Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
V2Ray 中转服务器配置折腾记

V2Ray 中转服务器配置折腾记(附全套配置)

基础信息

  • 服务器 A ( a.com )

    位于中国大陆以外,安装有 V2Ray 服务,能够正常访问互联网。

    搬wa工 Vultr GoogleCloud...

  • 中转服务器 B ( b.com )

    位于中国境内,安装有 V2Ray 服务,能够正常访问 中国法律所允许的 互联网。

    可以是家里的树莓派哦~

  • 客户端设备 C

    位于中国境内,安装有支持 Socks 和 MTproxy 协议等的客服端软件

我的需求

不希望  C (MTproxy)  ↔  A (V2Ray)
而希望  C (MTproxy)  ↔  B (MTproxy + V2Ray)  ↔  A (V2Ray)

为了方便说明,例子里添加了注释,实际使用时请删去注释!

A 服务器配置

配置文件默认位置为: /etc/v2ray/config.json,v2ray 配置示例:

查看内容 A 服务器的 V2Ray 配置
{
	"log": {
		"access": "/var/log/v2ray/access.log",
		"error": "/var/log/v2ray/error.log",
		"loglevel": "warning"
	},
	"inbounds": [{
		"port": 7777, //与后面的 Nginx 配置对应
		"protocol": "vmess",
		"settings": {
			"clients": [{
				"id": "da1416f1-****-****-****-41ac7fd881df",
				"level": 1,
				"alterId": 233
			}]
		},
		"streamSettings": {
			"network": "ws"
		},
		"sniffing": {
			"enabled": true,
			"destOverride": [
				"http",
				"tls"
			]
		}
	}],
	"outbounds": [{
		"protocol": "freedom",
		"settings": {}
	}, {
		"protocol": "blackhole",
		"settings": {},
		"tag": "vmess-out"
	}, {
		"protocol": "freedom",
		"settings": {},
		"tag": "direct"
	}, {
		"protocol": "mtproto",
		"settings": {},
		"tag": "tg-out"
	}],
	"dns": {
		"server": [
			"1.1.1.1",
			"1.0.0.1",
			"8.8.8.8",
			"8.8.4.4",
			"localhost"
		]
	},
	"routing": {
		"domainStrategy": "IPOnDemand",
		"rules": [{
			"type": "field",
			"ip": [
				"0.0.0.0/8",
				"10.0.0.0/8",
				"100.64.0.0/10",
				"127.0.0.0/8",
				"169.254.0.0/16",
				"172.16.0.0/12",
				"192.0.0.0/24",
				"192.0.2.0/24",
				"192.168.0.0/16",
				"198.18.0.0/15",
				"198.51.100.0/24",
				"203.0.113.0/24",
				"::1/128",
				"fc00::/7",
				"fe80::/10"
			],
			"outboundTag": "vmess-out"
		}, {
			"type": "field",
			"domain": [
				"domain:youtube.com", //自己加黑名单
				"domain:google.com",
			],
			"outboundTag": "vmess-out"
		}, {
			"type": "field",
			"protocol": [
				"bittorrent"
			],
			"outboundTag": "vmess-out"
		}]
	},
	"transport": {
		"kcpSettings": {
			"uplinkCapacity": 100,
			"downlinkCapacity": 100,
			"congestion": true
		},
		"sockopt": {
			"tcpFastOpen": true
		}
	}
}

Nginx 配置文件默认位置为: /usr/local/nginx/conf/vhost/a.com.conf ( 本人用的是 lnmp 套件 )

Nginx 配置示例:

查看内容 A 服务器的 Nginx 配置
server
	{
		listen 443 ssl http2;// 不支持http2,可以删除“http2”
		server_name a.com ;// 网站的域名
		index index.html index.htm index.php default.html default.htm default.php;
		root  /home/wwwroot/a.com;// 改成自己的网站根目录
		ssl on;
		ssl_certificate /usr/local/nginx/conf/ssl/a.com/fullchain.cer;// 改成自己ssl的配置
		ssl_certificate_key /usr/local/nginx/conf/ssl/a.com/a.com.key;// 改成自己ssl的配置
		ssl_session_timeout 5m;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		ssl_ciphers "EECDH+*****:!MD5";// 改成自己的配置
		ssl_session_cache builtin:1000 shared:SSL:10m;
		# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
		ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

		include rewrite/none.conf;

		# Deny access to PHP files in specific directory
		# include enable-php.conf;

		# WebSocket + TLS  [V2Ray传输协议配置]
		location / {
			proxy_redirect off;
			proxy_pass http://127.0.0.1:7777; 
			# 7777 为 V2Ray 端口( user → 443 → loctalhost:7777 )
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			proxy_set_header Host $http_host;
			proxy_intercept_errors on;
		  }

		error_page 404 /404.html;

		location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
		{
			expires      30d;
		}

		location ~ .*\.(js|css)?$
		{
			expires      12h;
		}

		location ~ /.well-known {
			allow all;
		}

		location ~ /\.
		{
			deny all;
		}

		access_log off;
	}

B 中转服务器配置举例

配置默认位置为: /etc/v2ray/config.json

本案例只演示了客户端设备支持Socks和MTproxy情况。当然可以添加更多协议,诸如 VMess、Shadowsocks、HTTP 等

详见: V2Ray 协议列表

查看内容 B 服务器的 V2Ray 配置
{
  "log": {
    "access": "var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },

  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "114.114.114.114",
      "114.114.115.115"
    ]
  },
  
  // 路由配置
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [{
        "type": "field",
        "inboundTag": [
          "tg-in"
        ],
        "outboundTag": "tg-out"
      }, {
        "type": "field",
        //非 mtproto 协议的流量全部走 vmess-out
        "outboundTag": "vmess-out",
        "port": "0-65535"
      }]
    }
  },
  
  // 流量入口 
  "inbounds": [
  // 客户端 C (Socks) 填写以下配置
  {
    "listen": "0.0.0.0",
    "port": 8888, 
    "protocol": "socks",// Socks 协议,兼容Socks4/5
    "tag": "socks-in",
    "settings": {
      "auth": "password",
      "accounts": [{
        "user": "user2",//用户①
        "pass": "1234567",//用户①密码
        "level": 0
      }, {
        "user": "user2",//用户②
        "pass": "7654321",用户②密码
        "level": 0
      }],
      "udp": true,
      "ip": "0.0.0.0",
      "userLevel": 0
    }
  }, 
  // 客户端 C (MTproxy) 填写以下配置
  {
    "port": 9999,
    "protocol": "mtproto",
    "tag": "tg-in",
    "settings": {
      "users": [{
        "secret": "b8cba*****************e11a23"
      }]
    }
  }],

  // 出口流量,outbounds 是一个数组对象。
  // 数组里第 1 个对象:配置服务器 B 出口流量(vmess 协议),直接服务器 A 建立连接
  // 数组里第 2 个对象:配置服务器 B 出口流量(mtproto 协议),被中转到第 1 个对象,进而与服务器 A 建立连接
  "outbounds": [{
    "sendThrough": "0.0.0.0",
    "mux": {
      "enabled": false,
      "concurrency": 8
    },
    "protocol": "vmess",
    "settings": {
      "vnext": [{
        "address": "a.com", // 需要改成你的 A 服务器配置
        "users": [{
          "id": "da1416f1-****-****-****-41ac7fd881df", // 需要改成你的 A 服务器配置
          "alterId": 233, // 需要改成你的 A 服务器配置
          "security": "auto",
          "level": 0
        }],
        "port": 443 // 需要改成你的 A 服务器配置
      }]
    },
    "tag": "vmess-out",
    "streamSettings": {
      "wsSettings": {
        "path": "\/",// 需要改成你的 A 服务器配置
        "headers": {
          "Host": "a.com"// 需要改成你的 A 服务器配置
        }
      },
      "quicSettings": {
        "key": "",
        "security": "none",
        "header": {
          "type": "none"
        }
      },
      "tlsSettings": {
        "allowInsecure": false,
        "alpn": [
          "http\/2"// 需要改成你的 A 服务器配置
        ],
        "serverName": "a.com",// 需要改成你的 A 服务器配置
        "allowInsecureCiphers": false
      },
      "httpSettings": {
        "path": ""
      },
      "kcpSettings": {
        "header": {
          "type": "none"
        },
        "mtu": 1350,
        "congestion": false,
        "tti": 20,
        "uplinkCapacity": 5,
        "writeBufferSize": 1,
        "readBufferSize": 1,
        "downlinkCapacity": 20
      },
      "tcpSettings": {
        "header": {
          "type": "none"
        }
      },
      "security": "tls", // 需要改成你的 A 服务器配置
      "network": "ws" // 需要改成你的 A 服务器配置
    }
  }, {
    "protocol": "mtproto",
    "tag": "tg-out",
    "settings": {},
    // 单独为 mtproto 协议挂载出口,代理到 vmess-out
    "proxySettings": {
      "tag": "vmess-out"
    }
  }]
}

客户端 C 配置

Telegram 配置:

tg://proxy?server=b.com&port=8888&secret=b8cba*****************e11a23

Mac OSX 终端中加速配置

export http_proxy="socks5://user1:1234567@b.com:8888"
export https_proxy=$http_proxy
@Yamazaki-wu

This comment has been minimized.

Copy link

commented Jun 26, 2019

请问V2能否实现纯S5中转?
服务器A:有V2(服务器在境外),机场、别人公益提供的,反正就是我改不了的。
服务器B:自建S5(服务器在境内),有账号密码验证的。
服务器C:家里电脑、手机等最终客户端。
要求:C->B->A,起到国内加速的作用。目前PC使用的是v2rayN,手机是v2rayNG。不知道应该怎么设置以及设置完怎样使用,估计不能再用GUI界面了。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.