Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

Author： Mr.Pat
发布时间：October 20, 2019
5438 views
2 comments
4641 words
Categories： Linux

# Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

## 1. Install v2ray and config

### I. Update you yum software

```bash
yum -y update
```

### II. Install v2ray (using golang install)

```bash
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
bash install-release.sh
```

### III. systemctl enable v2ray

```bash
systemctl enable --now v2ray
```

### IV. v2ray Server config

> path : /usr/local/etc/v2ray/config.json

```json
{
    "log": {
      "access": "/var/log/v2ray/access.log",
      "error": "/var/log/v2ray/error.log",
      "loglevel": "debug"
    },
  "inbounds": [{
    "port": {{ YOUR_V2ray_PORT}},
    "listen":"127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "{{ YOUR_ID }}",
          "alterId": 16
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "wsSettings": {
      "path": "{{ YOUR_PROXY_PATH }}"
      }
    }
  }],
    "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  }]
}
```

## 2. install Nginx and config

### I. add the install source

```bash
vi /etc/yum.repos.d/nginx.repo
```

### II. fill the content (centos 7)

```config
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
```

### III. install Nginx

```bash
yum -y install nginx

# You also can use dnf to install in Centos8
# shell > dnf list nginx
# shell > dnf install nginx

systemctl enable --now nginx
```

### IV. Nginx config (suggest : you can do it at last)

```Nginx
# port 80 your can redirect to 443
server {
    listen 80;
    server_name {{YOU_SERVER_NAME}};
    root /usr/share/nginx/html;
    location {{ YOUR_PROXY_PATH }} {
          proxy_pass            http://127.0.0.1:{{ YOUR_V2ray_PORT }};
          proxy_connect_timeout 600;
          proxy_read_timeout    600;
          proxy_http_version    1.1;
          proxy_set_header      Upgrade     $http_upgrade;
          proxy_set_header      Connection  "upgrade";
    }
}

server {
    listen       443 ssl;
    server_name  {{YOU_SERVER_NAME}};
    root /usr/share/nginx/html;

ssl_certificate    /etc/letsencrypt/live/{{YOU_SERVER_NAME}}/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/{{YOU_SERVER_NAME}}/privkey.pem;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;
  
  
    location {{ YOUR_PROXY_PATH }} {
            proxy_pass       http://127.0.0.1:{{ YOUR_V2ray_PORT }};
            proxy_redirect             off;
            proxy_http_version         1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

proxy_intercept_errors on;
            proxy_set_header Host $http_host;
            access_log /var/log/nginx/v2ray_websocket_access.log;
            error_log /var/log/nginx/v2ray_websocket_error.log;
   }
}
```

## 3. apply ssl cert

### I. install certbot

> notice: port 80,443 must open

```bash
yum -y install epel-release

yum -y install certbot

systemctl stop nginx

certbot certonly --standalone -d {{YOU_SERVER_NAME}}
```

### II. ssl certificate location

```config
/etc/letsencrypt/live/{{YOU_SERVER_NAME}}/fullchain.pem
/etc/letsencrypt/live/{{YOU_SERVER_NAME}}/privkey.pem
```

## 4. v2ray client

### I. Application

* iPhone : shadowrocket
* Mac : qV2ray or clashXR

### II. config

> notice : if you use v2rayX TLS serverName should keep empty

## 5. firewall and seLinux

### I. enable two port

```bash
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload

# check is work
firewall-cmd --query-service http
```

### II. disable selinux

```config
vi /etc/selinux/config

SELINUX=disabled
setenforce 0
```

### III. reboot your system

```bash
sudo reboot
```

## 6. create a [cloudflare account](https://dash.cloudflare.com)

> notice : `overview` disable the under attack mode
> notice : `ssl/tls` select the Flexible
> all things ready , turn on the button to yellow

## reference

* [https://www.ecsoe.com/archives/38.html](https://www.ecsoe.com/archives/38.html)
* [https://vipiu.net/archives/2019/09/18/2514.html](https://vipiu.net/archives/2019/09/18/2514.html)

If you think my article is useful to you, please feel free to appreciate

2 comments

Jahan 76
January 23rd, 2020 at 01:35 am

Thanks Packie for sharing this blog post.
Are you sure that nginx.conf:31 should be `location /biyongyao/ {`?

Reply
1. biyongyao
  February 6th, 2020 at 02:04 am
  
  @Jahan
  
  Thx, nice to contact with you , guy
  
  Reply

Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

2 comments

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

PHP XDebug Usage

Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

前缀、中缀、后缀表达式

PVE 安装 DSM 群晖系统

IP,broadcast,subnet mask 的关系

Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

开始使用 vagrant ⅠⅠ (搭建 lnmp Nginx + PHP73 + Mysql57)

How To Code Review

Mysql 索引与 SQL 语句索引有没生效分析

Mac Screenshot Setting

Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

2 comments

Leave a Comment Cancel reply 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Using Nginx and cloudFlare to deploy v2ray (websocket + TLS)

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款