reality是最近新出的一个协议,目前还没有正式发布,不过现在可以通过编译开发版本的xray来体验。
安装需要用到的软件包:
apt -y update apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx
安装golang:
curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh source /etc/profile.d/golang.sh
克隆xray的源码:
git clone https://github.com/XTLS/Xray-core.git cd Xray-core
编译linux平台的二进制文件:
go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main
编译windows平台的二进制文件:
env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \ go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main
复制编译好的文件:
cp xray /usr/local/bin/
新建xray需要用到的目录:
mkdir -p /usr/local/etc/xray
新建systemd服务:
systemctl edit --full --force xray.service
写入如下配置:
[Unit] Description=xray-core service Documentation=https://github.com/XTLS/Xray-core After=network.target nss-lookup.target [Service] CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE ExecStart=/usr/local/bin/xray run -c /usr/local/etc/xray/config.json Restart=on-failure RestartPreventExitStatus=23 LimitNOFILE=infinity [Install] WantedBy=multi-user.target
新建xray的配置文件:
nano /usr/local/etc/xray/config.json
写入如下配置:
{ "log": { "loglevel": "warning" }, "inbounds": [ { "listen": "127.0.0.1", "port": 52001, "protocol": "vless", "settings": { "clients": [ { "id": "1bd974eb-3206-48dd-9c6c-42246e356492", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "tcpSettings": { "acceptProxyProtocol": true }, "security": "reality", "realitySettings": { "show": false, "dest": "www.cloudflare.com:443", "xver": 0, "serverNames": [ "www.cloudflare.com" ], "privateKey": "GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE", "shortIds": [ "" ] } } } ], "outbounds": [ { "protocol": "freedom" } ] }
注意事项:
1、uuid执行如下命令生成:
xray uuid
2、privateKey执行如下命令生成:
xray x25519
回显类似于:
Private key: GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE Public key: 9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk
3、我配置里面用的网站是cloudflare,你也可以换成别的,但是目标网站有一个最低标准:国外网站,支持TLSv1.3与HTTP2。
4、尽量找与你VPS服务器延迟低的网站,因为需要和目标站TLS握手,如果目标站与你VPS服务器的延迟太高,会影响速度。
启动xray并设置开机自启:
systemctl enable --now xray
确保服务正常运行,注意这里的版本号还是显示的1.7.5,这个可以忽略掉,因为源码里面的版本号还没来得及改:
接下来编辑nginx的主配置文件:
nano /etc/nginx/nginx.conf
写入如下配置,用于sni分流,注意这里启用了proxy_protocol:
stream { map $ssl_preread_server_name $backend { www.cloudflare.com reality; } upstream reality { server 127.0.0.1:52001; } server { listen 443 reuseport; listen [::]:443 reuseport; proxy_pass $backend; ssl_preread on; proxy_protocol on; } }
重载nginx使配置生效:
systemctl reload nginx
至此,服务端的配置就全部完成了。
将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:
{ "inbounds": [ { "port": 30080, "protocol": "socks", "settings": { "auth": "noauth", "udp": true } } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "vnext": [ { "address": "1.2.3.4", // 你的VPS服务器IP "port": 443, "users": [ { "id": "1bd974eb-3206-48dd-9c6c-42246e356492", "flow": "xtls-rprx-vision", "encryption": "none" } ] } ] }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": false, "fingerprint": "chrome", "serverName": "www.cloudflare.com", "publicKey": "9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk", "shortId": "", "spiderX": "" } } }, { "tag": "block", "protocol": "blackhole", "settings": {} }, { "tag": "direct", "protocol": "freedom", "settings": {} } ], "routing": { "domainStrategy": "IPOnDemand", "rules": [ { "type": "field", "outboundTag": "block", "domain": ["geosite:category-ads-all"] }, { "type": "field", "outboundTag": "direct", "domain": ["geosite:cn"] }, { "type": "field", "outboundTag": "direct", "ip": [ "geoip:cn", "geoip:private" ] } ] } }
启动客户端:
./xray run -c config.json
原文: