theshy/deploy_v2ray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement full-featured V2Ray deployment script

Browse Source
This commit is contained in:
Thesky
2025-07-23 14:34:43 +08:00
commit 6281a013f7
6 changed files with 6609 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

396
readme.md Normal file
View File

@ -0,0 +1,396 @@
#我希望创建一个自动化脚本,用于在新的服务器上部署我的 v2ray 网络代理服务,以下是大概步骤,给出你的方案
1. 安装 v2ray通过脚本 bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) 和
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
2. 安装 nginx 和 cerbot
sudo apt install -y nginx certbot python3-certbot-nginx
sudo systemctl enable --now nginx
3. 放一个伪装首页
sudo mkdir -p /var/www/bwh-site
echo '<h1>Hello from sydney.zyj.best</h1>' | sudo tee /var/www/bwh-site/index.html
sudo chown -R www-data:www-data /var/www/bwh-site
4. 写入 HTTP 站点80 —— 仅用于申请证书
sudo tee /etc/nginx/sites-available/sydney.zyj.best <<'EOF'
server {
listen 80;
listen [::]:80;
server_name bwh.zyj.best;
root /var/www/bwh-site;
index index.html;
# 允许 ACME 挑战
location ~ /.well-known/acme-challenge/ {
allow all;
}
# 其他全部跳转到 HTTPS
location / { return 301 https://$host$request_uri; }
}
EOF
sudo ln -s /etc/nginx/sites-available/bwh.zyj.best /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
5. 一键签发 LetsEncrypt 证书443
sudo certbot --nginx -d sydney.zyj.best --agree-tos -m you@example.com --redirect
6. 更新 v2ray 配置
# ================= Clash Meta 配置 =================
port: 7890 # HTTP 代理
socks-port: 7891 # SOCKS5 代理
redir-port: 7892 # 透明代理 (Linux 可注释)
mode: rule # rule / global / direct
allow-lan: false # 局域网访问
bind-address: 127.0.0.1
log-level: info
external-controller: 127.0.0.1:9090
external-ui: dashboard
######### DNS #########
dns:
enable: true
listen: 127.0.0.1:53 # 避免占用系统 53
ipv6: false
enhanced-mode: redir-host
nameserver: - https://dns.cloudflare.com/dns-query - https://dns.google/dns-query - 223.5.5.5
fallback: - https://1.0.0.1/dns-query - tls://8.8.4.4:853 - 8.8.4.4
fallback-filter:
geoip: true
geoip-code: CN
######### 代理 #########
proxies:
- name: "Bwh"
type: vmess
server: bwh.zyj.best
port: 443
uuid: 81c5bd30-21c0-ba05-f711-47e11c659598
alterId: 0
cipher: auto
network: ws
tls: true
servername: bwh.zyj.best
skip-cert-verify: false
udp: true
ws-opts:
path: "/mysecretpath-221667"
headers:
Host: bwh.zyj.best
######### 代理组 #########
proxy-groups:
# 主出站
- name: "🚀 PROXY"
type: select
proxies:
- "Bwh"
- DIRECT
# 流媒体分流
- name: "🎥 Streaming"
type: select
proxies:
- "Bwh"
- DIRECT
# 广告拦截后去向
- name: "🆎 AdBlock"
type: select
proxies:
- REJECT
- DIRECT
######### 规则提供器 #########
rule-providers:
ads:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt"
path: ./ruleset/ads.list
interval: 86400
mainland:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt"
path: ./ruleset/mainland.list
interval: 86400
gfwlist:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt"
path: ./ruleset/gfwlist.list
interval: 86400
cn_ip:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt"
path: ./ruleset/cn_ip.list
interval: 86400
######### 分流规则 #########
rules:
# 1) 广告拦截
- RULE-SET,ads,🆎 AdBlock
# 2) 内网及局域网
- RULE-SET,cn_ip,DIRECT
# 3) 中国域名直连
- RULE-SET,mainland,DIRECT
# 4) 流媒体示例 (可按需追加 geosite:netflix 等)
# - GEOSITE,netflix,🎥 Streaming
# - GEOSITE,youtube,🎥 Streaming
# 5) GFW / 其他国外域名走代理
- RULE-SET,gfwlist,🚀 PROXY
# 6) 默认
- MATCH,🚀 PROXY
7. 更新 nginx 配置
##
# 站点bwh.zyj.best
# 模式:伪装静态站 + V2Ray WebSocketoverTLS同端口 443
# 文件:/etc/nginx/sites-available/bwh.zyj.best
##
############################
# HTTPS 443 伪装站 + 代理
############################
server {
server_name bwh.zyj.best;
# ----------------- 静态网站 -----------------
root /var/www/bwh-site;
index index.html;
# ----------------- WebSocket 反向代理 -----------------
# 与 V2Ray streamSettings.wsSettings.path 完全一致
location /mysecretpath-221667 {
# 非 WebSocket 请求直接 404可防扫描
if ($http_upgrade != "websocket") { return 404; }
proxy_pass http://127.0.0.1:10086; # V2Ray 本地监听
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Origin "";
}
# ----------------- 其他静态资源 -----------------
# 直接按 root 目录查找文件
location / {
try_files $uri $uri/ =404;
}
# ----------------- ACME HTTP01 回调 -----------------
location ~ /.well-known/acme-challenge/ {
allow all;
}
# ----------------- SSL 设置Certbot 自动管理) -----------------
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/bwh.zyj.best/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bwh.zyj.best/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
############################
# HTTP 80 → HTTPS 重定向
############################
server {
listen 80;
listen [::]:80;
server_name bwh.zyj.best;
# ACME HTTP01 挑战
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/bwh-site;
}
# 其余全部 301 到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
8. 生成 clash 订阅 文件
# ================= Clash Meta 配置 =================
port: 7890 # HTTP 代理
socks-port: 7891 # SOCKS5 代理
redir-port: 7892 # 透明代理 (Linux 可注释)
mode: rule # rule / global / direct
allow-lan: false # 局域网访问
bind-address: 127.0.0.1
log-level: info
external-controller: 127.0.0.1:9090
external-ui: dashboard
######### DNS #########
dns:
enable: true
listen: 127.0.0.1:53 # 避免占用系统 53
ipv6: false
enhanced-mode: redir-host
nameserver: - https://dns.cloudflare.com/dns-query - https://dns.google/dns-query - 223.5.5.5
fallback: - https://1.0.0.1/dns-query - tls://8.8.4.4:853 - 8.8.4.4
fallback-filter:
geoip: true
geoip-code: CN
######### 代理 #########
proxies:
- name: "Bwh"
type: vmess
server: bwh.zyj.best
port: 443
uuid: 81c5bd30-21c0-ba05-f711-47e11c659598
alterId: 0
cipher: auto
network: ws
tls: true
servername: bwh.zyj.best
skip-cert-verify: false
udp: true
ws-opts:
path: "/mysecretpath-221667"
headers:
Host: bwh.zyj.best
######### 代理组 #########
proxy-groups:
# 主出站
- name: "🚀 PROXY"
type: select
proxies:
- "Bwh"
- DIRECT
# 流媒体分流
- name: "🎥 Streaming"
type: select
proxies:
- "Bwh"
- DIRECT
# 广告拦截后去向
- name: "🆎 AdBlock"
type: select
proxies:
- REJECT
- DIRECT
######### 规则提供器 #########
rule-providers:
ads:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt"
path: ./ruleset/ads.list
interval: 86400
mainland:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt"
path: ./ruleset/mainland.list
interval: 86400
gfwlist:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt"
path: ./ruleset/gfwlist.list
interval: 86400
cn_ip:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt"
path: ./ruleset/cn_ip.list
interval: 86400
######### 分流规则 #########
rules:
# 1) 广告拦截
- RULE-SET,ads,🆎 AdBlock
# 2) 内网及局域网
- RULE-SET,cn_ip,DIRECT
# 3) 中国域名直连
- RULE-SET,mainland,DIRECT
# 4) 流媒体示例 (可按需追加 geosite:netflix 等)
# - GEOSITE,netflix,🎥 Streaming
# - GEOSITE,youtube,🎥 Streaming
# 5) GFW / 其他国外域名走代理
- RULE-SET,gfwlist,🚀 PROXY
# 6) 默认
- MATCH,🚀 PROXY