V2Ray + WebSocket + TLS + CDN
[Recommended] If you would like to try the latest VLESS+TCP+XTLS, please refer to the link below:
Henry
This article works with Web services and implements TLS and WebSocket at the same time. About Web software, this tutorial gives three examples of Nginx, Caddy and Apache. You can choose one of the three, or you can choose other softwares.
Nginx / Caddy / Apache is used because VPS already has Nginx / Caddy / Apache which can hide V2Ray a little bit.
WebSocket is used because with Nginx / Caddy / Apache only WebSocket can be used.
TLS is used because it can encrypt traffic, which looks more like HTTPS.
Perhaps the configuration combination of WebSocket+TLS+Web is relatively good, but it does not mean that this configuration is suitable for everyone.
1. Server Configuration
{
"inbounds": [
{
"port": 12345, #Set your own port (better replace 12345), which does not conflict with current ones
"Listen":"127.0.0.1", #Only listen to 127.0.0.1, to prevent being detected that port 12345 is open by others (while your own server can still use port 12345)
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "a176cdfd-578f-418c-b4d0-ca7134a7883a", //Replace your own UUID here
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/nameofpath" #Replace your own path name here, such as “live”, “news”, etc. Keep the “/”
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
2.1 Nginx Configuration (example)
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/v2ray/v2ray.crt; #Replace your cert path here
ssl_certificate_key /etc/v2ray/v2ray.key; #Replace your cert path here
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name example.com; #Replace your root domain here
location /nameofpath { #Keep consistent with the path in the V2Ray server configuration
proxy_redirect off;
proxy_pass http://127.0.0.1:12345; #Keep consistent with the port in the V2Ray server configuration
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2.2 Caddy Configuration (example)
Because Caddy will automatically apply for a certificate and update it automatically, there is no need to specify a certificate or key.
Caddy V1 (deprecated):
example.com
{
log ./caddy.log
proxy /nameofpath localhost:12345 { #Replace path and port here
websocket
header_upstream -Origin
}
}
Caddy V2 (recommended):
example.com, www.example.com
{
reverse_proxy localhost:3000 { #This port 3000 can be your major service, such as wordpress, ghost, nextcloud, etc
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
reverse_proxy /nameofpath/* localhost:12345 { #Important:Caddy V2 syntax is different from V1. You have to type with both "/"s and "*", which means you also have to modify the path format from /nameofpath to /nameofpath/ in (1)V2ray server configuration, (2)Client configuration
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
- Apache Configuration (example)
<VirtualHost *:443>
ServerName example.com #Replace root domain here
SSLCertificateFile /etc/v2ray/v2ray.crt #Replace cert path
SSLCertificateKeyFile /etc/v2ray/v2ray.key #Replace cert path
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL
<Location "/nameofpath">
ProxyPass ws://127.0.0.1:12345/nameofpath upgrade=WebSocket #Keep consistent with the path and port in the V2Ray server configuration
ProxyAddHeaders Off
ProxyPreserveHost On
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
</Location>
</VirtualHost>
4. Client Configuration
{
"inbounds": [
{
"port": 1080, #Some client may be 1081 or others, YMMV
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "example.com", #Replace root domain here
"port": 443, #Keep port 443, since you enabled https
"users": [
{
"id": "a176cdfd-578f-418c-b4d0-ca7134a7883a", #Match the UUID on server configuration
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/nameofpath" #Keep consistent with the path in the V2Ray server configuration
}
}
}
]
}
Update 20200815
The previous V2Ray one-click script will be obsolete soon. Please switch to the fhs-install-v2ray project in time. Github: https://github.com/v2fly/fhs-install-v2ray
If you want to delete the previous installation:
systemctl stop v2ray
systemctl disable v2ray
rm -rf /etc/v2ray/* #config file
rm -rf /usr/bin/v2ray/* #program
rm -rf /var/log/v2ray/* #log
rm -rf /lib/systemd/system/v2ray.service #systemd init
rm -rf /etc/init.d/v2ray #sysv init
New installation:
# Download script (always check script first before running)
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh
# Install or update V2Ray
bash install-release.sh
# Install or update geoip.dat and geosite.dat
bash install-dat-release.sh
# Remove V2Ray
bash install-release.sh --remove
The config file, config.json, used to be at /etc/v2ray/
Now config.json is divided into several parts, for the convenience of setup, and they are by default at /usr/local/etc/v2ray/