使用 X-UI 面板搭建 vmess+ws+tls+web 或者 vless+ws+tls+web 的節點,這是目前最安全的搭建方式。
教程原文來自不良林:https://bulianglin.com/archives/nicename.html,YouTube:https://www.youtube.com/watch?v=s90feRmdr9A
他的網站複製代碼起來特別麻煩,我自己複製一份保存一下。我自己搭建使用搬瓦工的大阪路線,聽別人說這個路線不穩定,我只是拿來測試不管這些,第一次搭建起來只能跑出幾百 k,重新安裝搭建就正常了,不知道是不是時間段的原因。
節點搭建#
#更新軟件源
apt update
#啟用 BBR TCP 拥塞控制算法
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
#安裝x-ui:
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
#安裝nginx
apt install nginx
#安裝acme:
curl https://get.acme.sh | sh
#添加軟鏈接:
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#切換CA機構:
acme.sh --set-default-ca --server letsencrypt
#申請證書:
acme.sh --issue -d 你的域名 -k ec-256 --webroot /var/www/html
#安裝證書:
acme.sh --install-cert -d 你的域名 --ecc --key-file /etc/x-ui/server.key --fullchain-file /etc/x-ui/server.crt --reloadcmd "systemctl force-reload nginx"
配置 nginx#
配置文件路徑:/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
server {
listen 443 ssl;
server_name nicename.co; #你的域名
ssl_certificate /etc/x-ui/server.crt; #證書位置
ssl_certificate_key /etc/x-ui/server.key; #私鑰位置
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
location / {
proxy_pass https://bing.com; #偽裝網址
proxy_redirect off;
proxy_ssl_server_name on;
sub_filter_once off;
sub_filter "bing.com" $server_name;
proxy_set_header Host "bing.com";
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language "zh-CN";
}
location /ray { #分流路徑
proxy_redirect off;
proxy_pass http://127.0.0.1:10000; #Xray端口
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /xui { #xui路徑
proxy_redirect off;
proxy_pass http://127.0.0.1:9999; #xui監聽端口
proxy_http_version 1.1;
proxy_set_header Host $host;
}
}
server {
listen 80;
location /.well-known/ {
root /var/www/html;
}
location / {
rewrite ^(.*)$ https://$host$1 permanent;
}
}
}
每次修改 nginx 配置文件後必須使用 systemctl reload nginx 命令重新加載配置文件。