1. Generating a Private Key:
`openssl genrsa -out domainname.com.key 2048`
2. Generating a Certificate Signing Request:
`openssl req -new -key domainname.com.key -out domainname.com.csr`
3. Create a Self-signed certificate (you can share this certificate):
`openssl x509 -req -days 365 -in domainname.com.csr -signkey domainname.com.key -out sinomail.ml.crt`
@reference_1_tutorials.jenkov.com
OpenSSL for Web Servers
@reference_2_stackexchange.com
How do I produce a CA signed public key?
4. Nginx Configration:
`server {
listen 443 ssl;
server_name _;
root /var/www/domainname.com;
ssl on;
ssl_certificate /root/certs/domainname.com.crt;
ssl_certificate_key /root/certs/domainname.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index Login.html index.html index.htm;
}
location /dir1/dir2 {
proxy_redirect off;
proxy_pass http://127.0.0.1:12345;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
}
}`
@reference_3_nginx.org
Configuring HTTPS servers
@reference_4_theviper24.today
v2ray tips
@reference_5_chrad.ml
使用V2Ray实现科学爱国
-----------------------------
V2Ray server:
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/dir1/dir2" //该路径可以自定义,但是要在Nginx、客户端中保持一致
}
}
Nginx server:
location /dir1/dir2 //这里要与上面的路径一致
{
proxy_redirect off;
proxy_pass http://127.0.0.1:12345; //端口与上面一致
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
V2Ray client:
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "domainname.com", //填入你网站的域名
"allowInsecure": true
},
"wsSettings": {
"connectionReuse": true,
"path": "/dir1/dir2", //与上面的路径一致
"headers": {
"Host": "domainname.com",
"User-Agent": "Mozilla/5.0 **********************************",
"Accept-Language": "en-US,en;q=0.8",
"Accept": "image/webp,image/apng,image/*,*/*;q=0.8"
}
}
}
Note that:
如果证书是自签证书或免费证书(如let's encrypt),会出现
x509: certificate signed by unknown authority
需要在client的streamSettings加上
"tlsSettings":{
"allowInsecure": true
}
-------------------------------------------------
V2Ray shadowsocks server:
{
"method": "aes-256-cfb",
"password": "***************",
"network": "tcp"
}
V2Ray shadowsocks client:
{
"servers": [{
"address": "domainname.com",
"port": 443,
"method": "aes-256-cfb",
"password": "***************"
}]
}
@reference_6_v2ray.com
Shadowsocks
VMESS Client:
"outbound": {
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "domainname.com",
"port": 443,
"users": [
{
"id": "23********************************",
"alterId": 10,
"security": "auto",
"level": 0
}
]
}
]
},
VMESS Server:
{
"log" : {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"port": 8080,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "23***********************************",
"level": 1,
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/dir1/dir2"
}
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
},
"outboundDetour": [
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
}
No comments:
Post a Comment