ufw disable
开启BBR加速
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
更新软件源
apt update
apt upgrade
安装组件
apt install socat
安装Xray
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --version 1.5.8
使用 User=root 安装和升级 Xray 核心和地理数据,这将覆盖现有服务文件中的用户
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
生成uuid账号
cat /proc/sys/kernel/random/uuid
修改Xray配置文件
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"port": 443, //端口
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid", //uuid账号
"flow": "xtls-rprx-vision" //流控
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 12345, //回落到12345
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/etc/ssl/private/fullchain.cer", //证书位置
"keyFile": "/etc/ssl/private/private.key" //私钥位置
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"port": 12345, //12345端口配置
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "password" //密码
}
],
"fallbacks": [
{
"dest": 80 //回落到80端口
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
申请安装证书
curl https://get.acme.sh | sh
alias acme.sh=~/.acme.sh/acme.sh
acme.sh --upgrade --auto-upgrade
acme.sh --set-default-ca --server letsencrypt
acme.sh --issue -d 域名 --standalone --keylength ec-256
acme.sh --install-cert -d 域名 --ecc --fullchain-file /etc/ssl/private/fullchain.cer --key-file /etc/ssl/private/private.key
chown -R nobody:nogroup /etc/ssl/private/
安装Nginx
apt install nginx
修改nginx配置文件
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass https://www.bing.com; #伪装网址
proxy_ssl_server_name on;
proxy_redirect off;
sub_filter_once off;
sub_filter "www.bing.com" $server_name; #伪装网址
proxy_set_header Host "www.bing.com"; #伪装网址
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language "zh-CN";
}
}
}
重新加载nginx
systemctl reload nginx
查看nginx启动状态
systemctl status nginx
重启Xray
systemctl restart xray
查看Xray启动状态
systemctl status xray
