Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
V2Ray 中转服务器配置折腾记

V2Ray 中转服务器配置折腾记(附全套配置)

基础信息

  • 服务器 A ( a.com )

    位于中国大陆以外,安装有 V2Ray 服务,能够正常访问互联网。

    搬wa工 Vultr GoogleCloud...

  • 中转服务器 B ( b.com )

    位于中国境内,安装有 V2Ray 服务,能够正常访问 中国法律所允许的 互联网。

    可以是家里的树莓派哦~

  • 客户端设备 C

    位于中国境内,安装有支持 Socks 和 MTproxy 协议等的客服端软件

我的需求

不希望  C (MTproxy)  ↔  A (V2Ray)
而希望  C (MTproxy)  ↔  B (MTproxy + V2Ray)  ↔  A (V2Ray)

为了方便说明,例子里添加了注释,实际使用时请删去注释!

A 服务器配置

配置文件默认位置为: /etc/v2ray/config.json,v2ray 配置示例:

点击展开隐藏部分:查看内容 A 服务器的 V2Ray 配置
{
	"log": {
		"access": "/var/log/v2ray/access.log",
		"error": "/var/log/v2ray/error.log",
		"loglevel": "warning"
	},
	"inbounds": [{
		"port": 7777, //与后面的 Nginx 配置对应
		"protocol": "vmess",
		"settings": {
			"clients": [{
				"id": "da1416f1-****-****-****-41ac7fd881df",
				"level": 1,
				"alterId": 233
			}]
		},
		"streamSettings": {
			"network": "ws"
		},
		"sniffing": {
			"enabled": true,
			"destOverride": [
				"http",
				"tls"
			]
		}
	}],
	"outbounds": [{
		"protocol": "freedom",
		"settings": {}
	}, {
		"protocol": "blackhole",
		"settings": {},
		"tag": "vmess-out"
	}, {
		"protocol": "freedom",
		"settings": {},
		"tag": "direct"
	}, {
		"protocol": "mtproto",
		"settings": {},
		"tag": "tg-out"
	}],
	"dns": {
		"server": [
			"1.1.1.1",
			"1.0.0.1",
			"8.8.8.8",
			"8.8.4.4",
			"localhost"
		]
	},
	"routing": {
		"domainStrategy": "IPOnDemand",
		"rules": [{
			"type": "field",
			"ip": [
				"0.0.0.0/8",
				"10.0.0.0/8",
				"100.64.0.0/10",
				"127.0.0.0/8",
				"169.254.0.0/16",
				"172.16.0.0/12",
				"192.0.0.0/24",
				"192.0.2.0/24",
				"192.168.0.0/16",
				"198.18.0.0/15",
				"198.51.100.0/24",
				"203.0.113.0/24",
				"::1/128",
				"fc00::/7",
				"fe80::/10"
			],
			"outboundTag": "vmess-out"
		}, {
			"type": "field",
			"domain": [
				"domain:youtube.com", //自己加黑名单
				"domain:google.com",
			],
			"outboundTag": "vmess-out"
		}, {
			"type": "field",
			"protocol": [
				"bittorrent"
			],
			"outboundTag": "vmess-out"
		}]
	},
	"transport": {
		"kcpSettings": {
			"uplinkCapacity": 100,
			"downlinkCapacity": 100,
			"congestion": true
		},
		"sockopt": {
			"tcpFastOpen": true
		}
	}
}

Nginx 配置文件默认位置为: /usr/local/nginx/conf/vhost/a.com.conf ( 本人用的是 lnmp 套件 )

Nginx 配置示例:

点击展开隐藏部分:查看内容 A 服务器的 Nginx 配置
server
	{
		listen 443 ssl http2;// 不支持http2,可以删除“http2”
		server_name a.com ;// 网站的域名
		index index.html index.htm index.php default.html default.htm default.php;
		root  /home/wwwroot/a.com;// 改成自己的网站根目录
		ssl on;
		ssl_certificate /usr/local/nginx/conf/ssl/a.com/fullchain.cer;// 改成自己ssl的配置
		ssl_certificate_key /usr/local/nginx/conf/ssl/a.com/a.com.key;// 改成自己ssl的配置
		ssl_session_timeout 5m;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		ssl_ciphers "EECDH+*****:!MD5";// 改成自己的配置
		ssl_session_cache builtin:1000 shared:SSL:10m;
		# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
		ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

		include rewrite/none.conf;

		# Deny access to PHP files in specific directory
		# include enable-php.conf;

		# WebSocket + TLS  [V2Ray传输协议配置]
		location / {
			proxy_redirect off;
			proxy_pass http://127.0.0.1:7777; 
			# 7777 为 V2Ray 端口( user → 443 → loctalhost:7777 )
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			proxy_set_header Host $http_host;
			proxy_intercept_errors on;
		  }

		error_page 404 /404.html;

		location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
		{
			expires      30d;
		}

		location ~ .*\.(js|css)?$
		{
			expires      12h;
		}

		location ~ /.well-known {
			allow all;
		}

		location ~ /\.
		{
			deny all;
		}

		access_log off;
	}

B 中转服务器配置举例

配置默认位置为: /etc/v2ray/config.json

本案例只演示了客户端设备支持Socks和MTproxy情况。当然可以添加更多协议,诸如 VMess、Shadowsocks、HTTP 等

详见: V2Ray 协议列表

点击展开隐藏部分:查看内容 B 服务器的 V2Ray 配置
{
  "log": {
    "access": "var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },

  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "114.114.114.114",
      "114.114.115.115"
    ]
  },
  
  // 路由配置
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [{
        "type": "field",
        "inboundTag": [
          "tg-in"
        ],
        "outboundTag": "tg-out"
      }, {
        "type": "field",
        //非 mtproto 协议的流量全部走 vmess-out
        "outboundTag": "vmess-out",
        "port": "0-65535"
      }]
    }
  },
  
  // 流量入口 
  "inbounds": [
  // 客户端 C (Socks) 填写以下配置
  {
    "listen": "0.0.0.0",
    "port": 8888, 
    "protocol": "socks",// Socks 协议,兼容Socks4/5
    "tag": "socks-in",
    "settings": {
      "auth": "password",
      "accounts": [{
        "user": "user2",//用户①
        "pass": "1234567",//用户①密码
        "level": 0
      }, {
        "user": "user2",//用户②
        "pass": "7654321",用户②密码
        "level": 0
      }],
      "udp": true,
      "ip": "0.0.0.0",
      "userLevel": 0
    }
  }, 
  // 客户端 C (MTproxy) 填写以下配置
  {
    "port": 9999,
    "protocol": "mtproto",
    "tag": "tg-in",
    "settings": {
      "users": [{
        "secret": "b8cba*****************e11a23"
      }]
    }
  }],

  // 出口流量,outbounds 是一个数组对象。
  // 数组里第 1 个对象:配置服务器 B 出口流量(vmess 协议),直接服务器 A 建立连接
  // 数组里第 2 个对象:配置服务器 B 出口流量(mtproto 协议),被中转到第 1 个对象,进而与服务器 A 建立连接
  "outbounds": [{
    "sendThrough": "0.0.0.0",
    "mux": {
      "enabled": false,
      "concurrency": 8
    },
    "protocol": "vmess",
    "settings": {
      "vnext": [{
        "address": "a.com", // 需要改成你的 A 服务器配置
        "users": [{
          "id": "da1416f1-****-****-****-41ac7fd881df", // 需要改成你的 A 服务器配置
          "alterId": 233, // 需要改成你的 A 服务器配置
          "security": "auto",
          "level": 0
        }],
        "port": 443 // 需要改成你的 A 服务器配置
      }]
    },
    "tag": "vmess-out",
    "streamSettings": {
      "wsSettings": {
        "path": "\/",// 需要改成你的 A 服务器配置
        "headers": {
          "Host": "a.com"// 需要改成你的 A 服务器配置
        }
      },
      "quicSettings": {
        "key": "",
        "security": "none",
        "header": {
          "type": "none"
        }
      },
      "tlsSettings": {
        "allowInsecure": false,
        "alpn": [
          "http\/2"// 需要改成你的 A 服务器配置
        ],
        "serverName": "a.com",// 需要改成你的 A 服务器配置
        "allowInsecureCiphers": false
      },
      "httpSettings": {
        "path": ""
      },
      "kcpSettings": {
        "header": {
          "type": "none"
        },
        "mtu": 1350,
        "congestion": false,
        "tti": 20,
        "uplinkCapacity": 5,
        "writeBufferSize": 1,
        "readBufferSize": 1,
        "downlinkCapacity": 20
      },
      "tcpSettings": {
        "header": {
          "type": "none"
        }
      },
      "security": "tls", // 需要改成你的 A 服务器配置
      "network": "ws" // 需要改成你的 A 服务器配置
    }
  }, {
    "protocol": "mtproto",
    "tag": "tg-out",
    "settings": {},
    // 单独为 mtproto 协议挂载出口,代理到 vmess-out
    "proxySettings": {
      "tag": "vmess-out"
    }
  }]
}

客户端 C 配置

Telegram 配置:

tg://proxy?server=b.com&port=8888&secret=b8cba*****************e11a23

Mac OSX 终端中加速配置

export http_proxy="socks5://user1:1234567@b.com:8888"
export https_proxy=$http_proxy
@Yamazaki-wu

This comment has been minimized.

Copy link

Yamazaki-wu commented Jun 26, 2019

请问V2能否实现纯S5中转?
服务器A:有V2(服务器在境外),机场、别人公益提供的,反正就是我改不了的。
服务器B:自建S5(服务器在境内),有账号密码验证的。
服务器C:家里电脑、手机等最终客户端。
要求:C->B->A,起到国内加速的作用。目前PC使用的是v2rayN,手机是v2rayNG。不知道应该怎么设置以及设置完怎样使用,估计不能再用GUI界面了。

@zhuziyi1989

This comment has been minimized.

Copy link
Owner Author

zhuziyi1989 commented Oct 8, 2019

请问V2能否实现纯S5中转?
服务器A:有V2(服务器在境外),机场、别人公益提供的,反正就是我改不了的。
服务器B:自建S5(服务器在境内),有账号密码验证的。
服务器C:家里电脑、手机等最终客户端。
要求:C->B->A,起到国内加速的作用。目前PC使用的是v2rayN,手机是v2rayNG。不知道应该怎么设置以及设置完怎样使用,估计不能再用GUI界面了。

可以的,我给你例子里面就有,你要手动点击展开,才能看到隐藏部分。

请查看在官方网站上查看。 V2Ray支持的协议

@Yamazaki-wu

This comment has been minimized.

Copy link

Yamazaki-wu commented Oct 10, 2019

好吧,我有空尝试一下,谢谢!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.