Xray + xtls-rprx-vision + caddy 安装配置与部署初尝试

Post Views: 1,309

原创文章，转载请注明出处
https://qiedd.com/

众所周知，Caddy 可以自动申请证书，因此只要复用此证书，我就可以丢掉烦人的 acme.sh

安装 Caddy

Arch Linux

# xcaddy 在 aur 源
yay -Sy caddy xcaddy-bin go

其他发行版

go 安装: https://go.dev/doc/install
Caddy 安装: https://caddyserver.com/docs/install
xCaddy安装: https://github.com/caddyserver/xcaddy

编译 Caddy

Caddy 默认的 Proxy 无法对回落的流量进行 SNI 分流

# caddy 编译
xcaddy build --with github.com/mastercactapus/caddy2-proxyprotocol

# 可以先看看运行的是哪个caddy
systemctl cat caddy

# 替换原版 caddy
mv caddy /usr/bin/caddy

# 查看是否编译成功
caddy list-modules

# 结尾几行
.......

  Standard modules: 100

caddy.listeners.proxy_protocol

  Non-standard modules: 1

  Unknown modules: 0

配置 Caddy

Caddyfile 一般默认路径 /etc/caddy/Caddyfile

 {
        auto_https disable_redirects
        servers :8080 {
                listener_wrappers {
                        proxy_protocol {
                                timeout 2s
                                allow 0.0.0.0/0
                        }
                        tls
                }
                protocols h1 h2 h2c h3
        }
}

:80 {
    redir https://{host}{url}
}

import /etc/caddy/conf.d/*

在 /etc/caddy/conf.d 中任意起一个文件

# vim /etc/caddy/conf.d/example.com

http://example.com:8080 {
    reverse_proxy https://bing.com {
        header_up Host {upstream_hostport}
        transport http {
            tls
        }
    }    
}

example.com:8443 {
    reverse_proxy https://bing.com {
        header_up Host {upstream_hostport}
        transport http {
            tls
        }
    }    
}

Caddy 启动前请确认 /etc/hosts 不为空

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# 启动 Caddy
systemctl start caddy

# 开机启动
systemctl enable caddy

查看 /var/lib/caddy/certificates 下是否有证书, 保存你证书的完整路径

# 查看路径
ls /var/lib/caddy/certificates

# 例子
/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt
/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key

配置 Xray

Archlinux

# 安装 Xray
pacman -Sy xray

其他发行版: https://github.com/XTLS/Xray-install

修改 systemd 配置

# 查看路径
systemctl cat xray

# 修改配置
vim /usr/lib/systemd/system/xray.service

# 修改用户组
[Service]
User=xray

# 修改后
[Service]
User=caddy

# 重载 systemd
systemctl daemon-reload

修改 xray 配置 /etc/xray/config.json, 脚本安装用户路径 (状态: 待补充)

{
  "log": {
    "loglevel": "debug"
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "domain": [
          "geosite:category-ads-all"
        ],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "domain": [
          "geosite:google"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": [
          "geoip:cn"
        ],
        "outboundTag": "block"
      }
    ]
  },
  "inbounds": [
    {
      "listen": "0.0.0.0",
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "4ee9ae2b-fad5-4083-a036-b7e44bbc09f0",
            "flow": "xtls-rprx-vision"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "dest": "8080",
            "xver": 1
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "rejectUnknownSni": true,
          "minVersion": "1.3",
          "certificates": [
            {
              "certificateFile": "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt",
              "keyFile": "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key"
            }
          ]
        }
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "tag": "direct"
    },
    {
      "protocol": "blackhole",
      "tag": "block"
    }
  ],
  "policy": {
    "levels": {
      "0": {
        "handshake": 2,
        "connIdle": 120
      }
    }
  }
}

启动 Xray

# 启动
systemctl start xray

# 开启基地
systemctl enable xray

Client 端配置, 用 v2rayNG 为例

参考资料

https://xtls.github.io/document/level-1/fallbacks-with-sni.html#caddy-%E9%85%8D%E7%BD%AE

Xray + xtls-rprx-vision + caddy 安装配置与部署初尝试

于2023年2月12日2023年2月12日由Lordpenguindd发布

安装 Caddy

编译 Caddy

配置 Caddy

配置 Xray

参考资料

0 条评论

发表回复取消回复

Linux

创建一个自己的 IPv6 代理池 (ndppd + openresty)

Linux

PVE 直通并强制拆分 iommu group 编译 PVE 内核

搞机

铠侠 KIOXIA CD6 7.6T 企业级固态读写测试

Xray + xtls-rprx-vision + caddy 安装配置与部署初尝试

于2023年2月12日2023年2月12日由Lordpenguindd发布

安装 Caddy

编译 Caddy

配置 Caddy

配置 Xray

参考资料

0 条评论

发表回复 取消回复

相关文章

Linux

创建一个自己的 IPv6 代理池 (ndppd + openresty)

Linux

PVE 直通并强制拆分 iommu group 编译 PVE 内核

搞机

铠侠 KIOXIA CD6 7.6T 企业级固态读写测试

发表回复取消回复