v2ray服务端 json 配置 文件

config.json

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbound": { //理论最安全的方式 ws,有条件加上TLS
        "port": 20080, //开启的端口，建议实用caddy加上TLS加密
        "protocol": "vmess",
        "listen": null,
        "settings": {
            "ip": null,
            "udp": true,
            "clients": [
                {
                    "alterId": 100,
                    "security": "auto",
                    "id": "cf390ac1-595a-4f4b-b56d-6f048f01444c"
                }
            ],
            "auth": null
        },
        "streamSettings": {
            "network": "ws", //websocket 长连接
            "kcpSettings": null,
            "wsSettings": {
                "connectionReuse": true,
                "path": "/home"
            },
            "tcpSettings": null,
            "tlsSettings": {},
            "security": ""
        }
    },
    "inboundDetour": [
        {//最轻负载方式，推荐移动设备
            "port": 34001,
            "protocol": "vmess", //vmess 协议
            "settings": {
                "clients": [
                    {
                        "id": "7fab440d-f1e9-419e-b7cb-ba6ba9a21374",
                        "level": 0,
                        "security": "auto", //自动选择（运行框架为 AMD64、ARM64 或 s390x 时为aes-128-gcm加密方式，其他情况则为 Chacha20-Poly1305 加密方式）
                        "alterId": 64
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp" //默认tcp时,可直接省略streamSettings 
            }
        },
        {//SS是最通用的方式,但非常容易被检测被墙，下下策
            "port": 34000, 
            "protocol": "shadowsocks", // 此段为支持SS协议部分,V2ray不支持SSR
            "settings": {
                "method": "aes-256-cfb",
                "password": "Tanpeng123",
                "udp": true //是否支持UDP中转，游戏大多数需要，如SSTAP 加速游戏需要此项，
            }
        },
        {//游戏用，将tcp包转为udp发送，部分服务商对udp限制非常严格，可能反而不如一般tcp，mKCP不一定所有客户端都支持
            "port": 34006, //记得打开设置防火墙和安全组规则（如ECS需要设置）
            "protocol": "vmess", //vmess 协议
            "settings": {
                "clients": [
                    {
                        "id": "7fab440d-f1e9-419e-b7cb-ba6ba9a21373",
                        "level": 0,
                        "security": "auto", //自动选择（运行框架为 AMD64、ARM64 或 s390x 时为aes-128-gcm加密方式，其他情况则为 Chacha20-Poly1305 加密方式）
                        "alterId": 64
                    }
                ]
            },
            "streamSettings": {
                "network": "kcp" //kcp 可以加速，实际是UDP 协议
            }
        }
    ],
    "outbound": {
        "protocol": "freedom",
        "settings": {}
    },
    "outboundDetour": [
        {
            "protocol": "freedom",
            "settings": {}
        },
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}

安装

bash <(curl -L -s https://install.direct/go.sh)

直接下载配置

wget https://gist.githubusercontent.com/tanpengsccd/998dce1063d6a5435d0c5c6821d3db2f/raw/96cc672c2e8f6a78c6cdd935a5cfa5afc9edd053/config.json -O /etc/v2ray/config.json

开启

systemctl enable v2ray
systemctl start v2ray
systemctl status v2ray

开放端口， 设置防火墙（可选）

systemctl enable firewalld
systemctl start firewalld 
#firewalld的当前默认区域设置为drop
firewall-cmd --set-default-zone=drop
#添加端口
firewall-cmd --permanent --add-port=443/tcp 
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --permanent --add-port=20080/tcp 
firewall-cmd --permanent --add-port=20080/udp
firewall-cmd --permanent --add-port=34000-34006/tcp 
firewall-cmd --permanent --add-port=34000-34006/udp
#重载服务，有的服务器会断开ssh
firewall-cmd --reload 
# 查看端口
firewall-cmd --list-all 
重新载入
firewall-cmd --reload
# mkcp 其实是改良kcp，走UDP 

clashx 部分配置摘抄,[YOURHOSTNAME] 改为自己的域名

- { name: "TW",   type: vmess, server: [YOURHOSTNAME],  port: 443,  uuid: cf390ac1-595a-4f4b-b56d-6f048f01444c, alterId: 100,  cipher: auto, network: ws, ws-path: /home , ws-headers: { Host:[YOURHOSTNAME] },  tls: true , skip-cert-verify: true}

安装 caddy 以自动获取 ATS 证书
需要开启80 ，443端口

安装caddy

curl https://getcaddy.com | bash -s personal 

sudo mkdir /etc/caddy
sudo touch /etc/caddy/Caddyfile
sudo chown -R root:root /etc/caddy

sudo mkdir /etc/ssl/caddy
sudo chown -R root:root /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy

配置caddy 转发 ，和自动获取证书

emacs /etc/caddy/Caddyfile

cac0.h6.work
{
  #v2ray
  #log ./caddy.log
  tls YourEmail@gmail.com #改成你自己的邮箱
  proxy /home localhost:20080 {
        websocket
        header_upstream -Origin
  }

}

sed替换修改cac0.h6.work 为你自己的域名, YOURHOSTNAME改成你自己的

sed -i 's/cac0.h6.work/YOURHOSTNAME/g' /etc/caddy/Caddyfile

获取caddy启动项

sudo curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service

可能需要修改执行的user 和 group，把www-data替换为root ，但其实不推荐root执行

捕获“=” 替换www-data 为 root

sed -i 's/\(=\)www-data/\1root/g' /etc/systemd/system/caddy.service

启动项开启

systemctl enable caddy
systemctl start caddy
systemctl status caddy