Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

1. install v2ray and config

I. update you yum software

yum -y update

II. install v2ray (using golang install)

curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
bash install-release.sh

III. systemctl enable v2ray

systemctl enable --now v2ray

IV. v2ray Server config

path : /usr/local/etc/v2ray/config.json
{
    "log": {
      "access": "/var/log/v2ray/access.log",
      "error": "/var/log/v2ray/error.log",
      "loglevel": "debug"
    },
  "inbounds": [{
    "port": {{ YOUR_V2ray_PORT}},
    "listen":"127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "{{ YOUR_ID }}",
          "alterId": 16
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "wsSettings": {
      "path": "{{ YOUR_PROXY_PATH }}"
      }
    }
  }],
    "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  }]
}

2. install Nginx and config

I. add the install source

vi /etc/yum.repos.d/nginx.repo

II. fill the content (centos 7)

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

III. install Nginx

yum -y install nginx  

# You also can use dnf to install in Centos8
# shell > dnf list nginx
# shell > dnf install nginx

systemctl enable --now nginx

IV. Nginx config (suggest : you can do it at last)

# port 80 your can redirect to 443
server {
    listen 80;
    server_name {{YOU_SERVER_NAME}};
    root /usr/share/nginx/html;
    location {{ YOUR_PROXY_PATH }} {
          proxy_pass            http://127.0.0.1:{{ YOUR_V2ray_PORT }};
          proxy_connect_timeout 600;
          proxy_read_timeout    600;
          proxy_http_version    1.1;
          proxy_set_header      Upgrade     $http_upgrade;
          proxy_set_header      Connection  "upgrade";
    }
}

server {
    listen       443 ssl;
    server_name  {{YOU_SERVER_NAME}};
    root /usr/share/nginx/html;

    ssl_certificate    /etc/letsencrypt/live/{{YOU_SERVER_NAME}}/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/{{YOU_SERVER_NAME}}/privkey.pem;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;
    
    
    location {{ YOUR_PROXY_PATH }} {
            proxy_pass       http://127.0.0.1:{{ YOUR_V2ray_PORT }};
            proxy_redirect             off;
            proxy_http_version         1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            proxy_intercept_errors on;
            proxy_set_header Host $http_host;
            access_log /var/log/nginx/v2ray_websocket_access.log;
            error_log /var/log/nginx/v2ray_websocket_error.log;
   }
}

3. apply ssl cert

I. install certbot

notice: port 80,443 must open
yum -y install epel-release

yum -y install certbot

systemctl stop nginx

certbot certonly --standalone -d {{YOU_SERVER_NAME}}

II. ssl certificate location

/etc/letsencrypt/live/{{YOU_SERVER_NAME}}/fullchain.pem
/etc/letsencrypt/live/{{YOU_SERVER_NAME}}/privkey.pem

4. v2ray client

I. Application

  • iPhone : shadowrocket
  • Mac : qV2ray or clashXR

II. config

notice : if you use v2rayX TLS serverName should keep empty

5. firewall and seLinux

I. enable two port

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload  

# check is work
firewall-cmd --query-service http

II. disable selinux

vi /etc/selinux/config

SELINUX=disabled
setenforce 0

III. reboot your system

sudo reboot

6. create a cloudflare account

notice : overview disable the under attack mode
notice : ssl/tls select the Flexible
all things ready , turn on the button to yellow

reference

Last modification:August 26th, 2020 at 01:37 am
小编很用心去写文章的,大家伙们给点支持呗。