申请证书:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#安装acme:
curl https://get.acme.sh | sh
#安装socat:
apt install socat
#添加软链接:
ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#注册账号: 
acme.sh --register-account -m [email protected]
#开放80端口:
ufw allow 80
#申请证书: 
acme.sh  --issue -d 替换为你的域名  --standalone -k ec-256
#安装证书: 
acme.sh --installcert -d 替换为你的域名 --ecc  --key-file   /root/trojan/server.key   --fullchain-file /root/trojan/server.crt 

#如果默认CA无法颁发,则可以切换下列CA:
#切换 Let’s Encrypt:
acme.sh --set-default-ca --server letsencrypt
#切换 Buypass:
acme.sh --set-default-ca --server buypass
#切换 ZeroSSL:
acme.sh --set-default-ca --server zerossl

自签证书:

1
2
3
4
#生成私钥:
openssl ecparam -genkey -name prime256v1 -out ca.key
#生成证书:
openssl req -new -x509 -days 36500 -key ca.key -out ca.crt  -subj "/CN=bing.com"

trojan搭建

SSH连接工具(FinalShell):http://www.hostbuf.com/t/988.html
trojan-go:https://github.com/p4gefau1t/trojan-go
trojan-go官方文档:https://p4gefau1t.github.io/trojan-go/

trojan配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "192.83.167.78",
    "remote_port": 80,
    "password": [
        "your_awesome_password"
    ],
    "ssl": {
        "cert": "server.crt",
        "key": "server.key"
    }
}

后台运行:

1
nohup ./trojan-go > trojan.log 2>&1 &

vmess搭建

SSH连接工具(FinalShell):http://www.hostbuf.com/t/988.html
v2ray官方安装脚本:https://github.com/v2fly/fhs-install-v2ray

vmess+tcp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "inbounds": [
    {
      "port": 8388, 
      "protocol": "vmess",  
      "settings": {
        "clients": [
          {
            "id": "af41686b-cb85-494a-a554-eeaa1514bca7",  
            "alterId": 0
          }
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",  
      "settings": {}
    }
  ]
}

vmess+tcp(ws)+tls:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
  "inbounds": [
    {
      "port": 8388, 
      "protocol": "vmess",  
      "settings": {
        "clients": [
          {
            "id": "af41686b-cb85-494a-a554-eeaa1514bca7",  
            "alterId": 0
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "certificates": [
            {
              "certificateFile": "/usr/local/etc/v2ray/server.crt", 
              "keyFile": "/usr/local/etc/v2ray/server.key" 
            }
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

vmess+ws+tls+web:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
  "inbounds": [
    {
      "port": 8388,
      "listen":"127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "af41686b-cb85-494a-a554-eeaa1514bca7",
            "alterId": 0
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/ray"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

nginx设置:

1
2
3
4
#安装nginx:
apt install nginx
#重新加载nginx配置:
systemctl reload nginx.service

nginx配置(替换http{}里的内容):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
server {
   listen 443 ssl;
   listen [::]:443 ssl;

   server_name v.buliang0.tk;  #你的域名
   ssl_certificate       /usr/local/etc/v2ray/server.crt; 
   ssl_certificate_key   /usr/local/etc/v2ray/server.key;
   ssl_session_timeout 1d;
   ssl_session_cache shared:MozSSL:10m;
   ssl_session_tickets off;

   ssl_protocols         TLSv1.2 TLSv1.3;
   ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_prefer_server_ciphers off;

    location / {
        proxy_pass https://www.bing.com; #伪装网址
        proxy_ssl_server_name on;
        proxy_redirect off;
        sub_filter_once off;
        sub_filter "www.bing.com" $server_name;
        proxy_set_header Host "www.bing.com";
        proxy_set_header Referer $http_referer;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Accept-Encoding "";
        proxy_set_header Accept-Language "zh-CN";
    }

    location /ray {
       proxy_redirect off;
       proxy_pass http://127.0.0.1:10000;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   }
}

server {
    listen 80;
    server_name v.buliang0.tk;    #你的域名
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

vless搭建

1
2
3
4
5
6
7
8
9
10
11
#关闭防火墙:
ufw disable

#xray官方一键安装脚本:
bash -c "$(curl -L github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
#启动Xray:
systemctl start xray.service 
#重启Xray:
systemctl restart xray.service 
#Xray状态:
systemctl status xray.service

申请证书:

1
2
3
4
5
6
7
8
9
10
11
12
#安装acme:
curl https://get.acme.sh| sh
#安装socat:
apt install socat
#添加软链接:
ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#切换CA机构:
acme.sh --set-default-ca --server letsencrypt
#申请证书: 
acme.sh  --issue -d 替换为你的域名  --standalone -k ec-256
#安装证书: 
acme.sh --installcert -d 替换为你的域名 --ecc  --key-file   /usr/local/etc/xray/server.key   --fullchain-file /usr/local/etc/xray/server.crt

xray配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "72bac1c4-02de-49b4-e498-fa8767638c23", 
                        "flow": "xtls-rprx-direct"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 8388
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/usr/local/etc/xray/server.crt", 
                            "keyFile": "/usr/local/etc/xray/server.key"
                        }
                    ]
                }
            }
        },
        {
            "port": 8388,
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "111"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": "180.76.138.44:80"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none"
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}