Login
Language
English
中文
日本語
한국어
فارسی
大鱼OneManager
/引用/v2ray-WebSocket+TLS+Web.html
/%E5%BC%95%E7%94%A8/v2ray-WebSocket%2BTLS%2BWeb.html
download
<!DOCTYPE html> <html class style lang=zh-CN><!-- Page saved with SingleFile url: https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE saved date: Sat Dec 14 2019 12:38:49 GMT+0800 (中国标准时间) --><meta charset=utf-8> <meta name=viewport content="width=device-width,initial-scale=1"> <title>WebSocket+TLS+Web | 新 V2Ray 白话文指南</title> <style>@-webkit-keyframes nprogress-spinner{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}@keyframes nprogress-spinner{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}.icon.outbound{color:#aaa;display:inline-block;vertical-align:middle;position:relative;top:-1px}.search-box{display:inline-block;position:relative;margin-right:1rem}.search-box input{cursor:text;width:10rem;height:2rem;color:#4e6e8e;display:inline-block;border:1px solid #cfd4db;border-radius:2rem;font-size:.9rem;line-height:2rem;padding:0 .5rem 0 2rem;outline:0;transition:all .2s ease;background:#fff url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgd2lkdGg9IjEyIiBoZWlnaHQ9IjEzIj48ZyBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZT0iI2FhYSIgZmlsbD0ibm9uZSI+PHBhdGggZD0iTTExLjI5IDExLjcxbC00LTQiLz48Y2lyY2xlIGN4PSI1IiBjeT0iNSIgcj0iNCIvPjwvZz48L3N2Zz4K) .6rem .5rem no-repeat;background-size:1rem}.search-box input:focus{cursor:auto;border-color:#ea0880}@media (max-width:959px){.search-box input{cursor:pointer;width:0;border-color:transparent;position:relative}.search-box input:focus{cursor:text;left:0;width:10rem}}@media (-ms-high-contrast:none){.search-box input{height:2rem}}@media (max-width:719px){.search-box{margin-right:0}.search-box input{left:1rem}}@media (max-width:419px){.search-box input:focus{width:8rem}}.sidebar-button .icon{display:block;width:1.25rem;height:1.25rem}.dropdown-wrapper{cursor:pointer}.dropdown-wrapper .dropdown-title{display:block;font-size:.9rem;font-family:inherit;cursor:inherit;padding:inherit;line-height:1.4rem;background:transparent;border:0;font-weight:500;color:#2c3e50}.dropdown-wrapper .dropdown-title:hover{border-color:transparent}.dropdown-wrapper .dropdown-title .arrow{vertical-align:middle;margin-top:-1px;margin-left:.4rem}.dropdown-wrapper .nav-dropdown .dropdown-item{color:inherit;line-height:1.7rem}@media (max-width:719px){.dropdown-wrapper .dropdown-title{font-weight:600;font-size:inherit}.dropdown-wrapper .dropdown-title:hover{color:#ea0880}.dropdown-wrapper .nav-dropdown{transition:height .1s ease-out;overflow:hidden}}@media (min-width:719px){.dropdown-wrapper{height:1.8rem}.dropdown-wrapper.open .nav-dropdown,.dropdown-wrapper:hover .nav-dropdown{display:block!important}.dropdown-wrapper .dropdown-title .arrow{border-left:4px solid transparent;border-right:4px solid transparent;border-top:6px solid #ccc;border-bottom:0}.dropdown-wrapper .nav-dropdown{height:auto!important;box-sizing:border-box;max-height:calc(100vh - 2.7rem);overflow-y:auto;position:absolute;top:100%;right:0;background-color:#fff;padding:.6rem 0;border:1px solid;border-color:#ddd #ddd #ccc;text-align:left;border-radius:.25rem;white-space:nowrap;margin:0}}.nav-links{display:inline-block}.nav-links a{line-height:1.4rem;color:inherit}.nav-links a.router-link-active,.nav-links a:hover{color:#ea0880}.nav-links .nav-item{position:relative;display:inline-block;margin-left:1.5rem;line-height:2rem}.nav-links .nav-item:first-child{margin-left:0}.nav-links .repo-link{margin-left:1.5rem}@media (max-width:719px){.nav-links .nav-item,.nav-links .repo-link{margin-left:0}}@media (min-width:719px){.nav-links a.router-link-active,.nav-links a:hover{color:#2c3e50}.nav-item>a:not(.external).router-link-active,.nav-item>a:not(.external):hover{margin-bottom:-2px;border-bottom:2px solid #f7118b}}.navbar{padding:.7rem 1.5rem;line-height:2.2rem}.navbar a,.navbar span{display:inline-block}.navbar .site-name{font-size:1.3rem;font-weight:600;color:#2c3e50;position:relative}.navbar .links{padding-left:1.5rem;box-sizing:border-box;background-color:#fff;white-space:nowrap;font-size:.9rem;position:absolute;right:1.5rem;top:.7rem;display:flex}.navbar .links .search-box{flex:0 0 auto;vertical-align:top}@media (max-width:719px){.navbar{padding-left:4rem}.navbar .can-hide{display:none}.navbar .links{padding-left:1.5rem}.navbar .site-name{width:calc(100vw - 9.4rem);overflow:hidden;white-space:nowrap;text-overflow:ellipsis}}.page-edit{max-width:740px;margin:0 auto;padding:2rem 2.5rem}@media (max-width:959px){.page-edit{padding:2rem}}@media (max-width:419px){.page-edit{padding:1.5rem}}.page-edit{padding-top:1rem;padding-bottom:1rem;overflow:auto}.page-edit .edit-link{display:inline-block}.page-edit .edit-link a{color:#4e6e8e;margin-right:.25rem}.page-edit .last-updated{float:right;font-size:.9em}.page-edit .last-updated .prefix{font-weight:500;color:#4e6e8e}.page-edit .last-updated .time{font-weight:400;color:#aaa}@media (max-width:719px){.page-edit .edit-link{margin-bottom:.5rem}.page-edit .last-updated{font-size:.8em;float:none;text-align:left}}.page-nav{max-width:740px;margin:0 auto;padding:2rem 2.5rem}@media (max-width:959px){.page-nav{padding:2rem}}@media (max-width:419px){.page-nav{padding:1.5rem}}.page-nav{padding-top:1rem;padding-bottom:0}.page-nav .inner{min-height:2rem;margin-top:0;border-top:1px solid #eaecef;padding-top:1rem;overflow:auto}.page-nav .next{float:right}.page{padding-bottom:2rem;display:block}.sidebar-group:not(.collapsable) .sidebar-heading:not(.clickable){cursor:auto;color:inherit}.sidebar-heading{color:#2c3e50;transition:color .15s ease;cursor:pointer;font-size:1.1em;font-weight:700;padding:.35rem 1.5rem .35rem 1.25rem;width:100%;box-sizing:border-box;margin:0;border-left:.25rem solid transparent}.sidebar-heading.open,.sidebar-heading:hover{color:inherit}.sidebar-heading .arrow{position:relative;top:-.12em;left:.5em}.sidebar-heading.clickable:hover{color:#ea0880}.sidebar-group-items{transition:height .1s ease-out;font-size:.95em;overflow:hidden}.sidebar .sidebar-sub-headers{padding-left:1rem;font-size:.95em}a.sidebar-link{font-size:1em;font-weight:400;color:#2c3e50;border-left:.25rem solid transparent;padding:.35rem 1rem .35rem 1.25rem;line-height:1.4;width:100%;box-sizing:border-box}a.sidebar-link:hover{color:#ea0880}a.sidebar-link.active{font-weight:600;color:#ea0880;border-left-color:#ea0880}.sidebar-group a.sidebar-link{padding-left:2rem}.sidebar-sub-headers a.sidebar-link{padding-top:.25rem;padding-bottom:.25rem;border-left:0}.sidebar-sub-headers a.sidebar-link.active{font-weight:500}.sidebar ul{padding:0;margin:0;list-style-type:none}.sidebar a{display:inline-block}.sidebar .nav-links a{font-weight:600}.sidebar .nav-links .nav-item,.sidebar .nav-links .repo-link{display:block;line-height:1.25rem;font-size:1.1em;padding:.5rem 0 .5rem 1.5rem}.sidebar>.sidebar-links{padding:1.5rem 0}.sidebar>.sidebar-links>li:not(:first-child){margin-top:.75rem}@media (max-width:719px){.sidebar>.sidebar-links{padding:1rem 0}}pre[class*=language-]{color:#ccc;font-family:Consolas,Monaco,Andale Mono,Ubuntu Mono,monospace;font-size:1em;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;word-wrap:normal;-moz-tab-size:4;-o-tab-size:4;-webkit-hyphens:none;-ms-hyphens:none;hyphens:none}.token.comment{color:#999}.token.punctuation{color:#ccc}.token.boolean,.token.number{color:#f08d49}.token.property{color:#f8c555}.token.string{color:#7ec699}.token.operator{color:#67cdcc}.theme-default-content code{color:#476582;padding:.25rem .5rem;margin:0;font-size:.85em;background-color:rgba(27,31,35,.05);border-radius:3px}.theme-default-content pre[class*=language-]{line-height:1.4;padding:1.25rem 1.5rem;margin:.85rem 0;background-color:#282c34;border-radius:6px;overflow:auto}.theme-default-content pre[class*=language-] code{color:#fff;padding:0;background-color:transparent;border-radius:0}div[class*=language-]{position:relative;background-color:#282c34;border-radius:6px}div[class*=language-] pre[class*=language-]{background:transparent;position:relative;z-index:1}div[class*=language-]:before{position:absolute;z-index:3;top:.8em;right:1em;font-size:.75rem;color:hsla(0,0%,100%,.4)}div[class~=language-json]:before{content:"json"}.arrow{display:inline-block;width:0;height:0}.arrow.down{border-left:4px solid transparent;border-right:4px solid transparent}.arrow.down{border-top:6px solid #ccc}.arrow.right{border-left:6px solid #ccc}.arrow.right{border-top:4px solid transparent;border-bottom:4px solid transparent}.theme-default-content:not(.custom){max-width:740px;margin:0 auto;padding:2rem 2.5rem}@media (max-width:959px){.theme-default-content:not(.custom){padding:2rem}}@media (max-width:419px){.theme-default-content:not(.custom){padding:1.5rem}}body,html{padding:0;margin:0;background-color:#fff}body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-size:16px;color:#2c3e50}.page{padding-left:20rem}.navbar{z-index:20;right:0;height:3.6rem;background-color:#fff;box-sizing:border-box;border-bottom:1px solid #eaecef}.navbar{position:fixed;top:0;left:0}.sidebar{font-size:16px;background-color:#fff;width:20rem;position:fixed;z-index:10;margin:0;top:3.6rem;left:0;bottom:0;box-sizing:border-box;border-right:1px solid #eaecef;overflow-y:auto}.theme-default-content:not(.custom)>:first-child{margin-top:3.6rem}.theme-default-content:not(.custom) a:hover{text-decoration:underline}a{font-weight:500;text-decoration:none}a{color:#ea0880}ol,ul{padding-left:1.2em}h1,h2,h3,h4{font-weight:600;line-height:1.25}.theme-default-content:not(.custom)>h1,.theme-default-content:not(.custom)>h2,.theme-default-content:not(.custom)>h3,.theme-default-content:not(.custom)>h4,.theme-default-content:not(.custom)>h5,.theme-default-content:not(.custom)>h6{margin-top:-3.1rem;padding-top:4.6rem;margin-bottom:0}.theme-default-content:not(.custom)>h1:first-child,.theme-default-content:not(.custom)>h2:first-child,.theme-default-content:not(.custom)>h3:first-child,.theme-default-content:not(.custom)>h4:first-child,.theme-default-content:not(.custom)>h5:first-child,.theme-default-content:not(.custom)>h6:first-child{margin-top:-1.5rem;margin-bottom:1rem}.theme-default-content:not(.custom)>h1:first-child+.custom-block,.theme-default-content:not(.custom)>h1:first-child+p,.theme-default-content:not(.custom)>h1:first-child+pre,.theme-default-content:not(.custom)>h2:first-child+.custom-block,.theme-default-content:not(.custom)>h2:first-child+p,.theme-default-content:not(.custom)>h2:first-child+pre,.theme-default-content:not(.custom)>h3:first-child+.custom-block,.theme-default-content:not(.custom)>h3:first-child+p,.theme-default-content:not(.custom)>h3:first-child+pre,.theme-default-content:not(.custom)>h4:first-child+.custom-block,.theme-default-content:not(.custom)>h4:first-child+p,.theme-default-content:not(.custom)>h4:first-child+pre,.theme-default-content:not(.custom)>h5:first-child+.custom-block,.theme-default-content:not(.custom)>h5:first-child+p,.theme-default-content:not(.custom)>h5:first-child+pre,.theme-default-content:not(.custom)>h6:first-child+.custom-block,.theme-default-content:not(.custom)>h6:first-child+p,.theme-default-content:not(.custom)>h6:first-child+pre{margin-top:2rem}h1:hover .header-anchor,h2:hover .header-anchor,h3:hover .header-anchor,h4:hover .header-anchor,h5:hover .header-anchor,h6:hover .header-anchor{opacity:1}h1{font-size:2.2rem}h2{font-size:1.65rem;padding-bottom:.3rem;border-bottom:1px solid #eaecef}h3{font-size:1.35rem}a.header-anchor{font-size:.85em;float:left;margin-left:-.87em;padding-right:.23em;margin-top:.125em;opacity:0}a.header-anchor:hover{text-decoration:none}code{font-family:source-code-pro,Menlo,Monaco,Consolas,Courier New,monospace}ol,p,ul{line-height:1.7}hr{border:0;border-top:1px solid #eaecef}@media (max-width:959px){.sidebar{font-size:15px;width:16.4rem}.page{padding-left:16.4rem}}@media (max-width:719px){.sidebar{top:0;padding-top:3.6rem;transform:translateX(-100%);transition:transform .2s ease}.page{padding-left:0}}@media (max-width:419px){h1{font-size:1.9rem}.theme-default-content div[class*=language-]{margin:.85rem -1.5rem;border-radius:0}}</style> <meta name=description content=v2fly社区维护的ToutyRater版新手向教程。><link type=image/x-icon rel="shortcut icon" href="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="><style>.sf-hidden{display:none!important}</style></head> <body> <div id=app><div class=theme-container><header class=navbar><div class="sidebar-button sf-hidden"><svg xmlns=http://www.w3.org/2000/svg aria-hidden=true role=img viewBox="0 0 448 512" class=icon><path fill=currentColor d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href=https://guide.v2fly.org/ class="home-link router-link-active"> <span class=site-name>新 V2Ray 白话文指南</span></a> <div class=links style=max-width:1277px><div class=search-box><input aria-label=Search autocomplete=off spellcheck=false value placeholder> </div> <nav class="nav-links can-hide"><div class=nav-item><a href=https://guide.v2fly.org/ class=nav-link>首页</a></div><div class=nav-item><a href=https://v2fly.org/ target=_blank rel="noopener noreferrer" class="nav-link external"> 官方手册 <svg xmlns=http://www.w3.org/2000/svg aria-hidden=true x=0px y=0px viewBox="0 0 100 100" width=15 height=15 class="icon outbound"><path fill=currentColor d=M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z></path> <polygon fill=currentColor points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></div><div class=nav-item><div class=dropdown-wrapper><button type=button aria-label="Select language" class=dropdown-title><span class=title>Languages</span> <span class="arrow right"></span></button> <ul class=nav-dropdown style=display:none><li class=dropdown-item> <li class=dropdown-item> <li class=dropdown-item> <li class=dropdown-item> <li class=dropdown-item> <li class=dropdown-item> <li class=dropdown-item> </ul></div></div> <a href=https://github.com/v2fly/v2ray-step-by-step target=_blank rel="noopener noreferrer" class=repo-link> GitHub <svg xmlns=http://www.w3.org/2000/svg aria-hidden=true x=0px y=0px viewBox="0 0 100 100" width=15 height=15 class="icon outbound"><path fill=currentColor d=M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z></path> <polygon fill=currentColor points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></nav></div></header> <div class="sidebar-mask sf-hidden"></div> <aside class=sidebar><nav class="nav-links sf-hidden"><div class=nav-item></div><div class=nav-item></div><div class=nav-item></div> <a href=https://github.com/v2fly/v2ray-step-by-step target=_blank rel="noopener noreferrer" class=repo-link> GitHub <svg xmlns=http://www.w3.org/2000/svg aria-hidden=true x=0px y=0px viewBox="0 0 100 100" width=15 height=15 class="icon outbound"><path fill=currentColor d=M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z></path> <polygon fill=currentColor points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></nav> <ul class=sidebar-links><li><section class="sidebar-group depth-0"><p class=sidebar-heading><span>前言</span> </p> <ul class="sidebar-links sidebar-group-items"><li><a href=https://guide.v2fly.org/ class=sidebar-link>V2Ray 配置指南</a></ul></section><li><section class="sidebar-group collapsable depth-0"><a href=https://guide.v2fly.org/prep/prep class="sidebar-heading clickable"><span>开篇</span> <span class="arrow right"></span></a> </section><li><section class="sidebar-group collapsable depth-0"><a href=https://guide.v2fly.org/basics/basics class="sidebar-heading clickable"><span>基本篇</span> <span class="arrow right"></span></a> </section><li><section class="sidebar-group collapsable depth-0"><a href=https://guide.v2fly.org/advanced/advanced class="sidebar-heading clickable open"><span>高级篇</span> <span class="arrow down"></span></a> <ul class="sidebar-links sidebar-group-items"><li><a href=https://guide.v2fly.org/advanced/mux.html class=sidebar-link>Mux</a><li><a href=https://guide.v2fly.org/advanced/mkcp.html class=sidebar-link>mKCP</a><li><a href=https://guide.v2fly.org/advanced/dynamicport.html class=sidebar-link>动态端口</a><li><a href=https://guide.v2fly.org/advanced/outboundproxy.html class=sidebar-link>代理转发</a><li><a href=https://guide.v2fly.org/advanced/httpfake.html class=sidebar-link>HTTP 伪装</a><li><a href=https://guide.v2fly.org/advanced/tls.html class=sidebar-link>TLS</a><li><a href=https://guide.v2fly.org/advanced/websocket.html class=sidebar-link>WebSocket</a><li><a href=https://guide.v2fly.org/advanced/wss_and_web.html class="active sidebar-link">WebSocket+TLS+Web</a><ul class=sidebar-sub-headers><li class=sidebar-sub-header><a href=#%E9%85%8D%E7%BD%AE class="active sidebar-link">配置</a><ul class=sidebar-sub-headers><li class=sidebar-sub-header><a href=#%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%85%8D%E7%BD%AE class=sidebar-link>服务器配置</a><li class=sidebar-sub-header><a href=#%E5%AE%A2%E6%88%B7%E7%AB%AF%E9%85%8D%E7%BD%AE class=sidebar-link>客户端配置</a><li class=sidebar-sub-header><a href=#%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A1%B9 class=sidebar-link>注意事项</a><li class=sidebar-sub-header><a href=#%E5%85%B6%E4%BB%96%E7%9A%84%E8%AF%9D class=sidebar-link>其他的话</a></ul></ul><li><a href=https://guide.v2fly.org/advanced/h2.html class=sidebar-link>HTTP/2</a><li><a href=https://guide.v2fly.org/advanced/cdn.html class=sidebar-link>CDN</a><li><a href=https://guide.v2fly.org/advanced/traffic.html class=sidebar-link>流量统计</a><li><a href=https://guide.v2fly.org/advanced/not_recommend.html class=sidebar-link>不推荐的配置</a></ul></section><li><section class="sidebar-group collapsable depth-0"><a href=https://guide.v2fly.org/app/app class="sidebar-heading clickable"><span>应用篇</span> <span class="arrow right"></span></a> </section><li><section class="sidebar-group collapsable depth-0"><a href=https://guide.v2fly.org/routing/routing class="sidebar-heading clickable"><span>路由</span> <span class="arrow right"></span></a> </section></ul> </aside> <main class=page> <div class="theme-default-content content__default"><h1 id=websocket-tls-web><a href=#websocket-tls-web aria-hidden=true class=header-anchor>#</a> WebSocket+TLS+Web</h1> <p>前文分别提到过 TLS 和 WebSocket 的配置方法,而本文搭配 Web 服务并同时实现 TLS 和 WebSocket。关于 Web 的软件本文给出了 Nginx,Caddy 和 Apache 三个例子,三选一即可,也可以选用其它的软件。</p> <p>很多新手一接触 V2Ray 就想搞 WebSocket+TLS+Web 或 WebSocket+TLS+Web+CDN,我就想问 ssh 和 vim/nano 用利索了没,步子这么大不怕扯到蛋吗?使用 Nginx / Caddy / Apache 是因为 VPS 已经有 Nginx / Caddy / Apache 可以将 V2Ray 稍作隐藏,使用 WebSocket 是因为搭配 Nginx / Caddy / Apache 只能用 WebSocket,使用 TLS 是因为可以流量加密,看起来更像 HTTPS。 也许 WebSocket+TLS+Web 的配置组合相对较好,但不意味着这样的配置适合任何人。因为本节涉及 Nginx / Caddy / Apache,只给出了配置示例而不讲具体使用方法,也就是说你在阅读本节内容前得会使用这三个软件的其中之一,如果你还不会,请自行 Google。</p> <p>注意: V2Ray 的 Websocket+TLS 配置组合并不依赖 Nginx / Caddy / Apache,只是能与其搭配使用而已,没有它们也可以正常使用。</p> <h2 id=配置><a href=#%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> 配置</h2> <h3 id=服务器配置><a href=#%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> 服务器配置</h3> <p>这次 TLS 的配置将写入 Nginx / Caddy / Apache 配置中,由这些软件来监听 443 端口(443 比较常用,并非 443 不可),然后将流量转发到 V2Ray 的 WebSocket 所监听的内网端口(本例是 10000),V2Ray 服务器端不需要配置 TLS。</p> <h4 id=服务器-v2ray-配置><a href=#%E6%9C%8D%E5%8A%A1%E5%99%A8-v2ray-%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> 服务器 V2Ray 配置</h4> <div class="language-json extra-class"><pre class=language-json><code><span class="token punctuation">{</span> <span class="token property">"inbounds"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"port"</span><span class="token operator">:</span> <span class="token number">10000</span><span class="token punctuation">,</span> <span class="token property">"listen"</span><span class="token operator">:</span><span class="token string">"127.0.0.1"</span><span class="token punctuation">,</span><span class="token comment">//只监听 127.0.0.1,避免除本机外的机器探测到开放了 10000 端口</span> <span class="token property">"protocol"</span><span class="token operator">:</span> <span class="token string">"vmess"</span><span class="token punctuation">,</span> <span class="token property">"settings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"clients"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"id"</span><span class="token operator">:</span> <span class="token string">"b831381d-6324-4d53-ad4f-8cda48b30811"</span><span class="token punctuation">,</span> <span class="token property">"alterId"</span><span class="token operator">:</span> <span class="token number">64</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> <span class="token property">"streamSettings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"network"</span><span class="token operator">:</span> <span class="token string">"ws"</span><span class="token punctuation">,</span> <span class="token property">"wsSettings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"path"</span><span class="token operator">:</span> <span class="token string">"/ray"</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span><span class="token punctuation">,</span> <span class="token property">"outbounds"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"protocol"</span><span class="token operator">:</span> <span class="token string">"freedom"</span><span class="token punctuation">,</span> <span class="token property">"settings"</span><span class="token operator">:</span> <span class="token punctuation">{</span><span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span> <span class="token punctuation">}</span> </code></pre></div><h4 id=nginx-配置><a href=#nginx-%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> Nginx 配置</h4> <p>配置中使用的是域名和证书使用 TLS 小节的举例,请替换成自己的。</p> <div class="language- extra-class"><pre class=language-text><code>server { listen 443 ssl; ssl on; ssl_certificate /etc/v2ray/v2ray.crt; ssl_certificate_key /etc/v2ray/v2ray.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; server_name mydomain.me; location /ray { # 与 V2Ray 配置中的 path 保持一致 if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404 return 404; } proxy_redirect off; proxy_pass http://127.0.0.1:10000; # 假设WebSocket监听在环回地址的10000端口上 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; # Show real IP in v2ray access.log proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } </code></pre></div><h4 id=caddy-配置><a href=#caddy-%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> Caddy 配置</h4> <p>因为 Caddy 会自动申请证书并自动更新,所以使用 Caddy 不用指定证书、密钥。</p> <div class="language- extra-class"><pre class=language-text><code>mydomain.me { log ./caddy.log proxy /ray localhost:10000 { websocket header_upstream -Origin } } </code></pre></div><h4 id=apache-配置><a href=#apache-%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> Apache 配置</h4> <p>同样地,配置中使用的是域名和证书使用 TLS 小节的举例,请替换成自己的。</p> <div class="language- extra-class"><pre class=language-text><code><VirtualHost *:443> ServerName mydomain.me SSLCertificateFile /etc/v2ray/v2ray.crt SSLCertificateKeyFile /etc/v2ray/v2ray.key SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!aNULL <Location "/ray/"> ProxyPass ws://127.0.0.1:10000/ray/ upgrade=WebSocket ProxyAddHeaders Off ProxyPreserveHost On RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s </Location> </VirtualHost> </code></pre></div><h3 id=客户端配置><a href=#%E5%AE%A2%E6%88%B7%E7%AB%AF%E9%85%8D%E7%BD%AE aria-hidden=true class=header-anchor>#</a> 客户端配置</h3> <div class="language-json extra-class"><pre class=language-json><code><span class="token punctuation">{</span> <span class="token property">"inbounds"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"port"</span><span class="token operator">:</span> <span class="token number">1080</span><span class="token punctuation">,</span> <span class="token property">"listen"</span><span class="token operator">:</span> <span class="token string">"127.0.0.1"</span><span class="token punctuation">,</span> <span class="token property">"protocol"</span><span class="token operator">:</span> <span class="token string">"socks"</span><span class="token punctuation">,</span> <span class="token property">"sniffing"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"enabled"</span><span class="token operator">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span> <span class="token property">"destOverride"</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">"http"</span><span class="token punctuation">,</span> <span class="token string">"tls"</span><span class="token punctuation">]</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> <span class="token property">"settings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"auth"</span><span class="token operator">:</span> <span class="token string">"noauth"</span><span class="token punctuation">,</span> <span class="token property">"udp"</span><span class="token operator">:</span> <span class="token boolean">false</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span><span class="token punctuation">,</span> <span class="token property">"outbounds"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"protocol"</span><span class="token operator">:</span> <span class="token string">"vmess"</span><span class="token punctuation">,</span> <span class="token property">"settings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"vnext"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"address"</span><span class="token operator">:</span> <span class="token string">"mydomain.me"</span><span class="token punctuation">,</span> <span class="token property">"port"</span><span class="token operator">:</span> <span class="token number">443</span><span class="token punctuation">,</span> <span class="token property">"users"</span><span class="token operator">:</span> <span class="token punctuation">[</span> <span class="token punctuation">{</span> <span class="token property">"id"</span><span class="token operator">:</span> <span class="token string">"b831381d-6324-4d53-ad4f-8cda48b30811"</span><span class="token punctuation">,</span> <span class="token property">"alterId"</span><span class="token operator">:</span> <span class="token number">64</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span> <span class="token punctuation">}</span><span class="token punctuation">,</span> <span class="token property">"streamSettings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"network"</span><span class="token operator">:</span> <span class="token string">"ws"</span><span class="token punctuation">,</span> <span class="token property">"security"</span><span class="token operator">:</span> <span class="token string">"tls"</span><span class="token punctuation">,</span> <span class="token property">"wsSettings"</span><span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token property">"path"</span><span class="token operator">:</span> <span class="token string">"/ray"</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">]</span> <span class="token punctuation">}</span> </code></pre></div><h3 id=注意事项><a href=#%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A1%B9 aria-hidden=true class=header-anchor>#</a> 注意事项</h3> <ul><li>V2Ray 自4.18.1后支持TLS1.3,如果开启并强制 TLS1.3 请注意v2ray客户端版本.</li> <li>较低版本的nginx的location需要写为 /ray/ 才能正常工作</li> <li>如果在设置完成之后不能成功使用,可能是由于 SElinux 机制(如果你是 CentOS 7 的用户请特别留意 SElinux 这一机制)阻止了 Nginx 转发向内网的数据。如果是这样的话,在 V2Ray 的日志里不会有访问信息,在 Nginx 的日志里会出现大量的 "Permission Denied" 字段,要解决这一问题需要在终端下键入以下命令:<div class="language- extra-class"><pre class=language-text><code>setsebool -P httpd_can_network_connect 1 </code></pre></div></li> <li>请保持服务器和客户端的 wsSettings 严格一致,对于 V2Ray,<code>/ray</code> 和 <code>/ray/</code> 是不一样的</ul> <h3 id=其他的话><a href=#%E5%85%B6%E4%BB%96%E7%9A%84%E8%AF%9D aria-hidden=true class=header-anchor>#</a> 其他的话</h3> <ol><li>开启了 TLS 之后 path 参数是被加密的,GFW 看不到;</li> <li>主动探测一个 path 产生 Bad request 不能证明是 V2Ray;</li> <li>不安全的因素在于人,自己的问题就不要甩锅,哪怕我把示例中的 path 改成一个 UUID,依然有不少人原封不动地 COPY;</li> <li>使用 Header 分流并不比 path 安全, 不要迷信。</ol> <hr> <h4 id=更新历史><a href=#%E6%9B%B4%E6%96%B0%E5%8E%86%E5%8F%B2 aria-hidden=true class=header-anchor>#</a> 更新历史</h4> <ul><li>2017-12-05 加一些提示</li> <li>2018-01-03 Update</li> <li>2018-08-19 Update</li> <li>2018-08-30 Add configuration for Apache2</li> <li>2018-11-17 V4.0+ 配置</li> <li>2019-7-5 TLS 1.3 notice</ul></div> <footer class=page-edit><div class=edit-link><a href=https://github.com/v2fly/v2ray-step-by-step/edit/transifex/zh_CN/advanced/wss_and_web.md target=_blank rel="noopener noreferrer">在 GitHub 上编辑此页</a> <svg xmlns=http://www.w3.org/2000/svg aria-hidden=true x=0px y=0px viewBox="0 0 100 100" width=15 height=15 class="icon outbound"><path fill=currentColor d=M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z></path> <polygon fill=currentColor points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></div> <div class=last-updated><span class=prefix>上次更新:</span> <span class=time>2019/11/24 下午2:16:44</span></div></footer> <div class=page-nav><p class=inner><span class=prev> ← <a href=https://guide.v2fly.org/advanced/websocket.html class=prev>WebSocket</a></span> <span class=next><a href=https://guide.v2fly.org/advanced/h2.html>HTTP/2</a> → </span></p></div> </main></div><div class=global-ui></div></div>
Close
2020-12-30 09:17:05 Wednesday 141.101.77.33