SRE文档

深浅模式

Deploy Shadowsocks with v2ray-plugin + nginx Enabled

[TOC]

1.下载包

  • mac,自带v2ray-plugin

https://github.com/ssx-ng/ShadowsocksX-NG/releases/download/v1.10.0-alpha/ShadowsocksX-NG.zip

  • win

https://github.com/shadowsocks/shadowsocks-windows/releases/download/4.4.1.0/Shadowsocks-4.4.1.0.zip

https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.1/v2ray-plugin-windows-amd64-v1.3.1.tar.gz

  • linux

https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.1/v2ray-plugin-linux-amd64-v1.3.1.tar.gz

  • android,官方建议使用 Shadowsocks 5.04版或以上版本

https://github.com/shadowsocks/shadowsocks-android/releases/download/v5.2.6/shadowsocks--universal-v5.2.6.apk

https://github.com/shadowsocks/v2ray-plugin-android/releases/download/v1.3.3/v2ray--universal-1.3.3.apk

  • ios

小火箭,需要美版id登陆appstore下载

  • 配置域名

免费域名申请:https://www.freenom.com

DNS解析服务商:https://www.cloudflare.com/

Google Cloud Platform:https://cloud.google.com/

2.nginx安装 

yum install nginx
yum install nginx
  • 配置ss代理
bash
server {
	listen 80;
    server_name vss.freehan.ink;

include /data/apps/nginx/conf/roles/*.conf;
location / {
                rewrite ^(.*)$ https://$host$1 permanent;
            }
}

server {
    listen 443 ssl;
    server_name vss.freehan.ink;

    ssl_certificate /data/apps/nginx/ssl/9262959_vss.freehan.ink.pem;
    ssl_certificate_key /data/apps/nginx/ssl/9262959_vss.freehan.ink.key;
    ssl_session_timeout 3m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    keepalive_timeout     70;
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';


include /data/apps/nginx/conf/roles/*.conf;

if ($geoip2_data_country_name != China){
    return 444;
}
 if ($geoip2_data_country_code != CN) {
    return 444;
 }

location / {
            proxy_pass https://nextcloud.com; #伪装网址
            proxy_redirect off;
            proxy_ssl_server_name on;
            sub_filter_once off;
            sub_filter "nextcloud.com" $server_name;
            proxy_set_header Host "nextcloud.com";
            proxy_set_header Referer $http_referer;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Accept-Encoding "";
            proxy_set_header Accept-Language "zh-CN";
        }
	error_page 404 500 502 503 504 /404.html;
     # 承接上面的location。
     location = /404.html {
          root html;
     }

    location /vss {
	if ($http_upgrade != "websocket") { 
        	return 404;
        }
waf on;
waf_mode STD;
waf_cc_deny on rate=200r/s duration=1h size=100m;
waf_cache capacity=50;
waf_http_status general=444 cc_deny=444;
	proxy_redirect off;
        proxy_pass http://172.31.50.61:10132;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
	deny 123.15.129.1;
	allow all;
	access_log /var/log/nginx/access.log es;
}
server {
	listen 80;
    server_name vss.freehan.ink;

include /data/apps/nginx/conf/roles/*.conf;
location / {
                rewrite ^(.*)$ https://$host$1 permanent;
            }
}

server {
    listen 443 ssl;
    server_name vss.freehan.ink;

    ssl_certificate /data/apps/nginx/ssl/9262959_vss.freehan.ink.pem;
    ssl_certificate_key /data/apps/nginx/ssl/9262959_vss.freehan.ink.key;
    ssl_session_timeout 3m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    keepalive_timeout     70;
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';


include /data/apps/nginx/conf/roles/*.conf;

if ($geoip2_data_country_name != China){
    return 444;
}
 if ($geoip2_data_country_code != CN) {
    return 444;
 }

location / {
            proxy_pass https://nextcloud.com; #伪装网址
            proxy_redirect off;
            proxy_ssl_server_name on;
            sub_filter_once off;
            sub_filter "nextcloud.com" $server_name;
            proxy_set_header Host "nextcloud.com";
            proxy_set_header Referer $http_referer;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Accept-Encoding "";
            proxy_set_header Accept-Language "zh-CN";
        }
	error_page 404 500 502 503 504 /404.html;
     # 承接上面的location。
     location = /404.html {
          root html;
     }

    location /vss {
	if ($http_upgrade != "websocket") { 
        	return 404;
        }
waf on;
waf_mode STD;
waf_cc_deny on rate=200r/s duration=1h size=100m;
waf_cache capacity=50;
waf_http_status general=444 cc_deny=444;
	proxy_redirect off;
        proxy_pass http://172.31.50.61:10132;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
	deny 123.15.129.1;
	allow all;
	access_log /var/log/nginx/access.log es;
}

3.ss安装

。。。

3.1服务端配置 

[root@feiji shadowsocks-libev]# cat config.json 
{
    "server":"0.0.0.0",
    "server_port":10132,
    "local_port":1080,
    "password":"qDepCjE.4",
    "timeout":300,
    "user":"nobody",
    "fast_open":false,
    "mode":"tcp_and_udp",
    "method":"aes-256-gcm",
    "plugin":"/usr/bin/v2ray-plugin",
    "plugin_opts":"server;host=127.0.0.1;path=/vss"
}
[root@feiji shadowsocks-libev]# cat config.json 
{
    "server":"0.0.0.0",
    "server_port":10132,
    "local_port":1080,
    "password":"qDepCjE.4",
    "timeout":300,
    "user":"nobody",
    "fast_open":false,
    "mode":"tcp_and_udp",
    "method":"aes-256-gcm",
    "plugin":"/usr/bin/v2ray-plugin",
    "plugin_opts":"server;host=127.0.0.1;path=/vss"
}
  • 解压
tar zxvf v2ray-plugin-linux-amd64-v1.3.1.tar.gz && mv v2ray-plugin_linux_amd64 /usr/bin/v2ray-plugin
tar zxvf v2ray-plugin-linux-amd64-v1.3.1.tar.gz && mv v2ray-plugin_linux_amd64 /usr/bin/v2ray-plugin
  • 启动服务
#启动,此时ss会自动启动v2ray-plugin 插件

/etc/init.d/shadowsocks start

#关闭ss,此时ss关闭,并不会关闭v2ray插件,需要手动关闭pid
/etc/init.d/shadowsocks stop
#启动,此时ss会自动启动v2ray-plugin 插件

/etc/init.d/shadowsocks start

#关闭ss,此时ss关闭,并不会关闭v2ray插件,需要手动关闭pid
/etc/init.d/shadowsocks stop

3.2win client配置

下载完成将插件v2ray-plugin.exe解压到shadowsocks的文件夹中(使其与shadowsocks.exe平级),启动按如下配置:

image-20220211145235824

3.3macos

将客户端解压到应用目录(客户端会自己安装插件),启动按如下配置:

image-20220211145423646

3.4Android

两个apk安装以后启动按如下配置:

Android设置

启用插件

点击配置

点击右上角对勾,进行保存

3.5ios

小火箭2.1.5以上

地址:     xxx.com
端口:     443 
密码:     xxx
加密方式:  aes-256-gcm 
插件:     v2ray-plugin
插件选项 : tls;host=xxx.com;path=/vss
地址:     xxx.com
端口:     443 
密码:     xxx
加密方式:  aes-256-gcm 
插件:     v2ray-plugin
插件选项 : tls;host=xxx.com;path=/vss

4.配置CDN

选择cloudflare(被墙之后解决方式)

5.脚本安装

Ubuntu 16.04 / Debian 9 wget -O ubuntu-ss-install.sh https://github.com/M3chD09/shadowsocks-with-v2ray-plugin-install/raw/master/ubuntu-ss-install.sh

CentOS 7系统: wget -O centos-ss-install.sh https://github.com/M3chD09/shadowsocks-with-v2ray-plugin-install/raw/master/centos-ss-install.sh

systemctl status shadowsocks              #运行状态
systemctl start shadowsocks                #启动
systemctl stop shadowsocks               #停止
systemctl status shadowsocks              #运行状态
systemctl start shadowsocks                #启动
systemctl stop shadowsocks               #停止