1.v2ray简介
使用v2ray可以很方便的构建代理,理解v2ray的核心是理解v2ray的数据流向,理解了v2ray的流向,配置就简单了
详细可以参考v2ray官方文档,新 V2Ray 白话文指南,v2ray GitHub
浏览器输入www.google.com,然后浏览器以socks协议将数据转化并发送给v2ray客户端(客户端的inbond),之后v2ray客户端(客户端的outbond)以vmess协议将数据转化并发送给v2ray服务器端(服务器端inbond),之后v2ray服务器再将数据解密(vmess协议加密的数据)并发送给目标网站,完成整个请求过程。
2.docker安装v2ray
使用docker-compose部署docker,需要注意的是:
- 如果没有指定网络,会默认生成一个$(docker-compose所在目录的网络)_default,参考透過 Docker Compose 設定 network
- mkcp协议使用udp传输,因此要绑定udp,如果用tcp,可以不指定
- v2ray 5默认配置文件位置不再是/etc/v2ray/config.json,因此需要加入command
cd /data/docker_data
mkdir v2ray
cd v2ray
mkdir log
mkdir config
docker network create all_net
vi docker-compose.yml
version: "3"
services:
v2ray:
image: v2fly/v2fly-core
container_name: v2ray
restart: on-failure:3
volumes:
- /data/docker_data/v2ray/config/config.json:/etc/v2ray/config.json
- /data/docker_data/v2ray/log:/var/log/v2ray
command: "run -config=/etc/v2ray/config.json"
ports:
- "6038:6038"
- "6038:6038/udp"
environment:
- TZ=Asia/Shanghai
networks:
default:
name: all_net
external: true
docker-compose up -d
docker-compose logs
3.三种常用配置
3.4.VMESS+TCP
服务器端配置:
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"port": 12345,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "cb76a5c7-51e5-84d1-d0ff-da110e3f3c32"
}
]
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
},
"inboundDetour": [],
"outboundDetour": [
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "blocked"
}
]
}
}
}
客户端配置:
3.2.vmess+mkcp
vmess+mkcp,mkcp对于丢包严重的网络进行了优化,同时可以伪装(BT下载,视频通话),伪装不代表你可以为所欲为,保持个人的判断,对信息有明确的甄别,学习先进的技术才是根本
服务器端配置:
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"port": 6038,
"protocol": "vmess",
"settings": {
"clients": [{
"id": "4552a7f9-dc8d-a0c9-422f-032ea2a3783f"
}]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"header": {
"type": "srtp"
}
}
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
},
"inboundDetour": [],
"outboundDetour": [{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"strategy": "rules",
"settings": {
"rules": [{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "blocked"
}]
}
}
}
客户端配置:
3.3.WebSocket+TLS+Web
3.3.1.配置v2ray
docker-compose.yml,不再开放端口
version: "3"
services:
v2ray:
image: v2fly/v2fly-core
container_name: v2ray
restart: on-failure:3
volumes:
- /data/docker_data/v2ray/config/config.json:/etc/v2ray/config.json
- /data/docker_data/v2ray/log:/var/log/v2ray
command: "run -config=/etc/v2ray/config.json"
environment:
- TZ=Asia/Shanghai
networks:
default:
name: all_net
external: true
服务器端配置:
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 10000,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811"
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": { }
}
]
}
3.3.2.安装NPM
cd /data/docker_data
mkdir npm
cd npm
mkdir letsencrypt
mkdir data
vi docker-compose.yml
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
container_name: npm
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
environment:
- TZ=Asia/Shanghai
networks:
default:
name: all_net
external: true
docker-compose up -d
docker-compose logs
3.3.3.进入NPM设置
浏览器输入http://域名:81进入后台管理页面,默认用户名/密码为admin@exampel.com/changeme,登陆后需要修改密码,建议用密码生成工具生成强密码
3.3.4.客户端配置
3.3.5. 常见异常
[Warning] [3354002692] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxx.xxx.top/ray): > read tcp 192.168.31.95:1523->xxx.xxx.xxx.xxx:443: wsarecv: An existing connection was forcibly closed by the remote host.
客户端发生上述错误后,查看VPS端NPM日志,发现没有接到任何客户端的请求(说明不是v2ray的错误,因为NPM还没有转发请求)
客户端配置传输层安全为空后,发现NPM日志接收到了客户端的请求,不过是http的(说明问题发生在https上,要么vps 443端口没开,要么证书有问题)
经过排查后,发现443端口是开放的,然后NPM重新申请证书,还是不可以,最后更换域名重新申请证书后,问题解决。