v2–be contiune h2+TLS+Web测试

今天想尝试了一下传说中的Websocks+TLS+Web方式去搭建v2ray。。不过莫名不想用Websocks,而是改用了http/2,不过总体来说。。性能好像并不太理想。(跟传统的TCP+TLS相比)

不过优点就是。。看起来就是合情合理的https请求,封的机会会更低,而且听说可以接CDN。。。嗯。

需要两个软件:主体的v2ray,还有做web的Caddy(反向代理)。

大概流程是这样的:

客户端—–Caddy—–v2ray—–外网

首先v2ray配置文件是这样的:

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "debug"
    },
    "inbound": {
        "port": 10000,
	"listen": "127.0.0.1",
        "protocol": "vmess",
        "settings": {
            "clients": [
                {
                    "id": "uuid",
                    "level": 1,
                    "alterId": 100
                }
            ]
        },
        "streamSettings": {
            "network": "h2",
            "security": "tls",
			"httpSettings": {
				"path": "/path",
				"host": ["domain.me"]
			},
			"tlsSettings": {
                		"serverName": "domain.me",
                		"certificates": [
                    	{
                        	"certificateFile": "/etc/v2ray/v2ray.crt",
                        	"keyFile": "/etc/v2ray/v2ray.key"
                    }
                ]
            }
        }
    },
    "outbound": {
        "protocol": "freedom",
        "settings": {}
    },
    "inboundDetour": [],
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}

然后安装Caddy:

curl https://getcaddy.com | bash -s personal http.filemanager,http.forwardproxy,http.proxyprotocol
curl -s https://raw.githubusercontent.com/GEM7/My_scripts/master/caddy/caddy.service -o /etc/systemd/system/caddy.service

先建好Caddy的日志跟配置文件:

touch /etc/Caddyfile
touch /var/log/caddy.log

然后再写Caddy的配置文件:/etc/Caddyfile

https://domian.me:443 {
log /var/log/caddy.log
proxy /path https://127.0.0.1:10000 {
       insecure_skip_verify
       header_upstream X-Forwarded-Proto "https"
       header_upstream Host "domain.me"
    }
}

然后重启v2ray,启动Caddy

sudo ssytemctl start caddy.service
sudo service v2ray start

客户端的话手机设置好导出配置就成了。。
不过感觉还有可以优化的地方啊。。。先这样吧= =
(反正怎么改应该也没原来的TCP+TLS快。。)

PS:今天发现在TCP+TLS的情况下客户端关了加密方式(”security”: “none”,)性能比以前好多了。。没有了以前“一跳一跳”的传输行为。。
希望关了加密方式还有TLS把关吧。。嗯

相关教程(增量)
https://ellinia.me/Use_caddy_to_reverse_proxy_project_v/

https://toutyrater.github.io/advanced/wss_and_web.html

2条评论

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注