github
/
v2ray-examples
mirror of https://github.com/v2fly/v2ray-examples
1
0
Fork 0
Code Issues Releases Wiki Activity

根据v5版本现有文档添加配置

pull/92/head
Weltolk 2023-02-15 11:21:24 +08:00
parent bf9bcd656b
commit 1d15c34ea1
10 changed files with 372 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
V5-Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md Normal file
View File

@ -0,0 +1,59 @@
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个 web 服务器解密 TLS 后,将请求转发给位于 127.0.0.1:10000 的 v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的 web 服务器设置。
config_server_redirect.json 和 config_server_domainsocket.json 选其一。
如果使用 domain socket 需要修改`/etc/systemd/system/v2ray.service`。否则由于 fhs 脚本使用的 nobody 用户的权限不够,无法在/var/run 里新建文件夹`ss-loop`而导致启动失败。
> 如果使用 fhs 脚本更新版本的话,会覆盖掉 service 文件,所以更新版本后需要重复下面的操作。
修改文件`/etc/systemd/system/v2rary.service`,在`[Service]`部分添加下面一行:
```properties
RuntimeDirectory=ss-loop
```
`ss-loop`对应 config.json 里的`dsSettings`部分的 path 里的文件夹`/var/run/ss-loop`
修改完成后需要执行
```shell
systemctl disable v2ray.service
systemctl enable v2ray.service
```
最后重启下 v2ray 进程
```shell
systemctl restart v2ray
```
## 客户端配置示意
你应该按照服务端的设置修改对应的参数
### shadowsocks windows 客户端关键部分示例如下
```properties
Server_IP: example.com or your server ip
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下
需安装 shadowsocks 和 v2ray plugin并搭配一同使用
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent_connections: 1
Certificate_for_TLS_verification: Not set
```

63
V5-Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md Normal file
View File

@ -0,0 +1,63 @@
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server config example at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration).
中文用户请看[这里](./README-CN.md)。
Choose one of the server config `config_server_redirect.json` and `config_server_domainsocket.json`.
If you choose to use `config_server_domainsocket.json`, the following extra steps are required. Since the default service file created by [`fhs-release.sh`](https://github.com/v2fly/fhs-install-v2ray) is using nobody as the runtime user, this user does not have the permission to create the `ss-loop` folder in `/var/run`.
> You shall repeat the following steps after using [`fhs-release.sh`](https://github.com/v2fly/fhs-install-v2ray) scripts to upgrade v2ray-core versions each time. Since this script will always override the v2ray.service file.
Use your prefered editor to modify the systemd service file at `/etc/systemd/system/v2ray.service`.\
Add the following line to the block starting with `[Service]`.
```properties
RuntimeDirectory=ss-loop
```
`ss-loop` corresponds to the `/var/run/ss-loop` folder in the `dsSettings` inside config_server_domainsocket.json.
Execute the following commands to re-enable the v2ray.service.
```shell
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Then restart the v2ray service.
```shell
systemctl restart v2ray
```
## Client configuration examples
> You should change the following configurations according to your server configs.
### shadowsocks windows client configuration examples
```properties
Server_IP: example.com or your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent_connections: 1
Certificate_for_TLS_verification: Not set
```

35
V5-Shadowsocks-Websocket-Web-TLS/README-CN.md Normal file
View File

@ -0,0 +1,35 @@
# 这个例子同样适用于 Shadowsocks 客户端+V2Ray-Plugins
> 完整的设置还需要一个 web 服务器解密 TLS 后,将请求转发给监听在 127.0.0.1:10000 的 v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的 web 服务器设置。
## 客户端配置示意
你应该按照服务端的设置修改对应的参数。
### shadowsocks windows 客户端关键部分示例如下
> 必须设置 mux=0否则无法正常连接服务器。如果需要使用 mux 可以参考本文件夹里的[Domainsocket or Redirect Approach](./Domainsocket-or-Redirect-Approach/)的方法。
```properties
Server_IP: example.com or your server ip
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
```
### Shadowsocks Android plugin 关键部分示例如下
> 需安装 shadowsocks 和 v2ray plugin并搭配一同使用。
> Concurrent connections 必须为 0否则无法连接到服务器。
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /path
Concurrent_connections: 0
Certificate_for_TLS_verification: Not set
```

38
V5-Shadowsocks-Websocket-Web-TLS/README.md Normal file
View File

@ -0,0 +1,38 @@
# These settings are also compatible with Shadowsocks client + V2Ray-plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server listeing on 127.0.0.1:10000.
> You can find the web server config examples at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration).
中文用户请看[这里](./README-CN.md)。
## Shadowsocks client configuration examples
> You should change the following configurations according to your server configs.
### Shadowsocks windows client configuration examples
> `mux=0` is indispensable when connecting with V2Ray-plugin, if you wish to use mux you need to try the [Domainsocket or Redirect Approach](./Domainsocket-or-Redirect-Approach/).
```properties
Server_IP: example.com or your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.\
> _`Concurrent connections must be 0.`_
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /path
Concurrent_connections: 0
Certificate_for_TLS_verification: Not set
```

26
V5-Shadowsocks-gRPC-Web-TLS/README-CN.md Normal file
View File

@ -0,0 +1,26 @@
# 最低版本要求
NGINX 的最低版本要求为 1.13.10:\
[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)。
V2Ray-core 的最低版本要求为 v5.0.4:\
[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)。
## 本设置同样适用于 Shadowsocks 客户端搭配 V2Ray-plugin 使用
_你需要一个兼容 gRPC 的 v2ray-plugin 程序。
例如由[TeddySun](https://github.com/teddysun)维护的 v2ray-plugin 叉子: \
[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)。_
### 客户端设置
Shadowsocks Windows 设置示例:
```properties
Server_IP: mydomain.me OR your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=grpc;serviceName=michi;host=mydomain.me
```

28
V5-Shadowsocks-gRPC-Web-TLS/README.md Normal file
View File

@ -0,0 +1,28 @@
# Minimum Versions
中文用户请看[这里](./README-CN.md)。
Minimum NGINX version is 1.13.10:\
[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/).
Minimum V2Ray-Core version is v5.0.4:\
[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject).
## These settings are also compatible with shadowsocks + v2ray-plugins
_You need a grpc compatible v2ray-plugin program to use with shadowsocks client.
For example the one maintained by [TeddySun](https://github.com/teddysun): \
[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)._
### Client Configurations
Shadowsocks Windows Example Config:
```properties
Server_IP: mydomain.me OR your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=grpc;serviceName=michi;host=mydomain.me
```

32
V5-Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf Normal file
View File

@ -0,0 +1,32 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/v2ray/v2ray.crt;
ssl_certificate_key /etc/v2ray/v2ray.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name mydomain.me;
location /michi/Tun { # This michi shall in consistent with the grpc serviceName in v2ray config.json
if ($request_method != "POST") { # if the request method is not POST for this location, return 404
return 404;
}
grpc_socket_keepalive on;
grpc_intercept_errors on;
grpc_pass grpc://127.0.0.1:12345; # presume v2ray is listening on port 12345
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection "upgrade";
grpc_set_header Host $host;
# Show real IP in v2ray access.log
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

76
V5-Socks5-TLS/README.md Normal file
View File

@ -0,0 +1,76 @@
## 关于 SOCKS5 over TLS 方案的安全提示
该配置组合应仅供技术研究/参考使用,因为 **SOCKS5 over TLS 几乎不提供隐密性保证,可被简单地主动探测**
### 探测方式
对任意未知 TLS 业务,若怀疑其为 SOCKS5/TLS 业务,审查者可向该端口建立一个 TLS 连接并在其上传送 SOCKS5 载荷。
若该服务对 SOCKS5 请求做出响应,无论是否设置 SOCKS5 的鉴权机制,审查者均可通过回包内容一次准确判断该业务是否为 SOCKS5 / TLS。
来自 [@studentmain](https://github.com/studentmain) 的两个典型样例对话:
```
-> 05 01 01
<- 05 ff
```
```
-> 05 02 00 02
<- 05 00 / 05 02
```
### 参考资料
[RFC1928](https://tools.ietf.org/html/rfc1928) 节录如下:
```
The client connects to the server, and sends a version
identifier/method selection message:
+----+----------+----------+
|VER | NMETHODS | METHODS |
+----+----------+----------+
| 1 | 1 | 1 to 255 |
+----+----------+----------+
The VER field is set to X'05' for this version of the protocol. The
NMETHODS field contains the number of method identifier octets that
appear in the METHODS field.
The server selects from one of the methods given in METHODS, and
sends a METHOD selection message:
+----+--------+
|VER | METHOD |
+----+--------+
| 1 | 1 |
+----+--------+
If the selected METHOD is X'FF', none of the methods listed by the
client are acceptable, and the client MUST close the connection.
The values currently defined for METHOD are:
o X'00' NO AUTHENTICATION REQUIRED
o X'01' GSSAPI
o X'02' USERNAME/PASSWORD
o X'03' to X'7F' IANA ASSIGNED
o X'80' to X'FE' RESERVED FOR PRIVATE METHODS
o X'FF' NO ACCEPTABLE METHODS
```
[RFC1929](https://tools.ietf.org/html/rfc1929) 节录如下:
```
The server verifies the supplied UNAME and PASSWD, and sends the
following response:
+----+--------+
|VER | STATUS |
+----+--------+
| 1 | 1 |
+----+--------+
A STATUS field of X'00' indicates success. If the server returns a
`failure' (STATUS value other than X'00') status, it MUST close the
connection.
```

10
V5-VLESS-H2C-Caddy2/Caddyfile Normal file
View File

@ -0,0 +1,10 @@
xx.com {
root * /var/www
file_server
reverse_proxy /path 127.0.0.1:2001 {
transport http {
versions h2c
}
}
}

5
V5-VLESS-H2C-Caddy2/README.md Normal file
View File

@ -0,0 +1,5 @@
# 原理图:
v2ray client <--- H2 ---> caddy2 <--- H2C ---> v2ray server
注意:
目前仅 caddy2 的 v2.2.0-rc.1 版及以后完美支持 v2ray 的 H2C,实现 H2(HTTP/2)应用。