bwh的vps被封了,但从其他vps可以ssh上去,有操作空间,开整!
怎么检查是否被封了呢,请看下面:
检查是否被封的页面链接类似于这个:https://kiwivm.64clouds.com/1234567/main-exec.php?mode=blacklistcheck
这个1234567需要修改成你自己的
先说结果吧,我在iPhone上可以使用OneClick连上v2ray,网页可以打开fb,但是速度很差。
v2ray和nginx的配置文件主要参考这个,
cloudflare的操作流程和步骤主要参考了这个
买vps:废话嘛,就是bwh喽。记住vps_ip,如:111.222.3.4
2)、去Cloudflare操作:
a.添加站点;
b.点击右侧DNS,增加两条两条A记录,如:www.a.com vps_ip; a.com vps_ip
同时去namesilo后台操作,步骤参考这个,文章内用的是godaddy,我用的namesilo,但大差不差的,就是为了把域名解析改成cloudflare的
c.保证设置处启用CDN,就是Proxy Status 那一列,那个金黄金黄的云彩图标要点亮。
d.右侧SSL/TLS处:
SSL/TLS 加密模式改为Flexible;
edge-certificates处,TLS 1.3给关掉
以上完事儿了之后,在本地ping下你的域名a.com,应该就是cloudflare的ip了。
3)、vps上安装nginx:sudo apt install nginx
修改配置文件:
wget https://raw.githubusercontent.com/bannedbook/fanqiang/master/v2ss/server-cfg/nginx.conf
内容大概如下,标黄的位置是我做了修改的
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 655350;
events {
use epoll;
worker_connections 65536;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/nginx-access.log;
error_log /var/log/nginx/nginx-error.log;
gzip on;
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location /abcdefg { # 与 V2Ray 配置中的 path 保持一致
proxy_redirect off;
proxy_pass http://127.0.0.1:10000; #假设WebSocket监听在环回地址的10000端口上
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
其中location语法中的abcdefg是在这里生成的,自行斟酌是否有必要。
然后,测试nginx配置: nginx -t
重新载入配置: nginx -s reload
v2ray的server端配置我并没有按照文章中的来,只是在我之前的配置中增加了这一小段
"streamSettings": { "network": "ws", "wsSettings": { "path": "/abcdefg" #与nginx中保持一致 }
然后就去配置客户端吧
说下iOS上OneClick的配置吧,文字,凑合着看吧
备注:随意写
域名/IP:你购买的域名,如:www.a.com
端口:443,这个是默认的。tips:最近443都被封了!!!
ID/UUID:./v2ray uuid 或者在这里生成
AlertID:跟v2ray内一致吧(没试过不一致会有什么后果)
启用TLS:开启
流设定:选择ws
主机:填写购买的域名,如:www.a.com
路径:/abcdefg,就是要跟v2ray和nginx配置好的那个保持一致,没试过不填写到底行不行。
PC的配置文件,监听本地的1080端口的请求
{
"log": {
"loglevel": "error"
},
"inbound": {
"listen": "127.0.0.1",
"port": 1080,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "a.com",
"port": 443,
"users": [
{
"id": "11111111-1111-1111-1111-111111111111",
"level": 1,
"alterId": 2
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/abcdefg"
}
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"outboundTag": "proxy",
"domain": [
"domain:tiktok.com",
"domain:tiktokcdn.com",
"domain:tiktokkv.com",
"domain:extrabux.com"
]
},
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "direct"
},
{
"type": "field",
"outboundTag": "direct",
"domain": [
"geosite:cn"
]
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:cn",
"geoip:private"
]
}
]
}
}
}
