SRE文档1. Hysteria新型翻墙
1.1 介绍
Hysteria 2是一种高效、安全的移动网络软件解决方案,提供了构建科学上网节点的全方位指导。该系统适用于超高带宽和不稳定网络情况,通过为用户提供构建服务端和客户端的方法,达到完善的通信优化和带宽利用效率。
1.2 服务端部署
- 基于rocklinxk
1.安装
bash
[root@laxh1-20241107135815476cbe ~]# bash <(curl -fsSL https://get.hy2.sh/)
63: note: SELinux is detected
Checking for installed version ... not installed
Checking for latest version ... v2.6.1
Downloading hysteria binary: https://github.com/apernet/hysteria/releases/download/app/v2.6.1/hysteria-linux-amd64 ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 17.9M 100 17.9M 0 0 35.2M 0 --:--:-- --:--:-- --:--:-- 35.2M
Installing hysteria executable ... ok
Install /etc/hysteria/config.yaml ... ok
Creating user hysteria ... ok
Install /etc/systemd/system/hysteria-server.service ... ok
Install /etc/systemd/system/hysteria-server@.service ... ok
Congratulation! Hysteria 2 has been successfully installed on your server.
What's next?
+ Take a look at the differences between Hysteria 2 and Hysteria 1 at https://hysteria.network/docs/misc/2-vs-1/
+ Check out the quick server config guide at https://hysteria.network/docs/getting-started/Server/
#-----------出现下面这三个代表安装成功
+ Edit server config file at /etc/hysteria/config.yaml
+ Start your hysteria server with systemctl start hysteria-server.service
+ Configure hysteria start on system boot with systemctl enable hysteria-server.service[root@laxh1-20241107135815476cbe ~]# bash <(curl -fsSL https://get.hy2.sh/)
63: note: SELinux is detected
Checking for installed version ... not installed
Checking for latest version ... v2.6.1
Downloading hysteria binary: https://github.com/apernet/hysteria/releases/download/app/v2.6.1/hysteria-linux-amd64 ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 17.9M 100 17.9M 0 0 35.2M 0 --:--:-- --:--:-- --:--:-- 35.2M
Installing hysteria executable ... ok
Install /etc/hysteria/config.yaml ... ok
Creating user hysteria ... ok
Install /etc/systemd/system/hysteria-server.service ... ok
Install /etc/systemd/system/hysteria-server@.service ... ok
Congratulation! Hysteria 2 has been successfully installed on your server.
What's next?
+ Take a look at the differences between Hysteria 2 and Hysteria 1 at https://hysteria.network/docs/misc/2-vs-1/
+ Check out the quick server config guide at https://hysteria.network/docs/getting-started/Server/
#-----------出现下面这三个代表安装成功
+ Edit server config file at /etc/hysteria/config.yaml
+ Start your hysteria server with systemctl start hysteria-server.service
+ Configure hysteria start on system boot with systemctl enable hysteria-server.service2.配置文件
- 使用ssl证书
bash
cat << EOF > /etc/hysteria/config.yaml
listen: :443 #监听端口
#使用CA证书
acme:
domains:
- a.com #你的域名,需要先解析到服务器ip
email: test@sharklasers.com
#使用自签证书
#tls:
# cert: /etc/hysteria/server.crt
# key: /etc/hysteria/server.key
auth:
type: password
password: 123456 #设置认证密码
masquerade:
type: proxy
proxy:
url: https://bing.com #伪装网址
rewriteHost: true
disableUDP: false
udpIdleTimeout: 60s
quic:
initStreamReceiveWindow: 8388608
maxStreamReceiveWindow: 8388608
initConnReceiveWindow: 20971520
maxConnReceiveWindow: 20971520
maxIdleTimeout: 30s
maxIncomingStreams: 1024
disablePathMTUDiscovery: false
EOFcat << EOF > /etc/hysteria/config.yaml
listen: :443 #监听端口
#使用CA证书
acme:
domains:
- a.com #你的域名,需要先解析到服务器ip
email: test@sharklasers.com
#使用自签证书
#tls:
# cert: /etc/hysteria/server.crt
# key: /etc/hysteria/server.key
auth:
type: password
password: 123456 #设置认证密码
masquerade:
type: proxy
proxy:
url: https://bing.com #伪装网址
rewriteHost: true
disableUDP: false
udpIdleTimeout: 60s
quic:
initStreamReceiveWindow: 8388608
maxStreamReceiveWindow: 8388608
initConnReceiveWindow: 20971520
maxConnReceiveWindow: 20971520
maxIdleTimeout: 30s
maxIncomingStreams: 1024
disablePathMTUDiscovery: false
EOF- 使用自签证书
bash
#生成自签证书
openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout /etc/hysteria/server.key -out /etc/hysteria/server.crt -subj "/CN=bing.com" -days 36500 && sudo chown hysteria /etc/hysteria/server.key && sudo chown hysteria /etc/hysteria/server.crt#生成自签证书
openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout /etc/hysteria/server.key -out /etc/hysteria/server.crt -subj "/CN=bing.com" -days 36500 && sudo chown hysteria /etc/hysteria/server.key && sudo chown hysteria /etc/hysteria/server.crtcat << EOF > /etc/hysteria/config.yaml
listen: :443 #监听端口
#使用CA证书
#acme:
# domains:
# - a.com #你的域名,需要先解析到服务器ip
# email: test@sharklasers.com
#使用自签证书
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: han123456!@# #设置认证密码
masquerade:
type: proxy
proxy:
url: https://bing.com #伪装网址
rewriteHost: true
EOFcat << EOF > /etc/hysteria/config.yaml
listen: :443 #监听端口
#使用CA证书
#acme:
# domains:
# - a.com #你的域名,需要先解析到服务器ip
# email: test@sharklasers.com
#使用自签证书
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: han123456!@# #设置认证密码
masquerade:
type: proxy
proxy:
url: https://bing.com #伪装网址
rewriteHost: true
EOF3.启动
bash
[root@laxh1-20241107135815476cbe ~]# systemctl status hysteria-server.service
● hysteria-server.service - Hysteria Server Service (config.yaml)
Loaded: loaded (/etc/systemd/system/hysteria-server.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2025-02-26 09:29:46 UTC; 48s ago
Main PID: 569230 (hysteria)
Tasks: 4 (limit: 4704)
Memory: 7.2M
CGroup: /system.slice/hysteria-server.service
└─569230 /usr/local/bin/hysteria server --config /etc/hysteria/config.yaml
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO obtain acquiring lock >
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO maintenance started backg>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO obtain lock acquired >
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO obtain obtaining certific>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO waiting on internal rate limiter>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO done waiting on internal rate li>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO acme_client trying to sol>
Feb 26 09:30:17 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:30:17Z ERROR acme_client challenge fa>
Feb 26 09:30:17 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:30:17Z ERROR acme_client validating a>
Feb 26 09:30:18 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:30:18Z INFO acme_client trying to sol[root@laxh1-20241107135815476cbe ~]# systemctl status hysteria-server.service
● hysteria-server.service - Hysteria Server Service (config.yaml)
Loaded: loaded (/etc/systemd/system/hysteria-server.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2025-02-26 09:29:46 UTC; 48s ago
Main PID: 569230 (hysteria)
Tasks: 4 (limit: 4704)
Memory: 7.2M
CGroup: /system.slice/hysteria-server.service
└─569230 /usr/local/bin/hysteria server --config /etc/hysteria/config.yaml
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO obtain acquiring lock >
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO maintenance started backg>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO obtain lock acquired >
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO obtain obtaining certific>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO waiting on internal rate limiter>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO done waiting on internal rate li>
Feb 26 09:29:46 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:29:46Z INFO acme_client trying to sol>
Feb 26 09:30:17 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:30:17Z ERROR acme_client challenge fa>
Feb 26 09:30:17 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:30:17Z ERROR acme_client validating a>
Feb 26 09:30:18 laxh1-20241107135815476cbe hysteria[569230]: 2025-02-26T09:30:18Z INFO acme_client trying to sol出现上面两个error,需要把80,443开放下
bash
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p udp --dport 443 -j ACCEPT
iptables -I INPUT -p udp --dport 6443 -j ACCEPT
端口跳跃:
开放20000-50000之间的端口号:
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 20000:50000 -j DNAT --to-destination :6443
删除20000-50000之间的端口号:
iptables -t nat -D PREROUTING -i ens33 -p udp --dport 20000:50000 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 16669 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 27740 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 39171 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 49895 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 55831 -j DNAT --to-destination :6443iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p udp --dport 443 -j ACCEPT
iptables -I INPUT -p udp --dport 6443 -j ACCEPT
端口跳跃:
开放20000-50000之间的端口号:
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 20000:50000 -j DNAT --to-destination :6443
删除20000-50000之间的端口号:
iptables -t nat -D PREROUTING -i ens33 -p udp --dport 20000:50000 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 16669 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 27740 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 39171 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 49895 -j DNAT --to-destination :6443
iptables -t nat -A PREROUTING -i ens33 -p udp --dport 55831 -j DNAT --to-destination :6443systemctl enable --now hysteria-server.service
#启动Hysteria2
systemctl start hysteria-server.service
#重启Hysteria2
systemctl restart hysteria-server.service
#查看Hysteria2状态
systemctl status hysteria-server.service
#停止Hysteria2
systemctl stop hysteria-server.service
#设置开机自启
systemctl enable hysteria-server.service
#查看日志
journalctl -u hysteria-server.servicesystemctl enable --now hysteria-server.service
#启动Hysteria2
systemctl start hysteria-server.service
#重启Hysteria2
systemctl restart hysteria-server.service
#查看Hysteria2状态
systemctl status hysteria-server.service
#停止Hysteria2
systemctl stop hysteria-server.service
#设置开机自启
systemctl enable hysteria-server.service
#查看日志
journalctl -u hysteria-server.servicebash
[root@laxh1-20241107135815476cbe ~]# systemctl status hysteria-server.service
● hysteria-server.service - Hysteria Server Service (config.yaml)
Loaded: loaded (/etc/systemd/system/hysteria-server.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2025-02-26 09:40:41 UTC; 4s ago
Main PID: 569568 (hysteria)
Tasks: 4 (limit: 4704)
Memory: 8.7M
CGroup: /system.slice/hysteria-server.service
└─569568 /usr/local/bin/hysteria server --config /etc/hysteria/config.yaml
Feb 26 09:40:41 laxh1-20241107135815476cbe systemd[1]: Started Hysteria Server Service (config.yaml).
Feb 26 09:40:41 laxh1-20241107135815476cbe hysteria[569568]: 2025-02-26T09:40:41Z INFO server mode
Feb 26 09:40:41 laxh1-20241107135815476cbe hysteria[569568]: 2025-02-26T09:40:41Z INFO server up and running[root@laxh1-20241107135815476cbe ~]# systemctl status hysteria-server.service
● hysteria-server.service - Hysteria Server Service (config.yaml)
Loaded: loaded (/etc/systemd/system/hysteria-server.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2025-02-26 09:40:41 UTC; 4s ago
Main PID: 569568 (hysteria)
Tasks: 4 (limit: 4704)
Memory: 8.7M
CGroup: /system.slice/hysteria-server.service
└─569568 /usr/local/bin/hysteria server --config /etc/hysteria/config.yaml
Feb 26 09:40:41 laxh1-20241107135815476cbe systemd[1]: Started Hysteria Server Service (config.yaml).
Feb 26 09:40:41 laxh1-20241107135815476cbe hysteria[569568]: 2025-02-26T09:40:41Z INFO server mode
Feb 26 09:40:41 laxh1-20241107135815476cbe hysteria[569568]: 2025-02-26T09:40:41Z INFO server up and running1.3 客户端
1.配置文件
- win下保存成hy.txt
bash
server: ip:443
auth: han123456!@#
bandwidth:
up: 20 mbps
down: 50 mbps
tls:
sni: bing.com #非自签证书,自定义域名
insecure: true #使用自签时需要改成true,如果是ssl,则是false
socks5:
listen: 127.0.0.1:1080
http:
listen: 127.0.0.1:8080server: ip:443
auth: han123456!@#
bandwidth:
up: 20 mbps
down: 50 mbps
tls:
sni: bing.com #非自签证书,自定义域名
insecure: true #使用自签时需要改成true,如果是ssl,则是false
socks5:
listen: 127.0.0.1:1080
http:
listen: 127.0.0.1:80802.win客户端
v2rayN 下载
Hysteria 2下载
Hysteria 2文档
解压v2rayN,不用安装
把Hysteria下载的文件放到D:\nginx\v2rayN-Core\bin\hysteria2,根据自己路径进行放置
配置v2rayN
3.Android客户端(SFA)
sing-box文档
Android客户端(SFA)
sing-box配置文件(Android/IOS)
- ssl证书
bash
{
"dns": {
"servers": [
{
"tag": "cf",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"outbound": "any",
"server": "local"
},
{
"geosite": "cn",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false,
"sniff": true
}
],
"outbounds": [
{
"type": "hysteria2",
"tag": "proxy",
"server": "ip",
"server_port": 443,
"up_mbps": 20,
"down_mbps": 50,
"password": "123456",
"tls": {
"enabled": true,
"server_name": "xxx.com",
"insecure": true
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": "cn",
"geoip": [
"private",
"cn"
],
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
],
"auto_detect_interface": true
}
}{
"dns": {
"servers": [
{
"tag": "cf",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"outbound": "any",
"server": "local"
},
{
"geosite": "cn",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false,
"sniff": true
}
],
"outbounds": [
{
"type": "hysteria2",
"tag": "proxy",
"server": "ip",
"server_port": 443,
"up_mbps": 20,
"down_mbps": 50,
"password": "123456",
"tls": {
"enabled": true,
"server_name": "xxx.com",
"insecure": true
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": "cn",
"geoip": [
"private",
"cn"
],
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
],
"auto_detect_interface": true
}
}- 自签证书
bash
{
"dns": {
"servers": [
{
"tag": "cf",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"outbound": "any",
"server": "local"
},
{
"geosite": "cn",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false,
"sniff": true
}
],
"outbounds": [
{
"type": "hysteria2",
"tag": "proxy",
"server": "ip",
"server_port": 443,
"up_mbps": 20,
"down_mbps": 50,
"password": "123456",
"tls": {
"enabled": true,
"server_name": "a.com",
"insecure": false
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": "cn",
"geoip": [
"private",
"cn"
],
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
],
"auto_detect_interface": true
}
}{
"dns": {
"servers": [
{
"tag": "cf",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"outbound": "any",
"server": "local"
},
{
"geosite": "cn",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false,
"sniff": true
}
],
"outbounds": [
{
"type": "hysteria2",
"tag": "proxy",
"server": "ip",
"server_port": 443,
"up_mbps": 20,
"down_mbps": 50,
"password": "123456",
"tls": {
"enabled": true,
"server_name": "a.com",
"insecure": false
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": "cn",
"geoip": [
"private",
"cn"
],
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
],
"auto_detect_interface": true
}
}注意修改ip、端口、密码、tls
- 下载
- 安装
- 添加配置
之后点击返回,自动保存
点击左上角箭头返回
- 开启服务
第一次下载会下载配置
最终结果显示
4.IOS客户端(TestFlight)
https://testflight.apple.com/join/AcqO44FH (1.5.0 beta版支持Hysteria 2)
- 安装TestFlight
点击开始测试
开始安装
安装vpn配置
后续和安卓操作方式一样
5.IOS客户端(AppStore)
https://apps.apple.com/us/app/sing-box/id6451272673
需要美区id进行下载
6.Karing客户端(AppStore)
需要美区id进行下载,免费
7.karing客户端(android)
https://karing.app/quickstart/
8.小飞机客户端
分享连接,导入到小飞机
9.mac客户端
- inter芯片
下载
https://github.com/2dust/v2rayN/releases/download/7.10.5/v2rayN-macos-64.dmg
https://github.com/apernet/hysteria/releases/download/app%2Fv2.6.1/hysteria-linux-386
- arm芯片
https://github.com/2dust/v2rayN/releases/download/7.10.5/v2rayN-macos-arm64.dmg
https://github.com/apernet/hysteria/releases/download/app%2Fv2.6.1/hysteria-linux-arm
- 安装v2rayN
v2rayN-macos-64.dmg,双击运行
- 安装hysteria
根据提示安装hysteria
macOS问题
非
zip格式包为安装版,存储文件位置为系统规定的用户文件中支持的系统版本
bashmacOS 11+macOS 11+
macOS x64
v2rayN-macos-64.zip执行:chmod +x v2rayN普通用户运行./v2rayNv2rayN-macos-64.dmg由于安装包没有签名,会提示应用已损坏;安装后需要运行:xattr -cr /Applications/v2rayN.app
macOS arm64
v2rayN-macos-arm64.zip执行:chmod +x v2rayN普通用户运行./v2rayNv2rayN-macos-arm64.dmg由于安装包没有签名,会提示应用已损坏;安装后需要运行:xattr -cr /Applications/v2rayN.app
2.基于ubuntu
bash
apt update -y && apt install -y curl && apt install -y socat
wget -N --no-check-certificate https://raw.githubusercontent.com/flame1ce/hysteria2-install/main/hysteria2-install-main/hy2/hysteria.sh && bash hysteria.shapt update -y && apt install -y curl && apt install -y socat
wget -N --no-check-certificate https://raw.githubusercontent.com/flame1ce/hysteria2-install/main/hysteria2-install-main/hy2/hysteria.sh && bash hysteria.sh脚本地址:SINB-BOX
脚本地址:3X-UI面板
脚本地址:H-UI面板
xboard面板,https://www.youtube.com/watch?v=Fwn0nFbB0zY&t=104s
https://github.com/cedar2025/Xboard
对接usdt
https://github.com/utgpay2/V2Boardusdtapi?tab=readme-ov-file
php环境,https://nextpanel.dev/docs/installation/debian
3.基于singbox
bash
bash <(wget -qO- -o- https://github.com/233boy/sing-box/raw/main/install.sh)bash <(wget -qO- -o- https://github.com/233boy/sing-box/raw/main/install.sh)4.高级用法
4.1 acl
bash
cat config.yaml
listen: :443 #监听端口
#使用自签证书
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: 9X05Ewu*UaYo8*o2
acl:
ruleset: "/etc/hysteria/acl.yml"
masquerade:
type: proxy
proxy:
url: https://bing.com #伪装网址
rewriteHost: truecat config.yaml
listen: :443 #监听端口
#使用自签证书
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: 9X05Ewu*UaYo8*o2
acl:
ruleset: "/etc/hysteria/acl.yml"
masquerade:
type: proxy
proxy:
url: https://bing.com #伪装网址
rewriteHost: true- 创建acl.yml
bash
# 默认规则("direct" 直连, "block" 拦截, "proxy" 走代理)
default: proxy
# 拦截访问 YouTube 和 TikTok
rules:
- rule: block
domains:
- "*.youtube.com"
- "*.googlevideo.com"
- "*.tiktok.com"
- "x.com"
- "*.netflix.com"
- "*.dailymotion.com"
- "*.vimeo.com"
- "*.disneyplus.com"
- "gemini.google.com"
# 允许访问本地内网(直连)
- rule: direct
ip:
- 192.168.0.0/16
- 10.0.0.0/8
- fd00::/8
# 阻止访问某些 IP(比如某些 CDN)
- rule: block
ip:
- 203.0.113.0/24
- 198.51.100.0/24
# 让特定域名直连
# - rule: direct
# domains:
# - "*.example.com"
# 让所有中国大陆网站直连(可结合 ChinaList 使用)
- rule: direct
ip:
- 223.5.5.5/32 # AliDNS
- 114.114.114.114/32 # 114DNS
- 211.136.17.107/32 # China Mobile DNS# 默认规则("direct" 直连, "block" 拦截, "proxy" 走代理)
default: proxy
# 拦截访问 YouTube 和 TikTok
rules:
- rule: block
domains:
- "*.youtube.com"
- "*.googlevideo.com"
- "*.tiktok.com"
- "x.com"
- "*.netflix.com"
- "*.dailymotion.com"
- "*.vimeo.com"
- "*.disneyplus.com"
- "gemini.google.com"
# 允许访问本地内网(直连)
- rule: direct
ip:
- 192.168.0.0/16
- 10.0.0.0/8
- fd00::/8
# 阻止访问某些 IP(比如某些 CDN)
- rule: block
ip:
- 203.0.113.0/24
- 198.51.100.0/24
# 让特定域名直连
# - rule: direct
# domains:
# - "*.example.com"
# 让所有中国大陆网站直连(可结合 ChinaList 使用)
- rule: direct
ip:
- 223.5.5.5/32 # AliDNS
- 114.114.114.114/32 # 114DNS
- 211.136.17.107/32 # China Mobile DNS4.2 端口跳跃
长时间单端口 UDP 连接容易被运营商封锁/QoS 的问题。如遇类似问题可尝试使用端口跳跃来解决。
1.服务端配置
bash
# IPv4
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 20000:50000 -j DNAT --to-destination :443
# IPv6
ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 20000:50000 -j DNAT --to-destination :443
#查看
iptables -t nat -nL --line # 查看当前的ipv4网络的规则
#删除
iptables -t nat -D PREROUTING 3 # 删除第三条规则# IPv4
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 20000:50000 -j DNAT --to-destination :443
# IPv6
ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 20000:50000 -j DNAT --to-destination :443
#查看
iptables -t nat -nL --line # 查看当前的ipv4网络的规则
#删除
iptables -t nat -D PREROUTING 3 # 删除第三条规则2.客户端配置
touch hy.txt
json
server: 192.168.10:20000-50000
auth: 4ccf98969
bandwidth:
up: 20 mbps
down: 50 mbps
transport:
udp:
hopInterval: 30s
tls:
sni: bing.com
insecure: true #使用自签时需要改成true
socks5:
listen: 127.0.0.1:1080
http:
listen: 127.0.0.1:8080server: 192.168.10:20000-50000
auth: 4ccf98969
bandwidth:
up: 20 mbps
down: 50 mbps
transport:
udp:
hopInterval: 30s
tls:
sni: bing.com
insecure: true #使用自签时需要改成true
socks5:
listen: 127.0.0.1:1080
http:
listen: 127.0.0.1:8080图形看1.3配置
server:example.com:1145,5144 表示服务器在 1145 和 5144 端口上可用(共 2 个端口)
server:example.com:20000-50000 表示服务器在 20000 到 50000 端口上可用(共 30001 个端口)
server:example.com:1145,5144-10240 表示服务器在 1145 和 5144-10240 端口上可用(共 5098 个端口)
对端口的数量没有限制,可以添加任意多个端口/端口范围。
客户端会在连接时随机选择一个端口进行连接,并每过一段时间(默认 10 秒,由客户端配置中的 hop_interval 控制)随机选择一个新端口进行连接。切换的过程对上层应用是透明的,正常情况下不会造成任何数据丢失/连接中断。
5.FAQ
开启git代理,可以提交github仓库
开启v2ray后,默认端口是20808,根据自己环境进行修改
- socks代理,选其一即可
git config --global http.proxy socks://127.0.0.1:20808
git config --global https.proxy socks://127.0.0.1:20808git config --global http.proxy socks://127.0.0.1:20808
git config --global https.proxy socks://127.0.0.1:20808- http代理
bash
git config --global http.proxy http://127.0.0.1:20809
git config --global https.proxy https://127.0.0.1:20809git config --global http.proxy http://127.0.0.1:20809
git config --global https.proxy https://127.0.0.1:20809❌ 注意
socks代理与http代理不能同时配置,因为config的key相同,会造成覆盖
- 验证
bash
git config --listgit config --list- 删除
bash
git config --global --unset http.proxy
git config --global --unset https.proxygit config --global --unset http.proxy
git config --global --unset https.proxy