原文地址:https://lala.im/8780.html,請支持原作者!該處僅作轉載。
Juicity是一个基于quic的代理协议,更多介绍可移步项目地址查看:https://github.com/juicity/juicity
系统我使用的Debian12,安装需要用到的软件包:
apt -y update
apt -y install wget unzip uuid-runtime nginx python3-certbot-nginx
下载对应架构的压缩包,这里我是arm64:
wget https://github.com/juicity/juicity/releases/download/v0.3.0/juicity-linux-arm64.zip
unzip juicity-linux-arm64.zip -d juicity
cd juicity
把juicity-server复制到/usr/local/bin:
cp juicity-server /usr/local/bin
新建一个目录用于存放juicity的配置文件:
mkdir /etc/juicity
新建juicity的配置文件:
nano /etc/juicity/server.json
写入如下配置:
{
"listen": ":23182",
"users": {
"5075556a-13df-4d6a-aa14-4747040bb7e5": "password"
},
"certificate": "/etc/letsencrypt/live/juicity.example.com/fullchain.pem",
"private_key": "/etc/letsencrypt/live/juicity.example.com/privkey.pem",
"congestion_control": "bbr",
"disable_outbound_udp443": true,
"log_level": "info"
}
其中UUID可使用如下命令生成:
uuidgen
新建systemd服务:
nano /etc/systemd/system/juicity-server.service
写入如下配置:
[Unit]
Description=juicity-server Service
Documentation=https://github.com/juicity/juicity
After=network.target nss-lookup.target
[Service]
Type=simple
ExecStart=/usr/local/bin/juicity-server run -c /etc/juicity/server.json --disable-timestamp
Restart=on-failure
LimitNPROC=512
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
设置开机自启:
systemctl enable juicity-server.service
接下来需要申请一个SSL证书,这里我用Certbot和NGINX来完成。
新建一个NGINX站点配置文件:
nano /etc/nginx/sites-available/juicity
写入如下配置:
server {
listen 80;
server_name juicity.example.com; // 修改成你的域名
}
启用站点:
ln -s /etc/nginx/sites-available/juicity /etc/nginx/sites-enabled/juicity
签发SSL证书:
certbot --nginx
再次编辑juicity的配置文件:
nano /etc/juicity/server.json
将证书和私钥路径修改成刚申请的:
{
...
"certificate": "/etc/letsencrypt/live/juicity.example.com/fullchain.pem",
"private_key": "/etc/letsencrypt/live/juicity.example.com/privkey.pem",
...
}
启动juicity服务:
systemctl start juicity-server.service
确保juicity服务正常运行:
至此,juicity服务端配置完成。接下来是客户端的配置。
在这里下载对应系统的压缩包:
https://github.com/juicity/juicity/releases
例如我使用Windows X64则下载:
https://github.com/juicity/juicity/releases/download/v0.3.0/juicity-windows-x86_64.zip
解压压缩包里面的文件到一个文件夹内。
在同一个文件夹内新建一个客户端配置文件,例如client.json,写入如下配置:
{
"listen": ":1080",
"server": "server ip:23182", // server ip修改为你的服务器IP
"uuid": "5075556a-13df-4d6a-aa14-4747040bb7e5", // 对应服务端的UUID
"password": "password", // 对应服务端的密码
"sni": "juicity.example.com", // 申请证书时使用的域名
"allow_insecure": false,
"congestion_control": "bbr",
"log_level": "info"
}
打开PowerShell运行juicity客户端:
./juicity-client.exe run -c client.json
现在已经可用了,juicity在1080端口起了一个HTTP/Socks5服务,将需要使用代理的程序配置使用这个服务即可。
[可选]配置sing-box使用juicity,实现分流、TUN透明代理等高级功能。下面是一个sing-box的示例配置:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "dnspod",
"address": "https://1.12.12.12/dns-query",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "cn",
"server": "dnspod"
},
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
}
]
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "singbox-tun",
"inet4_address": "172.20.0.1/30",
"auto_route": true,
"strict_route": true,
"stack": "system",
"sniff": true
}
],
"outbounds": [
{
"type": "socks",
"tag": "socks-out",
"server": "127.0.0.1",
"server_port": 1080,
"version": "5"
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns"
},
{
"geosite": "cn",
"geoip": [
"cn",
"private"
],
"outbound": "direct"
},
{
"process_name": "juicity-client.exe",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
],
"auto_detect_interface": true
}
}
用管理员权限打开PowerShell运行sing-box:
./sing-box.exe run -c juicity-tun.json