0%

使用caddy实现v2ray流量伪装

Caddy:一个方便配置的 web server

本质上要做的事情是让caddy做反向代理服务器转发v2ray流量,caddy的好处是自己申请证书实现https,这样伪装成的tls流量更不容易被发现

安装

Get caddy

1
sudo curl https://getcaddy.com | bash -s personal

Get v2ray

1
sudo bash <(curl -L -s https://install.direct/go.sh)

配置

注册caddy服务

让caddy拥有非root用户打开端口的权限

1
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

如果出现setcap: command not found那就安装一下libcap2-bin

1
sudo apt install libcap2-bin

创建用户和所需目录并且只赋予必要的权限

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
sudo groupadd -g 33 www-data
sudo useradd \
-g www-data --no-user-group \
--home-dir /var/www --no-create-home \
--shell /usr/sbin/nologin \
--system --uid 33 www-data

sudo mkdir /etc/ssl/caddy
sudo chown -R root:www-data /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy

sudo touch /var/log/caddy.log
sudo chown root:www-data /var/log/caddy.log
sudo chmod 0770 /var/log/caddy.log

sudo mkdir /etc/caddy
sudo chown -R root:root /etc/caddy
sudo touch /etc/caddy/Caddyfile
sudo chown root:root /etc/caddy/Caddyfile
sudo chmod 644 /etc/caddy/Caddyfile

sudo mkdir /var/www
sudo chown www-data:www-data /var/www
sudo chmod 555 /var/www

上面创建了三个目录,/etc/caddy/Caddyfile 是 Caddy 的配置文件,/etc/ssl/caddy 存放证书,/var/www 是默认的网站目录。

把官方提供的脚本 caddy.service下载到 /etc/systemd/system/ 并重新加载 systemd daemon,让配置生效。

1
2
3
4
5
6
wget https://raw.githubusercontent.com/caddyserver/caddy/master/dist/init/linux-systemd/caddy.service
sudo cp caddy.service /etc/systemd/system/
sudo chown root:root /etc/systemd/system/caddy.service
sudo chmod 644 /etc/systemd/system/caddy.service
sudo systemctl daemon-reload
sudo systemctl start caddy.service

让 Caddy 开机自启。

1
sudo systemctl enable caddy.service

至此,Caddy 已经成功注册服务,并能够开机自启了。

配置Caddyfile

修改/etc/caddy/Caddyfile文件内容如下,用来配置反向代理,mydomain.me替换为你的域名:
(点右上链接后可以编辑配置文件后再复制)

/etc/caddy/CaddyfileCaddyfile
1
2
3
4
5
6
7
8
9
10
mydomain.me
{
root /var/www/mydomain.me
tls 你的邮箱
log /var/log/caddy.log
proxy /ray localhost:10000 {
websocket
header_upstream -Origin
}
}

重启caddy服务器

1
sudo systemctl restart caddy

配置v2ray conf

修改/etc/v2ray/config.json文件内容:

/etc/v2ray/config.jsonconfig.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",//只监听 127.0.0.1,避免除本机外的机器探测到开放了 10000 端口
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}

完事

客户端配置

/etc/v2ray/config.jsonconfig.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "mydomain.me",
"port": 443,
"users": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/ray"
}
}
}
]
}

参考:
https://github.com/caddyserver/caddy/tree/master/dist/init/linux-systemd
https://guide.v2fly.org/advanced/wss_and_web.html

Note:另一种伪装的方式

1
2
3
4
5
6
7
8
"transport": {
"quicSettings": {
"security": "none",
"key": "",
"header": {
"type": "wechat-video"
}
}