- 同福客栈
- Naive、Trojan-go+ssl+ws+web、vmess(vless)+tls+ws+web节点搭建,史上最详细的节点搭建教程,一个视频教你如何搭建各种节点以及如何同时运行多种节点。
Naive、Trojan-go+ssl+ws+web、vmess(vless)+tls+ws+web节点搭建,史上最详细的节点搭建教程,一个视频教你如何搭建各种节点以及如何同时运行多种节点。
#域名购买
namesilo:https://name.bulianglin.com
#域名托管
cloudflare:https://www.cloudflare.com/zh-cn/
#VPS购买
vultr:https://www.vultr.com/
#SSH工具
FinalShell:https://www.hostbuf.com/t/988.html
#相关资料
x-ui项目地址:https://github.com/vaxilu/x-ui
nginx下载地址:http://nginx.org/en/download.html
go项目地址:https://github.com/astaxie/build-web-application-with-golang/blob/master/zh/01.1.md
NaïveProxy项目地址:https://github.com/klzgrad/naiveproxy/wiki/%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87
trojan-go项目地址:https://github.com/p4gefau1t/trojan-go
NaïveProxy电脑版客户端下载地址:https://github.com/klzgrad/naiveproxy/releases/tag/v107.0.5304.87-3
#关闭防火墙ufw disable
#开启BBR加速echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf sysctl -p
#更新软件源apt update apt upgrade apt full-upgrade
#安装组件apt install wget apt install unzip apt install socat
一、搭建vmess、vless节点
1、安装及配置x-ui
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
2、安装acme
curl https://get.acme.sh | sh
3、添加软链接
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
4、切换CA机构
acme.sh --set-default-ca --server letsencrypt
5、申请证书
acme.sh --issue -d xui.mydomain.com --standalone -k ec-256 --webroot /home/wwwroot/html
6、安装证书
acme.sh --install-cert -d xui.mydomain.com --ecc --key-file /etc/x-ui/private.key --fullchain-file /etc/x-ui/cert.crt
7、编译安装及配置nginx
由于后面要用到Nginx的SNI的4层转发,该功能由stream模块提供,但是 Nginx 默认不启用该模块,所以选择编译安装。
①安装编译工具及相关依赖库
apt install make gcc libpcre3 libpcre3-dev zlib1g-dev libssl-dev
②下载nginx源代码
wget --no-check-certificate http://nginx.org/download/nginx-1.22.1.tar.gz
③解压nginx源代码
tar zxvf nginx-1.22.1.tar.gz
④进入nginx-1.22.1文件夹
cd nginx-1.22.1
⑤设置编译参数
./configure --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_preread_module
⑥编译安装nginx
make install
⑦配置开机启动
#进入/lib/systemd/system/文件夹
cd /lib/systemd/system/
#创建nginx.service文件
touch nginx.service
#编辑nginx.service配置信息
[Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
#重新加载守护进程
systemctl daemon-reload
#设置开机自启
systemctl enable nginx
⑧修改nginx配置信息
#进入/usr/local/nginx/conf/文件夹
cd /usr/local/nginx/conf/
#编辑nginx.conf配置文件
#user www-data; worker_processes 1; error_log logs/error.log; pid logs/nginx.pid; events { worker_connections 2048; } http { server_tokens off; include mime.types; default_type application/octet-stream; access_log off; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; gzip on; client_max_body_size 10m; client_body_buffer_size 128k; server { listen 443 ssl; #端口 server_name xui.mydomain.com; #域名 ssl_certificate /etc/x-ui/cert.crt; #证书位置 ssl_certificate_key /etc/x-ui/private.key; #私钥位置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; #vmess节点配置信息 location /ray123 { #节点分流路径 proxy_redirect off; proxy_pass http://127.0.0.1:10010; #节点端口 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #vless节点配置信息 location /ray1234 { #节点分流路径 proxy_redirect off; proxy_pass http://127.0.0.1:10011; #节点端口 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #xui面板配置信息 location /xui { #xui登录路径 proxy_redirect off; proxy_pass http://127.0.0.1:10000; #xui监听端口 proxy_http_version 1.1; proxy_set_header Host $host; } location / { proxy_pass http://127.0.0.1:80; } } #80端口配置信息 server { listen 80 default_server; listen [::]:80 default_server; location / { proxy_pass https://www.bing.com; #伪装网址 proxy_ssl_server_name on; proxy_redirect off; sub_filter_once off; sub_filter "www.bing.com" $server_name; #伪装网址 proxy_set_header Host "www.bing.com"; #伪装网址 proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Language "zh-CN"; } } }
⑨启动nginx、查看nginx启动状态、停止nginx
systemctl start nginx
systemctl status nginx.service
systemctl stop nginx
二、安装及配置Naïve
1、下载go
wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
2、解压go
tar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gz
3、设置PATH
export PATH=$PATH:/usr/local/go/bin
4、查看go的安装版本
go version
5、安装NaïveProxy+Caddy
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
setcap cap_net_bind_service=+ep ./caddy
6、创建/etc/caddy/文件夹
mkdir /etc/caddy/
7、进入/etc/caddy/文件夹
cd /etc/caddy/
8、创建Caddyfile文件
touch Caddyfile
9、编辑Caddyfile配置信息(去掉//和中文说明)
{ order forward_proxy before route admin off auto_https off https_port 443 //端口 } :443 { //端口 tls /etc/caddy/cert.crt /etc/caddy/private.key { //证书和私钥位置 ciphers TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 alpn h2 http/1.1 } forward_proxy { basic_auth user password //用户名 密码(中间英文空格隔开) hide_ip hide_via probe_resistance } @host { host naive.mydomain.com //域名 } route @host { header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } reverse_proxy https://www.bing.com { //伪装网址 header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} } } }
10、申请证书
acme.sh --issue -d naive.mydomain.com --standalone -k ec-256 --webroot /home/wwwroot/html
11、安装证书
acme.sh --install-cert -d naive.mydomain.com --ecc --key-file /etc/caddy/private.key --fullchain-file /etc/caddy/cert.crt
12、设置caddy开机自启
#使 Caddy 可执行并将 caddy 二进制文件移动/usr/bin/
systemctl --version 232
chmod +x caddy
mv caddy /usr/bin/
#测试是否有效
/usr/bin/caddy run --config /etc/caddy/Caddyfile
#为 caddy 创建唯一的 Linux 组和用户
groupadd --system caddy
useradd --system \ --gid caddy \ --create-home \ --home-dir /var/lib/caddy \ --shell /usr/sbin/nologin \ --comment "Caddy web server" \ caddy
#进入/etc/systemd/system/文件夹
cd /etc/systemd/system/
#创建caddy.service
touch caddy.service
#编辑caddy.service文件配置信息
[Unit] Description=Caddy Documentation=https://caddyserver.com/docs/ After=network.target network-online.target Requires=network-online.target [Service] Type=notify ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 PrivateTmp=true ProtectSystem=full AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target
#重新加载守护进程
systemctl daemon-reload
#设置开机自启
systemctl enable caddy
#启动caddy、查看caddy状态、停止caddy
systemctl start caddy
systemctl status caddy
systemctl stop caddy
三、安装及配置Trojan-go
1、在/etc/目录下创建一个trojan-go的文件夹
mkdir /etc/trojan-go
2、进入trojan-go文件夹
cd /etc/trojan-go
3、下载trojan-go
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip
4、解压trojan-go
unzip trojan-go-linux-amd64.zip
5、创建config.json文件
touch config.json
6、编辑config.json配置信息(//和中文说明删掉)
{ "run_type": "server", "local_addr": "0.0.0.0", "local_port": 443, //端口 "remote_addr": "127.0.0.1", "remote_port": 80, "password": [ "password" //密码 ], "disable_http_check": false, "udp_timeout": 60, "ssl": { "verify": true, "verify_hostname": true, "cert": "/etc/trojan-go/cert.crt", //证书位置 "key": "/etc/trojan-go/private.key", //私钥位置 "cipher": " ", "curves": " ", "prefer_server_cipher": false, "sni": "trojan.mydomain.com", //域名 "alpn": [ "http/1.1" ], "session_ticket": true, "reuse_session": true, "plain_http_response": " ", "fallback_addr": "127.0.0.1", "fallback_port": 80, "fingerprint": "chrome" }, "tcp": { "no_delay": true, "keep_alive": true, "prefer_ipv4": false }, "mux": { "enabled": true, "concurrency": 8, "idle_timeout": 60 }, "router": { "enabled": true, "block": [ "geoip:private" ], "geoip": "/etc/trojan-go/geoip.dat", "geosite": "/etc/trojan-go/geosite.dat" }, "websocket": { "enabled": true, "path": "/ray12345", //ws路径 "host": "trojan.mydomain.com" //域名 } }
7、申请证书
acme.sh --issue -d trojan.mydomain.com --standalone -k ec-256 --webroot /home/wwwroot/html
8、安装证书
acme.sh --install-cert -d trojan.mydomain.com --ecc --key-file /etc/trojan-go/private.key --fullchain-file /etc/trojan-go/cert.crt
9、设置trojan-go开机自启
#进入/etc/systemd/system/文件夹
cd /etc/systemd/system/
#创建trojan-go.service文件
touch trojan-go.service
#编辑trojan-go.service配置信息
[Unit] Description=Trojan-Go - An unidentifiable mechanism that helps you bypass GFW Documentation=https://p4gefau1t.github.io/trojan-go/ After=network.target nss-lookup.target [Service] CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/etc/trojan-go/trojan-go -config /etc/trojan-go/config.json Restart=on-failure RestartSec=10 RestartPreventExitStatus=23 [Install] WantedBy=multi-user.target
#重新加载守护进程
systemctl daemon-reload
#设置开机自启
systemctl enable trojan-go
10、nginx配置信息
#user www-data; worker_processes 1; error_log logs/error.log; pid logs/nginx.pid; events { worker_connections 2048; } http { server_tokens off; include mime.types; default_type application/octet-stream; access_log off; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; gzip on; client_max_body_size 10m; client_body_buffer_size 128k; #80端口配置信息 server { listen 80 default_server; listen [::]:80 default_server; location / { proxy_pass https://www.bing.com; #伪装网址 proxy_ssl_server_name on; proxy_redirect off; sub_filter_once off; sub_filter "www.bing.com" $server_name; #伪装网址 proxy_set_header Host "www.bing.com"; #伪装网址 proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Language "zh-CN"; } } }
11、启动nginx、查看nginx启动状态、停止nginx
systemctl start nginx
systemctl status nginx.service
systemctl stop nginx
12、启动trojan-go、查看trojan-go启动状态、停止trojan-go
systemctl start trojan-go
systemctl status trojan-go
systemctl stop trojan-go
四、同时运行vmess、vless、trojan-go、naive节点
#nginx配置信息
#user www-data; worker_processes 1; error_log logs/error.log; pid logs/nginx.pid; events { worker_connections 2048; } stream { # SNI识别,将域名映射成配置名 map $ssl_preread_server_name $backend_name { xui.mydomain.com xui; #用于vmess、vless的域名 naive.mydomain.com naiveproxy; #用于naive的域名 trojan.mydomain.com trojan-go; #用于trojan-go的域名 } # xui配置转发详情 upstream xui { server 127.0.0.1:10240; #端口 } # naiveproxy配置转发详情 upstream naiveproxy { server 127.0.0.1:10241; #端口 } # trojan-go配置转发详情 upstream trojan-go { server 127.0.0.1:10242; #端口 } # 监听 443 ,并开启 ssl_preread server { listen 443 reuseport; listen [::]:443 reuseport; proxy_pass $backend_name; ssl_preread on; } } http { server_tokens off; include mime.types; default_type application/octet-stream; access_log off; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; gzip on; client_max_body_size 10m; client_body_buffer_size 128k; #xui的配置信息 server { listen 10240 ssl; #端口 server_name xui.mydomain.com; #用于vmess、vless的域名 ssl_certificate /etc/x-ui/cert.crt; #证书位置 ssl_certificate_key /etc/x-ui/private.key; #私钥位置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; #vmess节点配置信息 location /ray123 { #节点分流路径 proxy_redirect off; proxy_pass http://127.0.0.1:10010; #节点端口 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #vless节点配置信息 location /ray1234 { #节点分流路径 proxy_redirect off; proxy_pass http://127.0.0.1:10011; #节点端口 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /xui { #xui登录路径 proxy_redirect off; proxy_pass http://127.0.0.1:10000; #xui监听端口 proxy_http_version 1.1; proxy_set_header Host $host; } location / { proxy_pass http://127.0.0.1:80; } } #80端口配置信息 server { listen 80 default_server; listen [::]:80 default_server; location / { proxy_pass https://www.bing.com; #伪装网址 proxy_ssl_server_name on; proxy_redirect off; sub_filter_once off; sub_filter "www.bing.com" $server_name; #伪装网址 proxy_set_header Host "www.bing.com"; #伪装网址 proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Language "zh-CN"; } } }
#重新加载nginx
systemctl reload nginx
#查看nginx状态
systemctl status nginx.service
#启动caddy
systemctl start caddy
#查看caddy状态
systemctl status caddy
#启动trojan-go
systemctl start trojan-go
#查看trojan-go状态
systemctl status trojan-go
YouTube视频教程地址:https://youtu.be/azb7L1if-_c
收藏的用户(0)
X
正在加载信息~
免责声明:本站内容资源源于网络,如有侵权请发邮件告知我们,我们将会在24小时内处理。