Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)
1. install v2ray and config
I. update you yum software
yum -y update
II. install v2ray (using golang install)
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
bash install-release.sh
III. systemctl enable v2ray
systemctl enable --now v2ray
IV. v2ray Server config
path : /usr/local/etc/v2ray/config.json
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "debug"
},
"inbounds": [{
"port": {{ YOUR_V2ray_PORT}},
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "{{ YOUR_ID }}",
"alterId": 16
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "{{ YOUR_PROXY_PATH }}"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}]
}
2. install Nginx and config
I. add the install source
vi /etc/yum.repos.d/nginx.repo
II. fill the content (centos 7)
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
III. install Nginx
yum -y install nginx
# You also can use dnf to install in Centos8
# shell > dnf list nginx
# shell > dnf install nginx
systemctl enable --now nginx
IV. Nginx config (suggest : you can do it at last)
# port 80 your can redirect to 443
server {
listen 80;
server_name {{YOU_SERVER_NAME}};
root /usr/share/nginx/html;
location {{ YOUR_PROXY_PATH }} {
proxy_pass http://127.0.0.1:{{ YOUR_V2ray_PORT }};
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443 ssl;
server_name {{YOU_SERVER_NAME}};
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/{{YOU_SERVER_NAME}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{YOU_SERVER_NAME}}/privkey.pem;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location {{ YOUR_PROXY_PATH }} {
proxy_pass http://127.0.0.1:{{ YOUR_V2ray_PORT }};
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_intercept_errors on;
proxy_set_header Host $http_host;
access_log /var/log/nginx/v2ray_websocket_access.log;
error_log /var/log/nginx/v2ray_websocket_error.log;
}
}
3. apply ssl cert
I. install certbot
notice: port 80,443 must open
yum -y install epel-release
yum -y install certbot
systemctl stop nginx
certbot certonly --standalone -d {{YOU_SERVER_NAME}}
II. ssl certificate location
/etc/letsencrypt/live/{{YOU_SERVER_NAME}}/fullchain.pem
/etc/letsencrypt/live/{{YOU_SERVER_NAME}}/privkey.pem
4. v2ray client
I. Application
- iPhone : shadowrocket
- Mac : qV2ray or clashXR
II. config
notice : if you use v2rayX TLS serverName should keep empty
5. firewall and seLinux
I. enable two port
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
# check is work
firewall-cmd --query-service http
II. disable selinux
vi /etc/selinux/config
SELINUX=disabled
setenforce 0
III. reboot your system
sudo reboot
6. create a cloudflare account
notice :overview
disable the under attack mode
notice :ssl/tls
select the Flexible
all things ready , turn on the button to yellow
Thanks Packie for sharing this blog post.
Are you sure that nginx.conf:31 should be `location /biyongyao/ {`?
Thx, nice to contact with you , guy