提前准备:一个正常解析到要搭建的服务器的域名
一台ip正常的服务器,默认为debian系统,默认为root权限用户
安装xray
这里使用官方的一键脚本安装
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install安装nano
sudo apt install nano申请域名证书
这里用acme80端口申请证书,请注意端口占用以及开放防火墙
安装acme
curl https://get.acme.sh | sh
source ~/.bashrc安装socat
sudo apt install socat注册zerlssl账户
acme.sh --register-account -m 邮箱Standalone申请证书,请自行替换域名字样
acme.sh --issue --standalone -d 域名移动证书文件
mkdir ~/xray_certacme.sh --install-cert -d csb.16283684.xyz --ecc \
--fullchain-file ~/xray_cert/xray.crt \
--key-file ~/xray_cert/xray.keychmod +r ~/xray_cert/xray.key修改权限
sudo nano /etc/systemd/system/xray.service注释掉User=nobody
[Service]
# User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000编辑配置文件
生成uuid
cd /usr/local/bin/进入配置文件
nano /usr/local/etc/xray/config.json{
"inbounds": [
{
"sniffing": {// 这一块是流量探测
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
},
"port": 443,
"listen": "0.0.0.0",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "UUID" // 这里填写uuid
}
],
"decryption": "none"
},
"streamSettings": {
"network": "splithttp",
"security": "tls",
"splithttpSettings": {
"path": "/splithttp", // 随机path路径
"host": "example.com" // 填写你的域名
},
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.3",
"alpn": [
"h3" // 如果要与CDN一起使用,则需要将alpn更改为[“h2”,“http/1.1”]。
],
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "/root/xray_cert/xray.crt", // 证书链
"keyFile": "/root/xray_cert/xray.key" // 证书私钥路径
}
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom"
}
]
}
ctrl+o然后回车保存,ctrl+x退出
启动xray
sudo systemctl start xray检查运行状态
sudo systemctl status xray关闭xray
sudo systemctl stop xray