[新服务]Xray协议终极应用全协议TrojanVLESSVmess同时连接

目的

一机多用

使用了Oracle甲骨文的orc-sanjose-1

参考

实现

apt update -y && apt upgrade -y
apt install curl tar nginx cron socat -y 
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
# 粘贴到VPS运行即可生成 UUID, 如已有可略过
cat /proc/sys/kernel/random/uuid

vi /usr/local/etc/xray/config.json

# 把 c4616432-97cd-4514-8979-f3a426fccdfd 改成 你自己的uuid
{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "c4616432-97cd-4514-8979-f3a426fccdfd", // 填写你的 UUID
                        "flow": "xtls-rprx-direct",
                        "level": 0,
                        "email": "[email protected]"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 1310, // 默认回落到 Xray 的 Trojan 协议
                        "xver": 1
                    },
                    {
                        "path": "/websocket", // 必须换成自定义的 PATH
                        "dest": 1234,
                        "xver": 1
                    },
                    {
                        "path": "/vmesstcp", // 必须换成自定义的 PATH
                        "dest": 2345,
                        "xver": 1
                    },
                    {
                        "path": "/vmessws", // 必须换成自定义的 PATH
                        "dest": 3456,
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/usr/local/etc/xray/cert/cert.crt", // 换成你的证书,绝对路径
                            "keyFile": "/usr/local/etc/xray/cert/private.key" // 换成你的私钥,绝对路径
                        }
                    ]
                }
            }
        },
        {
            "port": 1310,
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "Passw0rd", // 填写你的密码
                        "level": 0,
                        "email": "[email protected]"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": 80 // 或者回落到其它也防探测的代理
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        },
        {
            "port": 1234,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "c4616432-97cd-4514-8979-f3a426fccdfd", // 填写你的 UUID
                        "level": 0,
                        "email": "[email protected]"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/websocket" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        },
        {
            "port": 2345,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "c4616432-97cd-4514-8979-f3a426fccdfd", // 填写你的 UUID
                        "level": 0,
                        "email": "[email protected]"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true,
                    "header": {
                        "type": "http",
                        "request": {
                            "path": [
                                "/vmesstcp" // 必须换成自定义的 PATH,需要和分流的一致
                            ]
                        }
                    }
                }
            }
        },
        {
            "port": 3456,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "c4616432-97cd-4514-8979-f3a426fccdfd", // 填写你的 UUID
                        "level": 0,
                        "email": "[email protected]"
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/vmessws" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

申请ssl证书

# 在cloudflare等上面设置好 域名 -> ip的映射

# 下载用于获取ssl证书的脚本
curl https://get.acme.sh | sh

export CF_Email="[email protected]"
export TLD_DOMAIN="yyy.xxx.com"
export KEY_FILE_PATH="/usr/local/etc/xray/cert"
export WEB_ROOT_PATH="/var/www/html"

# 获取证书
~/.acme.sh/acme.sh --register-account -m ${CF_Email}
mkdir -p ${KEY_FILE_PATH}
# 通过http访问验证方式; 不需要key和email
### 一定要确保webroot是当前nginx所对应的目录,不然就无法验证了
~/.acme.sh/acme.sh --issue -d ${TLD_DOMAIN} --webroot ${WEB_ROOT_PATH}

~/.acme.sh/acme.sh --installcert -d ${TLD_DOMAIN} \
  --key-file ${KEY_FILE_PATH}/private.key \
  --fullchain-file ${KEY_FILE_PATH}/cert.crt

~/.acme.sh/acme.sh --upgrade --auto-upgrade
chmod -R 755 ${KEY_FILE_PATH}

重启服务 – 有时候还要重启机器

systemctl restart xray   # 重启xray服务
systemctl status xray    # 查看xray运行状态
systemctl enable nginx   # 开启自动
systemctl restart nginx  # 重启nginx


### just in case 
# /var/log/nginx/access.log
# /etc/nginx/nginx.conf
# /etc/nginx/sites-enabled/default

下载伪装网站

# export WEB_ROOT_PATH="/var/www/html"

rm -rf ${WEB_ROOT_PATH}/*
cd /${WEB_ROOT_PATH}
wget https://github.com/V2RaySSR/Trojan/raw/master/web.zip
unzip web.zip

systemctl restart nginx

梯子配置

vmess+ws

- name: "V2_美西甲骨文 orc-sanjose-1"
  type: vmess
  server: orc-sanjose-1.yyy.xxx
  port: 443
  uuid: 
  alterId: 0
  cipher: auto
  tls: true
  network: ws #如果选了h2,就填h2
  ws-headers:
    Host: orc-sanjose-1.yyy.xxx
  ws-path: /vmessws

vless + xtls + tcp (据说性能最强)

vless://[email protected]:443?security=xtls&encryption=none&headerType=none&type=tcp&flow=xtls-rprx-splice#orc-sanjose-1+vless+xtls

trojan

- name: "Trojan_美西甲骨文 orc-sanjose-1"
  type: trojan
  server: orc-sanjose-1.yyy.xxx
  port: 443
  password: Passw0rd
  skip-cert-verify: true

vless+ws+tls

Leave a Reply