准备工作

  • 一台域外VPS
  • 一个域名
  • 将域名解析到VPS的IP上。
  • VPS操作系统建议用Debian 10,如果用CentOS,请关闭防火墙。

1. 开启bbr优化

wget -N --no-check-certificate "https://github.000060000.xyz/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

先输入11,启用bbr+fq加速,再次执行脚本,然后输入22,应用优化方案,之后会要求重启VPS,输入Y确认。

2. 安装xray

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install

3. 安装acme脚本

curl https://get.acme.sh | bash

4. 创建Geo脚本

vi /usr/local/bin/xray-geo

#!/bin/bash
rm -fr /usr/local/share/xray/geo*.dat
wget -O /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
wget -O /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
echo 'Geo Files have been updated'

systemctl restart xray
echo 'Xray service restarted'

给予可执行权限

chmod +x /usr/local/bin/xray-geo

5. 申请SSL证书及安装证书

申请证书

/root/.acme.sh/acme.sh --issue -d www.example.com --standalone

安装证书

/root/.acme.sh/acme.sh --install-cert -d www.example.com --fullchain-file /usr/local/etc/xray/example.cer --key-file /usr/local/etc/xray/example.key

chown nobody.root /usr/local/etc/xray/example.*

为了便于未来自动更新证书,可以创建如下脚本,放入crontab自动执行。

vi /usr/local/bin/xray-renew

文件内容:

#!/bin/bash
/root/.acme.sh/acme.sh --install-cert -d www.exmaple.com --fullchain-file /usr/local/etc/xray/example.cer --key-file /usr/local/etc/xray/example.key
echo "Xray Certificates Renewed"

chown nobody.root /usr/local/etc/xray/example.*

echo "User&Group Changed for Xray"

systemctl restart xray
echo "Xray Restarted"

授予可执行权限

chmod +x /usr/local/bin/xray-renew

增加计划任务

crontab -e

在文件中增加如下内容,意思是每个星期五的凌晨2点执行一次 xray-renew 脚本。

0 2 * * 5 bash /usr/local/bin/xray-renew

可看下图

6. 生成UUID,修改配置文件

在命令提示符下输入下面的命令,就会返回一个新生成的UUID,将这个UUID保存一下。

root@nerd:~# xray uuid
f47cdd50-7468-4758-afb8-1fd3a4887a49

在下面的xray配置文件中,修改所有的uuid为上面生成的UUID。

{
    // 1_日志设置
    "log": {
        "loglevel": "warning",
        "access": "/var/log/xray/access.log",
        "error": "/var/log/xray/error.log"
    },
    // 2_DNS设置
    "dns": {
        "hosts": {
          "dns.google": "8.8.4.4",
          "doh.pub": "119.29.29.29"
        },
        "servers": [
          "https://dns.google/dns-query",
        {
          "address": "https+local://223.5.5.5/dns-query",
          "domains": [
            "geosite:cn",
            "geosite:icloud",
            "geosite:category-games@cn"
          ],
          "expectIPs": [
            "geoip:cn"
          ]
        },
        {
          "address": "https://1.1.1.1/dns-query",
          "domains": [
            "geosite:geolocation-!cn"
          ]
        }
      ]
    },
    // 3_入站设置
    "inbounds": [
        {
            "port": 8443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "flow": "xtls-rprx-direct",
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 1310, // 默认回落到 Xray 的 Trojan 协议
                        "xver": 1
                    },
                    {
                        "path": "/ws1169", // 必须换成自定义的 PATH
                        "dest": 1234,
                        "xver": 1
                    },
                    {
                        "path": "/vst1170", // 必须换成自定义的 PATH
                        "dest": 2345,
                        "xver": 1
                    },
                    {
                        "path": "/vmw1171", // 必须换成自定义的 PATH
                        "dest": 3456,
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/usr/local/etc/xray/example.cer", //SSL证书
                            "keyFile": "/usr/local/etc/xray/example.key" //ssl密钥
                        }
                    ]
                }
            }
        },
        {
            "port": 1310,
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "mima", // 填写你的密码
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": 80 // 或者回落到其它也防探测的代理
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        },
        {
            "port": 1234,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/ws1169" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        },
        {
            "port": 2345,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true,
                    "header": {
                        "type": "http",
                        "request": {
                            "path": [
                                "/vst1170" // 必须换成自定义的 PATH,需要和分流的一致
                            ]
                        }
                    }
                }
            }
        },
        {
            "port": 3456,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "uuid", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/vmw1171" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        }
    ],
    // 5_出站设置
    "outbounds": [
        {
            "tag": "Direct",
            "protocol": "freedom"
        },
    ]
}

建议copy出来,粘贴到notepad等文本编辑器中修改,修改好后,复制全文,粘贴到xray的/usr/local/etc/xray/config.json文件中,或者,另存为config.json并上传到/usr/local/etc/xray目录中。

7. 更新资源文件并重启

xray-geo

8. 检查服务是否在监听中

ss -lptun

查看监听端口

great! 服务已经启动了。现在可以在你本地的openwrt或者客户端中配置并使用了,客户端的配置我就不赘述了。

《全文完》