theshy/deploy_v2ray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79c29256525f7a196202d7e313cdf1237d1d93ce
deploy_v2ray/readme.md

397 lines
8.5 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#我希望创建一个自动化脚本,用于在新的服务器上部署我的 v2ray 网络代理服务,以下是大概步骤,给出你的方案
1. 安装 v2ray通过脚本 bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) 和
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
2. 安装 nginx 和 cerbot
sudo apt install -y nginx certbot python3-certbot-nginx
sudo systemctl enable --now nginx
3. 放一个伪装首页
sudo mkdir -p /var/www/bwh-site
echo '<h1>Hello from sydney.zyj.best</h1>' | sudo tee /var/www/bwh-site/index.html
sudo chown -R www-data:www-data /var/www/bwh-site
4. 写入 HTTP 站点80 —— 仅用于申请证书
sudo tee /etc/nginx/sites-available/sydney.zyj.best <<'EOF'
server {
listen 80;
listen [::]:80;
server_name bwh.zyj.best;
root /var/www/bwh-site;
index index.html;
# 允许 ACME 挑战
location ~ /.well-known/acme-challenge/ {
allow all;
}
# 其他全部跳转到 HTTPS
location / { return 301 https://$host$request_uri; }
}
EOF
sudo ln -s /etc/nginx/sites-available/bwh.zyj.best /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
5. 一键签发 LetsEncrypt 证书443
sudo certbot --nginx -d sydney.zyj.best --agree-tos -m you@example.com --redirect
6. 更新 v2ray 配置
# ================= Clash Meta 配置 =================
port: 7890 # HTTP 代理
socks-port: 7891 # SOCKS5 代理
redir-port: 7892 # 透明代理 (Linux 可注释)
mode: rule # rule / global / direct
allow-lan: false # 局域网访问
bind-address: 127.0.0.1
log-level: info
external-controller: 127.0.0.1:9090
external-ui: dashboard
######### DNS #########
dns:
enable: true
listen: 127.0.0.1:53 # 避免占用系统 53
ipv6: false
enhanced-mode: redir-host
nameserver: - https://dns.cloudflare.com/dns-query - https://dns.google/dns-query - 223.5.5.5
fallback: - https://1.0.0.1/dns-query - tls://8.8.4.4:853 - 8.8.4.4
fallback-filter:
geoip: true
geoip-code: CN
######### 代理 #########
proxies:
- name: "Bwh"
type: vmess
server: bwh.zyj.best
port: 443
uuid: 81c5bd30-21c0-ba05-f711-47e11c659598
alterId: 0
cipher: auto
network: ws
tls: true
servername: bwh.zyj.best
skip-cert-verify: false
udp: true
ws-opts:
path: "/mysecretpath-221667"
headers:
Host: bwh.zyj.best
######### 代理组 #########
proxy-groups:
# 主出站
- name: "🚀 PROXY"
type: select
proxies:
- "Bwh"
- DIRECT
# 流媒体分流
- name: "🎥 Streaming"
type: select
proxies:
- "Bwh"
- DIRECT
# 广告拦截后去向
- name: "🆎 AdBlock"
type: select
proxies:
- REJECT
- DIRECT
######### 规则提供器 #########
rule-providers:
ads:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt"
path: ./ruleset/ads.list
interval: 86400
mainland:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt"
path: ./ruleset/mainland.list
interval: 86400
gfwlist:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt"
path: ./ruleset/gfwlist.list
interval: 86400
cn_ip:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt"
path: ./ruleset/cn_ip.list
interval: 86400
######### 分流规则 #########
rules:
# 1) 广告拦截
- RULE-SET,ads,🆎 AdBlock
# 2) 内网及局域网
- RULE-SET,cn_ip,DIRECT
# 3) 中国域名直连
- RULE-SET,mainland,DIRECT
# 4) 流媒体示例 (可按需追加 geosite:netflix 等)
# - GEOSITE,netflix,🎥 Streaming
# - GEOSITE,youtube,🎥 Streaming
# 5) GFW / 其他国外域名走代理
- RULE-SET,gfwlist,🚀 PROXY
# 6) 默认
- MATCH,🚀 PROXY
7. 更新 nginx 配置
##
# 站点bwh.zyj.best
# 模式:伪装静态站 + V2Ray WebSocketoverTLS同端口 443
# 文件:/etc/nginx/sites-available/bwh.zyj.best
##
############################
# HTTPS 443 伪装站 + 代理
############################
server {
server_name bwh.zyj.best;
# ----------------- 静态网站 -----------------
root /var/www/bwh-site;
index index.html;
# ----------------- WebSocket 反向代理 -----------------
# 与 V2Ray streamSettings.wsSettings.path 完全一致
location /mysecretpath-221667 {
# 非 WebSocket 请求直接 404可防扫描
if ($http_upgrade != "websocket") { return 404; }
proxy_pass http://127.0.0.1:10086; # V2Ray 本地监听
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Origin "";
}
# ----------------- 其他静态资源 -----------------
# 直接按 root 目录查找文件
location / {
try_files $uri $uri/ =404;
}
# ----------------- ACME HTTP01 回调 -----------------
location ~ /.well-known/acme-challenge/ {
allow all;
}
# ----------------- SSL 设置Certbot 自动管理) -----------------
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/bwh.zyj.best/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bwh.zyj.best/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
############################
# HTTP 80 → HTTPS 重定向
############################
server {
listen 80;
listen [::]:80;
server_name bwh.zyj.best;
# ACME HTTP01 挑战
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/bwh-site;
}
# 其余全部 301 到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
8. 生成 clash 订阅 文件
# ================= Clash Meta 配置 =================
port: 7890 # HTTP 代理
socks-port: 7891 # SOCKS5 代理
redir-port: 7892 # 透明代理 (Linux 可注释)
mode: rule # rule / global / direct
allow-lan: false # 局域网访问
bind-address: 127.0.0.1
log-level: info
external-controller: 127.0.0.1:9090
external-ui: dashboard
######### DNS #########
dns:
enable: true
listen: 127.0.0.1:53 # 避免占用系统 53
ipv6: false
enhanced-mode: redir-host
nameserver: - https://dns.cloudflare.com/dns-query - https://dns.google/dns-query - 223.5.5.5
fallback: - https://1.0.0.1/dns-query - tls://8.8.4.4:853 - 8.8.4.4
fallback-filter:
geoip: true
geoip-code: CN
######### 代理 #########
proxies:
- name: "Bwh"
type: vmess
server: bwh.zyj.best
port: 443
uuid: 81c5bd30-21c0-ba05-f711-47e11c659598
alterId: 0
cipher: auto
network: ws
tls: true
servername: bwh.zyj.best
skip-cert-verify: false
udp: true
ws-opts:
path: "/mysecretpath-221667"
headers:
Host: bwh.zyj.best
######### 代理组 #########
proxy-groups:
# 主出站
- name: "🚀 PROXY"
type: select
proxies:
- "Bwh"
- DIRECT
# 流媒体分流
- name: "🎥 Streaming"
type: select
proxies:
- "Bwh"
- DIRECT
# 广告拦截后去向
- name: "🆎 AdBlock"
type: select
proxies:
- REJECT
- DIRECT
######### 规则提供器 #########
rule-providers:
ads:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt"
path: ./ruleset/ads.list
interval: 86400
mainland:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt"
path: ./ruleset/mainland.list
interval: 86400
gfwlist:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt"
path: ./ruleset/gfwlist.list
interval: 86400
cn_ip:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt"
path: ./ruleset/cn_ip.list
interval: 86400
######### 分流规则 #########
rules:
# 1) 广告拦截
- RULE-SET,ads,🆎 AdBlock
# 2) 内网及局域网
- RULE-SET,cn_ip,DIRECT
# 3) 中国域名直连
- RULE-SET,mainland,DIRECT
# 4) 流媒体示例 (可按需追加 geosite:netflix 等)
# - GEOSITE,netflix,🎥 Streaming
# - GEOSITE,youtube,🎥 Streaming
# 5) GFW / 其他国外域名走代理
- RULE-SET,gfwlist,🚀 PROXY
# 6) 默认
- MATCH,🚀 PROXY
Reference in New Issue View Git Blame Copy Permalink