配置Xray+REALITY+NginxSNI分流

实用教程 admin 来源:原文链接 2年前 (2023-02-28) 2762次浏览 0个评论

reality是最近新出的一个协议,目前还没有正式发布,不过现在可以通过编译开发版本的xray来体验。

安装需要用到的软件包:

apt -y update
apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx

安装golang:

curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh
source /etc/profile.d/golang.sh

克隆xray的源码:

git clone https://github.com/XTLS/Xray-core.git
cd Xray-core

编译linux平台的二进制文件:

go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main

编译windows平台的二进制文件:

env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main

复制编译好的文件:

cp xray /usr/local/bin/

新建xray需要用到的目录:

mkdir -p /usr/local/etc/xray

新建systemd服务:

systemctl edit --full --force xray.service

写入如下配置:

[Unit]
Description=xray-core service
Documentation=https://github.com/XTLS/Xray-core
After=network.target nss-lookup.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/xray run -c /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

新建xray的配置文件:

nano /usr/local/etc/xray/config.json

写入如下配置:

{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 52001,
      "protocol": "vless",
      "settings": {
      "clients": [
        {
          "id": "1bd974eb-3206-48dd-9c6c-42246e356492",
          "flow": "xtls-rprx-vision"
        }
      ],
      "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "tcpSettings": {
          "acceptProxyProtocol": true
        },
        "security": "reality",
        "realitySettings": {
          "show": false,
          "dest": "www.cloudflare.com:443",
          "xver": 0,
          "serverNames": [
            "www.cloudflare.com"
          ],
          "privateKey": "GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE",
          "shortIds": [
            ""
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom"
    }
  ]
}

注意事项:

1、uuid执行如下命令生成:

xray uuid

2、privateKey执行如下命令生成:

xray x25519

回显类似于:

Private key: GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE
Public key: 9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk

3、我配置里面用的网站是cloudflare,你也可以换成别的,但是目标网站有一个最低标准:国外网站,支持TLSv1.3与HTTP2。

4、尽量找与你VPS服务器延迟低的网站,因为需要和目标站TLS握手,如果目标站与你VPS服务器的延迟太高,会影响速度。

启动xray并设置开机自启:

systemctl enable --now xray

确保服务正常运行,注意这里的版本号还是显示的1.7.5,这个可以忽略掉,因为源码里面的版本号还没来得及改:

接下来编辑nginx的主配置文件:

nano /etc/nginx/nginx.conf

写入如下配置,用于sni分流,注意这里启用了proxy_protocol:

stream {
        map $ssl_preread_server_name $backend {
                www.cloudflare.com reality;
        }
        upstream reality {
                server 127.0.0.1:52001;
        }
        server {
                listen 443      reuseport;
                listen [::]:443 reuseport;
                proxy_pass      $backend;
                ssl_preread     on;
                proxy_protocol  on;
        }
}

重载nginx使配置生效:

systemctl reload nginx

至此,服务端的配置就全部完成了。

将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:

{
  "inbounds": [
    {
      "port": 30080,
      "protocol": "socks",
      "settings": {
        "auth": "noauth",
        "udp": true
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "1.2.3.4", // 你的VPS服务器IP
            "port": 443,
            "users": [
              {
                "id": "1bd974eb-3206-48dd-9c6c-42246e356492",
                "flow": "xtls-rprx-vision",
                "encryption": "none"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "fingerprint": "chrome",
          "serverName": "www.cloudflare.com",
          "publicKey": "9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk",
          "shortId": "",
          "spiderX": ""
        }
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {}
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "outboundTag": "block",
        "domain": ["geosite:category-ads-all"]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": ["geosite:cn"]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "ip": [
          "geoip:cn",
          "geoip:private"
        ]
      }
    ]
  }
}

启动客户端:

./xray run -c config.json
也可以看看:https://github.com/XTLS/REALITY


原文:

https://lala.im/8602.html

VPS小白 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:配置Xray+REALITY+NginxSNI分流
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址