安装BBR
推荐使用一键脚本。
wget https://cdn.statically.io/gh/LKSIUS/SH/main/bbr.sh && bash bbr.sh
解析域名
在Cloudflare中添加DNS,将你的服务器地址与域名地址绑定,并在将SSL/TLS中加密模式改为完全。
安装WARP
非IPV6 only的机器请跳过这一步。IPV6 only的机器,要想用来科学上网就需要通过安装WARP补全IPV4,以获取完整的上网体验。推荐使用fscarmen的WARP脚本,项目地址见GitLab。
wget -N https://gitlab.com/fscarmen/warp/-/raw/main/menu.sh && bash menu.sh [option] [lisence/url/token]
wget -N https://gitlab.com/fscarmen/warp/-/raw/main/warp-go.sh && bash warp-go.sh [option] [lisence]
Warp和Warp-go选择其一,按照引导安装,添加IPV4代理或添加双栈代理。
创建配置文件
创建Xray配置文件,采用Trojan+WS的方式。
mkdir -p /opt/xray/temp && cd /opt/xray/temp
vi /opt/xray/config.json
{
"log": {
"loglevel": "none"
},
"inbounds": [
{
"port": 2096,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "hmk$5JYoOdLOpz*8Crt5S54Dv"
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificate": [
"-----BEGIN CERTIFICATE-----",
"MIIEFTCCAv2gAwIBAgIUbfrSU0CYNdeyEGzzSDa3p9NJek8wDQYJKoZIhvcNAQEL",
"BQAwgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH",
"Ew1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMRswGQYD",
"VQQLExJ3d3cuY2xvdWRmbGFyZS5jb20xNDAyBgNVBAMTK01hbmFnZWQgQ0EgZmY0",
"OWI0YjZlMzgzNjI1ZGE5Y2QyZmIwM2FjNWFiN2YwHhcNMjIxMTI0MDg0NTAwWhcN",
"MzcxMTIwMDg0NTAwWjAiMQswCQYDVQQGEwJVUzETMBEGA1UEAxMKQ2xvdWRmbGFy",
"ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp2vF+DEpzE/eH8txam",
"2uqBay88JqwHWyZLHZnds2p72a0EBtUitRc6Ilc/CNnAy1gLMcxSVQ45uTHS/we2",
"3PLluZLuF7KQ6dcVPmwYtEWVlxbDkaX1xcGCF3r/Fqh+Oc5zUqEc6BAK4lwYZbfS",
"QbTTQ3i5CLbpIVxS/cS4SJpHCQ+PIUnjVep75xbNEwJs5a7WKSFsGLQyAAuZocMg",
"jiB3gSEjaouVdMigeddPMjQChYsLrlx6qmKZ2EQzNc0bZxnJemcB7Ul0GwG4xT+G",
"KYVHebh8RB2yXzHFC9sy5DSbXcgyUW+rLoLcxq+pNn97kuev3WlK+ndclYpBjeac",
"7O0CAwEAAaOBuzCBuDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA",
"MB0GA1UdDgQWBBSDbosPCDWM41A5cyqT3MtMq+M8IzAfBgNVHSMEGDAWgBQWGvjZ",
"ZaczhuI0IPc1zsUvRr2IYjBTBgNVHR8ETDBKMEigRqBEhkJodHRwOi8vY3JsLmNs",
"b3VkZmxhcmUuY29tL2JjMjA2M2Q5LWVkYzMtNDNjYy1hMWZiLWIyYzIwZTMyNTQ2",
"OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAEBS4/+Uor1Iv2oAXG4k06dDp1lLNwRj",
"crQfRrzdfQt7UveCPqFGFAtMiv7lB27a7gpHK0iA82n0gcS+RnaMHgVECom5dzwj",
"u1eZNeoHyN40QpQUXKGd7deCGc6th9kfAFWV5oRIfT6RRcfPvS5uKTqnPx9QP6xs",
"mUfQScTVESG9pp9p+xKKbYd6HVa7WDMSWfK1zl/UFfqqgRRG5w9x0kNeV+awSWjn",
"6uDMnDu+dzrvQ5fDwy/xlgCEsJoJ3GO1ZhNRfSgrf1KMPbq5KdPGF25jxdE0UZM2",
"JSPqHohPSoch36DK2bcRgmpw7uQ5dkjFi+T+jWRrnPz/e9+5VknmRXE=",
"-----END CERTIFICATE-----"
],
"key": [
"-----BEGIN PRIVATE KEY-----",
"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKdrxfgxKcxP3h",
"/LcWptrqgWsvPCasB1smSx2Z3bNqe9mtBAbVIrUXOiJXPwjZwMtYCzHMUlUOObkx",
"0v8Httzy5bmS7heykOnXFT5sGLRFlZcWw5Gl9cXBghd6/xaofjnOc1KhHOgQCuJc",
"GGW30kG000N4uQi26SFcUv3EuEiaRwkPjyFJ41Xqe+cWzRMCbOWu1ikhbBi0MgAL",
"maHDII4gd4EhI2qLlXTIoHnXTzI0AoWLC65ceqpimdhEMzXNG2cZyXpnAe1JdBsB",
"uMU/himFR3m4fEQdsl8xxQvbMuQ0m13IMlFvqy6C3MavqTZ/e5Lnr91pSvp3XJWK",
"QY3mnOztAgMBAAECggEAT6WdHj/McyKls6C8j+ss5KLr/QV/Ox6bs3lKWEzYd3Po",
"YoFahL8mGVCT0NmpzCvlcqnYucXL0xBPM/QKwsijq+RGeDA031jVvPiM+W5QgK1D",
"5j8iTXTdim34ebje+4LIj9hbMalS+3ikqtEoNsO+eHnBqby02mvk5VJ6pUhPu2yx",
"rrAW6+3QdP7HlCnXd6SOG/ZUojIe3D2UmHb2hdFDsPJxN0NK39ukcTx5XIOcpq0+",
"zRKEcu5I3PaxtZ4TP5MeUGON30RmnLBSMCWs11r8umCHph6Bfvxxh0XodtTHpGt7",
"ym27zCrfKF4foYWPUUjJvNqOAr7O8h6DH5pw3s2CiwKBgQD4QlXlpCyd9FG42R4U",
"mw/PmU4/kLflSS0HVqdNw21XDy+vjCYfTv50+vAFQI8s6vlnQXEgfSkvt33WkWkX",
"JSvGbb7hqZzV8GmU94bJyUEkaHRkrY7wWgci1L49vTK7ZdxLI3LFdyRmNZ8II4zL",
"ccunL6O0whNLAyD9+lyTr9oB2wKBgQDQxtnc8Y2+x7d6ZYbhwIa39M76QbOUZt6T",
"S5zhCoKy8S/OqmXG2UnoZUkK6cgbTmiXddJxVxOt7CrmOZ2kNSf5aGhAArxMkxXT",
"H6ZF3Ts5PUgm5QY0ZZThEELvu0IcsQadDt7fVfPSNEFpz8Y9oxO1RMCC8Kic4aXA",
"gCzc7dl61wKBgQCxceCpmjYV1HrRD8czXT3o2aAXSR5YMXyQ4TwGFihB8OXZqOfa",
"uwCfpnkGmAV+SplnV1w/p5ZXt+SnCBpAY94tH2YvL6edNxCQXHgoJMR9/HctOuyP",
"GRo+qCcuQ9xOG9lgj37Ka4VF1Q/NpnNNOxIgdqmhWpKlrB/ZySiAm1HMvwKBgQCO",
"zjXfp2qpgLrEAgZNDQAZfF7HV4GalPLSFfptBF96PvfQiUWsypx/ViisSlUSOIPa",
"dkFIPaO8Z7rAV9C4rZN2SjBk+HoMdt+K1i9JwpXsBTsBP88KsCEyAYmHqbMDJSO8",
"8psIcSaiNhQ4aGLVbmLgrvJvnmX3SXGzRvlo9Vi5aQKBgADFDHEWDHXNHwqCy/rL",
"pWx7/EUfrb7jQkS2toMPfU0bt1dv4inPZ9B4IvFOz5Z5SnYUQ+m5DN+SWRrTb3dd",
"J9P2tMRovXj2zc47/uVdtXp/OWc23NeQUk7sHZQtLLPXBFAvWI/+F6vrHbmU0tV6",
"97zO9mU0W5gsGSSpF+BPqX53",
"-----END PRIVATE KEY-----"
]
}
]
},
"wsSettings": {
"path": "/"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4v6"
}
}
]
}
安装Xray
可以选择docker安装,镜像采用teddysun/xray
docker run -d \
--name=xray \
--restart always \
--network host \
-v /opt/xray:/etc/xray \
-v /opt/xray:/usr/share/xray \
teddysun/xray
或者直接部署
wget https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-64.zip && unzip Xray-linux-64.zip && mv xray /opt/xray && mv geoip.dat /opt/xray && mv geosite.dat /opt/xray && rm -rf /opt/xray/temp
再设置开机自启
vi /etc/systemd/system/xray.service
[Unit]
Description=Xray
After=network.target
After=nss-lookup.target
[Service]
WorkingDirectory=/opt/xray/
ExecStart=/opt/xray/xray run -config /opt/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000
[Install]
WantedBy=multi-user.target
systemctl daemon-reload && systemctl start xray && systemctl enable xray
删除防火墙
部分厂商机器自带防火墙,可选择端口放行或删除,甲骨文可参考以下步骤。
iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT && iptables -F
rm -rf /etc/iptables && reboot