docker 部署 2ray 进阶篇 – 流量伪装 websocket+tls+web

上一篇如何在Docker上部署v2ray,简单写了在docker上部署v2ray服务器端的步骤,这次实践利用 nginx 去实现 websocket+tls+web 伪装 v2ray 流量。

一、修改 v2ray 的配置

执行:

vi /etc/v2ray/config.json

在inbounds节点加入:

"streamSettings": {     # 载体配置段,设置为websocket
	"network": "ws",
	"wsSettings": {
	  "path": "/v2wspath"  #设定一个伪装路径
	}
},
"listen": "127.0.0.1"

结果:

{
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbounds": [{
    "port": 8001,//端口
    "protocol": "vmess",//传输协议
    "settings": {
      "clients": [
        {
          "id": "466eb1fe-6943-4935-b893-9e8adb3c6b00",//这里GUID请通过工具生成
          "level": 1,
          "alterId": 64
        }
      ]
    },
    "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/v2wspath"  #设定一个伪装路径,可以任意合法路径
        }
    },
    "listen": "127.0.0.1"
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  }]
}

重启 v2ray,使配置生效

docker restart v2ray

二、安装 nginx

和v2ray一样,我们依然在 docker 部署 nginx 最新稳定版。

1、用docker 拉取 nginx 最新稳定版

docker pull nginx:stable

2、创建 nginx 运行所需文件夹

mkdir /etc/nginx
mkdir /etc/nginx/certs
mkdir /etc/nginx/conf.d
mkdir /var/log/nginx
mkdir /var/log/nginx/v2ray
mkdir /usr/share/nginx
mkdir /usr/share/nginx/v2ray

3、创建 nginx 配置文件

vi /etc/nginx/conf.d/v2ray.conf

拷贝粘贴:

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name 这里输入你的域名;
	
	rewrite  ^/(.*)$  https://这里输入你的域名/$1  permanent;
}

server {
	listen 443 ssl;
	
	server_name 这里输入你的域名;
	
	ssl_certificate  certs/你的域名证书.crt;
	ssl_certificate_key certs/你的域名证书.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	
	root /usr/share/nginx/v2ray;
	location / {
		index  index.html;
	}
   
 	location /v2wspath { # 与 V2Ray 配置中的 path 保持一致
		proxy_redirect off;
		proxy_pass http://127.0.0.1:8001; #这里输入v2ray监听的端口号;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $host;
		# Show real IP in v2ray access.log
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

4、上传域名证书到服务器 /etc/nginx/certs 文件夹下

二、启动 nginx

docker run \
--restart=always \
--name=nginx \
--net=host \
-v /etc/nginx/certs:/etc/nginx/certs \
-v /etc/nginx/conf.d:/etc/nginx/conf.d \
-v /var/log/nginx/v2ray:/var/log/nginx/v2ray \
-v /usr/share/nginx/v2ray:/usr/share/nginx/v2ray \
-i -t -d \
nginx:stable

三、配置客户端

v2rayN 客户端配置

大功告成!