原文地址:https://lala.im/8424.html,請支持原作者!該處僅作轉載。
tuic是一个基于quic协议的高性能代理,更多介绍:https://github.com/EAimTY/tuic
安装服务端:
apt -y update
apt -y install wget certbot
mkdir /opt/tuic && cd /opt/tuic
wget https://github.com/EAimTY/tuic/releases/download/0.8.1/tuic-server-0.8.1-x86_64-linux-gnu
chmod +x tuic-server-0.8.1-x86_64-linux-gnu
新建tuic配置文件:
nano config.json
写入如下配置:
{
"port": 443,
"token": ["example"],
"certificate": "/opt/tuic/fullchain.pem",
"private_key": "/opt/tuic/privkey.pem",
"ip": "0.0.0.0",
"congestion_controller": "bbr",
"alpn": ["h3"]
}
新建systemd配置文件:
nano /lib/systemd/system/tuic.service
写入如下配置:
[Unit]
Description=Delicately-TUICed high-performance proxy built on top of the QUIC protocol
Documentation=https://github.com/EAimTY/tuic
After=network.target
[Service]
User=root
WorkingDirectory=/opt/tuic
ExecStart=/opt/tuic/tuic-server-0.8.1-x86_64-linux-gnu -c config.json
Restart=on-failure
RestartPreventExitStatus=1
RestartSec=5
[Install]
WantedBy=multi-user.target
申请证书:
certbot certonly \
--standalone \
--agree-tos \
--no-eff-email \
--email [email protected] \
-d tuic.example.com
将证书保存到tuic配置文件内配置的位置:
cat /etc/letsencrypt/live/tuic.example.com/fullchain.pem > /opt/tuic/fullchain.pem
cat /etc/letsencrypt/live/tuic.example.com/privkey.pem > /opt/tuic/privkey.pem
启动tuic服务并设置开机自启:
systemctl enable --now tuic.service
新建一个certbot的hook脚本文件,用于让tuic重新加载续期后的新证书:
nano /etc/letsencrypt/renewal-hooks/post/tuic.sh
写入如下内容:
#!/bin/bash
cat /etc/letsencrypt/live/tuic.example.com/fullchain.pem > /opt/tuic/fullchain.pem
cat /etc/letsencrypt/live/tuic.example.com/privkey.pem > /opt/tuic/privkey.pem
systemctl restart tuic.service
给脚本执行权限:
chmod +x tuic.sh
测试续期的情况以及脚本能否正常运行:
certbot renew --cert-name tuic.example.com --dry-run
服务端到这里就全部配置完成了,接下来在这个页面下载客户端:
https://github.com/EAimTY/tuic/releases
我这里使用windows,下载对应架构的文件:
https://github.com/EAimTY/tuic/releases/download/0.8.1/tuic-client-0.8.1-x86_64-windows-gnu.exe
新建客户端的config.json配置文件,在文件内写入如下配置:
{
"relay": {
"server": "tuic.example.com",
"port": 443,
"token": "example",
"udp_relay_mode": "quic",
"congestion_controller": "bbr",
"alpn": ["h3"],
"disable_sni": false,
"reduce_rtt": true
},
"local": {
"port": 2080,
"ip": "127.0.0.1"
},
"log_level": "info"
}
打开powershell运行tuic客户端:
./tuic-client-0.8.1-x86_64-windows-gnu.exe -c config.json
接下来配置v2ray的分流,这里我使用v2rayn,直接给出一份适用于v2rayn的配置文件:
{
"policy": {
"system": {
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": false,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "http",
"port": 10809,
"listen": "127.0.0.1",
"protocol": "http",
"sniffing": {
"enabled": false,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "127.0.0.1",
"port": 2080,
"users": []
}
]
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"outboundTag": "block",
"domain": ["geosite:category-ads-all"]
},
{
"type": "field",
"outboundTag": "direct",
"domain": ["geosite:cn"]
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:cn",
"geoip:private"
]
}
]
}
}
将上面的配置保存为任意名字的.json配置文件,然后在v2rayn添加自定义配置服务器即可: