SSH工具

FinalShell:https://www.hostbuf.com/t/988.html

节点搭建

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#更新软件源
   apt update
   #启用 BBR TCP 拥塞控制算法
   echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
   echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
   sysctl -p

 #安装xray-ui:
   bash <(curl -Ls  https://raw.githubusercontent.com/qist/xray-ui/main/install.sh)

 #安装nginx
   apt install nginx
 #安装acme:
   curl https://get.acme.sh | sh
 #添加软链接:
   ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
 #切换CA机构: 
   acme.sh --set-default-ca --server letsencrypt
 #申请证书: 
   acme.sh  --issue -d 你的域名 -k ec-256 --webroot  /var/www/html
 #安装证书:
   acme.sh --install-cert -d 你的域名 --ecc --key-file       /etc/x-ui/server.key  --fullchain-file /etc/x-ui/server.crt --reloadcmd     "systemctl force-reload nginx"

寻找适合的伪装站

http站点优先,个人网盘符合单节点大流量特征

示例关键字:intext:登录 Cloudreve

配置nginx

配置文件路径:/etc/nginx/conf.d/xray-ui.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
    server {
        listen 443 ssl;

        server_name nicename.co;  #你的域名
        ssl_certificate       /etc/x-ui/server.crt;  #证书位置
        ssl_certificate_key   /etc/x-ui/server.key; #私钥位置

        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;
        ssl_session_tickets off;
        ssl_protocols    TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers off;

        location / {
            proxy_pass https://bing.com; #伪装网址
            proxy_redirect off;
            proxy_ssl_server_name on;
            sub_filter_once off;
            sub_filter "bing.com" $server_name;
            proxy_set_header Host "bing.com";
            proxy_set_header Referer $http_referer;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Accept-Encoding "";
            proxy_set_header Accept-Language "zh-CN";
        }


        location /ray {   #分流路径
            proxy_redirect off;
            proxy_pass http://127.0.0.1:10000; #Xray端口
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location /xui {   #xui路径
            proxy_redirect off;
            proxy_pass http://127.0.0.1:9999;  #xui监听端口
            proxy_http_version 1.1;
            proxy_set_header Host $host;
        }
    }

    server {

listen 80;
        location /.well-known/ {
               root /var/www/html;
            }
        location / {
                rewrite ^(.*)$ https://$host$1 permanent;
            }
    }
}

每次修改nginx配置文件后必须使用 systemctl reload nginx 命令重新加载配置文件

解锁GPT、奈飞、迪士尼Xray-ui配置文件

1、通过安装warp脚本后/etc/wireguard/warp-account.conf查看private_keyreserved

1
wget -N https://gitlab.com/fscarmen/warp/-/raw/main/menu.sh && bash menu.sh  //warp安装

2、通过fscarmen.cloudflare.now.cc网站获取private_keyreserved

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
{
  "log": {
    "access": "none",
    "error": "none",
    "loglevel": "info"
  },
  "api": {
    "services": [
      "HandlerService",
      "LoggerService",
      "StatsService"
    ],
    "tag": "api"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 62789,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "127.0.0.1"
      },
      "tag": "api"
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "tag": "direct"
    },
    {
      "protocol": "blackhole",
      "tag": "blocked"
    },
    {
      "protocol":"wireguard",
      "settings":{
          "secretKey":"YFYOAdbw1bKTHlNNi+aEjBM3BO7unuFC5rOkMRAz9XY=", // 粘贴你的 "private_key" 值
          "address":[
              "172.16.0.2/32",
              "2606:4700:110:8a36:df92:102a:9602:fa18/128"
          ],
          "peers":[
              {
                  "publicKey":"bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=",
                  "allowedIPs":[
                      "0.0.0.0/0",
                      "::/0"
                  ],
                  "endpoint":"engage.cloudflareclient.com:2408" // 或填写 162.159.193.10:2408 或 [2606:4700:d0::a29f:c001]:2408
              }
          ],
          "reserved":[78, 135, 76], // 粘贴你的 "reserved" 值
          "mtu":1280
      },
      "tag":"wireguard"
    },
    {
      "protocol":"freedom",
      "settings":{
          "domainStrategy":"UseIPv4"
      },
      "proxySettings":{
          "tag":"wireguard"
      },
      "tag":"warp-IPv4"
    },
    {
      "protocol":"freedom",
      "settings":{
          "domainStrategy":"UseIPv6"
      },
      "proxySettings":{
          "tag":"wireguard"
      },
      "tag":"warp-IPv6"
    }
  ],
  "policy": {
    "system": {
      "statsInboundDownlink": true,
      "statsInboundUplink": true,
      "statsOutboundDownlink": true,
      "statsOutboundUplink": true
    },
    "levels": {
      "0": {
        "handshake": 2,
        "connIdle": 120,
        "uplinkOnly": 1,
        "downlinkOnly": 1
      }
    }
  },
  "routing": {
    "domainStrategy": "AsIs",
    "rules": [
      {
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api",
        "type": "field"
      },
      {
        "type": "field",
        "domain": [
          "www.gstatic.com"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domain": [
          "geosite:category-ads-all",
          "geosite:cn",
          "geosite:geolocation-cn"
        ],
        "outboundTag": "blocked"
      },
      {
        "type": "field",
        "ip": [
          "geoip:cn"
        ],
        "outboundTag": "blocked"
      },
      {
        "type": "field",
        "protocol": [
          "bittorrent"
        ],
        "outboundTag": "blocked"
      },
      {
        "type":"field",
        "domain":[
            "geosite:openai",
            "geosite:netflix",
            "geosite:disney",
            "ip.gs"
        ],
        "outboundTag":"warp-IPv4"
      },
      {
        "type":"field",
        "domain":[
            "p3terx.com"
        ],
        "outboundTag":"warp-IPv6"
      }
    ]
  },
  "stats": {}
}

多用户合租

通过修改nginx的配置文件实现ws path路径分流

1
2
3
4
5
6
7
8
9
10
location /ray {   #分流路径
    proxy_redirect off;
    proxy_pass http://127.0.0.1:10000; #Xray端口
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}