theshy/deploy_v2ray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79c29256525f7a196202d7e313cdf1237d1d93ce
deploy_v2ray/readme.md

8.5 KiB
Raw Blame History

#我希望创建一个自动化脚本,用于在新的服务器上部署我的 v2ray 网络代理服务,以下是大概步骤,给出你的方案

  1. 安装 v2ray通过脚本 bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) 和 bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)

  2. 安装 nginx 和 cerbot

sudo apt install -y nginx certbot python3-certbot-nginx sudo systemctl enable --now nginx

  1. 放一个伪装首页

sudo mkdir -p /var/www/bwh-site echo '

Hello from sydney.zyj.best

' | sudo tee /var/www/bwh-site/index.html sudo chown -R www-data:www-data /var/www/bwh-site

  1. 写入 HTTP 站点80 —— 仅用于申请证书

sudo tee /etc/nginx/sites-available/sydney.zyj.best <<'EOF' server { listen 80; listen [::]:80; server_name bwh.zyj.best;

root /var/www/bwh-site;
index index.html;

# 允许 ACME 挑战
location ~ /.well-known/acme-challenge/ {
    allow all;
}

# 其他全部跳转到 HTTPS
location / { return 301 https://$host$request_uri; }

} EOF

sudo ln -s /etc/nginx/sites-available/bwh.zyj.best /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx

  1. 一键签发 LetsEncrypt 证书443

sudo certbot --nginx -d sydney.zyj.best --agree-tos -m you@example.com --redirect

  1. 更新 v2ray 配置

================= Clash Meta 配置 =================

port: 7890 # HTTP 代理 socks-port: 7891 # SOCKS5 代理 redir-port: 7892 # 透明代理 (Linux 可注释) mode: rule # rule / global / direct allow-lan: false # 局域网访问 bind-address: 127.0.0.1 log-level: info

external-controller: 127.0.0.1:9090 external-ui: dashboard

######### DNS ######### dns: enable: true listen: 127.0.0.1:53 # 避免占用系统 53 ipv6: false enhanced-mode: redir-host nameserver: - https://dns.cloudflare.com/dns-query - https://dns.google/dns-query - 223.5.5.5 fallback: - https://1.0.0.1/dns-query - tls://8.8.4.4:853 - 8.8.4.4 fallback-filter: geoip: true geoip-code: CN

######### 代理 ######### proxies:

  • name: "Bwh" type: vmess server: bwh.zyj.best port: 443 uuid: 81c5bd30-21c0-ba05-f711-47e11c659598 alterId: 0 cipher: auto network: ws tls: true servername: bwh.zyj.best skip-cert-verify: false udp: true ws-opts: path: "/mysecretpath-221667" headers: Host: bwh.zyj.best

######### 代理组 ######### proxy-groups:

主出站

  • name: "🚀 PROXY" type: select proxies:
    • "Bwh"
    • DIRECT

流媒体分流

  • name: "🎥 Streaming" type: select proxies:
    • "Bwh"
    • DIRECT

广告拦截后去向

  • name: "🆎 AdBlock" type: select proxies:
    • REJECT
    • DIRECT

######### 规则提供器 ######### rule-providers: ads: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt" path: ./ruleset/ads.list interval: 86400

mainland: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt" path: ./ruleset/mainland.list interval: 86400

gfwlist: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt" path: ./ruleset/gfwlist.list interval: 86400

cn_ip: type: http behavior: ipcidr url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt" path: ./ruleset/cn_ip.list interval: 86400

######### 分流规则 ######### rules:

1) 广告拦截

  • RULE-SET,ads,🆎 AdBlock

2) 内网及局域网

  • RULE-SET,cn_ip,DIRECT

3) 中国域名直连

  • RULE-SET,mainland,DIRECT

4) 流媒体示例 (可按需追加 geosite:netflix 等)

- GEOSITE,netflix,🎥 Streaming

- GEOSITE,youtube,🎥 Streaming

5) GFW / 其他国外域名走代理

  • RULE-SET,gfwlist,🚀 PROXY

6) 默认

  • MATCH,🚀 PROXY
  1. 更新 nginx 配置

站点bwh.zyj.best

模式:伪装静态站 + V2Ray WebSocketoverTLS同端口 443

文件:/etc/nginx/sites-available/bwh.zyj.best

############################

HTTPS 443 伪装站 + 代理

############################ server { server_name bwh.zyj.best;

# ----------------- 静态网站 -----------------
root  /var/www/bwh-site;
index index.html;

# ----------------- WebSocket 反向代理 -----------------
# 与 V2Ray streamSettings.wsSettings.path 完全一致
location /mysecretpath-221667 {
    # 非 WebSocket 请求直接 404可防扫描
    if ($http_upgrade != "websocket") { return 404; }

    proxy_pass         http://127.0.0.1:10086;   # V2Ray 本地监听
    proxy_http_version 1.1;
    proxy_set_header   Upgrade    $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_set_header   Host       $host;
    proxy_set_header   X-Real-IP  $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Origin "";
}

# ----------------- 其他静态资源 -----------------
# 直接按 root 目录查找文件
location / {
    try_files $uri $uri/ =404;
}

# ----------------- ACME HTTP01 回调 -----------------
location ~ /.well-known/acme-challenge/ {
    allow all;
}

# ----------------- SSL 设置Certbot 自动管理) -----------------
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;

ssl_certificate      /etc/letsencrypt/live/bwh.zyj.best/fullchain.pem;  # managed by Certbot
ssl_certificate_key  /etc/letsencrypt/live/bwh.zyj.best/privkey.pem;    # managed by Certbot
include              /etc/letsencrypt/options-ssl-nginx.conf;           # managed by Certbot
ssl_dhparam          /etc/letsencrypt/ssl-dhparams.pem;                 # managed by Certbot

}

############################

HTTP 80 → HTTPS 重定向

############################ server { listen 80; listen [::]:80;

server_name bwh.zyj.best;

# ACME HTTP01 挑战
location ~ /.well-known/acme-challenge/ {
    allow all;
    root /var/www/bwh-site;
}

# 其余全部 301 到 HTTPS
location / {
    return 301 https://$host$request_uri;
}

}

  1. 生成 clash 订阅 文件

================= Clash Meta 配置 =================

port: 7890 # HTTP 代理 socks-port: 7891 # SOCKS5 代理 redir-port: 7892 # 透明代理 (Linux 可注释) mode: rule # rule / global / direct allow-lan: false # 局域网访问 bind-address: 127.0.0.1 log-level: info

external-controller: 127.0.0.1:9090 external-ui: dashboard

######### DNS ######### dns: enable: true listen: 127.0.0.1:53 # 避免占用系统 53 ipv6: false enhanced-mode: redir-host nameserver: - https://dns.cloudflare.com/dns-query - https://dns.google/dns-query - 223.5.5.5 fallback: - https://1.0.0.1/dns-query - tls://8.8.4.4:853 - 8.8.4.4 fallback-filter: geoip: true geoip-code: CN

######### 代理 ######### proxies:

  • name: "Bwh" type: vmess server: bwh.zyj.best port: 443 uuid: 81c5bd30-21c0-ba05-f711-47e11c659598 alterId: 0 cipher: auto network: ws tls: true servername: bwh.zyj.best skip-cert-verify: false udp: true ws-opts: path: "/mysecretpath-221667" headers: Host: bwh.zyj.best

######### 代理组 ######### proxy-groups:

主出站

  • name: "🚀 PROXY" type: select proxies:
    • "Bwh"
    • DIRECT

流媒体分流

  • name: "🎥 Streaming" type: select proxies:
    • "Bwh"
    • DIRECT

广告拦截后去向

  • name: "🆎 AdBlock" type: select proxies:
    • REJECT
    • DIRECT

######### 规则提供器 ######### rule-providers: ads: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt" path: ./ruleset/ads.list interval: 86400

mainland: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt" path: ./ruleset/mainland.list interval: 86400

gfwlist: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt" path: ./ruleset/gfwlist.list interval: 86400

cn_ip: type: http behavior: ipcidr url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt" path: ./ruleset/cn_ip.list interval: 86400

######### 分流规则 ######### rules:

1) 广告拦截

  • RULE-SET,ads,🆎 AdBlock

2) 内网及局域网

  • RULE-SET,cn_ip,DIRECT

3) 中国域名直连

  • RULE-SET,mainland,DIRECT

4) 流媒体示例 (可按需追加 geosite:netflix 等)

- GEOSITE,netflix,🎥 Streaming

- GEOSITE,youtube,🎥 Streaming

5) GFW / 其他国外域名走代理

  • RULE-SET,gfwlist,🚀 PROXY

6) 默认

  • MATCH,🚀 PROXY