安装v2ray/nginx

v2ray安装可以参考Ubuntu中v2ray客户端配置实例.

Nginx安装推荐使用OneinStack一键安装脚本

准备好使用的域名,这里以v.fuckgfw.cn为例。

v2ray/nginx服务端配置

v2ray安装好后,服务端配置/etc/v2ray/config.json如下:

{
	"inbounds": [{
		"port": 99999,  //代理端口号
		"listen": "127.0.0.1",
		"protocol": "vmess",
		"settings": {
			"clients": [{
				"id": "5c1eed18-fse4-41fs-9as9-e85s45bds9ef",
				"level": 1,
				"alterId": 64
			}]
		},
		"streamSettings": {
			"network": "ws",
			"wsSettings": {
				"path": "/fcgfw" //代理目录
			}
		}
	}],
	"outbounds": [{
		"protocol": "freedom",
		"settings": {}
	}, {
		"protocol": "blackhole",
		"settings": {},
		"tag": "blocked"
	}],
	"routing": {
		"rules": [{
			"type": "field",
			"ip": ["geoip:private"],
			"outboundTag": "blocked"
		}]
	}
}

使用OneinStack一键脚本新建一个站点,域名为v.fuckgfw.cn,采用SSL加密模式,完成后编辑/usr/local/nginx/conf/vhost/v.fuckgfw.cn.conf文件

参考以下修改:

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/v.fuckgfw.cn.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/v.fuckgfw.cn.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name v.fuckgfw.cn;
  access_log off;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

    location /fcgfw {       //与上面v2ray配置的代理目录一致                  
        proxy_redirect off;
        proxy_pass http://127.0.0.1:99999;       //与上面v2ray配置端口号一致 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout 60s;
        proxy_read_timeout 86400s;
        proxy_send_timeout 60s;
    }
}

按照上面修改好nginxv2ray配置后,重启服务。

service nginx reload
service v2ray restart

v2ray客户端配置

v2rayN为例

  • 地址:v.fuckgfw.cn
  • 端口:443
  • 用户ID:5c1eed18-fse4-41fs-9as9-e85s45bds9ef
  • 额外ID:64
  • 加密方式:auto
  • 传输协议:ws
  • 别名:v.fuckgfw.cn
  • 伪装类型:none
  • 伪装域名:v.fuckgfw.cn
  • 路径:/fcgfw
  • 底层传输安全:tls
  • 跳过证书验证:false

https://unixetc.com/usr/uploads/nginx-v2ray-websocket.png