verysimple:一个对标 v2ray/xray的极简代理内核

网络资源 admin 来源:原文链接 2个月前 (09-27) 251次浏览 0个评论

这篇文章记录一下用verysimple配置一个trojan协议的代理,并使用nginx的ngx_stream_ssl_preread模块进行sni分流。首先安装需要用到的包:

apt -y update
apt -y install xz-utils curl nginx

下载verysimple:

mkdir -p /usr/local/etc/verysimple
curl -L https://github.com/e1732a364fed/v2ray_simple/releases/download/v1.2.4-beta.2/verysimple_linux_amd64.tar.xz -o verysimple_linux_amd64.tar.xz
tar xf verysimple_linux_amd64.tar.xz -C /usr/local/etc/verysimple
mv /usr/local/etc/verysimple/verysimple /usr/local/bin

新建systemd服务:

nano /etc/systemd/system/verysimple.service

写入如下配置:

[Unit]
Description=verysimple service
Documentation=https://github.com/e1732a364fed/v2ray_simple
After=network.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/verysimple -c /usr/local/etc/verysimple/server.toml
Restart=on-failure
RestartSec=1800s
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

新建一个verysimple的配置文件:

nano /usr/local/etc/verysimple/server.toml

写入如下配置:

[[listen]]
protocol = "trojans"
uuid = "036514da-75fd-4e36-9ca9-229617fd3b4c"

ip = "127.0.0.1"
host = "trojan.example.com"
port = 62000
sniffing.enabled = true
cert = "/usr/local/etc/verysimple/trojan.example.com.pem"
key = "/usr/local/etc/verysimple/trojan.example.com.key"
insecure = false
extra = { tls_minVersion = "1.2" }
xver = 2
fullcone = true

[[fallback]]
dest = 23333
xver = 2

[[dial]]
protocol = "direct"
fullcone = true

启动verysimple并设置开机自启:

systemctl enable --now verysimple

编辑nginx的主配置文件:

nano /etc/nginx/nginx.conf

写入如下配置:

stream {
        map $ssl_preread_server_name $verysimple {
                trojan.example.com trojan;
        }
        upstream trojan {
                server 127.0.0.1:62000;
        }
        server {
                listen 443      reuseport;
                listen [::]:443 reuseport;
                proxy_pass      $verysimple;
                ssl_preread     on;
                proxy_protocol  on;
        }
}

新建一个nginx站点配置文件,用于回落站点:

nano /etc/nginx/conf.d/fallback.conf

写入如下配置:

server {
        listen 80;
        server_name trojan.example.com;
        if ($host = trojan.example.com) {
                return 301 https://$host$request_uri;
        }
        return 404;
}

server {
        listen 127.0.0.1:23333 proxy_protocol;
        set_real_ip_from 127.0.0.1;
        real_ip_header proxy_protocol;
        server_name trojan.example.com;
        index index.html;
        root /var/www/html/flappyfrog;
}

重载nginx使配置生效:

systemctl reload nginx

服务端至此全部配置完成,在这里下载客户端:https://github.com/e1732a364fed/v2ray_simple/releases

建议目前先下载v1.2.4-beta.2版本使用。verysimple客户端的配置:

[[listen]]
protocol = "socks5"
host = "127.0.0.1"
port = 50800
sniffing.enabled = true

[[dial]]
tag = "proxy"
protocol = "trojans"
uuid = "036514da-75fd-4e36-9ca9-229617fd3b4c"
host = "trojan.example.com"
port = 443
insecure = false
utls = true
use_mux = true

[[dial]]
tag = "direct"
protocol = "direct"

[[route]]
country = ["CN"]
ip = ["private"]
domain = ["geosite:cn"]
toTag = "direct"

因为配置了route,需要用到GeoLite2-Country.mmdb和geosite,先启动一次加上-d参数让程序把这些文件下载下来:

cd C:\Users\LALA\Desktop\verysimple
.\verysimple.exe -c trojan.client.toml -d

之后退出再运行即可:

.\verysimple.exe -c trojan.client.toml

verysimple的fallback功能很完善,支持proxy_protocol,所以回落站点可以获取到真实的访客ip,用浏览器访问一下你的域名,再看看nginx的access日志即可发现记录的ip是真实ip:

 

 


VPS小白 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址