你更改的地方我会以注释形式说明

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "1E6A3432-89DC-458A-8055-A68317B6C787", // uuid需要你自己更改，你可以用v2ray自带的也可以用包管理器安装uuid去生成
                        "level": 1,
                        "alterId": 64
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 80
                    },
                    {
                        "path": "/awesomepath", // 这个web路径存不存在无所谓，但是你需要和以下配置中以及nginx中的web路径一致，稍候我会详细说
                        "dest": 10000,  // 这个端口，就是你v2ray的端口，随便设1000<port<65535，但是尽量设置的大一些
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/xxx/xxx.pem",  // 这块设置你的证书路径
                            "keyFile": "/xxx/xxx.key" // 这块设置你的证书密钥路径
                        }
                    ]
                }
            }
        }
    ],
    "outbound": {
        "protocol": "freedom",
        "settings": {}
    },
    "inboundDetour": [],
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}

以上未做注释的均不用改，如果你知道其他作用并且需要更改即可

我也贴出我的nginx配置

server{
    listen 80;
    server_name xxxx; // 这块填写你自己的域名
    rewrite ^(.*)$ https://$server_name$1 permanent;
}

server {
    listen 443 ssl;
    server_name xxxx; // 这里需要你替换成你自己的服务名称
    ssl_certificate     /xxx/xxx.pem;  // 这块设置你的证书路径
    ssl_certificate_key /xxx/xxx.key;  // 这块设置你的密钥路径
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_timeout 1d;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location /awesomepath {   // awesomepath这个路径替换成你需要替换的路径
        if ($http_upgrade != "websocket") {
        return 404;
        }
        proxy_redirect off;
        proxy_pass http://0.0.0.0:xxxx; // xxxx替换成你的v2ray端口
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        # Show real IP in v2ray access.log
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    } 
}

在nginx配置文件中关于proxy_pass参数的设置，我看官网默认写的是127.0.0.1，但是我运行的时候报了这样一个错误

2022/12/31 23:35:21 [Warning] [1839048121] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx/awesomepath): 400 Bad Gateway > websocket: bad handshake] > common/retry: all retry attempts failed

通过查阅google发现，将127.0.0.1设置成0.0.0.0即可解决，也没说为什么

然后我给出客户端的配置

{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 1080,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "settings": {
                "udp": true
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "vless",
            "settings": {
                "vnext": [
                    {
                        "address": "xxx",   // 替换成你的域名
                        "port": 443,
                        "users": [
                            {
                                "id": "1E6A3432-89DC-458A-8055-A68317B6C787", // uuid需要你自己更改，替换成你服务端生成的uuid
                                "encryption": "none",
                                "level": 1
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "tls",
                "tlsSettings": {
                    "serverName": "xxx",   // 替换成你的域名
                },
                "wsSettings": {
                    "path": "/awesomepath"   // awesomepath这个路径替换成你需要替换的路径
                }
            }
        }
    ]
}

至于怎么导入v2ray客户端我就不赘述了

至于过程中遇到什么问题解决不了，可以参考v2ray白话文还有google

由于实在不想用v2rayU，比较向往命令行形式的v2ray，这里我们可以使用v2ray-core

因为我是macos所以这里只演示macos安装及相关配置

安装

直接brew，不过你可以直接先search一下看看有没有v2ray-core相关的资源

┌─[hacker@iMac]-[~]
└──╼ $brew search v2ray                 
==> Formulae
v2ray ✔                                  v2ray-plugin

==> Casks
qv2ray              v2ray-unofficial    v2rayu              v2rayx

有的话就简单了，直接install安装就可以了

brew install v2ray-core

配置

你在使用brew安装的时候，v2ray的配置文件默认会在/usr/local/etc/v2ray/config.json

不过，安装完之后，我发现按照我上一个帖子中的客户端的配置文件并不能顺利启动

由于我在之前安装了v2rayU，当我把客户端配置文件导入的时候，发现v2rayU对配置文件稍作改变和格式化，我列出它格式化以后的，你可以参考

对于以下配置文件，v2rayU默认情况下，并没有配置access和error的路径，这块需要你自己加一下，而且需要你提前在/var/log下建立v2ray文件夹

{
    "log": {
      "access": "/var/log/v2ray/access.log",    // v2ray的access.log
      "error": "/var/log/v2ray/error.log",      // v2ray的error.log
      "loglevel": "info"
    },
    "inbounds": [
      {
        "listen": "127.0.0.1",
        "protocol": "socks",
        "settings": {
          "udp": true,
          "auth": "noauth"
        },
        "port": "7891"
      },
      {
        "listen": "127.0.0.1",
        "protocol": "http",
        "settings": {
          "timeout": 360
        },
        "port": "7890"
      }
    ],
    "outbounds": [
      {
        "mux": {
          "enabled": false,
          "concurrency": 8
        },
        "protocol": "vless",
        "streamSettings": {
          "wsSettings": {
            "path": "/awesomepath",     // 你的web路径
            "headers": {
              "host": ""
            }
          },
          "tlsSettings": {
            "serverName": "xxxxx.xx",       // 填写你的服务器域名
            "allowInsecure": false
          },
          "security": "tls",
          "network": "ws"
        },
        "tag": "proxy",
        "settings": {
          "vnext": [
            {
              "address": "xxxxx.xx",
              "users": [
                {
                  "encryption": "none",
                  "id": "1E6A3432-89DC-458A-8055-A68317B6C787", // 你的uuid
                  "level": 1,
                  "flow": ""
                }
              ],
              "port": 443
            }
          ]
        }
      },
      {
        "tag": "direct",
        "protocol": "freedom",
        "settings": {
          "domainStrategy": "UseIP",
          "userLevel": 0
        }
      },
      {
        "tag": "block",
        "protocol": "blackhole",
        "settings": {
          "response": {
            "type": "none"
          }
        }
      }
    ],
    "dns": {},
    "routing": {
      "settings": {
        "domainStrategy": "AsIs",
        "rules": []
      }
    },
    "transport": {}
  }

配置文件如若检查无误，之后就可以启动v2raycore了，启动也很简单

v2ray --config=/usr/local/v2ray/config.json

这时候你可以

tail -f /var/log/v2ray/access.log
tail -f /var/log/v2ray/error.log

去监测你的v2ray服务是否正常，然后你可以直接在命令行复制一下代理命令

export http_proxy=http://127.0.0.1:7890;export https_proxy=http://127.0.0.1:7890;export ALL_PROXY=socks5://127.0.0.1:7891

然后查看你的ip是否为你vps的ip

curl https://ipinfo.io

如果输出不是你的服务器ip，你可以通过access.log、error.log还有服务器端的日志进行排查问题

正常情况下你的客户端access.log日志会有输出，如:

┌─[root@iMac]-[~]
└──╼ $tail -f /var/log/v2ray/access.log 
2022/12/15 00:46:31 127.0.0.1:52518 accepted //slardar-bd.feishu.cn:443 [proxy]
2022/12/15 00:46:47 127.0.0.1:52531 accepted //cybergeeks.tech:443 [proxy]
2022/12/15 00:50:11 127.0.0.1:52674 accepted //stocks-data-service.apple.com:443 [proxy]
2022/12/15 00:50:11 127.0.0.1:52675 accepted //stocks-sparkline.apple.com:443 [proxy]
2022/12/15 00:51:52 127.0.0.1:52740 accepted //cybergeeks.tech:443 [proxy]
2022/12/15 00:52:07 127.0.0.1:52754 accepted //parrotsec-cn.org:443 [proxy]
2022/12/15 00:53:21 127.0.0.1:52805 accepted //safebrowsing.googleapis-cn.com:443 [proxy]
2022/12/15 00:53:31 127.0.0.1:52815 accepted //slardar-bd.feishu.cn:443 [proxy]
2022/12/15 00:53:38 127.0.0.1:52824 accepted //safebrowsing.urlsec.qq.com:443 [proxy]
2022/12/15 00:54:34 127.0.0.1:52865 accepted //gateway.icloud.com.cn:443 [proxy

使用macos自带的launchctl管理v2ray

launchctl这个命令相当于linux的systemctl，用于管理服务的，只介绍这么多，详细直接百度

先切换到LaunchDaemons目录，至于LaunchDaemons是干什么的，为什么要切换直接百度

cd /Library/LaunchDaemons

然后建立v2ray.plist文件，因为LaunchDaemons属于GlobalDaemons所以也需要root权限编辑

sudo vim v2ray.plist
------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>v2ray</string>
    <key>Disabled</key>
    <false/>
    <key>KeepAlive</key>
    <true/>
    <key>ProcessType</key>
    <string>Background</string>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/local/bin/v2ray</string>
      <string>--config</string>
      <string>/usr/local/etc/v2ray/config.json</string>
    </array>
    <key>UserName</key>
    <string>root</string>
    <key>GroupName</key>
    <string>wheel</string>
  </dict>
</plist>

直接复制粘贴就行不需要修改

然后使其生效

sudo launchctl load v2ray.plist

这里注意，如果你的的环境与我的稍有差异可能需要做一些调整与更改，你每次更改完v2ray.plist都需要进行

sudo launchctl unload v2ray.plist
sudo launchctl load v2ray.plist

就是先unload在load

然后进行启动v2ray

sudo launchctl start v2ray

停止服务的话就是

sudo launchctl stop v2ray

停止的时候，可能停止的比较慢，可以等一会，或者多执行几次

如何判断v2ray是否成功启动或者成功失败

launchctl list|grep v2ray

这个命令，当成功启动的时候，

┌─[root@iMac]-[~]
└──╼ $launchctl list|grep v2ray
PID	 Status	Label
5498	0	v2ray

当成功启动的时候会有pid，而且状态为0

当你停止v2ray服务的时候

┌─[root@Mac]-[~]
└──╼ $launchctl list|grep v2ray
-	0	v2ray

当成功停止的时候pid会变成-，而且状态也为0

由于v2rat服务是以root用户启动的，所以产生的日志也是root权限

你在tail的时候就需要root权限去查看