V2Ray + TLS + WS(WSS) Docker 部署

思路: 部署一个看上去正常的网站(支持 http/https),在 https 的 /ws 端口转发到 V2Ray,使用 wss 通信

服务器

启动脚本:

#!/bin/bash

docker run --rm -d \
    --name v2ray \
    -p 127.0.0.1:22000:22000 \
    -v $HOME/v2ray/config.json:/etc/v2ray/config.json \
    v2fly/v2fly-core

服务端配置:

{
    "log": {
        "access": "",
        "error": "",
        "loglevel": "info"
    },
    "inbounds": [
        {
            "port": 22000,
            "protocol": "vless",
            "settings": {
                "udp": false,
                "clients": [
                    {
                        "id": "xxx",
                        "alterId": 0,
                        "email": "t@t.tt",
                        "flow": ""
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/ws",
                    "headers": {
                        "Host": "locvps.oyohyee.com"
                    }
                }
            }
        },
        {
            "port": 22000,
            "protocol": "vmess",
            "settings": {
                "udp": false,
                "clients": [
                    {
                        "id": "xxx",
                        "alterId": 0,
                        "email": "t@t.tt"
                    }
                ],
                "allowTransparent": false
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/ws",
                    "headers": {
                        "Host": "locvps.oyohyee.com"
                    }
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "settings": {}
        },
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "ip": [
                    "geoip:private"
                ],
                "outboundTag": "blocked"
            }
        ]
    }
}

Nginx 配置:

map $http_upgrade $connection_upgrade{
    default upgrade;
    '' close;
}

server {
    listen       80;
    server_name     locvps.oyohyee.com;

    location ^~ / {
        if ($host != 'www.ohyee.cc') {
            rewrite ^/(.*)$ http://www.ohyee.cc/$1 permanent;
        }
    }
}



server {
    listen       443 ssl http2;
    server_name     locvps.oyohyee.com;

    ssl_certificate     "ssl/_.oyohyee.com.crt";
    ssl_certificate_key "ssl/_.oyohyee.com.key";

    location ^~ / {
        if ($host != 'www.ohyee.cc') {
                rewrite ^/(.*)$ https://www.ohyee.cc/$1 permanent;
        }
    }

    location /ws {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:22000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

客户端配置

客户端配置客户端配置

参考资料