Xray科學上網簡要
在中國大陸,科學上網的需求對於技術人員,或者特定人羣,始終是存在的。從最開始的vpn到shadowsocks,再到v2ray,最新的爲xray,包括其它的,目的都是爲了自由訪問互聯網,獲取必要資訊。 本文介紹在linux pc環境下,命令行模式科學上網配置, 非GUI外部依賴少,不需要等其它軟件更新,即可獲得最新功能,mac應該也可以類似操作,但mac軟件生態較好,一般下載對應的app安裝即可,不要手動配置。
1. 購買海外主機
建議日本/新加坡/美西,或者香港主機,看雲服務商,自己測試下速度,選速度快晚高峯不卡頓的
2. 服務端配置
-
去xray github倉庫下載最新的平臺軟件包
-
解壓軟件包到自定義目錄, 我選擇的目錄爲/opt/xray, 如下所示,config.json爲稍後創建的配置文件,其它4個爲壓縮包默認提供,無需更改
[email protected]:~# ls -al /opt/xray/ total 40188 drwxr-xr-x 2 root root 4096 Jun 3 17:07 . drwxr-xr-x 4 root root 4096 Jun 3 13:36 .. -rw-r--r-- 1 root root 1141 Jun 3 17:07 config.json -rw-r--r-- 1 root root 9243256 Jan 1 08:00 geoip.dat -rw-r--r-- 1 root root 1161963 Jan 1 08:00 geosite.dat -rw-r--r-- 1 root root 16725 Jan 1 08:00 LICENSE -rw-r--r-- 1 root root 3613 Jan 1 08:00 README.md -rwxr-xr-x 1 root root 20606976 Jan 1 08:00 xray -
使用 vim或者vscode等編輯器配置config.json文件
[email protected]:~# cat /opt/xray/config.json { "log": { "access": "/var/log/xray/access.log", "error": "/var/log/xray/error.log", "loglevel": "warning", "dnsLog": false }, "inbounds": [ { "port": 444, # 監聽端口, 可根據喜好設定 "protocol": "vless", "settings": { "clients": [ { "id": "your_uuid", # 你的uuid,由xray uuid命令生成 "flow": "xtls-rprx-direct", "level": 0, "email": "[email protected]" } ], "decryption": "none", "fallbacks": [ { "dest": 80 } ] }, "streamSettings": { "network": "tcp", "security": "xtls", "xtlsSettings": { "alpn": [ "http/1.1" ], "certificates": [ { "certificateFile": "/root/.acme.sh/mephisto.cc/fullchain.cer", # 改成你的證書 "keyFile": "/root/.acme.sh/mephisto.cc/mephisto.cc.key" # 改成你的key } ] } } } ], "outbounds": [ { "protocol": "freedom" } ] }mephisto.cc是我購買的域名,證書部分由caddy2自動搞定,找到證書地址填到上面對應行即可, 無域名的配置方式,請參考xray的相關文檔
-
systemd配置,不會操作的搜索學習下,結果如下
-
文件路徑在這裏/lib/systemd/system/xray.service
[email protected]:~# systemctl status xray.service xray.service - XRay Service Loaded: loaded (/lib/systemd/system/xray.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-06-03 17:07:22 CST; 3h 18min ago Docs: https://xtls.github.io/ Main PID: 2403220 (xray) Tasks: 7 (limit: 1036) Memory: 10.5M CGroup: /system.slice/xray.service └─2403220 /opt/xray/xray -config /opt/xray/config.json Jun 03 17:07:22 tokyo systemd[1]: Started XRay Service. Jun 03 17:07:22 tokyo xray[2403220]: Xray 1.5.6 (Xray, Penetrates Everything.) Custom (go1.18.2 linux/amd64) Jun 03 17:07:22 tokyo xray[2403220]: A unified platform for anti-censorship. Jun 03 17:07:22 tokyo xray[2403220]: 2022/06/03 17:07:22 [Info] infra/conf/serial: Reading config: /opt/xray/config.json -
配置內容
[email protected]:~# cat /lib/systemd/system/xray.service [Unit] Description=XRay Service Documentation=https://xtls.github.io/ After=network.target nss-lookup.target [Service] User=root CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/opt/xray/xray -config /opt/xray/config.json Restart=on-failure RestartPreventExitStatus=23 [Install] WantedBy=multi-user.target -
開機啓動檢查
[email protected]:~# systemctl is-enabled xray.service enabled
-
-
進程監聽狀態確認, xray的444端口已經開啓監聽,這個端口是上面配置的
[email protected]:~# ss -lntp |grep xray LISTEN 0 4096 *:444 *:* users:(("xray",pid=2403220,fd=3))
至此,服務端相關配置完成
3. 客戶端配置,linux命令行客戶端配置, 和服務端相差不大,只是配置文件config.json 內容不同
-
客戶端配置結果
➜ ~ ls -al /opt/xray total 15381 drwxr-xr-x 2 root root 9 Jun 3 20:42 . drwxr-xr-x 11 root root 11 Jun 3 13:12 .. -rw-r--r-- 1 root root 3324 Jun 3 17:07 config.json -rw-r--r-- 1 mephisto mephisto 9243256 Jan 1 08:00 geoip.dat -rw-r--r-- 1 mephisto mephisto 1161963 Jan 1 08:00 geosite.dat -rw-r--r-- 1 mephisto mephisto 16725 Jan 1 08:00 LICENSE -rw-r--r-- 1 mephisto mephisto 3613 Jan 1 08:00 README.md -rwxr-xr-x 1 mephisto mephisto 20606976 Jan 1 08:00 xray ➜ ~ cat /opt/xray/config.json { "log": { "access": "/var/log//xray/access.log", "error": "/var/log/xray/error.log", "loglevel": "warning" }, "dns": { "servers": [ { "address": "1.1.1.1", "domains": [ "geosite:geolocation-!cn" ] }, { "address": "223.5.5.5", "domains": [ "geosite:cn" ], "expectIPs": [ "geoip:cn" ] }, { "address": "114.114.114.114", "domains": [ "geosite:cn" ] }, "localhost" ] }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" }, { "type": "field", "ip": [ "geoip:cn", "geoip:private" ], "outboundTag": "direct" }, { "type": "field", "domain": [ "geosite:geolocation-!cn" ], "outboundTag": "proxy" }, { "type": "field", "ip": [ "223.5.5.5" ], "outboundTag": "direct" } ] }, "inbounds": [ { "tag": "socks-in", "protocol": "socks", #socks代理 "listen": "127.0.0.1", "port": 1080, "settings": { "udp": true } }, { "tag": "http-in", "protocol": "http", #http代理 "listen": "127.0.0.1", "port": 1081 } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "vnext": [ { "address": "mephisto.cc", # 改成你的域名 "port": 444, # 服務端端口 "users": [ { "id": "your_uuid", # 你的uuid "flow": "xtls-rprx-direct", "encryption": "none", "level": 0 } ] } ] }, "streamSettings": { "network": "tcp", "security": "xtls", "xtlsSettings": { "serverName": "mephisto.cc", # 你的域名 "allowInsecure": true } } }, { "tag": "direct", "protocol": "freedom" }, { "tag": "block", "protocol": "blackhole" } ] }
routing 和 dns部分看起來複雜,請查看xray的文檔,普通用戶都不需要怎麼改動,翻牆夠用了
驗證是否符合預期
-
命令行http代理測試,it works!
➜ ~ curl -I -x http://127.0.0.1:1081 https://google.com HTTP/1.1 200 Connection established HTTP/2 301 location: https://www.google.com/ content-type: text/html; charset=UTF-8 date: Fri, 03 Jun 2022 12:55:40 GMT expires: Sun, 03 Jul 2022 12:55:40 GMT cache-control: public, max-age=2592000 server: gws content-length: 220 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" -
socks5代理測試,也是能工作的
➜ ~ curl -I -x socks5h://127.0.0.1:1080 https://www.google.com/ HTTP/2 200 content-type: text/html; charset=ISO-8859-1 p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." date: Fri, 03 Jun 2022 13:00:58 GMT server: gws x-xss-protection: 0 x-frame-options: SAMEORIGIN expires: Fri, 03 Jun 2022 13:00:58 GMT cache-control: private set-cookie: 1P_JAR=2022-06-03-13; expires=Sun, 03-Jul-2022 13:00:58 GMT; path=/; domain=.google.com; Secure set-cookie: AEC=AakniGOSbutZGFxTDab9J5w5YK8ZVJWqiR-zynVkDi-b8Rof7f_LvLyFVJo; expires=Wed, 30-Nov-2022 13:00:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax set-cookie: NID=511=idF0g6ZS2sbWz6Du7vKmvJj7pje-MC8xe0Fd8z3bCbGYAGKGiFVWBUflmIStvdfWPAKgsGd0q0jPD_pDbd-Er2XQpr-6-D7YhCi5RdauYLIRQiWR_9R1DXuqxhfcxiCmROOhv9OP3nkNkEQJmMjJmMEYKUdY0MyoIUi3rYChzGA; expires=Sat, 03-Dec-2022 13:00:58 GMT; path=/; domain=.google.com; HttpOnly alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
有人可能要問了,接下來怎麼使用呢,操作很簡單,我平時用兩個瀏覽器,chrome主力,firefox配置上面的上述兩種代理即可 setting/General/Network Settings/Settings/Manual proxy configration 下圖所示
另外,Gnome等桌面也有全局網絡代理設置,chrome和firefox有相關代理插件可用,終端裏面也可以配置環境變量的方式使用,不一一列舉。
最後,特別說明手機端ios去美區下載Shadowrocket也可以配置使用