原文地址:https://lala.im/8602.html,請支持原作者!該處僅作轉載。
reality是最近新出的一个协议,目前还没有正式发布,不过现在可以通过编译开发版本的xray来体验。
安装需要用到的软件包:
apt -y update
apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx
安装golang:
curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh
source /etc/profile.d/golang.sh
克隆xray的源码:
git clone https://github.com/XTLS/Xray-core.git
cd Xray-core
编译linux平台的二进制文件:
go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main
编译windows平台的二进制文件:
env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main
复制编译好的文件:
cp xray /usr/local/bin/
新建sing-box需要用到的目录:
mkdir -p /usr/local/etc/xray
新建systemd服务:
systemctl edit --full --force xray.service
写入如下配置:
[Unit]
Description=xray-core service
Documentation=https://github.com/XTLS/Xray-core
After=network.target nss-lookup.target
[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/xray run -c /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
新建xray的配置文件:
nano /usr/local/etc/xray/config.json
写入如下配置:
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 52001,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "1bd974eb-3206-48dd-9c6c-42246e356492",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"tcpSettings": {
"acceptProxyProtocol": true
},
"security": "reality",
"realitySettings": {
"show": false,
"dest": "www.cloudflare.com:443",
"xver": 0,
"serverNames": [
"www.cloudflare.com"
],
"privateKey": "GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE",
"shortIds": [
""
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
注意事项:
1、uuid执行如下命令生成:
xray uuid
2、privateKey执行如下命令生成:
xray x25519
回显类似于:
Private key: GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE
Public key: 9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk
3、我配置里面用的网站是cloudflare,你也可以换成别的,但是目标网站有一个最低标准:国外网站,支持TLSv1.3与HTTP2。
4、尽量找与你VPS服务器延迟低的网站,因为需要和目标站TLS握手,如果目标站与你VPS服务器的延迟太高,会影响速度。
启动xray并设置开机自启:
systemctl enable --now xray
确保服务正常运行,注意这里的版本号还是显示的1.7.5,这个可以忽略掉,因为源码里面的版本号还没来得及改:
接下来编辑nginx的主配置文件:
nano /etc/nginx/nginx.conf
写入如下配置,用于sni分流,注意这里启用了proxy_protocol:
stream {
map $ssl_preread_server_name $backend {
www.cloudflare.com reality;
}
upstream reality {
server 127.0.0.1:52001;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend;
ssl_preread on;
proxy_protocol on;
}
}
重载nginx使配置生效:
systemctl reload nginx
至此,服务端的配置就全部完成了。
将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:
{
"inbounds": [
{
"port": 30080,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "1.2.3.4", // 你的VPS服务器IP
"port": 443,
"users": [
{
"id": "1bd974eb-3206-48dd-9c6c-42246e356492",
"flow": "xtls-rprx-vision",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"fingerprint": "chrome",
"serverName": "www.cloudflare.com",
"publicKey": "9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk",
"shortId": "",
"spiderX": ""
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"outboundTag": "block",
"domain": ["geosite:category-ads-all"]
},
{
"type": "field",
"outboundTag": "direct",
"domain": ["geosite:cn"]
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:cn",
"geoip:private"
]
}
]
}
}
启动客户端:
./xray run -c config.json