Add ss grcp web, and update ss wss web

This commit is contained in:
touamano 2021-09-01 13:40:13 +08:00
parent 16f77648a2
commit 4d826a87e8
14 changed files with 474 additions and 75 deletions

View File

@ -0,0 +1,58 @@
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个web服务器解密TLS后,将请求转发给位于127.0.0.1:10000的v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述可以按需参考白话文教程里的web服务器设置。
config_server_redirect.json 和 config_server_domainsocket.json 选其一
如果使用domain socket需要修改`/etc/systemd/system/v2ray.service`。否则由于fhs脚本使用的nobody用户的权限不够无法在/var/run里新建文件夹`ss-loop`而导致启动失败。
> 如果使用fhs脚本更新版本的话会覆盖掉service文件所以更新版本后需要重复下面的操作。
修改文件`/etc/systemd/system/v2rary.service`,在`[Service]`部分添加下面一行:
```properties
RuntimeDirectory=ss-loop
```
`ss-loop`对应config.json里的`dsSettings`部分的path里的文件夹`/var/run/ss-loop`
修改完成后需要执行
```shell
systemctl disable v2ray.service
systemctl enable v2ray.service
```
最后重启下v2ray进程
```shell
systemctl restart v2ray
```
## 客户端配置示意
你应该按照服务端的设置修改对应的参数
### shadowsocks windows 客户端关键部分示例如下
```properties
Server_IP: example.com or your server ip
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下
需安装 shadowsocks 和 v2ray plugin并搭配一同使用
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent_connections: 1
Certificate_for_TLS_verification: Not set
```

View File

@ -0,0 +1,61 @@
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server config example at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration)
中文用户请看[这里](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md)
Choose one of the server config config_server_redirect.json and config_server_domainsocket.json
If you choose to use config_server_domainsocket.json, the following extra steps are required. Since the default service file created by fhs installation scripts is using nobody as the runtime user, this user does not have the permission to create the `ss-loop` folder in `/var/run`.
Use your prefered editor to modify the systemd service file at `/etc/systemd/system/v2ray.service`.
Add the following line to the block starting with `[Service]`
```properties
RuntimeDirectory=ss-loop
```
`ss-loop` corresponds to the `/var/run/ss-loop` folder in the `dsSettings` inside config_server_domainsocket.json.
Execute the following commands to re-enable the v2ray.service.
```shell
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Then restart the v2ray service.
```shell
systemctl restart v2ray
```
## Client configuration examples
> You should change the following configurations according to your server configs
### shadowsocks windows client configuration examples
```properties
Server_IP: example.com or your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent_connections: 1
Certificate_for_TLS_verification: Not set
```

View File

@ -40,7 +40,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
"path": "/path"
}
}
},

View File

@ -40,7 +40,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
"path": "/path"
}
}
},

View File

@ -1,42 +0,0 @@
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个web服务器解密TLS后将请求转发给后端的v2ray位于127.0.0.1:10000。由于 https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE 已经有了服务器的设置这里不再赘述可以按需参考白话文教程里的web服务器设置。
**config_server_redirect.json 和 config_server_domainsocket.json 选其一**
如果使用domain socket需要修改/etc/systemd/system/v2ray.service
在[Service]部分添加
```
RuntimeDirectory=ss-loop
```
'ss-loop'对应config.json里的"dsSettings"部分的path里的文件夹"/var/run/ss-loop"
修改完成后需要执行
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
否则由于fhs脚本使用的nobody用户的权限不够无法在/var/run里新建文件夹'ss-loop'而导致启动失败。
## 客户端配置示意
**你应该按照服务端的设置修改对应的参数**
### shadowsocks windows 客户端关键部分示例如下:
```
Server IP: example.com
Server Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下:
**需安装 shadowsocks 和 v2ray plugin并搭配一同使用**
```
Plugin: v2ray
Configuration:
Transport mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
```

View File

@ -0,0 +1,35 @@
# 这个例子同样适用于Shadowsocks客户端+V2Ray-Plugins
> 完整的设置还需要一个web服务器解密TLS后,将请求转发给监听在127.0.0.1:10000的v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述可以按需参考白话文教程里的web服务器设置。
## 客户端配置示意
你应该按照服务端的设置修改对应的参数
### shadowsocks windows 客户端关键部分示例如下
> 必须设置 mux=0否则无法正常连接服务器。如果需要使用mux可以参考本文件夹里的[Domainsocket or Redirect Approach](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/)的方法。
```properties
Server_IP: example.com or your server ip
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
```
### Shadowsocks Android plugin 关键部分示例如下
> 需安装 shadowsocks 和 v2ray plugin并搭配一同使用。
> Concurrent connections必须为0否则无法连接到服务器。
```properties
Plugin: v2ray
Configuration:
Transport_mode: websocket-tls
Hostname: example.com
Path: /path
Concurrent_connections: 0
Certificate_for_TLS_verification: Not set
```

View File

@ -1,45 +1,38 @@
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server example at https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration
# These settings are also compatible with Shadowsocks client + V2Ray-plugin
中文用户请看 Readme - zh-CN. md
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server listeing on 127.0.0.1:10000.
> You can find the web server config examples at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration)
**Choose either one of config_server_redirect.json and config_server_domainsocket.json**
中文用户请看[这里](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/README-CN.md)
If you choose to use config_server_domainsocket.json remember to modify the systemd service file @ /etc/systemd/system/v2ray.service.
## Shadowsocks client configuration examples
Add the following line to the block starting with [Service]
```
RuntimeDirectory=ss-loop
```
'ss-loop' corresponds to the "/var/run/ss-loop" folder in the "dsSettings" part of the config.json.
> You should change the following configurations according to your server configs
Execute the following commands to re-enable the v2ray.service.
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Since nobody user does not have the right permission to create the 'ss-loop' folder in /var/run.
## Client configuration examples
**You should change the parameters according to your server configs**
### shadowsocks windows client configuration examples
```
Server IP: example.com
Server Port: 443
### Shadowsocks windows client configuration examples
> mux=0 is indispensable when connecting with V2Ray-plugin, if you wish to use mux you need to try the [Domainsocket or Redirect Approach](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/)
```properties
Server_IP: example.com or your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
```
### shadowsocks Android plugin configuration examples
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```
*Concurrent connections must be 0*
```properties
Plugin: v2ray
Configuration:
Transport mode: websocket-tls
Transport_mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
Path: /path
Concurrent_connections: 0
Certificate_for_TLS_verification: Not set
```

View File

@ -0,0 +1,61 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "1081",
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 443,
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/path"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

View File

@ -0,0 +1,42 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10000,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
},
"streamSettings": {
"network": "ws",
"path": "/path"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

View File

@ -0,0 +1,26 @@
# 最低版本要求
NGINX的最低版本要求为 1.13.10:\
[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)
V2Ray-core的最低版本要求为 v4.36.0:\
[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)
## 本设置同样适用于Shadowsocks客户端搭配V2Ray-plugin使用
*你需要一个兼容gRPC的v2ray-plugin程序。
例如由[TeddySun](https://github.com/teddysun)维护的v2ray-plugin叉子: \
[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)*
### 客户端设置
Shadowsocks Windows设置示例:
```properties
Server_IP: mydomain.me OR your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=grpc;serviceName=/michi;host=mydomain.me
```

View File

@ -0,0 +1,28 @@
# Minimum Versions
中文用户请看[这里](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-gRPC-Web-TLS/README-CN.md)
Minimum NGINX version is 1.13.10:\
[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)
Minimum V2Ray-Core version is v4.36.0:\
[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)
## These settings are also compatible with shadowsocks + v2ray-plugins
*You need a grpc compatible v2ray-plugin program to use with shadowsocks client.
For example the one maintained by [TeddySun](https://github.com/teddysun): \
[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)*
### Client Configurations
Shadowsocks Windows Example Config:
```properties
Server_IP: mydomain.me OR your server IP
Server_Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin_Options: tls;mode=grpc;serviceName=/michi;host=mydomain.me
```

View File

@ -0,0 +1,61 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "1081",
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 443,
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
}
]
},
"streamSettings": {
"network": "grpc",
"security": "tls",
"grcpSettings": {
"serviceName": "michi"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

View File

@ -0,0 +1,44 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 12345,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
},
"streamSettings": {
"network": "grpc",
"grpcSettings": {
"serviceName": "michi"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

View File

@ -0,0 +1,32 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/v2ray/v2ray.crt;
ssl_certificate_key /etc/v2ray/v2ray.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name mydomain.me;
location /michi { # This michi shall in consistent with the grpc serviceName in v2ray config.json
if ($request_method != "POST") { # if the request method is not POST for this location, return 404
return 404;
}
grpc_socket_keepalive on;
grpc_intercept_errors on;
grpc_pass grpc://127.0.0.1:12345; # presume v2ray is listening on port 12345
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection "upgrade";
grpc_set_header Host $host;
# Show real IP in v2ray access.log
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}