V2ray作为一款支持Websocket的优秀代理软件,可以借助Cloudflare的免费CDN绕过源ip被墙的限制,本文介绍主要方法。注:TLS交给Trojan处理,详情请见我的另外一篇文章。

附:申请let's encrypt证书完成请先关掉CDN。若使用一键脚本,勾选安装V2ray即可。


一。安装SSL/TLS证书并配置Trojan

Trojan-GFW --一把通往自由互联网世界的万能钥匙
Trojan-GFW作为一款新兴的代理软件,相比于L2TP,PPTP,OPENVPN等传统VPN以及SS,SSR,V2ray等主流代理软件,有着轻量化,配置简单,使用方便,速度更快等优势,本文主要介绍Trojan的搭建以及使用方式,以及一些注意点等。全自动化一键脚本已添加!!!

二。安装V2ray

apt-get update
apt-get install curl unzip sudo -y
wget https://install.direct/go.sh
sudo bash go.sh

三。配置V2ray

sudo nano /etc/v2ray/config.json
{
  "inbounds": [
    {
      "port": 10000,
      "listen":"127.0.0.1",//只监听 127.0.0.1,避免除本机外的机器探测到开放了 10000 端口
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/ray"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

3.四。配置Nginx转发

sudo nano /etc/nginx/conf.d/default.conf
server {
    listen 80; #Trojan remote_port 和这里要一样
    server_name example.com;
    location / {
            root /usr/share/nginx/html;
            index index.html;
        }
        location /ray { # 与 V2Ray 配置中的 path 保持一致
        access_log off;
        proxy_pass http://127.0.0.1:10000; #与V2Ray的监听端口保持一致
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

五。配置Cloudflare

Dns配置里的箭头穿过云朵表示启用CDN,反之不启用
把SSl/TLS设置里的这项改成Full(strict)
安全起见,把最低TLS版本改成TLS1.2
1Network里的Websocket确保开启

六。配置客户端

v2ray/v2ray-core
A platform for building proxies to bypass network restrictions. - v2ray/v2ray-core
{
  "inbounds": [
    {
      "port": 1081, //避免和Trojan客户端的端口冲突
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "example.com", //此处必须为域名才能走CDN
            "port": 443,
            "users": [
              {
                "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
                "alterId": 64
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/ray"
        }
      }
    }
  ]
}

至于switchomeage配置和Trojan一文中一样,端口换成1081就行。


Trojan和此套方案可同时使用,Trojan直连ip,V2ray走CDN,这样的话可以互不干扰的运行。