侧边栏壁纸
博主头像
lance

不为失败找借口,只为成功找方法。

  • 累计撰写 28 篇文章
  • 累计创建 0 个标签
  • 累计收到 0 条评论

目 录CONTENT

文章目录

科学上网教程 - vmess + ws + TLS.md

lance
lance
2025-05-11 / 0 评论 / 0 点赞 / 36 阅读 / 1,240 字
温馨提示:
本文最后更新于 2025-05-21,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

科学上网教程 - vmess + ws + TLS

一、购买服务器和域名

1.海外服务器购买

需要访问海外服务器,所以需要使用海外服务器代理。

推荐使用rackerd.com,¥22.99/年即可搭建,地址:: https://my.racknerd.com/aff.php?aff=12472。

2.购买域名

​ 万网购买即可,https://wanwang.aliyun.com/。然后添加一个域名解析比如 v2.domain.top解析到海外服务器的地址上。

二、搭建服务

1.选择系统

选择CentOS 7 64 Bit即可

2.修改yum源、防火墙、selinux

centos7官方源停止服务,可以修改为阿里源继续使用。

[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/os/$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/updates/$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/extras/$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-7

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-7

#关闭防火墙,直接关闭,如果需要防火墙规则可以按需放行

$ systemctl  disable firewalld

$systemctl stop firewalld

#关闭Selinux

$ setenforce 0

[root@racknerd-56b96f conf]# cat /etc/selinux/config

SELINUX=disabled

3.安装vmess

//安装可执行文件和.dat数据文件,安装脚本为官方提供原版脚本


#bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)>

4.编写配置文件


$ vi /usr/local/etc/v2ray/config.json

{
  "inbounds": [
    {
      "tag": "cloudmessage.top.json",
      "port": 7072,
      "listen": "127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "466eb1fe-6943-4935-b893-9e8adb3c6b00"
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "path": "/wangyangroc",	// 修改为你的路径随意即可但是必须记住后续使用
          "headers": {
            "Host": "xxxx.cloudmessage.top"	// 修改为你的科学域名
          }
        }
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
   "outbounds": [
       {
           "protocol": "freedom",
           "settings": {}
       }
   ]
}

$ systemctl restart v2ray

$ systemctl enable v2ray

5.安装nginx服务

$ yum -y install nginx openssl openssl-devel zlib-devel pcre pcre-devel

$ wget http://nginx.org/download/nginx-1.20.1.tar.gz

$ tar -zxvf nginx-1.20.1.tar.gz

$./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_sub_module

$ make && make install

$ vi /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                  '$status $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name xxx.cloudmessage.top;  #修改为你的已解析域名
    ssl_certificate       /root/fullchain.cer; 
    ssl_certificate_key   /root/cert.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols         TLSv1.2 TLSv1.3;
    ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    location / {
        proxy_pass https://cloudmessage.top; #伪装网址
        proxy_ssl_server_name on;
        proxy_redirect off;
        sub_filter_once off;
        sub_filter "cloudmessage.top" $server_name;
        proxy_set_header Host "cloudmessage.top";
        proxy_set_header Referer $http_referer;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Accept-Encoding "";
        proxy_set_header Accept-Language "zh-CN";
    }

    location /wangyangrocvws {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:7072;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    listen 80;
    server_name xxx.cloudmessage.top;    #修改为你的已解析域名
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

}

6.申请HTTPS证书

推荐使用ohttps:https://ohttps.com/,申请完成后下载证书上传至服务器/root目录下,修改为/root/fullchain.cer、/root/cert.key即可、

7.编写systemd管理脚本


[root@racknerd-56b96f conf]#cat/etc/systemd/system/nginx.service

[unit]

Description=The NGINX HTTP and reverse proxy server

After=network.target

[Service]

Type=forking

ExecStart=/usr/local/nginx/sbin/nginx

ExecReload=/usr/local/nginx/sbin/nginx -s reload

ExecStop=/usr/local/nginx/sbin/nginx -s quit

PrivateTmp=true



[Install]

WantedBy=multi-user.target

#启动nginx服务

$ systemctl start nginx

$ systemctl enable nginx

三、客户端配置

windows:https://github.com/2dust/v2rayN/releases,使用说明 https://www.v2raynos.com/80/#:~:text=基本界面功能介绍

ios:Shadowrocket

四、最后

pEOv290.png

小工具:端口是否封禁测试网站 https://tcp.ping.pe/

0
版权归属: lance
本文链接: https://blog.lancelinux.cyou/archives/科学上网教程-vmesswstlsmd
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权

评论区