瑞瑞哥的博客

v2ray CDN+ H2搭建笔记

V2ray CDN+ H2搭建笔记

安装Caddy

1
2
wget "https://caddyserver.com/download/linux/amd64?license=personal&telemetry=off" -O caddy.tar.gz
tar -xvzf caddy.tar.gz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
cp caddy /usr/local/bin/
#root拥有二进制文件防止其他账户修改
sudo chown root:root /usr/local/bin/caddy

#修改权限为755,root可读写执行,其他账户不可写
sudo chmod 755 /usr/local/bin/caddy

#Caddy不会由root运行,使用setcap允许caddy作为用户进程绑定低号端口(服务器需要80和443)
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

#创建文件夹存储Caddy的配置文件
sudo mkdir /etc/caddy

#创建文件夹存储Caddy所管理的站点证书
sudo mkdir /etc/ssl/caddy

#允许root及www-data组访问相关文件,允许Caddy写入站点证书文件夹
sudo chown -R root:www-data /etc/caddy
sudo chown -R root:www-data /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy

#如果默认站点根目录不存在,创建以下文件夹
sudo mkdir /var/www

#允许www-data组拥有站点文件夹
sudo chown www-data:www-data /var/www

#创建空的Caddy配置文件
sudo touch /etc/caddy/Caddyfile

#为Caddy新建一个systemd的服务,具体文件在下面
wget https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service
sudo cp caddy.service /etc/systemd/system/
sudo chown root:root /etc/systemd/system/caddy.service

#调整权限使其只可被root修改
sudo chmod 644 /etc/systemd/system/caddy.service

#重载systemd使其检测到新安装的Caddy服务
sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy.service

安装V2ray

直接使用一键脚本安装,具体说明在他们的官网

1
bash <(curl -L -s https://install.direct/go.sh)

更多细节可以参考这篇文章

不过有几个注意的地方:

  1. 如果发现caddy只绑定了ipv6的地址,需要在配置文件里手动指定:

    1
    bind 自己的监听IP

    具体位置可以见最后的配置文件全文。

  2. 那篇文章中,写了个index页面用来看网页是否连通,感觉有点不妥。特征比较明显,title和body里面其实只要写个”OK”就行了。

  3. V2ray感觉时延明显不如shadowsocks,不知道为什么,ss到新加坡能有70-80ms,而V2ray则有240ms。

  4. 可以先访问Caddy的反向代理的path,查看是否反向代理成功了。

客户端:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
"log": {
"loglevel": "warning"
},

"inbound": {
"port": 1080,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true
}
},

"outbound": {
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "yourdomain.com",
"port": 443,
"users": [
{
"id": "${your-id}",
"alterId": 64
}]
}]
},

"mux": {
"enabled": true,
"concurrency": 8
},
"streamSettings": {
"network": "h2",
"security": "tls",
"tlsSettings": {
"serverName": "yourdomain.com"
},
"httpSettings": {
"host": [
"yourdomain.com"
],
"path": "/yourPath"
}
}
},

"outboundDetour": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "adblock"
}
],

"dns": {
"servers": [
"9.9.9.9",
"8.8.8.8",
"localhost"
]
}
}

服务端:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
"log" : {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},

"inbound": {
"port": 10000,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "${your-id}",
"level": 1,
"alterId": 64
}
]
},

"streamSettings": {
"network": "h2",
"security": "tls",
"httpSettings": {
"path": "/yourPath",
"host": ["yourdomain.com"]
},
"tlsSettings": {
"serverName": "yourdomain.com",
"certificates": [
{
"certificateFile": "/root/yourcert.crt",
"keyFile": "/root/yourkey.key"
}
]
}
}
},

"outbound": {
"protocol": "freedom",
"settings": {}
},
"outboundDetour": [
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],

"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "blocked"
}
]
}
}
}

Caddy配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
http://yourdomain.com {
redir https://yourdomain.com
}

https://yourdomain.com {
bind 你的监听IP
root /var/www/
log /var/log/caddy/caddy.ptbox.cn.log
errors /var/log/caddy/test.ptmind.com.log
gzip

tls 12345@gmail.com {
ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-CBC-SHA
}

proxy /yourPath https://localhost:10000 {
insecure_skip_verify
header_upstream X-Forwarded-Proto "https"
header_upstream Host "yourdomain.com"
}


header / {
Strict-Transport-Security "max-age=31536000;"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
}
}

CDN配置

具体没什么好说的,不过这种模式时延很高,再加个CDN,肯定更差。
免备案的基本上都绕路,要么就贵。

参考

http://www.infoq.com/cn/articles/rest-anti-patterns
https://bugxia.com/33.html
https://www.acgist.com/article/541.html

https://www.jb51.net/article/68452.htm