Xray科學上網簡要

在中國大陸,科學上網的需求對於技術人員,或者特定人羣,始終是存在的。從最開始的 vpn 到 shadowsocks,再到 v2ray,最新的爲 xray,包括其它的,目的都是爲了自由訪問互聯網,獲取必要資訊。 本文介紹在 linux pc 環境下,命令行模式科學上網配置, 非 GUI 外部依賴少,不需要等其它軟件更新,即可獲得最新功能,mac 應該也可以類似操作,但 mac 軟件生態較好,一般下載對應的 app 安裝即可,不要手動配置。

1. 購買海外主機

建議日本/新加坡/美西,或者香港主機,看雲服務商,自己測試下速度,選速度快晚高峯不卡頓的

2. 服務端配置

  • xray github 倉庫下載最新的平臺軟件包
  • 解壓軟件包到自定義目錄, 我選擇的目錄爲/opt/xray, 如下所示,config.json 爲稍後創建的配置文件,其它 4 個爲壓縮包默認提供,無需更改
 1root@tokyo:~# ls -al /opt/xray/
 2total 40188
 3drwxr-xr-x 2 root root     4096 Jun  3 17:07 .
 4drwxr-xr-x 4 root root     4096 Jun  3 13:36 ..
 5-rw-r--r-- 1 root root     1141 Jun  3 17:07 config.json
 6-rw-r--r-- 1 root root  9243256 Jan  1 08:00 geoip.dat
 7-rw-r--r-- 1 root root  1161963 Jan  1 08:00 geosite.dat
 8-rw-r--r-- 1 root root    16725 Jan  1 08:00 LICENSE
 9-rw-r--r-- 1 root root     3613 Jan  1 08:00 README.md
10-rwxr-xr-x 1 root root 20606976 Jan  1 08:00 xray
  • 使用 vim 或者 vscode 等編輯器配置 config.json 文件
 1root@tokyo:~# cat /opt/xray/config.json
 2{
 3    "log": {
 4    "access": "/var/log/xray/access.log",
 5    "error": "/var/log/xray/error.log",
 6    "loglevel": "warning",
 7    "dnsLog": false
 8    },
 9    "inbounds": [
10    {
11        "port": 444,     # 監聽端口, 可根據喜好設定
12        "protocol": "vless",
13        "settings": {
14        "clients": [
15            {
16            "id": "your_uuid", # 你的uuid,由xray uuid命令生成
17            "flow": "xtls-rprx-direct",
18            "level": 0,
19            "email": "[email protected]"
20            }
21        ],
22        "decryption": "none",
23        "fallbacks": [
24            {
25            "dest": 80
26            }
27        ]
28        },
29        "streamSettings": {
30        "network": "tcp",
31        "security": "xtls",
32        "xtlsSettings": {
33            "alpn": [
34            "http/1.1"
35            ],
36            "certificates": [
37            {
38                "certificateFile": "/root/.acme.sh/mephisto.cc/fullchain.cer",   # 改成你的證書
39                "keyFile": "/root/.acme.sh/mephisto.cc/mephisto.cc.key"  # 改成你的key
40            }
41            ]
42        }
43        }
44    }
45    ],
46    "outbounds": [
47    {
48        "protocol": "freedom"
49    }
50    ]
51}

mephisto.cc 是我購買的域名,證書部分由 caddy2 自動搞定,找到證書地址填到上面對應行即可, 無域名的配置方式,請參考 xray 的相關文檔

  • systemd 配置,不會操作的搜索學習下,結果如下

    • 文件路徑在這裏/lib/systemd/system/xray.service

       1root@tokyo:~# systemctl status xray.service
       2xray.service - XRay Service
       3    Loaded: loaded (/lib/systemd/system/xray.service; enabled; vendor preset: enabled)
       4    Active: active (running) since Fri 2022-06-03 17:07:22 CST; 3h 18min ago
       5    Docs: https://xtls.github.io/
       6Main PID: 2403220 (xray)
       7    Tasks: 7 (limit: 1036)
       8    Memory: 10.5M
       9    CGroup: /system.slice/xray.service
      10            └─2403220 /opt/xray/xray -config /opt/xray/config.json
      11Jun 03 17:07:22 tokyo systemd[1]: Started XRay Service.
      12Jun 03 17:07:22 tokyo xray[2403220]: Xray 1.5.6 (Xray, Penetrates Everything.) Custom (go1.18.2 linux/amd64)
      13Jun 03 17:07:22 tokyo xray[2403220]: A unified platform for anti-censorship.
      14Jun 03 17:07:22 tokyo xray[2403220]: 2022/06/03 17:07:22 [Info] infra/conf/serial: Reading config: /opt/xray/config.json
      
    • 配置內容

       1root@tokyo:~# cat /lib/systemd/system/xray.service
       2[Unit]
       3Description=XRay Service
       4Documentation=https://xtls.github.io/
       5After=network.target nss-lookup.target
       6
       7[Service]
       8User=root
       9CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
      10AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
      11NoNewPrivileges=true
      12ExecStart=/opt/xray/xray -config /opt/xray/config.json
      13Restart=on-failure
      14RestartPreventExitStatus=23
      15
      16[Install]
      17WantedBy=multi-user.target
      
    • 開機啓動檢查

      1root@tokyo:~# systemctl is-enabled xray.service
      2enabled
      
    • 進程監聽狀態確認, xray 的 444 端口已經開啓監聽,這個端口是上面配置的

      1    root@tokyo:~# ss -lntp |grep xray
      2    LISTEN 0      4096               *:444             *:*    users:(("xray",pid=2403220,fd=3))
      

    至此,服務端相關配置完成

3. 客戶端配置,linux 命令行客戶端配置, 和服務端相差不大,只是配置文件 config.json 內容不同

  • 客戶端配置結果
  1➜  ~ ls -al /opt/xray
  2    total 15381
  3    drwxr-xr-x  2 root     root            9 Jun  3 20:42 .
  4    drwxr-xr-x 11 root     root           11 Jun  3 13:12 ..
  5    -rw-r--r--  1 root     root         3324 Jun  3 17:07 config.json
  6    -rw-r--r--  1 mephisto mephisto  9243256 Jan  1 08:00 geoip.dat
  7    -rw-r--r--  1 mephisto mephisto  1161963 Jan  1 08:00 geosite.dat
  8    -rw-r--r--  1 mephisto mephisto    16725 Jan  1 08:00 LICENSE
  9    -rw-r--r--  1 mephisto mephisto     3613 Jan  1 08:00 README.md
 10    -rwxr-xr-x  1 mephisto mephisto 20606976 Jan  1 08:00 xray
 11➜  ~ cat /opt/xray/config.json
 12{
 13    "log": {
 14        "access": "/var/log//xray/access.log",
 15        "error": "/var/log/xray/error.log",
 16        "loglevel": "warning"
 17    },
 18    "dns": {
 19        "servers": [
 20            {
 21                "address": "1.1.1.1",
 22                "domains": [
 23                    "geosite:geolocation-!cn"
 24                ]
 25            },
 26            {
 27                "address": "223.5.5.5",
 28                "domains": [
 29                    "geosite:cn"
 30                ],
 31                "expectIPs": [
 32                    "geoip:cn"
 33                ]
 34            },
 35            {
 36                "address": "114.114.114.114",
 37                "domains": [
 38                    "geosite:cn"
 39                ]
 40            },
 41            "localhost"
 42        ]
 43    },
 44    "routing": {
 45        "domainStrategy": "IPIfNonMatch",
 46        "rules": [
 47            {
 48                "type": "field",
 49                "domain": [
 50                    "geosite:category-ads-all"
 51                ],
 52                "outboundTag": "block"
 53            },
 54            {
 55                "type": "field",
 56                "domain": [
 57                    "geosite:cn"
 58                ],
 59                "outboundTag": "direct"
 60            },
 61            {
 62                "type": "field",
 63                "ip": [
 64                    "geoip:cn",
 65                    "geoip:private"
 66                ],
 67                "outboundTag": "direct"
 68            },
 69            {
 70                "type": "field",
 71                "domain": [
 72                    "geosite:geolocation-!cn"
 73                ],
 74                "outboundTag": "proxy"
 75            },
 76            {
 77                "type": "field",
 78                "ip": [
 79                    "223.5.5.5"
 80                ],
 81                "outboundTag": "direct"
 82            }
 83        ]
 84    },
 85    "inbounds": [
 86        {
 87            "tag": "socks-in",
 88            "protocol": "socks",   #socks代理
 89            "listen": "127.0.0.1",
 90            "port": 1080,
 91            "settings": {
 92                "udp": true
 93            }
 94        },
 95        {
 96            "tag": "http-in",
 97            "protocol": "http",    #http代理
 98            "listen": "127.0.0.1",
 99            "port": 1081
100        }
101    ],
102    "outbounds": [
103        {
104            "tag": "proxy",
105            "protocol": "vless",
106            "settings": {
107                "vnext": [
108                    {
109                        "address": "mephisto.cc", # 改成你的域名
110                        "port": 444,  # 服務端端口
111                        "users": [
112                            {
113                                "id": "your_uuid",  # 你的uuid
114                                "flow": "xtls-rprx-direct",
115                                "encryption": "none",
116                                "level": 0
117                            }
118                        ]
119                    }
120                ]
121            },
122            "streamSettings": {
123                "network": "tcp",
124                "security": "xtls",
125                "xtlsSettings": {
126                    "serverName": "mephisto.cc", # 你的域名
127                    "allowInsecure": true
128                }
129            }
130        },
131        {
132            "tag": "direct",
133            "protocol": "freedom"
134        },
135        {
136            "tag": "block",
137            "protocol": "blackhole"
138        }
139    ]
140}

routing 和 dns 部分看起來複雜,請查看 xray 的文檔,普通用戶都不需要怎麼改動,翻牆夠用了

驗證是否符合預期

  • 命令行 http 代理測試,it works!
 1➜  ~ curl -I -x http://127.0.0.1:1081 https://google.com
 2HTTP/1.1 200 Connection established
 3
 4HTTP/2 301
 5location: https://www.google.com/
 6content-type: text/html; charset=UTF-8
 7date: Fri, 03 Jun 2022 12:55:40 GMT
 8expires: Sun, 03 Jul 2022 12:55:40 GMT
 9cache-control: public, max-age=2592000
10server: gws
11content-length: 220
12x-xss-protection: 0
13x-frame-options: SAMEORIGIN
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
  • socks5 代理測試,也是能工作的
 1➜  ~ curl -I -x socks5h://127.0.0.1:1080 https://www.google.com/
 2HTTP/2 200
 3content-type: text/html; charset=ISO-8859-1
 4p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
 5date: Fri, 03 Jun 2022 13:00:58 GMT
 6server: gws
 7x-xss-protection: 0
 8x-frame-options: SAMEORIGIN
 9expires: Fri, 03 Jun 2022 13:00:58 GMT
10cache-control: private
11set-cookie: 1P_JAR=2022-06-03-13; expires=Sun, 03-Jul-2022 13:00:58 GMT; path=/; domain=.google.com; Secure
12set-cookie: AEC=AakniGOSbutZGFxTDab9J5w5YK8ZVJWqiR-zynVkDi-b8Rof7f_LvLyFVJo; expires=Wed, 30-Nov-2022 13:00:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
13set-cookie: NID=511=idF0g6ZS2sbWz6Du7vKmvJj7pje-MC8xe0Fd8z3bCbGYAGKGiFVWBUflmIStvdfWPAKgsGd0q0jPD_pDbd-Er2XQpr-6-D7YhCi5RdauYLIRQiWR_9R1DXuqxhfcxiCmROOhv9OP3nkNkEQJmMjJmMEYKUdY0MyoIUi3rYChzGA; expires=Sat, 03-Dec-2022 13:00:58 GMT; path=/; domain=.google.com; HttpOnly
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

有人可能要問了,接下來怎麼使用呢,操作很簡單,我平時用兩個瀏覽器,chrome 主力,firefox 配置上面的上述兩種代理即可 setting/General/Network Settings/Settings/Manual proxy configration 下圖所示

firefox proxy

另外,Gnome 等桌面也有全局網絡代理設置,chrome 和 firefox 有相關代理插件可用,終端裏面也可以配置環境變量的方式使用,不一一列舉。

最後,特別說明手機端 ios 去美區下載 Shadowrocket 也可以配置使用

最後修改於: Monday, August 28, 2023

相關文章:

翻譯: