上了30权限,防止被搜索引擎抓取。v2+nginx+ws+ssl with warp socks5
对动手能力有一定要求,懂得都懂,不懂的就用一键安装(https://p3terx.com/archives/cloudflare-warp-configuration-script.html)。p3一键版借助了第三方写的wgcf,我这里的手动版使用cf官方的warp-cli,纯粹是因为我不想用别人的一键包安装第三方的东西。核心是通过warp提供一个127.0.0.1:40000的socks5代替,让v2的outbound走这个代理,从而绕过原始IP的封锁,比如被谷歌加了人机验证。系统还是一贯的debian 11 amd64位。
1. 安装warp
# 安装依赖和软件源
apt install gnupg
curl https://pkg.cloudflareclient.com/pubkey.gpg | gpg –yes –dearmor –output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
echo ‘deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ bullseye main’ | tee /etc/apt/sources.list.d/cloudflare-client.list
# 安装cloudflare-warp
apt update
apt install cloudflare-warp
warp-cli register # 注册一下,输入Y同意即可
warp-cli set-mode proxy # 设置socks5代理,默认是127.0.0.1:40000
warp-cli connect # 开启warp
warp-cli enable-always-on # 设置开机自启warp
warp-cli settings # 检查一下设置
2. nginx和v2的安装和配置
#安装nginx和v2,debian 11都自带
apt install nginx “v-2-r-a-y”
systemctl stop nginx
systemctl stop “v-2-r-a-y”
#配置nginx
rm /etc/nginx/sites-enabled/default
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/your.domain.com
# 修改/etc/nginx/sites-available/you.domain.com,具体见末尾配置文件
ln -s /etc/nginx/sites-available/san.4438022.xyz /etc/nginx/sites-enabled/ # 软连接一下,让nginx认识配置文件
#如果systemctl status nginx显示nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument,则执行下面
mkdir /etc/systemd/system/nginx.service.d
printf "[Service]nExecStartPost=/bin/sleep 0.1n" > /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload
systemctl restart nginx
#安装ssl,用的let’s encrypt
apt -y install snapd
snap install core
snap install –classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot –nginx #之后按照提示来就好了,自动续期ssl证书,不用管
#配置v2
修改配置文件,内容见末尾,自己修改路径/path和id
systemctl restart “v-2-r-a-y” # 重启“v-2-r-a-y”
————————————-
nginx 配置文件
server_name your.domain.com;
location /panel {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
if ($http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Show real IP in “v-2-r-a-y” access.log
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
v2 配置文件
{
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "faf6b402-4001-4139-8b4f-7c27bc0b21ec",
"alterId": 0
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/path"
}
}
}
],
"outbounds": [
{
"tag": "warp",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "127.0.0.1",
"port": 40000,
"users": []
}
]
}
}
]
}
PS:建议加一个robots.txt和自定义的404.html |
嘟嘟社区