-
服务器 A ( a.com )
位于中国大陆以外,安装有 V2Ray 服务,能够正常访问互联网。
搬wa工 Vultr GoogleCloud...
-
中转服务器 B ( b.com )
位于中国境内,安装有 V2Ray 服务,能够正常访问 中国法律所允许的 互联网。
可以是家里的树莓派哦~
-
客户端设备 C
位于中国境内,安装有支持 Socks 和 MTproxy 协议等的客服端软件
不希望 C (MTproxy) ↔ A (V2Ray)
而希望 C (MTproxy) ↔ B (MTproxy + V2Ray) ↔ A (V2Ray)
为了方便说明,例子里添加了注释,实际使用时请删去注释!
配置文件默认位置为: /etc/v2ray/config.json,v2ray 配置示例:
点击展开隐藏部分:查看内容 A 服务器的 V2Ray 配置
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [{
"port": 7777, //与后面的 Nginx 配置对应
"protocol": "vmess",
"settings": {
"clients": [{
"id": "da1416f1-****-****-****-41ac7fd881df",
"level": 1,
"alterId": 233
}]
},
"streamSettings": {
"network": "ws"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}, {
"protocol": "blackhole",
"settings": {},
"tag": "vmess-out"
}, {
"protocol": "freedom",
"settings": {},
"tag": "direct"
}, {
"protocol": "mtproto",
"settings": {},
"tag": "tg-out"
}],
"dns": {
"server": [
"1.1.1.1",
"1.0.0.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "vmess-out"
}, {
"type": "field",
"domain": [
"domain:youtube.com", //自己加黑名单
"domain:google.com",
],
"outboundTag": "vmess-out"
}, {
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "vmess-out"
}]
},
"transport": {
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true
},
"sockopt": {
"tcpFastOpen": true
}
}
}
Nginx 配置文件默认位置为: /usr/local/nginx/conf/vhost/a.com.conf ( 本人用的是 lnmp 套件 )
Nginx 配置示例:
点击展开隐藏部分:查看内容 A 服务器的 Nginx 配置
server
{
listen 443 ssl http2;// 不支持http2,可以删除“http2”
server_name a.com ;// 网站的域名
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/a.com;// 改成自己的网站根目录
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/a.com/fullchain.cer;// 改成自己ssl的配置
ssl_certificate_key /usr/local/nginx/conf/ssl/a.com/a.com.key;// 改成自己ssl的配置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+*****:!MD5";// 改成自己的配置
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include rewrite/none.conf;
# Deny access to PHP files in specific directory
# include enable-php.conf;
# WebSocket + TLS [V2Ray传输协议配置]
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:7777;
# 7777 为 V2Ray 端口( user → 443 → loctalhost:7777 )
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_intercept_errors on;
}
error_page 404 /404.html;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log off;
}
配置默认位置为: /etc/v2ray/config.json
本案例只演示了客户端设备支持Socks和MTproxy情况。当然可以添加更多协议,诸如 VMess、Shadowsocks、HTTP 等
详见: V2Ray 协议列表
点击展开隐藏部分:查看内容 B 服务器的 V2Ray 配置
{
"log": {
"access": "var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"dns": {
"servers": [
"8.8.8.8",
"8.8.4.4",
"114.114.114.114",
"114.114.115.115"
]
},
// 路由配置
"routing": {
"strategy": "rules",
"settings": {
"rules": [{
"type": "field",
"inboundTag": [
"tg-in"
],
"outboundTag": "tg-out"
}, {
"type": "field",
//非 mtproto 协议的流量全部走 vmess-out
"outboundTag": "vmess-out",
"port": "0-65535"
}]
}
},
// 流量入口
"inbounds": [
// 客户端 C (Socks) 填写以下配置
{
"listen": "0.0.0.0",
"port": 8888,
"protocol": "socks",// Socks 协议,兼容Socks4/5
"tag": "socks-in",
"settings": {
"auth": "password",
"accounts": [{
"user": "user2",//用户①
"pass": "1234567",//用户①密码
"level": 0
}, {
"user": "user2",//用户②
"pass": "7654321",用户②密码
"level": 0
}],
"udp": true,
"ip": "0.0.0.0",
"userLevel": 0
}
},
// 客户端 C (MTproxy) 填写以下配置
{
"port": 9999,
"protocol": "mtproto",
"tag": "tg-in",
"settings": {
"users": [{
"secret": "b8cba*****************e11a23"
}]
}
}],
// 出口流量,outbounds 是一个数组对象。
// 数组里第 1 个对象:配置服务器 B 出口流量(vmess 协议),直接服务器 A 建立连接
// 数组里第 2 个对象:配置服务器 B 出口流量(mtproto 协议),被中转到第 1 个对象,进而与服务器 A 建立连接
"outbounds": [{
"sendThrough": "0.0.0.0",
"mux": {
"enabled": false,
"concurrency": 8
},
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "a.com", // 需要改成你的 A 服务器配置
"users": [{
"id": "da1416f1-****-****-****-41ac7fd881df", // 需要改成你的 A 服务器配置
"alterId": 233, // 需要改成你的 A 服务器配置
"security": "auto",
"level": 0
}],
"port": 443 // 需要改成你的 A 服务器配置
}]
},
"tag": "vmess-out",
"streamSettings": {
"wsSettings": {
"path": "\/",// 需要改成你的 A 服务器配置
"headers": {
"Host": "a.com"// 需要改成你的 A 服务器配置
}
},
"quicSettings": {
"key": "",
"security": "none",
"header": {
"type": "none"
}
},
"tlsSettings": {
"allowInsecure": false,
"alpn": [
"http\/2"// 需要改成你的 A 服务器配置
],
"serverName": "a.com",// 需要改成你的 A 服务器配置
"allowInsecureCiphers": false
},
"httpSettings": {
"path": ""
},
"kcpSettings": {
"header": {
"type": "none"
},
"mtu": 1350,
"congestion": false,
"tti": 20,
"uplinkCapacity": 5,
"writeBufferSize": 1,
"readBufferSize": 1,
"downlinkCapacity": 20
},
"tcpSettings": {
"header": {
"type": "none"
}
},
"security": "tls", // 需要改成你的 A 服务器配置
"network": "ws" // 需要改成你的 A 服务器配置
}
}, {
"protocol": "mtproto",
"tag": "tg-out",
"settings": {},
// 单独为 mtproto 协议挂载出口,代理到 vmess-out
"proxySettings": {
"tag": "vmess-out"
}
}]
}
Telegram 配置:
tg://proxy?server=b.com&port=8888&secret=b8cba*****************e11a23
Mac OSX 终端中加速配置
export http_proxy="socks5://user1:[email protected]:8888"
export https_proxy=$http_proxy