推荐使用一键脚本(七合一共存脚本+伪装博客)

  • VLESS+TCP+TLS
  • VLESS+TCP+xtls-rprx-origin
  • VLESS+TCP+xtls-rprx-direct【推荐】
  • VLESS+WS+TLS
  • VMess+TCP+TLS
  • VMess+WS+TLS
  • Trojan【推荐】
  • Trojan-Go+WS
wget -N --no-check-certificate "https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh" && chmod 700 /root/install.sh && /root/install.sh

作者链接

手动搭建lnmp+wordpress+v2ray(多合一)

如果需要搭建博客又需要v2ray,那么就需要手动搭建

安装lnmp+wordpress

参考教程

给Nginx添加模块

为了能够实现VLESS + 多 HTTPS 站点共存,复用 443 端口,ngixn需要添加两个模块stream_ssl_preread_modulehttp_realip_module

使用lnmp的话,修改lnmp.conf配置文件(/root/lnmp1.7/lnmp.conf)

Nginx_Modules_Options='--with-stream_ssl_preread_module --with-http_realip_module'
cd /root/lnmp1.7&&./upgrade.sh nginx

再输入当前版本即可

安装v2ray

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

安装最新发行的 geoip.dat 和 geosite.dat

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)

移除 V2Ray

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove

参考文章

注意事项

  • 权限不足:v2ray不以root权限运行,所以别把证书放在root目录下面,另外把证书权限都设置成644

v2ray的七合一配置文件

{
  "log": {
    "loglevel": "debug"
  },
  "inbounds": [
    {
      "port": 350,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "c9937035-18c1-b6a8-7827-6a5ff4b1d4da",
            "add": "domain08.qiu4.ml",
            "flow":"xtls-rprx-origin",
            "email": "bananatest.top_VLESS_XTLS/TLS-origin_TCP"
          },
          {
            "id": "6ec1b3c0-3faa-b9de-b0e6-7cc0f4255064",
            "flow":"xtls-rprx-direct",
            "email": "bananatest.top_VLESS_XTLS/TLS-direct_TCP"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "dest": 81
            "xver": 0
          },
          {
            "path": "/banana",
            "dest": 31299,
            "xver": 1
          },
          {
            "path": "/bananatcp",
            "dest": 31298,
            "xver": 1
          },
          {
            "path": "/bananaws",
            "dest": 31297,
            "xver": 1
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
          "alpn": [
            "http/1.1"
          ],
          "certificates": [
            {
              "certificateFile": "/usr/ssl/bananatest.top.fullchain.cer",
              "keyFile": "/usr/ssl/bananatest.top.key"
            }
          ]
        }
      }
    },
    {
      "port": 31299,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "c9937035-18c1-b6a8-7827-6a5ff4b1d4da",
            "alterId": 1,
            "level": 0,
            "email": "bananatest.top_vmess_ws"
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "acceptProxyProtocol": true,
          "path": "/banana"
        }
      }
    },
    {
      "port": 31298,
      "listen": "127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "c9937035-18c1-b6a8-7827-6a5ff4b1d4da",
            "level": 0,
            "alterId": 1,
            "email": "bananatest.top_vmess_tcp"
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "none",
        "tcpSettings": {
          "acceptProxyProtocol": true,
          "header": {
            "type": "http",
            "request": {
              "path": [
                "/bananatcp"
              ]
            }
          }
        }
      }
    },
    {
      "port": 31297,
      "listen": "127.0.0.1",
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "c9937035-18c1-b6a8-7827-6a5ff4b1d4da",
            "level": 0,
            "email": "bananatest.top_vless_ws"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "acceptProxyProtocol": true,
          "path": "/bananaws"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIPv4"
      }
    }
  ],
  "dns": {
    "servers": [
      "74.82.42.42",
      "8.8.8.8",
      "8.8.4.4",
      "1.1.1.1",
      "localhost"
    ]
  }
}

Nginx配置

在主配置文件nginx.conf的eventshttp之间插入stream_ssl_preread模块

stream {
  map ssl_preread_server_namename {
    v2.exp.com(域名) vless;
    1.exp.com(域名) https1;
    2.exp.com(域名) https2;
  }
  upstream vless {
    server 127.0.0.1:350; #vless服务端
  }
  upstream https1 {
    server 127.0.0.1:352; #https网站1端口
  }
  upstream https2 {
    server 127.0.0.1:353; #https网站2端口
  }  
  server {
    listen 443 reuseport;
    listen [::]:443 reuseport;
    proxy_pass  $name;
    ssl_preread on; #开启 ssl_preread
  }
}

额外添加的nginx配置(回落端口)

server {
                listen 81;
                server_name v2.bananatest.top;
                root  /usr/local/nginx/conf/html;##伪装博客——https://raw.githubusercontent.com/mack-a/v2ray-agent/master/fodder/blog/unable/html.zip
}
server {
                listen 80;
                server_name v2.bananatest.top;
                return 301 https://v2.bananatest.top;
}
server {
                listen 80;
                server_name bananatest.top;
                return 301 https://bananatest.top;
}
server
    {
        listen 352 ssl;
        server_name bananatest.top;##你的域名
        ssl_certificate  /usr/ssl/bananatest.top.fullchain.cer;  ##证书位置
        ssl_certificate_key /usr/ssl/bananatest.top.key;         ##证书位置
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        index index.html index.htm index.php;
        root  /home/wwwroot/default;
        #set_real_ip_from 127.0.0.1;
        #real_ip_header proxy_protocol;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php { deny all; }

        include enable-php.conf;

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf){
            expires      30d;
        }

        location ~ .*\.(js|css)?
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/access.log;
    }

注意事项

  • 回落端口(81)不需要开启SSL就可以支持 HTTPS 访问
  • 端和客户端核心需要一致,不然会导致连接不上