B^B .. Oh

一群爱搞事情的小弱鸡

HTTP2.0 + V2ray + WebSocket + CDN 隐身飞翔

前言

之前介绍过VeryNginx + HTTP2.0 + TLS的部署教程

Verynginx + HTTP2 + HSTS 搭建教程

安装V2ray

1、首先安装git

apt update && apt install git

2、下载一键安装脚本

curl https://bbsec.xyz/shell/v2ray.sh > v2ray.sh

3、安装V2ray

sudo bash v2ray.sh

配置V2ray

1、修改服务器端V2ray配置 /etc/v2ray/config.json

{
  "inbounds": [
    {
      "port": 10000,    //端口号自定义
      "listen":"127.0.0.1",        
      //只监听 127.0.0.1,避免除本机外的机器探测到开放了 10000 端口
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "b831381d-6324-4d53-ad4f-8cda48b30811",      
            //UUID一定要自己生成,不要泄露
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/bbsec"      
        //路径要自己设置,不会影响安全性及速度,假设路径为 /bbsec
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

2、修改服务器端VeryNginx配置 /opt/verynginx/verynginx/nginx_conf/sites/XXXX.conf  –>  传送门  Verynginx + HTTP2 + HSTS 搭建教程

server {
        listen 443 ssl http2  fastopen=3 reuseport;     
        #开启HTTP2.0支持并启用端口复用
        server_name XXXX; 
        #你的域名

    ssl on;
        ssl_certificate     /path/to/ssl/XXXX.crt;      
        #证书crt文件的路径
    ssl_certificate_key /path/to/ssl/XXXX.key;      
        #证书key文件的路径

        
    ssl_stapling on;  #开启OCSP Stapling
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;            
    resolver_timeout 10s;
        ssl_buffer_size 8k;
        ssl_session_tickets on;
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 10m;

        #设置加密协议,TLSv1协议将于2019年被废弃,如果不用IE6老古董建议不启用
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;            
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
        
        #开启HSTS务必保证所有子域名都已经配置好HTTPS,否则删除掉includeSubdomains
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;

        #防止点击劫持
        add_header X-Frame-Options SAMEORIGIN always;
        #防止XSS攻击
        add_header X-XSS-Protection "1; mode=block" always;
        #防止MIME探测
        add_header X-Content-Type-Options nosniff;

        #this line shoud be include in every server block
        include /opt/verynginx/verynginx/nginx_conf/in_server_block.conf;

        root /path/to/website; #网站根目录

        ############### 添 加 配 置 ##############
        location /bbsec { # 与 V2Ray 配置中的 path 保持一致
                proxy_redirect off;
                proxy_pass http://127.0.0.1:10000;
                #假设WebSocket监听在环回地址的10000端口上
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $http_host;
        }
        ###############    E N D    ##############

        location / {
             #与普通nginx配置相同
        }
}

3、重启服务

sudo /opt/verynginx/openresty/nginx/sbin/nginx -s reload   #重启verynginx
sudo systemctl restart v2ray   #重启v2ray

部署CDN(可以隐藏真实IP)

寻找一家支持WebSocket 和 HTTPS/HTTP2的CDN服务商,部署好CDN服务即可


这样基本不会被封IP,完美的伪装成了一个网站!
点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注