本质上要做的事情是让caddy做反向代理服务器转发v2ray流量,caddy的好处是自己申请证书实现https,这样伪装成的tls流量更不容易被发现
安装
Get caddy
1
| sudo curl https://getcaddy.com | bash -s personal
|
Get v2ray
1
| sudo bash <(curl -L -s https://install.direct/go.sh)
|
配置
注册caddy服务
让caddy拥有非root用户打开端口的权限
1
| sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
|
如果出现setcap: command not found那就安装一下libcap2-bin:
1
| sudo apt install libcap2-bin
|
创建用户和所需目录并且只赋予必要的权限
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| sudo groupadd -g 33 www-data
sudo useradd \
-g www-data --no-user-group \
--home-dir /var/www --no-create-home \
--shell /usr/sbin/nologin \
--system --uid 33 www-data
sudo mkdir /etc/ssl/caddy
sudo chown -R root:www-data /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy
sudo touch /var/log/caddy.log
sudo chown root:www-data /var/log/caddy.log
sudo chmod 0770 /var/log/caddy.log
sudo mkdir /etc/caddy
sudo chown -R root:root /etc/caddy
sudo touch /etc/caddy/Caddyfile
sudo chown root:root /etc/caddy/Caddyfile
sudo chmod 644 /etc/caddy/Caddyfile
sudo mkdir /var/www
sudo chown www-data:www-data /var/www
sudo chmod 555 /var/www
|
上面创建了三个目录,/etc/caddy/Caddyfile 是 Caddy 的配置文件,/etc/ssl/caddy 存放证书,/var/www 是默认的网站目录。
把官方提供的脚本 caddy.service下载到 /etc/systemd/system/ 并重新加载 systemd daemon,让配置生效。
1
2
3
4
5
6
| wget https://raw.githubusercontent.com/caddyserver/caddy/master/dist/init/linux-systemd/caddy.service
sudo cp caddy.service /etc/systemd/system/
sudo chown root:root /etc/systemd/system/caddy.service
sudo chmod 644 /etc/systemd/system/caddy.service
sudo systemctl daemon-reload
sudo systemctl start caddy.service
|
让 Caddy 开机自启。
1
| sudo systemctl enable caddy.service
|
至此,Caddy 已经成功注册服务,并能够开机自启了。
配置Caddyfile
修改/etc/caddy/Caddyfile文件内容如下,用来配置反向代理,mydomain.me替换为你的域名:
(点右上链接后可以编辑配置文件后再复制)
/etc/caddy/CaddyfileCaddyfile1
2
3
4
5
6
7
8
9
10
| mydomain.me
{
root /var/www/mydomain.me
tls 你的邮箱
log /var/log/caddy.log
proxy /ray localhost:10000 {
websocket
header_upstream -Origin
}
}
|
重启caddy服务器
1
| sudo systemctl restart caddy
|
配置v2ray conf
修改/etc/v2ray/config.json文件内容:
/etc/v2ray/config.jsonconfig.json1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| {
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
|
完事
客户端配置
/etc/v2ray/config.jsonconfig.json1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| {
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "mydomain.me",
"port": 443,
"users": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/ray"
}
}
}
]
}
|
参考:
https://github.com/caddyserver/caddy/tree/master/dist/init/linux-systemd
https://guide.v2fly.org/advanced/wss_and_web.html
Note:另一种伪装的方式
1
2
3
4
5
6
7
8
| "transport": {
"quicSettings": {
"security": "none",
"key": "",
"header": {
"type": "wechat-video"
}
}
|