首先要保证服务器端和客户端时间一致,否则拒绝连接。官方文档说:“V2Ray系统间的时间误差在90秒之内,时区无关。”所以安装chrony是必须的。
设置时区
timedatectl set-timezone Asia/Shanghai
安装时间服务器
一般的系统默认都安装了,有些可能没安装,这时要安装下
yum -y install chrony
启动它
systemctl enable chronyd
systemctl start chronyd
systemctl status chronyd
最近,我搬瓦工上的vps明显不如刚买来的时候了。只能看个1080P的油管,4K基本上都是卡的。
奇怪的是测试下载,又很不错。
于是想把它转手了,结果价格不尽人意,就没买了。后面和一位网友聊天,他让我试试v2ray。开始没心情,只想出手vps,第二天,闲着,就搜了相关资料,建了个v2ray。
结果发现是另一个世界。网友认为是TCP限流的原因。一般UDP不限流。如果有和我一样情况的兄弟,可以试试。而且,据说v2ray也更安全。
安装
执行下面命令就自动安装完了:
bash <(curl -L -s https://install.direct/go.sh)
配置服务器端
默认创建的conf文件,就能正常运行了。但我这里被TCP限流了,效果和SS半斤八两。所以启用mkcp。只要在默认配置文件中加入段”streamSettings”就可以了。例:
#!python
{
"log": {
"loglevel": "warning",
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log"
},
"inbounds": [{
"port": 你的端口,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "你的ID",
"level": 1,
"alterId": 64
}
]
},
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 5,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "none"
}
}
}
}],
"inboundDetour": [
{
"port": 你的端口,可以和TCP的一样,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "你的ID,和上面的一样",
"level": 1,
"alterId": 100
}
]
}
}
],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
配置Linux代理客户端
配置好后和DHCP和Proxy服务器,能在局域网内自动代理上网。很少人用本地服务器代理局域网上网的,所以这里可以不用看。
例:
#!python
{
"inbounds": [
{
"port": 本地端口,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth"
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "服务器IP",
"port": 服务器端口,
"users": [
{
"id": "服务器ID",
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 5,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "none"
}
}
}
}
]
}
防火墙放行
firewall-cmd --permanent --add-port={youport/tcp,youport/udp}
firewall-cmd --reload
小改下service脚本
默认v2ray是运行在root用户下,我有强迫症,得让它运行在nobody用户下,只要改下/etc/systemd/system/v2ray.service文件,如下:
#!python
[Unit]
Description=V2Ray Service
After=network.target
Wants=network.target
[Service]
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting the following two lines, this service will run as user v2ray/v2ray.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
User=nobody
Group=nobody
Type=simple
PIDFile=/run/v2ray.pid
ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/config.json
Restart=on-failure
# Don't restart in the case of configuration error
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target
改完记得
systemctl daemon-reload
然后更改log文件属主,否则服务起不来……
chown nobody:nobody /var/local/v2ray/*
运行
systemctl enable v2ray
systemctl start v2ray
systemctl status v2ray
各种系统的客户端下载地址
https://github.com/2dust/v2rayN/releases
本文参考: https://www.v2ray.com/、https://toutyrater.github.io
经过这波操作后,感觉什么软件翻都不安全,只要看你的流量就能判断你有没有翻。
这里添加个ws协议,安慰下自己,其实卵用没有……
配置文件如下:
#!python
{
"log": {
"loglevel": "warning",
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log"
},
"inbounds": [{
"port": port, #你的端口号,配置Nginx使用,如果直接上CDN,则端口设为80或443
"listen":"127.0.0.1", #配置Nginx使用要这个参数,不让外网扫到v2服务,直连CDN不要这个参数
"protocol": "vmess",
"streamSettings":{
"wsSettings":{
"path":"/", #path路径,客户端要与之一致
"headers":{}
},
"network":"ws" #ws协议
},
"settings": {
"clients": [
{
"id": "你的ID",
"level": 1,
"alterId": 64
}
]
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}