V2Ray on Ubuntu
Deploy v2ray service with SSL authentication on ubuntu server
Install V2Ray
#!/bin/bash
# v2ray Ubuntu系统一键安装脚本
# Author: hijk<https://hijk.art>
# URL: https://raw.githubusercontent.com/hijkpw/scripts/master/ubuntu_install_v2ray.sh
RED="\033[31m" # Error message
GREEN="\033[32m" # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m" # Info message
PLAIN='\033[0m'
OS=`hostnamectl | grep -i system | cut -d: -f2`
V6_PROXY=""
IP=`curl -sL -4 ip.sb`
if [[ "$?" != "0" ]]; then
IP=`curl -sL -6 ip.sb`
V6_PROXY="https://gh.hijk.art/"
fi
CONFIG_FILE="/etc/v2ray/config.json"
colorEcho() {
echo -e "${1}${@:2}${PLAIN}"
}
checkSystem() {
result=$(id | awk '{print $1}')
if [ $result != "uid=0(root)" ]; then
colorEcho $RED " 请以root身份执行该脚本"
exit 1
fi
res=`lsb_release -d | grep -i ubuntu`
if [ "$?" != "0" ]; then
res=`which apt`
if [ "$?" != "0" ]; then
colorEcho $RED " 系统不是Ubuntu"
exit 1
fi
res=`which systemctl`
if [ "$?" != "0" ]; then
colorEcho $RED " 系统版本过低,请重装系统到高版本后再使用本脚本!"
exit 1
fi
else
result=`lsb_release -d | grep -oE "[0-9.]+"`
main=${result%%.*}
if [ $main -lt 16 ]; then
colorEcho $RED " 不受支持的Ubuntu版本"
exit 1
fi
fi
}
slogon() {
clear
echo "#############################################################"
echo -e "# ${RED}Ubuntu LTS v2ray一键安装脚本${PLAIN} #"
echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #"
echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #"
echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #"
echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #"
echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #"
echo "#############################################################"
echo ""
}
getData() {
while true
do
read -p " 请输入v2ray的端口[1-65535]:" PORT
[ -z "$PORT" ] && PORT="21568"
if [ "${PORT:0:1}" = "0" ]; then
echo -e " ${RED}端口不能以0开头${PLAIN}"
exit 1
fi
expr $PORT + 0 &>/dev/null
if [ $? -eq 0 ]; then
if [ $PORT -ge 1 ] && [ $PORT -le 65535 ]; then
echo ""
colorEcho $BLUE " 端口号: $PORT"
echo ""
break
else
colorEcho $RED " 输入错误,端口号为1-65535的数字"
fi
else
colorEcho $RED " 输入错误,端口号为1-65535的数字"
fi
done
}
preinstall() {
colorEcho $BLUE " 更新系统..."
apt clean all
apt update
apt -y upgrade
colorEcho $BLUE " 安装必要软件"
apt install -y telnet wget vim net-tools ntpdate unzip
res=`which wget`
[ "$?" != "0" ] && apt install -y wget
res=`which netstat`
[ "$?" != "0" ] && apt install -y net-tools
apt autoremove -y
}
installV2ray() {
colorEcho $BLUE " 安装v2ray..."
bash <(curl -sL ${V6_PROXY}https://raw.githubusercontent.com/hijkpw/scripts/master/goV2.sh)
if [ ! -f $CONFIG_FILE ]; then
colorEcho $RED " $OS 安装V2ray失败,请到 https://hijk.art 网站反馈"
exit 1
fi
sed -i -e "s/port\":.*[0-9]*,/port\": ${PORT},/" $CONFIG_FILE
alterid=`shuf -i50-80 -n1`
sed -i -e "s/alterId\":.*[0-9]*/alterId\": ${alterid}/" $CONFIG_FILE
uid=`grep id $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate -u time.nist.gov
systemctl enable v2ray
systemctl restart v2ray
sleep 3
res=`netstat -ntlp| grep ${PORT} | grep v2ray`
if [ "${res}" = "" ]; then
colorEcho $red " $OS 端口号:${PORT},v2启动失败,请检查端口是否被占用!"
exit 1
fi
colorEcho $GREEN " v2ray安装成功!"
}
setFirewall() {
res=`ufw status | grep -i inactive`
if [ "$res" = "" ];then
ufw allow ${PORT}/tcp
ufw allow ${PORT}/udp
fi
}
installBBR() {
result=$(lsmod | grep bbr)
if [ "$result" != "" ]; then
colorEcho $BLUE " BBR模块已安装"
INSTALL_BBR=false
return;
fi
res=`hostnamectl | grep -i openvz`
if [ "$res" != "" ]; then
colorEcho $YELLOW " openvz机器,跳过安装"
INSTALL_BBR=false
return
fi
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $GREEN " BBR模块已启用"
INSTALL_BBR=false
return
fi
colorEcho $BLUE " 安装BBR模块..."
apt install -y --install-recommends linux-generic-hwe-16.04
grub-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=false
}
info() {
if [ ! -f $CONFIG_FILE ]; then
echo -e " ${RED}未安装v2ray!${PLAIN}"
exit 1
fi
port=`grep port $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`
res=`netstat -nltp | grep ${port} | grep v2ray`
[ -z "$res" ] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}"
uid=`grep id $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`
alterid=`grep alterId $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`
res=`grep network $CONFIG_FILE`
[ -z "$res" ] && network="tcp" || network=`grep network $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`
security="auto"
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"tcp\",
\"type\":\"none\",
\"host\":\"\",
\"path\":\"\",
\"tls\":\"\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo ============================================
echo -e " ${BLUE}v2ray运行状态:${PLAIN}${status}"
echo -e " ${BLUE}v2ray配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}"
echo ""
echo -e " ${RED}v2ray配置信息:${PLAIN} "
echo -e " ${BLUE}IP(address):${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}$security${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $link"
}
bbrReboot() {
if [ "${INSTALL_BBR}" == "true" ]; then
echo
colorEcho $BLUE " 为使BBR模块生效,系统将在30秒后重启"
echo
echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"
sleep 30
reboot
fi
}
install() {
echo -n " 系统版本: "
lsb_release -a
checkSystem
getData
preinstall
installBBR
installV2ray
setFirewall
info
bbrReboot
}
uninstall() {
read -p " 确定卸载v2ray吗?(y/n)" answer
[ -z ${answer} ] && answer="n"
if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then
systemctl stop v2ray
systemctl disable v2ray
rm -rf /etc/v2ray/*
rm -rf /usr/bin/v2ray/*
rm -rf /var/log/v2ray/*
rm -rf /etc/systemd/system/v2ray.service
rm -rf /etc/systemd/system/multi-user.target.wants/v2ray.service
echo -e " ${RED}卸载成功${PLAIN}"
fi
}
slogon
action=$1
[ -z $1 ] && action=install
case "$action" in
install|uninstall|info)
${action}
;;
*)
echo " 参数错误"
echo " 用法: `basename $0` [install|uninstall]"
;;
esacInstall Nginx
apt-get install -y nginxConfigure Nginx
替换 your_server.com 为实际服务器域名
/etc/nginx/sites-enabled/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
listen 80;
server_name your_server.com;
location / {
rewrite ^(.*)$ https://$server_name permanent;
}
}
# Default server configuration
#
server {
#listen 80 default_server;
#listen [::]:80 default_server;
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl on;
ssl_certificate cert/your_server.com.pem;
ssl_certificate_key cert/your_server.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/example.com;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
#v2ray
location /nothingtosay {
proxy_redirect off;
proxy_pass http://localhost:1200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Configure V2Ray
添加Log配置
设置监听的端口,需要和Nginx里面一致
Websocket Stream Settings,path 需要和 Nginx里面一致
替换 your-client-id为实际的client id
/etc/v2ray/config.json
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [{
"port": 1200,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "your-client-id",
"level": 1,
"alterId": 69
}
]
},
"streamSettings":
{
"network": "ws",
"wsSettings": {
"path": "/nothingtosay"
}
},
"listen": "127.0.0.1"
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}注意添加环境变量 V2RAY_VMESS_AEAD_FORCED=false,否则会遇到以下报错,而无法连接
rejected common/drain: common/drain: unable to drain connection > websocket: close 1006 (abnormal closure): unexpected EOF > proxy/vmess/encoding: invalid user: VMessAEAD is enforced and a non VMessAEAD connection is received. You can still disable this security feature with environment variable v2ray.vmess.aead.forced = false . You will not be able to enable legacy header workaround in the future.
创建环境变量文件
/etc/v2ray/v2_env
V2RAY_VMESS_AEAD_FORCED=false在v2ray.service中引用该环境变量文件
/etc/systemd/system/v2ray.service
[Service]
...
...
EnvironmentFile=/etc/v2ray/v2_envUpload SSL Certificate
上传SSL证书和私钥到Nginx配置的路径下:
/etc/nginx/cert/your_server.com.pem;
/etc/nginx/cert/your_server.com.key;
Last updated