Xray科学上网简要
在中国大陆,科学上网的需求对于技术人员,或者特定人群,始终是存在的。从最开始的 vpn 到 shadowsocks,再到 v2ray,最新的为 xray,包括其它的,目的都是为了自由访问互联网,获取必要资讯。 本文介绍在 linux pc 环境下,命令行模式科学上网配置, 非 GUI 外部依赖少,不需要等其它软件更新,即可获得最新功能,mac 应该也可以类似操作,但 mac 软件生态较好,一般下载对应的 app 安装即可,不要手动配置。
1. 购买海外主机
建议日本/新加坡/美西,或者香港主机,看云服务商,自己测试下速度,选速度快晚高峰不卡顿的
2. 服务端配置
- 去xray github 仓库下载最新的平台软件包
- 解压软件包到自定义目录, 我选择的目录为/opt/xray, 如下所示,config.json 为稍后创建的配置文件,其它 4 个为压缩包默认提供,无需更改
1root@tokyo:~# ls -al /opt/xray/
2total 40188
3drwxr-xr-x 2 root root 4096 Jun 3 17:07 .
4drwxr-xr-x 4 root root 4096 Jun 3 13:36 ..
5-rw-r--r-- 1 root root 1141 Jun 3 17:07 config.json
6-rw-r--r-- 1 root root 9243256 Jan 1 08:00 geoip.dat
7-rw-r--r-- 1 root root 1161963 Jan 1 08:00 geosite.dat
8-rw-r--r-- 1 root root 16725 Jan 1 08:00 LICENSE
9-rw-r--r-- 1 root root 3613 Jan 1 08:00 README.md
10-rwxr-xr-x 1 root root 20606976 Jan 1 08:00 xray
- 使用 vim 或者 vscode 等编辑器配置 config.json 文件
1root@tokyo:~# cat /opt/xray/config.json
2{
3 "log": {
4 "access": "/var/log/xray/access.log",
5 "error": "/var/log/xray/error.log",
6 "loglevel": "warning",
7 "dnsLog": false
8 },
9 "inbounds": [
10 {
11 "port": 444, # 监听端口, 可根据喜好设定
12 "protocol": "vless",
13 "settings": {
14 "clients": [
15 {
16 "id": "your_uuid", # 你的uuid,由xray uuid命令生成
17 "flow": "xtls-rprx-direct",
18 "level": 0,
19 "email": "love@example.com"
20 }
21 ],
22 "decryption": "none",
23 "fallbacks": [
24 {
25 "dest": 80
26 }
27 ]
28 },
29 "streamSettings": {
30 "network": "tcp",
31 "security": "xtls",
32 "xtlsSettings": {
33 "alpn": [
34 "http/1.1"
35 ],
36 "certificates": [
37 {
38 "certificateFile": "/root/.acme.sh/mephisto.cc/fullchain.cer", # 改成你的证书
39 "keyFile": "/root/.acme.sh/mephisto.cc/mephisto.cc.key" # 改成你的key
40 }
41 ]
42 }
43 }
44 }
45 ],
46 "outbounds": [
47 {
48 "protocol": "freedom"
49 }
50 ]
51}
mephisto.cc 是我购买的域名,证书部分由 caddy2 自动搞定,找到证书地址填到上面对应行即可, 无域名的配置方式,请参考 xray 的相关文档
-
systemd 配置,不会操作的搜索学习下,结果如下
-
文件路径在这里/lib/systemd/system/xray.service
1root@tokyo:~# systemctl status xray.service 2xray.service - XRay Service 3 Loaded: loaded (/lib/systemd/system/xray.service; enabled; vendor preset: enabled) 4 Active: active (running) since Fri 2022-06-03 17:07:22 CST; 3h 18min ago 5 Docs: https://xtls.github.io/ 6Main PID: 2403220 (xray) 7 Tasks: 7 (limit: 1036) 8 Memory: 10.5M 9 CGroup: /system.slice/xray.service 10 └─2403220 /opt/xray/xray -config /opt/xray/config.json 11Jun 03 17:07:22 tokyo systemd[1]: Started XRay Service. 12Jun 03 17:07:22 tokyo xray[2403220]: Xray 1.5.6 (Xray, Penetrates Everything.) Custom (go1.18.2 linux/amd64) 13Jun 03 17:07:22 tokyo xray[2403220]: A unified platform for anti-censorship. 14Jun 03 17:07:22 tokyo xray[2403220]: 2022/06/03 17:07:22 [Info] infra/conf/serial: Reading config: /opt/xray/config.json -
配置内容
1root@tokyo:~# cat /lib/systemd/system/xray.service 2[Unit] 3Description=XRay Service 4Documentation=https://xtls.github.io/ 5After=network.target nss-lookup.target 6 7[Service] 8User=root 9CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 10AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 11NoNewPrivileges=true 12ExecStart=/opt/xray/xray -config /opt/xray/config.json 13Restart=on-failure 14RestartPreventExitStatus=23 15 16[Install] 17WantedBy=multi-user.target -
开机启动检查
1root@tokyo:~# systemctl is-enabled xray.service 2enabled -
进程监听状态确认, xray 的 444 端口已经开启监听,这个端口是上面配置的
1 root@tokyo:~# ss -lntp |grep xray 2 LISTEN 0 4096 *:444 *:* users:(("xray",pid=2403220,fd=3))
至此,服务端相关配置完成
-
3. 客户端配置,linux 命令行客户端配置, 和服务端相差不大,只是配置文件 config.json 内容不同
- 客户端配置结果
1➜ ~ ls -al /opt/xray
2 total 15381
3 drwxr-xr-x 2 root root 9 Jun 3 20:42 .
4 drwxr-xr-x 11 root root 11 Jun 3 13:12 ..
5 -rw-r--r-- 1 root root 3324 Jun 3 17:07 config.json
6 -rw-r--r-- 1 mephisto mephisto 9243256 Jan 1 08:00 geoip.dat
7 -rw-r--r-- 1 mephisto mephisto 1161963 Jan 1 08:00 geosite.dat
8 -rw-r--r-- 1 mephisto mephisto 16725 Jan 1 08:00 LICENSE
9 -rw-r--r-- 1 mephisto mephisto 3613 Jan 1 08:00 README.md
10 -rwxr-xr-x 1 mephisto mephisto 20606976 Jan 1 08:00 xray
11➜ ~ cat /opt/xray/config.json
12{
13 "log": {
14 "access": "/var/log//xray/access.log",
15 "error": "/var/log/xray/error.log",
16 "loglevel": "warning"
17 },
18 "dns": {
19 "servers": [
20 {
21 "address": "1.1.1.1",
22 "domains": [
23 "geosite:geolocation-!cn"
24 ]
25 },
26 {
27 "address": "223.5.5.5",
28 "domains": [
29 "geosite:cn"
30 ],
31 "expectIPs": [
32 "geoip:cn"
33 ]
34 },
35 {
36 "address": "114.114.114.114",
37 "domains": [
38 "geosite:cn"
39 ]
40 },
41 "localhost"
42 ]
43 },
44 "routing": {
45 "domainStrategy": "IPIfNonMatch",
46 "rules": [
47 {
48 "type": "field",
49 "domain": [
50 "geosite:category-ads-all"
51 ],
52 "outboundTag": "block"
53 },
54 {
55 "type": "field",
56 "domain": [
57 "geosite:cn"
58 ],
59 "outboundTag": "direct"
60 },
61 {
62 "type": "field",
63 "ip": [
64 "geoip:cn",
65 "geoip:private"
66 ],
67 "outboundTag": "direct"
68 },
69 {
70 "type": "field",
71 "domain": [
72 "geosite:geolocation-!cn"
73 ],
74 "outboundTag": "proxy"
75 },
76 {
77 "type": "field",
78 "ip": [
79 "223.5.5.5"
80 ],
81 "outboundTag": "direct"
82 }
83 ]
84 },
85 "inbounds": [
86 {
87 "tag": "socks-in",
88 "protocol": "socks", #socks代理
89 "listen": "127.0.0.1",
90 "port": 1080,
91 "settings": {
92 "udp": true
93 }
94 },
95 {
96 "tag": "http-in",
97 "protocol": "http", #http代理
98 "listen": "127.0.0.1",
99 "port": 1081
100 }
101 ],
102 "outbounds": [
103 {
104 "tag": "proxy",
105 "protocol": "vless",
106 "settings": {
107 "vnext": [
108 {
109 "address": "mephisto.cc", # 改成你的域名
110 "port": 444, # 服务端端口
111 "users": [
112 {
113 "id": "your_uuid", # 你的uuid
114 "flow": "xtls-rprx-direct",
115 "encryption": "none",
116 "level": 0
117 }
118 ]
119 }
120 ]
121 },
122 "streamSettings": {
123 "network": "tcp",
124 "security": "xtls",
125 "xtlsSettings": {
126 "serverName": "mephisto.cc", # 你的域名
127 "allowInsecure": true
128 }
129 }
130 },
131 {
132 "tag": "direct",
133 "protocol": "freedom"
134 },
135 {
136 "tag": "block",
137 "protocol": "blackhole"
138 }
139 ]
140}
routing 和 dns 部分看起来复杂,请查看 xray 的文档,普通用户都不需要怎么改动,翻墙够用了
验证是否符合预期
- 命令行 http 代理测试,it works!
1➜ ~ curl -I -x http://127.0.0.1:1081 https://google.com
2HTTP/1.1 200 Connection established
3
4HTTP/2 301
5location: https://www.google.com/
6content-type: text/html; charset=UTF-8
7date: Fri, 03 Jun 2022 12:55:40 GMT
8expires: Sun, 03 Jul 2022 12:55:40 GMT
9cache-control: public, max-age=2592000
10server: gws
11content-length: 220
12x-xss-protection: 0
13x-frame-options: SAMEORIGIN
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
- socks5 代理测试,也是能工作的
1➜ ~ curl -I -x socks5h://127.0.0.1:1080 https://www.google.com/
2HTTP/2 200
3content-type: text/html; charset=ISO-8859-1
4p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
5date: Fri, 03 Jun 2022 13:00:58 GMT
6server: gws
7x-xss-protection: 0
8x-frame-options: SAMEORIGIN
9expires: Fri, 03 Jun 2022 13:00:58 GMT
10cache-control: private
11set-cookie: 1P_JAR=2022-06-03-13; expires=Sun, 03-Jul-2022 13:00:58 GMT; path=/; domain=.google.com; Secure
12set-cookie: AEC=AakniGOSbutZGFxTDab9J5w5YK8ZVJWqiR-zynVkDi-b8Rof7f_LvLyFVJo; expires=Wed, 30-Nov-2022 13:00:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
13set-cookie: NID=511=idF0g6ZS2sbWz6Du7vKmvJj7pje-MC8xe0Fd8z3bCbGYAGKGiFVWBUflmIStvdfWPAKgsGd0q0jPD_pDbd-Er2XQpr-6-D7YhCi5RdauYLIRQiWR_9R1DXuqxhfcxiCmROOhv9OP3nkNkEQJmMjJmMEYKUdY0MyoIUi3rYChzGA; expires=Sat, 03-Dec-2022 13:00:58 GMT; path=/; domain=.google.com; HttpOnly
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
有人可能要问了,接下来怎么使用呢,操作很简单,我平时用两个浏览器,chrome 主力,firefox 配置上面的上述两种代理即可 setting/General/Network Settings/Settings/Manual proxy configration 下图所示
另外,Gnome 等桌面也有全局网络代理设置,chrome 和 firefox 有相关代理插件可用,终端里面也可以配置环境变量的方式使用,不一一列举。
最后,特别说明手机端 ios 去美区下载 Shadowrocket 也可以配置使用
最后修改于: Monday, August 28, 2023
版权申明:
- 未标注来源的内容全部为原创,未经授权请勿转载(因转载后排版往往错乱、内容不可控、无法持续更新等);
- 非营利为目的,演绎本博客任何内容,请以'原文出处'或者'参考链接'等方式给出本站相关网页地址(方便读者)。