Something About X

2021-03-02 Note, Tutorial Comments

前言

XRay基于V2Ray发展，据说是因为XTLS而分家，据说速度更快，所以尝试了一下。目前版本1.3.0

官网链接

安装

1 2	#一句命令搞定 $ bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install

更多命令可以参考GitHub上的Xray-install。

安装证书

xray默认使用nobody安装，因此运行的时候会显示证书没有访问权限，参考这个issue。解决方法在这里：Insufficient permissions when using certificates。

之前证书已经申请过了，因此我需要把证书挪到对应的目录。我证书放在了配置文件目录里

1
2
3

$ install -d -o nobody -g nogroup /etc/ssl/xray
$ install -m 644 -o nobody -g nogroup /etc/letsencrypt/live/example.com/fullchain.pem -t /etc/ssl/xraynobody
$ install -m 600 -o nobody -g nogroup /etc/letsencrypt/live/example.com/privkey.pem -t /etc/ssl/xray

如果是Oracle Linux的命令有些不同

Oracle Linux的nobody对应的group名称也叫nobody，通过id nobody 命令可以看到uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)

Xray配置

参考了GitHub上的终极配置VLESS-TCP-XTLS-WHATEVER，用了这个组合：VLESS over TCP with XTLS + Fallback & dispatch to VLESS over WS with TLS && VMESS over WS with TLS，用官网的说法：利用 VLESS 强大的回落分流特性，实现了 443 端口尽可能多的协议。

下面是我的配置：

{
    "log": {
        "access": "/var/log/xray/access.log",
        "error": "/var/log/xray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "", //这里我发现，下面的UUID可以相同！ 
                        "flow": "xtls-rprx-direct",
                        "level": 0
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 8080, //这个端口和Nginx配置有关，所有HTTP自动跳转倒HTTPS的这个端口
                        "xver": 1
                    },
                    {
                        "path": "/vlessws", //回落倒vlessws，path自定义
                        "dest": 1234, //端口自定义
                        "xver": 1
                    },
                    {
                        "path": "/vmessws", //回落倒vlessws，path自定义
                        "dest": 2345, //端口自定义
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile":"/etc/ssl/xray/fullchain.pem", //证书地址
                            "keyFile":"/etc/ssl/etc/xray/privkey.pem" //密钥地址
                        }
                    ]
                }
            }
        },
        {
            "port": 1234,  //回落倒vlessws，path自定义
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "", //UUID
                        "level": 0
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 8080 // 或者回落到其它也防探测的代理
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, 
                    "path": "/vlessws" //同上面fallback设置
                }
            }
        },
        {
            "port": 2345,//同上面fallback设置
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "",//UUID
                        "level": 0
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, 
                    "path": "/vmessws" //同上面fallback设置
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

Nginx配置

只要设置刚才的HTTP自动跳转HTTPS即可

server {
    listen 80;
    server_name example.com;
    return 301 https://$http_host$request_uri;
}

server {
        listen 127.0.0.1:8080; //和fallback里的默认回落一样
        add_header Strict-Transport-Security "max-age=63072000" always;

}

根据上述配置，访问域名时，nginx会返回400的报错，GitHub上有这个issue:Xray(https)回落到nginx(http)报400的问题,nginx 需要设置接受 proxy_protocol

修改后的配置

server {
    listen 80 proxy_protocol;
    server_name example.com;
    return 301 https://$http_host$request_uri;
}

server {
    listen 127.0.0.1:8088 proxy_protocol;
    add_header Strict-Transport-Security "max-age=63072000" always;
}

常用命令

# 启动 | 停止 | 重启
$ systemctl start | stop | restart xray
# 日志模式启动
$ journalctl -xe --no-pager -u xray
# 配置文件测试
$ /usr/local/bin/xray -test -config /usr/local/etc/xray/config.json
# UUID
$ xray uuid

本文链接： http://letscoffee.ml/2021/03/02/Something-About-X/

版权声明： 本博客所有文章除特别声明外，均采用 CC BY 4.0 CN协议许可协议。转载请注明出处！

shiningelfInterested In Anything...

Nothing