使用X-UI面板搭建vmess+ws+tls+web或者vless+ws+tls+web的节点,并且为了更进一步的安全
前期准备:
1、域名通过CF解析并打开CDN,这一步可以省去自己配置SSL
2、端口规划,开放服务器所需要用到的端口,例如:X-UI端口(测试与设置要用到)、分流端口(有多少个分流就开几个)
开放端口命令
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
节点搭建
#更新软件源
apt update
apt upgrade
#安装x-ui:
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
#安装nginx
apt install nginx
如果不用CDN,要用tls就需要配置SSL,就需要执行以下步骤,否则请忽略
#安装acme:
curl https://get.acme.sh | sh
#添加软链接:
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#切换CA机构:
acme.sh --set-default-ca --server letsencrypt
#申请证书:
acme.sh --issue -d 你的域名 -k ec-256 --webroot /var/www/html
#安装证书:
acme.sh --install-cert -d 你的域名 --ecc --key-file /etc/x-ui/server.key --fullchain-file /etc/x-ui/server.crt --reloadcmd "systemctl force-reload nginx"
Ubuntu22.04下安装nginx,以及常用命令
只需通过命令安装:
sudo apt install nginx
安装好后,可以通过如下命令进行检查:
nginx -v
启动nginx服务:
sudo systemctl start nginx
停止nginx服务:
sudo systemctl stop nginx
重启nginx服务:
sudo systemctl restart nginx
重新加载nginx配置文件:
sudo systemctl reload nginx
查看nginx状态:
sudo systemctl status nginx
————————————————
寻找适合的伪装站
http站点优先,个人网盘符合单节点大流量特征
示例关键字:intext:登录 Cloudreve
注意:某些站点无法用于完美伪装,需自己测试!
配置nginx
配置文件路径:/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
server {
listen 80 ;
listen [::]:80 ;
server_name 你的域名;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
proxy_pass https://伪装网址; #伪装网址
proxy_redirect off;
proxy_ssl_server_name on;
sub_filter_once off;
sub_filter "伪装网址" $server_name; #伪装网址
proxy_set_header Host "伪装网址"; #伪装网址
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language "zh-CN";
}
location /vmess分流路径 { #vmess分流路径,可自定义
proxy_redirect off;
proxy_pass http://127.0.0.1:8080; #Xray-vmess端口,可自定义
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /vless分流路径 { #vless分流路径,可自定义
proxy_redirect off;
proxy_pass http://127.0.0.1:8081; #Xray-vless端口,可自定义
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /x-ui路径 { #x-ui路径
proxy_redirect off;
proxy_pass http://127.0.0.1:8989; #xui监听端口,可自定义
proxy_http_version 1.1;
proxy_set_header Host $host;
}
}
}
每次修改nginx配置文件后必须使用
sudo systemctl reload nginx命令重新加载配置文件
多用户合租
通过修改nginx的配置文件实现ws path路径分流,上述有例子对照
location /ray { #分流路径
proxy_redirect off;
proxy_pass http://127.0.0.1:10000; #Xray端口
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
VPN搭建、节点搭建、xray节点搭建、shadowsocks、vmess、vless、trojan、v2ray、ssr