Xray科學上網簡要
在中國大陸,科學上網的需求對於技術人員,或者特定人羣,始終是存在的。從最開始的 vpn 到 shadowsocks,再到 v2ray,最新的爲 xray,包括其它的,目的都是爲了自由訪問互聯網,獲取必要資訊。 本文介紹在 linux pc 環境下,命令行模式科學上網配置, 非 GUI 外部依賴少,不需要等其它軟件更新,即可獲得最新功能,mac 應該也可以類似操作,但 mac 軟件生態較好,一般下載對應的 app 安裝即可,不要手動配置。
1. 購買海外主機
建議日本/新加坡/美西,或者香港主機,看雲服務商,自己測試下速度,選速度快晚高峯不卡頓的
2. 服務端配置
- 去xray github 倉庫下載最新的平臺軟件包
- 解壓軟件包到自定義目錄, 我選擇的目錄爲/opt/xray, 如下所示,config.json 爲稍後創建的配置文件,其它 4 個爲壓縮包默認提供,無需更改
1root@tokyo:~# ls -al /opt/xray/
2total 40188
3drwxr-xr-x 2 root root 4096 Jun 3 17:07 .
4drwxr-xr-x 4 root root 4096 Jun 3 13:36 ..
5-rw-r--r-- 1 root root 1141 Jun 3 17:07 config.json
6-rw-r--r-- 1 root root 9243256 Jan 1 08:00 geoip.dat
7-rw-r--r-- 1 root root 1161963 Jan 1 08:00 geosite.dat
8-rw-r--r-- 1 root root 16725 Jan 1 08:00 LICENSE
9-rw-r--r-- 1 root root 3613 Jan 1 08:00 README.md
10-rwxr-xr-x 1 root root 20606976 Jan 1 08:00 xray
- 使用 vim 或者 vscode 等編輯器配置 config.json 文件
1root@tokyo:~# cat /opt/xray/config.json
2{
3 "log": {
4 "access": "/var/log/xray/access.log",
5 "error": "/var/log/xray/error.log",
6 "loglevel": "warning",
7 "dnsLog": false
8 },
9 "inbounds": [
10 {
11 "port": 444, # 監聽端口, 可根據喜好設定
12 "protocol": "vless",
13 "settings": {
14 "clients": [
15 {
16 "id": "your_uuid", # 你的uuid,由xray uuid命令生成
17 "flow": "xtls-rprx-direct",
18 "level": 0,
19 "email": "love@example.com"
20 }
21 ],
22 "decryption": "none",
23 "fallbacks": [
24 {
25 "dest": 80
26 }
27 ]
28 },
29 "streamSettings": {
30 "network": "tcp",
31 "security": "xtls",
32 "xtlsSettings": {
33 "alpn": [
34 "http/1.1"
35 ],
36 "certificates": [
37 {
38 "certificateFile": "/root/.acme.sh/mephisto.cc/fullchain.cer", # 改成你的證書
39 "keyFile": "/root/.acme.sh/mephisto.cc/mephisto.cc.key" # 改成你的key
40 }
41 ]
42 }
43 }
44 }
45 ],
46 "outbounds": [
47 {
48 "protocol": "freedom"
49 }
50 ]
51}
mephisto.cc 是我購買的域名,證書部分由 caddy2 自動搞定,找到證書地址填到上面對應行即可, 無域名的配置方式,請參考 xray 的相關文檔
-
systemd 配置,不會操作的搜索學習下,結果如下
-
文件路徑在這裏/lib/systemd/system/xray.service
1root@tokyo:~# systemctl status xray.service 2xray.service - XRay Service 3 Loaded: loaded (/lib/systemd/system/xray.service; enabled; vendor preset: enabled) 4 Active: active (running) since Fri 2022-06-03 17:07:22 CST; 3h 18min ago 5 Docs: https://xtls.github.io/ 6Main PID: 2403220 (xray) 7 Tasks: 7 (limit: 1036) 8 Memory: 10.5M 9 CGroup: /system.slice/xray.service 10 └─2403220 /opt/xray/xray -config /opt/xray/config.json 11Jun 03 17:07:22 tokyo systemd[1]: Started XRay Service. 12Jun 03 17:07:22 tokyo xray[2403220]: Xray 1.5.6 (Xray, Penetrates Everything.) Custom (go1.18.2 linux/amd64) 13Jun 03 17:07:22 tokyo xray[2403220]: A unified platform for anti-censorship. 14Jun 03 17:07:22 tokyo xray[2403220]: 2022/06/03 17:07:22 [Info] infra/conf/serial: Reading config: /opt/xray/config.json -
配置內容
1root@tokyo:~# cat /lib/systemd/system/xray.service 2[Unit] 3Description=XRay Service 4Documentation=https://xtls.github.io/ 5After=network.target nss-lookup.target 6 7[Service] 8User=root 9CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 10AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 11NoNewPrivileges=true 12ExecStart=/opt/xray/xray -config /opt/xray/config.json 13Restart=on-failure 14RestartPreventExitStatus=23 15 16[Install] 17WantedBy=multi-user.target -
開機啓動檢查
1root@tokyo:~# systemctl is-enabled xray.service 2enabled -
進程監聽狀態確認, xray 的 444 端口已經開啓監聽,這個端口是上面配置的
1 root@tokyo:~# ss -lntp |grep xray 2 LISTEN 0 4096 *:444 *:* users:(("xray",pid=2403220,fd=3))
至此,服務端相關配置完成
-
3. 客戶端配置,linux 命令行客戶端配置, 和服務端相差不大,只是配置文件 config.json 內容不同
- 客戶端配置結果
1➜ ~ ls -al /opt/xray
2 total 15381
3 drwxr-xr-x 2 root root 9 Jun 3 20:42 .
4 drwxr-xr-x 11 root root 11 Jun 3 13:12 ..
5 -rw-r--r-- 1 root root 3324 Jun 3 17:07 config.json
6 -rw-r--r-- 1 mephisto mephisto 9243256 Jan 1 08:00 geoip.dat
7 -rw-r--r-- 1 mephisto mephisto 1161963 Jan 1 08:00 geosite.dat
8 -rw-r--r-- 1 mephisto mephisto 16725 Jan 1 08:00 LICENSE
9 -rw-r--r-- 1 mephisto mephisto 3613 Jan 1 08:00 README.md
10 -rwxr-xr-x 1 mephisto mephisto 20606976 Jan 1 08:00 xray
11➜ ~ cat /opt/xray/config.json
12{
13 "log": {
14 "access": "/var/log//xray/access.log",
15 "error": "/var/log/xray/error.log",
16 "loglevel": "warning"
17 },
18 "dns": {
19 "servers": [
20 {
21 "address": "1.1.1.1",
22 "domains": [
23 "geosite:geolocation-!cn"
24 ]
25 },
26 {
27 "address": "223.5.5.5",
28 "domains": [
29 "geosite:cn"
30 ],
31 "expectIPs": [
32 "geoip:cn"
33 ]
34 },
35 {
36 "address": "114.114.114.114",
37 "domains": [
38 "geosite:cn"
39 ]
40 },
41 "localhost"
42 ]
43 },
44 "routing": {
45 "domainStrategy": "IPIfNonMatch",
46 "rules": [
47 {
48 "type": "field",
49 "domain": [
50 "geosite:category-ads-all"
51 ],
52 "outboundTag": "block"
53 },
54 {
55 "type": "field",
56 "domain": [
57 "geosite:cn"
58 ],
59 "outboundTag": "direct"
60 },
61 {
62 "type": "field",
63 "ip": [
64 "geoip:cn",
65 "geoip:private"
66 ],
67 "outboundTag": "direct"
68 },
69 {
70 "type": "field",
71 "domain": [
72 "geosite:geolocation-!cn"
73 ],
74 "outboundTag": "proxy"
75 },
76 {
77 "type": "field",
78 "ip": [
79 "223.5.5.5"
80 ],
81 "outboundTag": "direct"
82 }
83 ]
84 },
85 "inbounds": [
86 {
87 "tag": "socks-in",
88 "protocol": "socks", #socks代理
89 "listen": "127.0.0.1",
90 "port": 1080,
91 "settings": {
92 "udp": true
93 }
94 },
95 {
96 "tag": "http-in",
97 "protocol": "http", #http代理
98 "listen": "127.0.0.1",
99 "port": 1081
100 }
101 ],
102 "outbounds": [
103 {
104 "tag": "proxy",
105 "protocol": "vless",
106 "settings": {
107 "vnext": [
108 {
109 "address": "mephisto.cc", # 改成你的域名
110 "port": 444, # 服務端端口
111 "users": [
112 {
113 "id": "your_uuid", # 你的uuid
114 "flow": "xtls-rprx-direct",
115 "encryption": "none",
116 "level": 0
117 }
118 ]
119 }
120 ]
121 },
122 "streamSettings": {
123 "network": "tcp",
124 "security": "xtls",
125 "xtlsSettings": {
126 "serverName": "mephisto.cc", # 你的域名
127 "allowInsecure": true
128 }
129 }
130 },
131 {
132 "tag": "direct",
133 "protocol": "freedom"
134 },
135 {
136 "tag": "block",
137 "protocol": "blackhole"
138 }
139 ]
140}
routing 和 dns 部分看起來複雜,請查看 xray 的文檔,普通用戶都不需要怎麼改動,翻牆夠用了
驗證是否符合預期
- 命令行 http 代理測試,it works!
1➜ ~ curl -I -x http://127.0.0.1:1081 https://google.com
2HTTP/1.1 200 Connection established
3
4HTTP/2 301
5location: https://www.google.com/
6content-type: text/html; charset=UTF-8
7date: Fri, 03 Jun 2022 12:55:40 GMT
8expires: Sun, 03 Jul 2022 12:55:40 GMT
9cache-control: public, max-age=2592000
10server: gws
11content-length: 220
12x-xss-protection: 0
13x-frame-options: SAMEORIGIN
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
- socks5 代理測試,也是能工作的
1➜ ~ curl -I -x socks5h://127.0.0.1:1080 https://www.google.com/
2HTTP/2 200
3content-type: text/html; charset=ISO-8859-1
4p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
5date: Fri, 03 Jun 2022 13:00:58 GMT
6server: gws
7x-xss-protection: 0
8x-frame-options: SAMEORIGIN
9expires: Fri, 03 Jun 2022 13:00:58 GMT
10cache-control: private
11set-cookie: 1P_JAR=2022-06-03-13; expires=Sun, 03-Jul-2022 13:00:58 GMT; path=/; domain=.google.com; Secure
12set-cookie: AEC=AakniGOSbutZGFxTDab9J5w5YK8ZVJWqiR-zynVkDi-b8Rof7f_LvLyFVJo; expires=Wed, 30-Nov-2022 13:00:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
13set-cookie: NID=511=idF0g6ZS2sbWz6Du7vKmvJj7pje-MC8xe0Fd8z3bCbGYAGKGiFVWBUflmIStvdfWPAKgsGd0q0jPD_pDbd-Er2XQpr-6-D7YhCi5RdauYLIRQiWR_9R1DXuqxhfcxiCmROOhv9OP3nkNkEQJmMjJmMEYKUdY0MyoIUi3rYChzGA; expires=Sat, 03-Dec-2022 13:00:58 GMT; path=/; domain=.google.com; HttpOnly
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
有人可能要問了,接下來怎麼使用呢,操作很簡單,我平時用兩個瀏覽器,chrome 主力,firefox 配置上面的上述兩種代理即可 setting/General/Network Settings/Settings/Manual proxy configration 下圖所示
另外,Gnome 等桌面也有全局網絡代理設置,chrome 和 firefox 有相關代理插件可用,終端裏面也可以配置環境變量的方式使用,不一一列舉。
最後,特別說明手機端 ios 去美區下載 Shadowrocket 也可以配置使用
最後修改於: Monday, August 28, 2023
版權申明:
- 未標註來源的內容皆為原創,未經授權請勿轉載(因轉載後排版往往錯亂、內容不可控、無法持續更新等);
- 非營利為目的,演繹本博客任何內容,請以'原文出處'或者'參考鏈接'等方式給出本站相關網頁地址(方便讀者)。