Loading...  最近~~敌人~~的封锁越来越厉害了,普通的shadowsocks和shadowsocksr已经不堪重负,那么,通过建站博客tls加密流量通道进行伪装,算是目前的稳定选择了。 流量伪装思路介绍 --- 这是本篇分享的原理介绍,大佬可以略过。 我们知道,普通的ss和ssr,墙是直接可以检测出来你的流量访问特征的,多次主动嗅探就可以得到所有加密伪装流量固定的特征字节,即便最新的AHEAD加密方式能防止主动嗅探,但是流量也是有它本身的特征的,所以只要发现可疑,还是会被咔嚓。 那么我们正常访问http和https网站,墙一般是不管你的,http是光着跑,没有加密,一眼可以判断你是否合规,而https流量特征tls也是显而易见的,和ss伪装的tls是有区别的,那么,我们通过tls也就是https来包装我们的翻墙服务流量,通过https访问我们的博客网站,根据客户端与服务器端指定的身份验证和指定的tls访问路径,来分流翻墙流量并识别翻墙身份验证,对进入服务器的tls流量包在服务器内部运行分流解密ss服务,就可以让外部嗅探看上去你在访问正常网站,实际上又能达到安全运送tls加密下的加密数据包(gcm或者chacha20-ploy1305之类的),在服务器内部通过v2ray或者ss解密,就不会被外部检测到了,相对来说,个人使用行为表现就更加隐蔽,至少从逻辑上来说,比头铁直接ss刚要稳定很多,但是频繁大量访问一个单页面或者不怎么出名的博客,在人类思维上,依然是不怎么对劲的,只能说在墙还未升级AI系统前,我们苦中作乐继续蹦跶几天是几天吧 <img src="https://omo.moe/usr/themes/handsome/assets/img/emotion/aru/cryingface.png" class="emotion-aru">  而CDN服务商则是全球各种大型正规网站公用的服务,他们提供的DNS解析服务会隐藏网站的真实ip,你和网站的通信,在防火墙来看是直接与CDN服务商的DNS ip通信,这样目前情况没发生世界大战的话,不至于公开和CDN服务商发生恶劣关系,全部屏蔽(大局域网计划),所以理论上你的vps ip会更加可靠 OK,大致就是这么回事,网络非法外之地,翻出去只是为了学习,让自己更优秀,眼界更宽阔,未成年请在父母陪同下学习本教程。 1.nginx的网站conf配置分流翻墙流量 --- 如何通过lnmp搭建typecho或者wordpress,自己可以百度查找,或者查看我的精简流程: <div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://omo.moe/archives/601/" target="_blank" class="post_inser_a no-external-link"> <div class="inner-image bg" style="background-image: url(https://omo.moe/usr/uploads/2019/11/602505029.jpg);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">Centos 7 全新安装lnmp精简流程</p> <div class="inster-summary text-muted"> 这是对之前摸索的lnmp搭建流程的精简:虽说是精简,但是文章还是有数万字的,请参看右侧目录点击导航需要的内容---... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> 如果不太熟练的话,可以参考我的lnmp配置详细图文+视频流程(新手可能觉得太复杂或者耗费时间,你可以用宝塔): <div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://omo.moe/archives/317/" target="_blank" class="post_inser_a no-external-link"> <div class="inner-image bg" style="background-image: url(https://omo.moe/usr/uploads/2018/10/978277018.jpg);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">【建站教程1/6】Part1 lnmp介绍和ftp安装 {从零开始通过centos 7全指令手动搭建typecho博客心得分享,含linux系统基本操作,mysql/mariadb数据库指令,ssl证书申请和防火墙设置}</p> <div class="inster-summary text-muted"> 此为自己通过centos7系统搭建typecho博客的心得分享,全文目前6部分,这是第一节点此参看下一节:lnmp... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> 网站服务成功运作后,编辑我们的nginx网站配置文件加点料: ``` vi /etc/nginx/conf.d/omo.moe.conf ``` 添加对/omomoe路径的分流: ``` location /omomoe { # 与 V2Ray 配置中的 path 保持一致 ,通过v2ray客户端设置访问路径,通过接头地点初步认定身份 proxy_redirect off; proxy_pass http://127.0.0.1:12345; # 这里按自己喜欢设定,匹配之后v2ray的监听地址从12345接收转发的流量 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; # Show real IP in v2ray access.log proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ``` 配置好后测试 ``` nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful ``` 则ok,报错就按提示查看问题所在,一般都是格式小细节问题,修正好就行。 重启nginx:`systemctl restart nginx` 打开 `https://omo.moe/omomoe`提示400错误即Bad Request则说明分流生效,同时正常访问 `https://omo.moe/`则为普通的https站点,由于tls加密,外部也无法嗅探到你访问的网站具体路径,只知道连接到 `https://omo.moe/`而已。 - Extra 额外的多台vps配置思路 如果你多台vps想通用一个域名,则修改server_name为二级域名即可, 你的域名服务商DNS解析新增一个A解析vps的ip到对应二级域名就可以了,但是记住你得配一个泛域名解析的证书,像我这样的  泛域名多台VPS共用,此时nginx对接V2Ray配置示例: ``` server { listen 80; server_name jp1.omo.moe; #对应vps的网站服务域名新增对应二级域名即可 return 301 https://$server_name$request_uri; } ``` 域名服务商我这以namesilo为例,大概就是加这么一个A解析:  怎么申请泛域名证书,百度一下就行,或者参考文章开头我的lnmp搭建教程中的对应章节: <div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://omo.moe/archives/321/" target="_blank" class="post_inser_a no-external-link"> <div class="inner-image bg" style="background-image: url(https://omo.moe/usr/uploads/2018/10/726674342.jpg);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">【建站教程4/6】Part4 ssl证书申请设置{从零开始通过centos 7全指令手动搭建typecho博客心得分享,含linux系统基本操作,mysql/mariadb数据库指令,ssl证书申请和防火墙设置}</p> <div class="inster-summary text-muted"> 此为自己通过centos7系统搭建typecho博客的心得分享,全文目前6部分,这是第四节点此参看下一节:SSL证... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> nginx这边的对接准备工作就算是完成了 2.V2ray服务端安装配置 --- 在CentOS、Ubuntu等常用Linux系统上,直接执行如下命令安装V2Ray(如果已安装则更新程序): ``` bash <(curl -L -s https://install.direct/go.sh) ``` 提示 curl: command not found ,那是因为你的 VPS 没装 Curl centos 系统安装方法: `yum update -y && yum install curl -y` 安装后显示 ``` Created symlink from /etc/systemd/system/multi-user.target.wants/v2ray.service to /etc/systemd/system/v2ray.service. V2Ray v4.21.3 is installed. ``` 安装完成后,编辑配置文件:`vi /etc/v2ray/config.json` vi编辑之前可以先备份默认配置: ``` cp /etc/v2ray/config.json /etc/v2ray/config.jsonbak ``` 清空默认配置,这里再介绍下vi的操作:按Esc进入命令模式输入 `gg`回到页首,然后输入 `:.,$d`清空原配置 修改需要监听来自nginx中的流量转发端口 `port`为12345,路径 `path`为nginx中的配置路径,即 `/omomoe` 这些你都可以自定义,虽然tls加密下,外部嗅探识别不到你是访问了/omomoe路径,但还是不建议你设置成 `/ss/v2ray`这类玩意 记下你的 `id`(即UUID),`alterId`(一般默认为64)。 如需增加用户,UUID可以用这个网站生成:https://www.uuidgenerator.net 在clients[]数组内新增对应id和alterId配置即可 <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-da080ddd7854bf91aee717fbcd2ca95052" aria-expanded="true"><div class="accordion-toggle"><span>新增Clients示例</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-da080ddd7854bf91aee717fbcd2ca95052" class="panel-body collapse"> ``` "clients": [ { "id": "df1214db-f8d7-434f-b9c1-f5437e85376f", //用户A "level": 1, "alterId": 64 },//←←注意格式细节,这里新增一个逗号 { "id": "h4adre34-bd3a-qq3d-c3de-dda334daf1b5c8", //用户B "level": 1, "alterId": 64 } ] ``` </div></div> 新增“streamSetting"配置在”inbounds”配置内: ``` "streamSettings": { "network": "ws", "wsSettings": { "path": "/omomoe" } } ``` 一个完整示例: <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-1f80068e60f5873ba97cfa6ba3f9de2394" aria-expanded="true"><div class="accordion-toggle"><span>完整V2Ray配置示例</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-1f80068e60f5873ba97cfa6ba3f9de2394" class="panel-body collapse"> ``` { "log": { "loglevel": "warning", "access": "/var/log/v2ray/access.log", "error": "/var/log/v2ray/error.log" }, "inbounds": [ { "port": 12345, "protocol": "vmess", "settings": { "clients": [ { "id": "df1214db-f8d7-434f-b9c1-f5437e85376f", "level": 1, "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/omomoe" } }, "listen": "127.0.0.1" } ], "outbounds": [ { "protocol": "freedom", "settings": { } }, { "protocol": "blackhole", "settings": { }, "tag": "blocked" } ], "routing": { "rules": [ { "type": "field", "ip": [ "geoip:private" ], "outboundTag": "blocked" } ] } } ``` </div></div> 注意新增streamSetting项目就需要将前面的settings项目补齐一个逗号,格式细节 如需阻止内网和局域网ip流量,routing路由还可以写入: ``` "routing": { "strategy": "rules", "settings": { "rules": [ { "type": "field", "ip": [ "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24", "203.0.113.0/24", "::1/128", "fc00::/7", "fe80::/10" ] } ] } } ``` v2ray的JSON配置文件, 支持单行注释 `//`, 和多行注释 `/* /*`注意注释格式,否则可能出错,不放心可以全删了注释后复制粘贴。 保存重启v2ray服务: ``` systemctl restart v2ray ``` 服务器端的配置就算是完成了,接下来是你本地客户端的配置 3.V2Ray客户端配置 --- 如果是Json文件配置,则参考示例: <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-e934639f9bcb241dac3ff11a6827955b62" aria-expanded="true"><div class="accordion-toggle"><span>V2ray无面板Json配置示例</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-e934639f9bcb241dac3ff11a6827955b62" class="panel-body collapse"> ``` { "log": { "loglevel": "warning" }, "inbound": { "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "settings": { "auth": "noauth", "udp": true } }, "inboundDetour": [ { "port": 8128, "listen": "127.0.0.1", "protocol": "http", "settings": { } } ], "outbound": { "protocol": "vmess", "settings": { "vnext": [ { "address": "omo.moe", "port": 443, "users": [ { "id": "df1214db-f8d7-434f-b9c1-f5437e85376f", "level": 1, "alterId": 64, "security": "chacha20-ietf-poly1305" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "serverName": "omo.moe" }, "wsSettings": { "path": "/omomoe" } }, "tag": "forgin" }, "outboundDetour": [ { "protocol": "freedom", "settings": { }, "tag": "direct" } ], "routing": { "strategy": "rules", "settings": { "rules": [ { "type": "field", "ip": [ "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24", "203.0.113.0/24", "::1/128", "fc00::/7", "fe80::/10" ], "outboundTag": "blocked" } ] } }, "policy": { "levels": { "0": {"uplinkOnly": 0} } } } } ``` </div></div> 加密模式选择aes-128-gcm或者chacha20-ietf-poly1305都行,都是最新的AHEAD验证加密,防止主动探测 当然了,为了操作方便,我们现在直接用V2RayN可视化界面就行,下载地址: [V2RayN等工具下载地址](https://v2ray.com/awesome/tools.html) 配置示意: <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-013819abe9c4dcb8f94738eb5fc0e8b672" aria-expanded="true"><div class="accordion-toggle"><span>配置示意</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-013819abe9c4dcb8f94738eb5fc0e8b672" class="panel-body collapse">  </div></div> 4.V2Ray自带流量统计简单应用 --- 为了对接V2ray自带的流量统计api服务,我们需要在config配置文件加入以下内容 1. "stats":{} 对象的存在 2. "api" 配置对象里面有 StatsService 3. "policy" 中的统计开关为 true,除了各个用户的统计,还有全局统计 clients 里面要有 email 4. 专用的 dokodemo-door 协议的入口,tag 为 api 5. routing 里面有 inboundTag:api -> outboundTag:api 的规则 当前版本默认v2ctl 服务端口为8080,我们就配置监听默认的8080端口即可。 <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-26dd460ac843637d7c6b8422c26f18c524" aria-expanded="true"><div class="accordion-toggle"><span>一个简单的多用户流量统计配置示例</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-26dd460ac843637d7c6b8422c26f18c524" class="panel-body collapse"> ``` { "stats": { }, "api": { "tag": "api", "services": [ "StatsService" ] }, "policy": { "levels": { "0": { "statsUserUplink": true, "statsUserDownlink": true } }, "system": { "statsInboundUplink": true, "statsInboundDownlink": true } }, "inbounds": [ { "port": 12345, "protocol": "vmess", "settings": { "clients": [ { "email": "a@omo.moe", "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "level": 0, "alterId": 64 }, { "email": "b@omo.moe", "id": "yyyyyyyy-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "level": 0, "alterId": 64 }, { "email": "c@omo.moe", "id": "zzzzzzzz-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "level": 0, "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/omomoe" } } }, { "listen": "127.0.0.1", "port": 8080, "protocol": "dokodemo-door", "settings": { "address": "127.0.0.1" }, "tag": "api" } ], "outbounds": [ { "protocol": "freedom", "settings": { } } ], "routing": { "settings": { "rules": [ { "inboundTag": [ "api" ], "outboundTag": "api", "type": "field" } ] }, "strategy": "rules" } } ``` </div></div> 以上配置我们简单分析下: 当有顶级 api 配置项时,V2Ray 会自动调用api.tag方法来寻找tag标记的路由策略 当执行v2ctl指令调用 API 请求发送 dokodemo-door 所监听的8080端口时,会按上述配置匹配inbound tag "api" --> outbound tag "api",所以 API 请求会从 dokodemo-door 通过"routing"路由配置输出到tag "api" outbound 中,从而实现所有发送到这个 outbound 的请求都会被当作 gRPC API 请求处理。 其中 dokodemo-door 的 settings.address 可以随便填,因为在做路由时只调用 inboundTag ,内部address只是格式书写。 执行/usr/bin/v2ray/v2ctl api -h 可以查看指令示例,我们这里随便举两条查询指令: ``` /usr/bin/v2ray/v2ctl api --server=127.0.0.1:8080 StatsService.QueryStats 'pattern: "" reset: false'查询流量数据 /usr/bin/v2ray/v2ctl api --server=127.0.0.1:8080 StatsService.GetStats 'name: "user>>>a@omo.moe>>>traffic>>>uplink" reset: false'查询指定用户流量 ``` 如果你vps内存不太够,用户又多(没错,我说的就是抠门黑心的的小机场老板),可以修改alterID数字更小以节省内存,一般来说10就足够。 5.额外附送中转服务器按域名分发流量的服务器端配置文件 --- <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-e5cfcc1e605b7d61b440c42670f7fe4549" aria-expanded="true"><div class="accordion-toggle"><span>按域名分发流量,中转服务器配置文件</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-e5cfcc1e605b7d61b440c42670f7fe4549" class="panel-body collapse"> ```` { "log": { "loglevel": "warning", "access": "/var/log/v2ray/access.log", "error": "/var/log/v2ray/error.log" }, "inbound": { "listen": "127.0.0.1", "port": 12345, "protocol": "vmess", "settings": { "udp": true, "clients": [ { "id": "df1214db-f8d7-434f-b9c1-f5437e85376f", "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/omomoe" } } }, "outbound": { "protocol": "freedom", "settings": { } }, "inboundDetour": [ ], "outboundDetour": [ { "protocol": "blackhole", "settings": { }, "tag": "blocked" }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "18.177.126.131", "port": 443, "users": [ { "id": "df1214db-f8d7-434f-b9c1-f5437e85376f", "level": 1, "alterId": 64, "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "serverName": "jp.omo.moe" }, "wsSettings": { "path": "/omomoe" } }, "tag": "aws" } ], "routing": { "domainStrategy": "AsIs", "strategy": "rules", "rules": [ { "type": "field", "ip": [ "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24", "203.0.113.0/24", "::1/128", "fc00::/7", "fe80::/10" ], "outboundTag": "blocked" }, { "type": "field", "domain": [ "konachan.com", "yande.re", "konachan.net" ], "outboundTag": "aws" }, { "type": "field", "ip": [ "91.108.4.0/22", "91.108.8.0/22", "91.108.12.0/22", "91.108.20.0/22", "91.108.36.0/22", "91.108.38.0/22", "91.108.56.0/22", "149.154.160.0/20", "149.154.164.0/22", "149.154.167.0/22", "149.154.172.0/22", "104.28.10.64", "104.28.11.64" ], "outboundTag": "aws" } ] } } ```` </div></div> 主要功能就是在当前中转服务器(毛子gcore小鸡,无法访问telegraph和一些18x网站), 通过“outboundDetour”流量外发分流规则书写,标记对应的接收服务器(aws lightsail日本小鸡)并同时添加对应tag标签“aws", 最后在routing路由策略配置对应的路由规则“AsIs” 域名数组内符合的域名, 则分发流量到tag “aws”对应outboundDetour分发规则,完成毛子廉价小鸡完美上网体验 1. 为啥要折腾毛子鸡中转? 答:便宜,88卢布一个月,500mbps口子,三网延迟100ms以内,性价比很好 2. 为何不直接用aws lightsail? 答:aws jp 日常抽风,ijj线路电信爆炸 3. 感觉太复杂,没学过json好难啊! 答:在今天之前,我也不知道json,甚至不知道v2ray可以转发路由,别自卑 4. iptables,SNIproxy转发路由更方便啊,为什么不用? 答:SNIproxy可以转发成功tg,yande.re这些阻断网站,但是转发不了konachan这种跳转屏蔽网站,而且DNS转发总是有影响所有上网服务,同时两个v2ray服务器之间通信可靠性以及端口监听兼容性会有一些小问题,对于萌新来说,研究起来比v2ray来的更加复杂,还臃肿。用v2ray自带路由就能实现功能,而且可以不影响两个服务器的网站以及单独访问两台服务器的v2ray体验。 Gcore的毛子鸡跑分示意图:  特别感谢以下在线工具和教程分享: [一个在线json格式排错工具][7] [一个在线json排版缩进美观格式化工具][8] [V2Ray链式转发的补充教程][9] [服务器按域名自动分流转发的配置问题][10] 配置文件启发于以上两位前行者的分享与研究成果,再次感谢~ 6.如何套CDN,隐藏真实ip,更加隐蔽防检测,以CloudFlare为例 --- 普通的v2ray+tls+websocket+nginx配置完毕,还是会检测你的真实ip,如果增加逻辑判断,以后依然会被智能识别,那么,我们将网站套上DNS解析,访问的时候,是直接和DNS服务器进行联系通信,而无法识别我们网站真实IP地址,考虑到DNS服务商全球各大网站都在使用,不到最后关头,DNS服务商的线路不会被阻断的 好了,套DNS其实很简单,我们以CloudFlare这家为例简单演示下: - **1、注册CloudFlare账号** 打开[CloudFlare][11],直接注册即可 选择左侧Free免费版即可:  - **2、添加域名** 选择Add domain添加你的域名,这里以我的博客演示:omo.moe 添加完毕会识别当前的各种域名解析状况,如果没识别出来的,可以自己手动添加,我们将需要的那台vps对应的二级域名开启DNS代理即可,其他不需要DNS代理的二级域名点成灰色云朵,即代表只解析域名,不启动DNS代理服务,灰色就是裸奔,橙色就是流量走CloudFlare,很简单也很好理解:  - **3、修改域名的Name servers解析记录** 跟着提示来,将原来域名服务商提供的解析改成CloudFlare的  以namesilo为例,找到服务商name servers record栏目,修改即可:  改好后点击re-check或者一般过几分钟就可以了,最迟24小时内都会更新记录的。 - **4、检查DNS是否成功开启** 打开[ping.pe][16] 输入你的对应开启DNS解析的域名,查看ip是否是CloudFlare家的,即可确认  DNS适合晚高峰炸裂的辣鸡线路,或者非常时期点一下橙色小云朵确保万无一失,很方便,平时裸奔万一ip被墙,上CF开启下解析,即可续命。 最后,如果觉得好用,可以随时在CF控制面板切换套餐,选择更高级的套餐,可能会有更好体验:  或者找MJJ买以前免费就能获得的CF partner账号选择指定DNS解析ip,获得更好体验(市价目前400+,个人觉得一笑而过) <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-b9930d607f130a0d59da74949bc8a4c59" aria-expanded="true"><div class="accordion-toggle"><span>附送国内NAT VPS中转机器按用户分发到指定国外服务器的v2ray配置</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div id="collapse-b9930d607f130a0d59da74949bc8a4c59" class="panel-body collapse"> ``` { "log": { "loglevel": "warning", "access": "/var/log/v2ray/access.log", "error": "/var/log/v2ray/error.log" }, "inbound": { "listen": "127.0.0.1", "port": 12345, "protocol": "vmess", "settings": { "udp": true, "clients": [ { "id": "第一个用户的UUID", #自行修改 "email": "ru@a.com", #邮箱不需要真实的,是用来routing模块里匹配用户和对应outbound规则的 "level": 1, "alterId": 64 }, { "id": "第二个用户的UUID", #自行修改 "email": "jp@a.com", "level": 1, "alterId": 64 }, { "id": "第三个用户的UUID", #自行修改 "email": "us@a.com", "level": 1, "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/omomoe" } } }, "outbound": { "protocol": "freedom", "settings": { } }, "inboundDetour": [ ], "outboundDetour": [ { "protocol": "blackhole", "settings": { }, "tag": "blocked" }, //以下三块outbound分流规则,是指定对应三个国外服务器的分流,利用对应三个tag,和上面的user email匹配 { "protocol": "vmess", "settings": { "vnext": [ { "address": "92.38.128.170", "port": 443, "users": [ { "id": "对应此国外服务器(RU)的用户UUID", "level": 1, "alterId": 64, "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "serverName": "ru.omo.moe" }, "wsSettings": { "path": "/omomoe" } }, "tag": "ru" }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "18.177.126.131", "port": 443, "users": [ { "id": "对应此国外服务器(JP)的用户UUID", "level": 1, "alterId": 64, "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "serverName": "jp.omo.moe" }, "wsSettings": { "path": "/omomoe" } }, "tag": "jp" }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "107.172.103.59", "port": 443, "users": [ { "id": "对应此国外服务器(US)的用户UUID", "level": 1, "alterId": 64, "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "serverName": "us.omo.moe" }, "wsSettings": { "path": "/omomoe" } }, "tag": "us" } ], "routing": { "domainStrategy": "AsIs", "strategy": "rules", "rules": [ { "type": "field", "ip": [ "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24", "203.0.113.0/24", "::1/128", "fc00::/7", "fe80::/10" ], "outboundTag": "blocked" }, //以下就是用户email一一对应相应的服务器tag,实现按用户名分发流量到指定服务器 { "type": "field", "user": [ "ru@a.com" ], "outboundTag": "ru" }, { "type": "field", "user": [ "jp@a.com" ], "outboundTag": "jp" }, { "type": "field", "user": [ "us@a.com" ], "outboundTag": "us" } ] } } ``` 有人说这么折腾有啥用,用处就是可以实现晚高峰电信看youtube 4k高清:  让电信测速也自信起来:  对应国内联通NAT中转机器,win客户端配置参考图:  无需GIA线路,成本: 国内联通NAT机器,20+rmb,国外任意毛子鸡10rmb左右,aws lightsail日本5rmb左右,辣鸡美西线路,5-10刀年付 你就可以让三网获得联通晚高峰舒适体验,让电信移动都感受到丝般润滑,同时救活你的辣鸡lightsail,你的pacificrack,你的virmach,让流量烧起来。 NAT机器DDNS配置参考<div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://omo.moe/archives/658/" target="_blank" class="post_inser_a no-external-link"> <div class="inner-image bg" style="background-image: url(https://omo.moe/usr/uploads/2020/01/3529726716.jpg);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">如何利用腾讯云/CloudFlare等dns服务商API搭建DDNS动态域名解析,实现NAT VPS 建站等公网访问,以centos 7为例。</p> <div class="inster-summary text-muted"> 一、前言:DNS和DDNS概念,需求场景DNS(Domain Name System)域名解析系统,各大DNS服务... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> </div></div> [1]: https://omo.moe/usr/uploads/2019/11/1963721867.jpg [2]: https://omo.moe/usr/uploads/2019/12/869951949.png [3]: https://omo.moe/usr/uploads/2019/11/1058096924.png [4]: https://omo.moe/usr/uploads/2019/11/218953851.png [5]: https://omo.moe/usr/uploads/2019/11/3125527183.png [6]: https://omo.moe/usr/uploads/2019/11/3519717076.jpg [7]: https://www.json.cn/# [8]: https://tool.oschina.net/codeformat/json [9]: https://github.com/ToutyRater/v2ray-guide/issues/16 [10]: https://github.com/v2ray/v2ray-core/issues/1330 [11]: https://cloudflare.com [12]: https://omo.moe/usr/uploads/2019/12/17681819.png [13]: https://omo.moe/usr/uploads/2019/12/2107559745.png [14]: https://omo.moe/usr/uploads/2019/12/2328460698.png [15]: https://omo.moe/usr/uploads/2019/12/1406092094.png [16]: https://ping.pe [17]: https://omo.moe/usr/uploads/2019/12/1483537445.png [18]: https://omo.moe/usr/uploads/2019/12/50164255.png [19]: https://omo.moe/usr/uploads/2020/01/3909282677.jpg [20]: https://omo.moe/usr/uploads/2020/01/1454417.jpg [21]: https://omo.moe/usr/uploads/2020/01/2860168023.jpg [22]: https://omo.moe/usr/uploads/2020/01/1910904072.jpg Last modification:August 12th, 2020 at 05:33 pm © 允许规范转载 Support If you think my article is useful to you, please feel free to appreciate ×Close Appreciate the author Sweeping payments Pay by AliPay Pay by WeChat
看完了,没有找到我需要的point,我是Nginx里配置了typecho wiki里退件的rewrite配置(if -e request_filename),同时创建了ws对应的文件(/var/www/html/abc),目前v2正常(CF CDN + WS + TLS + NGINX),typecho不正常:首页无法访问:/不行,/index.php可以(直接访问php路径),/about.html(rewrite出来的伪HTML路径)
发现核心问题可能在“location ~ ..php(/.)*$”这里,这个location会把请求转发给PHP,而首页/不包含在这里,导致index.php直接被下载
好吧,Chrome缓存,F12打开就可以了,,。
写v2ray +tls + websocket + nginx的博主是越来越多了,也越写越好,文章很通俗易懂,看一遍就能上手了