github
/
v2ray-examples
mirror of https://github.com/v2fly/v2ray-examples
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Add Shadowsocks gRPC Web TLS and Update Shadowsocks WSS Web TLS (#74) 

* Create Shadowsocks-Websocket-Web-TLS

* Update README.md

* Update README.md

* Fixed a typo in README - zh-CN.md

* Add ss grcp web, and update ss wss web

* Use relative links

* Fix protocol mistakes, typos and change Nginx path

* Update README

* Format README-CN.md

* Correct and adding punctuations to readme.md

Co-authored-by: touamano <touamano@localhost.com>
pull/80/head
touamano 3 years ago committed by GitHub
parent
6658e375ca
commit
084bb78a2f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 478 additions and 76 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 59
      Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md
  2. 63
      Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md
  3. 2
      Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_domainsocket.json
  4. 2
      Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_redirect.json
  5. 42
      Shadowsocks-Websocket-Web-TLS/README - zh-CN.md
  6. 35
      Shadowsocks-Websocket-Web-TLS/README-CN.md
  7. 57
      Shadowsocks-Websocket-Web-TLS/README.md
  8. 61
      Shadowsocks-Websocket-Web-TLS/config_client.json
  9. 42
      Shadowsocks-Websocket-Web-TLS/config_server.json
  10. 26
      Shadowsocks-gRPC-Web-TLS/README-CN.md
  11. 28
      Shadowsocks-gRPC-Web-TLS/README.md
  12. 61
      Shadowsocks-gRPC-Web-TLS/config_client.json
  13. 44
      Shadowsocks-gRPC-Web-TLS/config_server.json
  14. 32
      Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf

59
Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md
Unescape View File

@ -0,0 +1,59 @@
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个 web 服务器解密 TLS 后,将请求转发给位于 127.0.0.1:10000 的 v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的 web 服务器设置。
config_server_redirect.json 和 config_server_domainsocket.json 选其一。
如果使用 domain socket 需要修改`/etc/systemd/system/v2ray.service`。否则由于 fhs 脚本使用的 nobody 用户的权限不够,无法在/var/run 里新建文件夹`ss-loop`而导致启动失败。
> 如果使用 fhs 脚本更新版本的话,会覆盖掉 service 文件,所以更新版本后需要重复下面的操作。
修改文件`/etc/systemd/system/v2rary.service`,在`[Service]`部分添加下面一行:
```properties
RuntimeDirectory=ss-loop
```
`ss-loop`对应 config.json 里的`dsSettings`部分的 path 里的文件夹`/var/run/ss-loop`
修改完成后需要执行
```shell
systemctl disable v2ray.service
systemctl enable v2ray.service
```
最后重启下 v2ray 进程
```shell
systemctl restart v2ray
```
## 客户端配置示意
你应该按照服务端的设置修改对应的参数
### shadowsocks windows 客户端关键部分示例如下
```properties
Server_IP: example.com or your server ip
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下
需安装 shadowsocks 和 v2ray plugin,并搭配一同使用
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent_connections: 1
Certificate_for_TLS_verification: Not set
```

63
Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md
Unescape View File

@ -0,0 +1,63 @@
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server config example at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration).
中文用户请看[这里](./README-CN.md)。
Choose one of the server config `config_server_redirect.json` and `config_server_domainsocket.json`.
If you choose to use `config_server_domainsocket.json`, the following extra steps are required. Since the default service file created by [`fhs-release.sh`](https://github.com/v2fly/fhs-install-v2ray) is using nobody as the runtime user, this user does not have the permission to create the `ss-loop` folder in `/var/run`.
> You shall repeat the following steps after using [`fhs-release.sh`](https://github.com/v2fly/fhs-install-v2ray) scripts to upgrade v2ray-core versions each time. Since this script will always override the v2ray.service file.
Use your prefered editor to modify the systemd service file at `/etc/systemd/system/v2ray.service`.\
Add the following line to the block starting with `[Service]`.
```properties
RuntimeDirectory=ss-loop
```
`ss-loop` corresponds to the `/var/run/ss-loop` folder in the `dsSettings` inside config_server_domainsocket.json.
Execute the following commands to re-enable the v2ray.service.
```shell
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Then restart the v2ray service.
```shell
systemctl restart v2ray
```
## Client configuration examples
> You should change the following configurations according to your server configs.
### shadowsocks windows client configuration examples
```properties
Server_IP: example.com or your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent_connections: 1
Certificate_for_TLS_verification: Not set
```

2
Shadowsocks-Websocket-Web-TLS/config_server_domainsocket.json → Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_domainsocket.json
Unescape View File

@ -40,7 +40,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
"path": "/path"
}
}
},

2
Shadowsocks-Websocket-Web-TLS/config_server_redirect.json → Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_redirect.json
Unescape View File

@ -40,7 +40,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
"path": "/path"
}
}
},

42
Shadowsocks-Websocket-Web-TLS/README - zh-CN.md
Unescape View File

@ -1,42 +0,0 @@
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个web服务器解密TLS后将请求转发给后端的v2ray位于127.0.0.1:10000。由于 https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的web服务器设置。
**config_server_redirect.json 和 config_server_domainsocket.json 选其一**
如果使用domain socket需要修改/etc/systemd/system/v2ray.service
在[Service]部分添加
```
RuntimeDirectory=ss-loop
```
'ss-loop'对应config.json里的"dsSettings"部分的path里的文件夹"/var/run/ss-loop"
修改完成后需要执行
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
否则由于fhs脚本使用的nobody用户的权限不够,无法在/var/run里新建文件夹'ss-loop'而导致启动失败。
## 客户端配置示意
**你应该按照服务端的设置修改对应的参数**
### shadowsocks windows 客户端关键部分示例如下:
```
Server IP: example.com
Server Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下:
**需安装 shadowsocks 和 v2ray plugin,并搭配一同使用**
```
Plugin: v2ray
Configuration:
Transport mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
```

35
Shadowsocks-Websocket-Web-TLS/README-CN.md
Unescape View File

@ -0,0 +1,35 @@
# 这个例子同样适用于 Shadowsocks 客户端+V2Ray-Plugins
> 完整的设置还需要一个 web 服务器解密 TLS 后,将请求转发给监听在 127.0.0.1:10000 的 v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的 web 服务器设置。
## 客户端配置示意
你应该按照服务端的设置修改对应的参数。
### shadowsocks windows 客户端关键部分示例如下
> 必须设置 mux=0,否则无法正常连接服务器。如果需要使用 mux 可以参考本文件夹里的[Domainsocket or Redirect Approach](./Domainsocket-or-Redirect-Approach/)的方法。
```properties
Server_IP: example.com or your server ip
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
```
### Shadowsocks Android plugin 关键部分示例如下
> 需安装 shadowsocks 和 v2ray plugin,并搭配一同使用。
> Concurrent connections 必须为 0,否则无法连接到服务器。
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /path
Concurrent_connections: 0
Certificate_for_TLS_verification: Not set
```

57
Shadowsocks-Websocket-Web-TLS/README.md
Unescape View File

@ -1,45 +1,38 @@
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server example at https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration
# These settings are also compatible with Shadowsocks client + V2Ray-plugin
中文用户请看 Readme - zh-CN. md
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server listeing on 127.0.0.1:10000.
> You can find the web server config examples at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration).
**Choose either one of config_server_redirect.json and config_server_domainsocket.json**
中文用户请看[这里](./README-CN.md)。
If you choose to use config_server_domainsocket.json remember to modify the systemd service file @ /etc/systemd/system/v2ray.service.
## Shadowsocks client configuration examples
Add the following line to the block starting with [Service]
```
RuntimeDirectory=ss-loop
```
'ss-loop' corresponds to the "/var/run/ss-loop" folder in the "dsSettings" part of the config.json.
> You should change the following configurations according to your server configs.
Execute the following commands to re-enable the v2ray.service.
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Since nobody user does not have the right permission to create the 'ss-loop' folder in /var/run.
## Client configuration examples
**You should change the parameters according to your server configs**
### shadowsocks windows client configuration examples:
```
Server IP: example.com
Server Port: 443
### Shadowsocks windows client configuration examples
> `mux=0` is indispensable when connecting with V2Ray-plugin, if you wish to use mux you need to try the [Domainsocket or Redirect Approach](./Domainsocket-or-Redirect-Approach/).
```properties
Server_IP: example.com or your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
```
### shadowsocks Android plugin configuration examples:
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.\
> _`Concurrent connections must be 0.`_
```properties
Plugin: v2ray
Configuration:
Transport mode: websocket-tls
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
Path: /path
Concurrent_connections: 0
Certificate_for_TLS_verification: Not set
```

61
Shadowsocks-Websocket-Web-TLS/config_client.json
Unescape View File

@ -0,0 +1,61 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "1081",
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 443,
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/path"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

42
Shadowsocks-Websocket-Web-TLS/config_server.json
Unescape View File

@ -0,0 +1,42 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10000,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
},
"streamSettings": {
"network": "ws",
"path": "/path"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

26
Shadowsocks-gRPC-Web-TLS/README-CN.md
Unescape View File

@ -0,0 +1,26 @@
# 最低版本要求
NGINX 的最低版本要求为 1.13.10:\
[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)。
V2Ray-core 的最低版本要求为 v4.36.0:\
[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)。
## 本设置同样适用于 Shadowsocks 客户端搭配 V2Ray-plugin 使用
_你需要一个兼容 gRPC 的 v2ray-plugin 程序。
例如由[TeddySun](https://github.com/teddysun)维护的 v2ray-plugin 叉子: \
[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)。_
### 客户端设置
Shadowsocks Windows 设置示例:
```properties
Server_IP: mydomain.me OR your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=grpc;serviceName=michi;host=mydomain.me
```

28
Shadowsocks-gRPC-Web-TLS/README.md
Unescape View File

@ -0,0 +1,28 @@
# Minimum Versions
中文用户请看[这里](./README-CN.md)。
Minimum NGINX version is 1.13.10:\
[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/).
Minimum V2Ray-Core version is v4.36.0:\
[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject).
## These settings are also compatible with shadowsocks + v2ray-plugins
_You need a grpc compatible v2ray-plugin program to use with shadowsocks client.
For example the one maintained by [TeddySun](https://github.com/teddysun): \
[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)._
### Client Configurations
Shadowsocks Windows Example Config:
```properties
Server_IP: mydomain.me OR your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=grpc;serviceName=michi;host=mydomain.me
```

61
Shadowsocks-gRPC-Web-TLS/config_client.json
Unescape View File

@ -0,0 +1,61 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "1081",
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 443,
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
}
]
},
"streamSettings": {
"network": "grpc",
"security": "tls",
"grpcSettings": {
"serviceName": "michi"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

44
Shadowsocks-gRPC-Web-TLS/config_server.json
Unescape View File

@ -0,0 +1,44 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 12345,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
},
"streamSettings": {
"network": "grpc",
"grpcSettings": {
"serviceName": "michi"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

32
Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf
Unescape View File

@ -0,0 +1,32 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/v2ray/v2ray.crt;
ssl_certificate_key /etc/v2ray/v2ray.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name mydomain.me;
location /michi/Tun { # This michi shall in consistent with the grpc serviceName in v2ray config.json
if ($request_method != "POST") { # if the request method is not POST for this location, return 404
return 404;
}
grpc_socket_keepalive on;
grpc_intercept_errors on;
grpc_pass grpc://127.0.0.1:12345; # presume v2ray is listening on port 12345
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection "upgrade";
grpc_set_header Host $host;
# Show real IP in v2ray access.log
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Write Preview
Loading…
Cancel
Save