V2Ray + TLS + WS(WSS) Docker 部署
思路: 部署一个看上去正常的网站(支持 http/https),在 https 的 /ws
端口转发到 V2Ray,使用 wss 通信
服务器
启动脚本:
#!/bin/bash docker run --rm -d \ --name v2ray \ -p 127.0.0.1:22000:22000 \ -v $HOME/v2ray/config.json:/etc/v2ray/config.json \ v2fly/v2fly-core
服务端配置:
{ "log": { "access": "", "error": "", "loglevel": "info" }, "inbounds": [ { "port": 22000, "protocol": "vless", "settings": { "udp": false, "clients": [ { "id": "xxx", "alterId": 0, "email": "t@t.tt", "flow": "" } ], "decryption": "none" }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/ws", "headers": { "Host": "locvps.oyohyee.com" } } } }, { "port": 22000, "protocol": "vmess", "settings": { "udp": false, "clients": [ { "id": "xxx", "alterId": 0, "email": "t@t.tt" } ], "allowTransparent": false }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/ws", "headers": { "Host": "locvps.oyohyee.com" } } } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" } ], "routing": { "rules": [ { "type": "field", "ip": [ "geoip:private" ], "outboundTag": "blocked" } ] } }
Nginx 配置:
map $http_upgrade $connection_upgrade{ default upgrade; '' close; } server { listen 80; server_name locvps.oyohyee.com; location ^~ / { if ($host != 'www.ohyee.cc') { rewrite ^/(.*)$ http://www.ohyee.cc/$1 permanent; } } } server { listen 443 ssl http2; server_name locvps.oyohyee.com; ssl_certificate "ssl/_.oyohyee.com.crt"; ssl_certificate_key "ssl/_.oyohyee.com.key"; location ^~ / { if ($host != 'www.ohyee.cc') { rewrite ^/(.*)$ https://www.ohyee.cc/$1 permanent; } } location /ws { proxy_redirect off; proxy_pass http://127.0.0.1:22000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }