国外VPS搭建xray翻墙节点

xray 我目前使用的方案，共用 443 端口，同时在一台 VPS 上搭建 Trojan 与 xray 。

前提

我用稳定的机场节点，可以 随意折腾 VPS，那你呢？

VPS选择#

谷歌云 不要 直连 移动宽带
vultr 不要 直连 电信宽带
联通宽带没用过
教育网随便

Linux服务器系统#

最新 Ubuntu LTS 版本
高版本 Linux 内核 5.4 自带稳定 bbr 模块
其他 Linux 发行版没深入研究

详细教程#

我选择使用 root 用户
我要自己 编译 出二进制执行文件
我超级帅

使用环境

在国外的 VPS 上使用，需要有 ipv4 ，不适用于 ipv6 only 的 vps
国内的 vps 搭建 回国节点 此方法会 超级 慢

从源码编译 xray#

安装 golang 1.15+

apt update;
snap install --classic go

apt install -y git;
git clone https://github.com/xtls/xray-core/ /srv/xray-core;
cd /srv/xray-core;
go build -o /usr/local/bin/xray ./main

xray配置文件#

xray支持机读 json 、人读toml yaml格式
xray 和 troajn 公用 443 端口的服务器端配置如下

VlessAndTrojanF5刷新页面获取随机uuid:
端口:
你想用的证书路径:
你想用的私钥路径:
你想用的trojan密码:

{
   "log": {
      "loglevel": "info"
   },
   "inbounds": [
      {
         "port": "443",
         "protocol": "vless",
         "settings": {
            "clients": [
               {
                  "id": "a1842c97-4d1f-4626-8ce4-88929cf02cb8",
                  "flow": "xtls-rprx-direct"
               }
            ],
            "decryption": "none",
            "fallbacks": [
               {
                  "dest": 55555,
                  "xver": 1
               }
            ]
         },
         "streamSettings": {
            "network": "tcp",
            "security": "xtls",
            "xtlsSettings": {
               "alpn": [
                  "http/1.1"
               ],
               "certificates": [
                  {
                     "certificateFile": "/etc/letsencrypt/live/demo.none.blue/fullchain.pem",
                     "keyFile": "/etc/letsencrypt/live/demo.none.blue/privkey.pem"
                  }
               ]
            }
         }
      },
      {
         "port": 55555,
         "listen": "127.0.0.1",
         "protocol": "trojan",
         "settings": {
            "clients": [
               {
                  "password": "!@#$%^&*()"
               }
            ],
            "fallbacks": [
               {
                  "dest": 80
               }
            ]
         },
         "streamSettings": {
            "network": "tcp",
            "security": "none",
            "tcpSettings": {
               "acceptProxyProtocol": true
            }
         }
      }
   ],
   "outbounds": [
      {
         "protocol": "freedom"
      }
   ]
}

写入配置

mkdir -p /etc/xray;cat <<EOF > /etc/xray/serve.json
{"log":{"loglevel":"info"},"inbounds":[{"port":"443","protocol":"vless","settings":{"clients":[{"id":"a1842c97-4d1f-4626-8ce4-88929cf02cb8","flow":"xtls-rprx-direct"}],"decryption":"none","fallbacks":[{"dest":55555,"xver":1}]},"streamSettings":{"network":"tcp","security":"xtls","xtlsSettings":{"alpn":["http/1.1"],"certificates":[{"certificateFile":"/etc/letsencrypt/live/demo.none.blue/fullchain.pem","keyFile":"/etc/letsencrypt/live/demo.none.blue/privkey.pem"}]}}},{"port":55555,"listen":"127.0.0.1","protocol":"trojan","settings":{"clients":[{"password":"!@#$%^&*()"}],"fallbacks":[{"dest":80}]},"streamSettings":{"network":"tcp","security":"none","tcpSettings":{"acceptProxyProtocol":true}}}],"outbounds":[{"protocol":"freedom"}]}
EOF

申请证书#

安装 certbot
解析域名添加记录

cd;snap install --classic certbot

更新证书#

snap 安装的 certbot 会自动更新证书
xray 刷新证书缓存
更新证书前，暂时关闭 xray caddy nginx
证书更新完成后，重新启动 xray caddy nginx

cat <<EOF > /etc/letsencrypt/renewal-hooks/pre/xray.sh
#!/usr/bin/bash
systemctl stop {xray,caddy,nginx}
EOF

cat <<EOF > /etc/letsencrypt/renewal-hooks/post/xray.sh
#!/usr/bin/bash
systemctl start {xray,caddy,nginx}
EOF

chmod +x /etc/letsencrypt/renewal-hooks/{pre,post}/xray.sh

xray自启动#

创建 service (下面的无效试第二个)

cat <<EOF | systemctl edit --force --full xray
[Unit]
Description=The Xray proxy server
After=network-online.target

[Service]
ExecStart=/usr/local/bin/xray -c /etc/xray/serve.json
ExecStop=/bin/killall xray
Restart=always
RestartSec=15s

[Install]
WantedBy=multi-user.target
EOF

cat <<EOF > /etc/systemd/system/xray.service
[Unit]
Description=The Xray proxy server
After=network-online.target

[Service]
ExecStart=/usr/local/bin/xray -c /etc/xray/serve.json
ExecStop=/bin/killall xray
Restart=always
RestartSec=15s

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload;
systemctl enable xray

防主动探测#

安装 Nginx 或者 Caddy等web服务器
个人觉得并无必要
主要我不会 http 自动跳转 https
以 Caddy2 为例

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https;
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/gpg/gpg.155B6D79CA56EA34.key' | sudo apt-key add -
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/setup/config.deb.txt?distro=debian&version=any-version' | sudo tee -a /etc/apt/sources.list.d/caddy-stable.list;
sudo apt update;
sudo apt install caddy;
cat <<EOF > /etc/caddy/Caddyfile
:80
redir https://none.blue permanent
EOF
systemctl restart caddy

最后#

启动 xray

systemctl start xray

建议

网站说没就没，注意备份哦。

一个不过分的要求#

订	阅	YouTube	7	个	小	号
main	router	gift	cms	apple	google	teamviewer