Frank
Frank
Published on 2023-01-01 / 812 Visits
0
0

【转载】新的流控Vision配置教程

XTLS Vision项目地址:https://github.com/XTLS/Xray-core/discussions/1295

1、关闭防火墙或放行指定端口

ufw disable

2、开启BBR加速

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p

3、更新软件源

apt update
apt upgrade
apt full-upgrade

4、安装组件

apt install socat

5、安装Xray

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --beta

6、生成uuid账号

cat /proc/sys/kernel/random/uuid

7、修改Xray配置文件

{
    "log": {
        "loglevel": "warning"
    },
    "routing": {
        "domainStrategy": "IPIfNonMatch",
        "rules": [
            {
                "type": "field",
                "ip": [
                    "geoip:cn",
                    "geoip:private"
                ],
                "outboundTag": "block"
           }
        ]
    },
    "inbounds": [
        {
            "port": 443, //端口
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", //uuid账号
                        "flow": "xtls-rprx-vision" //流控 
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 12345, //回落到12345
                        "xver": 1
                    } 
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tlsSettings": {
                    "rejectUnknownSni": true,
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/etc/ssl/private/fullchain.cer", //证书位置
                            "keyFile": "/etc/ssl/private/private.key" //私钥位置
                        }
                    ]
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            }
        },
        {
            "port": 12345, //12345端口配置
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "password" //密码
                    }
                ],
                "fallbacks": [
                    {
                        "dest": 80 //回落到80端口
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "tag": "block"
        }
    ]
}

8、申请安装证书

curl https://get.acme.sh | sh

alias acme.sh=~/.acme.sh/acme.sh

acme.sh --upgrade --auto-upgrade

acme.sh --set-default-ca --server letsencrypt

acme.sh --issue -d 域名 --standalone --keylength ec-256

acme.sh --install-cert -d 域名 --ecc --fullchain-file /etc/ssl/private/fullchain.cer --key-file /etc/ssl/private/private.key

chown -R nobody:nogroup /etc/ssl/private/

9、安装Nginx

apt install nginx

10、修改nginx配置文件

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
}

http {

  server {
    listen 80 default_server;
    listen [::]:80 default_server;

  location / {
    proxy_pass https://www.bing.com; #伪装网址
    proxy_ssl_server_name on;
    proxy_redirect off;
    sub_filter_once off;
    sub_filter "www.bing.com" $server_name; #伪装网址
    proxy_set_header Host "www.bing.com"; #伪装网址
    proxy_set_header Referer $http_referer;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header User-Agent $http_user_agent;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Accept-Encoding "";
    proxy_set_header Accept-Language "zh-CN";
    }
  }
}

11、重新加载nginx

systemctl reload nginx

12、查看nginx启动状态

systemctl status nginx

13、重启Xray

systemctl restart xray

14、查看Xray启动状态

systemctl status xray

Comment