V2ray+websocket+tls+caddy+serverSpeeder

https://segmentfault.com/a/1190000018242765?utm_source=tag-newest

1、准备一台vps
2、服务端安装v2ray及配置
3、服务端安装caddy及配置（准备一个域名，获取ssl证书必用）
4、客户度安装及配置
5、serverSpeeder(锐速)加速

Linux 安装脚本（centos7)

wget http<span class="hljs-variable">s:</span>//install.direct/<span class="hljs-keyword">go</span>.<span class="hljs-keyword">sh</span>
chmod +<span class="hljs-keyword">x</span> <span class="hljs-keyword">go</span>.<span class="hljs-keyword">sh</span>
./<span class="hljs-keyword">go</span>.<span class="hljs-keyword">sh</span>

wget https://install.direct/go.sh

chmod +x go.sh

./go.sh

或者一键安装

bash &lt;(<span class="hljs-name">curl</span> -L -s https<span class="hljs-symbol">://install</span>.direct/go.sh)

1	bash <(<span class="hljs-name">curl</span> -L -s https<span class="hljs-symbol">://install</span>.direct/go.sh)

启动

systemctl <span class="hljs-literal">start</span> v2ray

1	systemctl <span class="hljs-literal">start</span> v2ray

停止

systemctl <span class="hljs-built_in">stop</span> v2ray

1	systemctl <span class="hljs-built_in">stop</span> v2ray

重启

systemctl <span class="hljs-built_in">restart</span> v2ray

1	systemctl <span class="hljs-built_in">restart</span> v2ray

查看运行状态

systemctl <span class="hljs-keyword">status</span> v2ray

1	systemctl <span class="hljs-keyword">status</span> v2ray

卸载

./<span class="hljs-keyword">go</span>.<span class="hljs-keyword">sh</span> --<span class="hljs-built_in">remove</span>

1	./<span class="hljs-keyword">go</span>.<span class="hljs-keyword">sh</span> --<span class="hljs-built_in">remove</span>

服务端配置

vi /etc/v2ray/<span class="hljs-built_in">config</span>.json

1	vi /etc/v2ray/<span class="hljs-built_in">config</span>.json

#复制内容将配置文件覆盖
{
  <span class="hljs-string">"inbounds"</span>: [
    {
      <span class="hljs-string">"port"</span>: <span class="hljs-number">36722</span>,
      <span class="hljs-string">"protocol"</span>: <span class="hljs-string">"vmess"</span>,
      <span class="hljs-string">"settings"</span>: {
        <span class="hljs-string">"clients"</span>: [
          {
            <span class="hljs-string">"id"</span>: <span class="hljs-string">"3cce7a7c-906f-4f3d-bae9-66ba015b5f5a"</span>,
            <span class="hljs-string">"level"</span>: <span class="hljs-number">1</span>,
            <span class="hljs-string">"alterId"</span>: <span class="hljs-number">64</span>
          }
        ]
      },
      <span class="hljs-string">"streamSettings"</span>: {
        <span class="hljs-string">"network"</span>: <span class="hljs-string">"ws"</span>,
        <span class="hljs-string">"wsSettings"</span>: {
          <span class="hljs-string">"path"</span>: <span class="hljs-string">"/ray"</span>
        }
      }
    }
  ],
  <span class="hljs-string">"outbounds"</span>: [
    {
      <span class="hljs-string">"protocol"</span>: <span class="hljs-string">"freedom"</span>,
      <span class="hljs-string">"settings"</span>: {}
    },
    {
      <span class="hljs-string">"protocol"</span>: <span class="hljs-string">"blackhole"</span>,
      <span class="hljs-string">"settings"</span>: {},
      <span class="hljs-string">"tag"</span>: <span class="hljs-string">"blocked"</span>
    }
  ],
  <span class="hljs-string">"routing"</span>: {
    <span class="hljs-string">"rules"</span>: [
      {
        <span class="hljs-string">"type"</span>: <span class="hljs-string">"field"</span>,
        <span class="hljs-string">"ip"</span>: [
          <span class="hljs-string">"geoip:private"</span>
        ],
        <span class="hljs-string">"outboundTag"</span>: <span class="hljs-string">"blocked"</span>
      }
    ]
  }
}

#复制内容将配置文件覆盖

{

"inbounds": [

{

"port": 36722,

"protocol": "vmess",

"settings": {

"clients": [

{

"id": "3cce7a7c-906f-4f3d-bae9-66ba015b5f5a",

"level": 1,

"alterId": 64

}

]

"streamSettings": {

"network": "ws",

"wsSettings": {

"path": "/ray"

}

"outbounds": [

{

"protocol": "freedom",

"settings": {}

{

"protocol": "blackhole",

"settings": {},

"tag": "blocked"

}

"routing": {

"rules": [

{

"type": "field",

"ip": [

"geoip:private"

"outboundTag": "blocked"

}

]

}

Caddy 安装

curl <span class="hljs-string">https:</span><span class="hljs-comment">//getcaddy.com | bash -s personal</span>

1	curl <span class="hljs-string">https:</span><span class="hljs-comment">//getcaddy.com \| bash -s personal</span>

<span class="hljs-meta">#查看安装位置</span>
which caddy
<span class="hljs-meta">#out /usr/local/bin/caddy</span>

#查看安装位置

which caddy

#out /usr/local/bin/caddy

<span class="hljs-comment">#出于安全考虑，切勿以root身份运行Caddy二进制文件。 为了让Caddy能够以非root用户身份绑定到特权端口（例如80,443），您需要运行setcap命令，如下所示</span>
sudo setcap <span class="hljs-string">'cap_net_bind_service=+ep'</span> <span class="hljs-regexp">/usr/</span>local<span class="hljs-regexp">/bin/</span>caddy

1 2	<span class="hljs-comment">#出于安全考虑，切勿以root身份运行Caddy二进制文件。为了让Caddy能够以非root用户身份绑定到特权端口（例如80,443），您需要运行setcap命令，如下所示</span> sudo setcap <span class="hljs-string">'cap_net_bind_service=+ep'</span> <span class="hljs-regexp">/usr/</span>local<span class="hljs-regexp">/bin/</span>caddy

Caddy 配置

<span class="hljs-meta">#为Caddy创建一个专用的系统用户：caddy和一组同名的用户：</span>
sudo useradd -r -d /<span class="hljs-keyword">var</span>/www -M -s /sbin/nologin caddy
<span class="hljs-meta">#注意：此处创建的用户caddy只能用于管理Caddy服务，不能用于登录。</span>

#为Caddy创建一个专用的系统用户：caddy和一组同名的用户：

sudo useradd -r -d /var/www -M -s /sbin/nologin caddy

#注意：此处创建的用户caddy只能用于管理Caddy服务，不能用于登录。

#为Caddy Web服务器创建主目录/ <span class="hljs-built_in">var</span> / www，为您的站点创建主目录/<span class="hljs-built_in">var</span>/www/<span class="hljs-built_in">example</span>.com：
sudo <span class="hljs-built_in">mkdir</span> -p /<span class="hljs-built_in">var</span>/www/<span class="hljs-built_in">example</span>.com
sudo chown -R caddy:caddy /<span class="hljs-built_in">var</span>/www

#为Caddy Web服务器创建主目录/ var / www，为您的站点创建主目录/var/www/example.com：

sudo mkdir -p /var/www/example.com

sudo chown -R caddy:caddy /var/www

<span class="hljs-meta">#创建存储SSL证书的目录：</span>
sudo mkdir <span class="hljs-meta-keyword">/etc/</span>ssl/caddy
sudo chown -R caddy:root <span class="hljs-meta-keyword">/etc/</span>ssl/caddy
sudo chmod <span class="hljs-number">0770</span> <span class="hljs-meta-keyword">/etc/</span>ssl/caddy

#创建存储SSL证书的目录：

sudo mkdir /etc/ssl/caddy

sudo chown -R caddy:root /etc/ssl/caddy

sudo chmod 0770 /etc/ssl/caddy

<span class="hljs-comment">#创建一个专用目录来存储Caddy配置文件Caddyfile：</span>
sudo mkdir <span class="hljs-regexp">/etc/</span>caddy
sudo chown -R root:caddy <span class="hljs-regexp">/etc/</span>caddy

#创建一个专用目录来存储Caddy配置文件Caddyfile：

sudo mkdir /etc/caddy

sudo chown -R root:caddy /etc/caddy

<span class="hljs-meta">#创建名为Caddyfile的Caddy配置文件：</span>
sudo touch /etc/caddy/Caddyfile
sudo chown caddy:caddy /etc/caddy/Caddyfile
sudo chmod <span class="hljs-number">444</span> /etc/caddy/Caddyfile
<span class="hljs-meta"># tee命令用于将数据重定向到文件，另一方面还可以提供一份重定向数据的副本作为后续命令的stdin。简单的说就是把数据重定向到给定文件和屏幕上。</span>
cat &lt;&lt;<span class="hljs-built_in">EOF</span> | sudo tee -a /etc/caddy/Caddyfile
mydomain.me <span class="hljs-meta"># 域名</span>
{
  <span class="hljs-built_in">log</span> ./caddy.<span class="hljs-built_in">log</span>
  proxy /ray localhost:<span class="hljs-number">36722</span> { <span class="hljs-meta"># 36722是V2ray配置的端口</span>
    websocket
    header_upstream -Origin
  }
}
<span class="hljs-built_in">EOF</span>

#创建名为Caddyfile的Caddy配置文件：

sudo touch /etc/caddy/Caddyfile

sudo chown caddy:caddy /etc/caddy/Caddyfile

sudo chmod 444 /etc/caddy/Caddyfile

# tee命令用于将数据重定向到文件，另一方面还可以提供一份重定向数据的副本作为后续命令的stdin。简单的说就是把数据重定向到给定文件和屏幕上。

cat <<EOF | sudo tee -a /etc/caddy/Caddyfile

mydomain.me # 域名

{

log ./caddy.log

proxy /ray localhost:36722 { # 36722是V2ray配置的端口

websocket

header_upstream -Origin

}

EOF

注意：上面创建的Caddyfile文件只是运行静态网站的基本配置。您可以在此处了解有关如何编写Caddyfile的更多信息。

使用vi编辑器创建Caddy systemd单元文件：

sudo vi <span class="hljs-regexp">/etc/</span>systemd<span class="hljs-regexp">/system/</span>caddy.service

1	sudo vi <span class="hljs-regexp">/etc/</span>systemd<span class="hljs-regexp">/system/</span>caddy.service

将下边内容复制粘贴到caddy.service中

<span class="hljs-section">[Unit]</span>
<span class="hljs-attr">Description</span>=Caddy HTTP/<span class="hljs-number">2</span> web server
<span class="hljs-attr">Documentation</span>=https://caddyserver.com/docs
<span class="hljs-attr">After</span>=network-<span class="hljs-literal">on</span>line.target
<span class="hljs-attr">Wants</span>=network-<span class="hljs-literal">on</span>line.target systemd-networkd-wait-<span class="hljs-literal">on</span>line.service
<span class="hljs-section">
[Service]</span>
<span class="hljs-attr">Restart</span>=<span class="hljs-literal">on</span>-abnormal

<span class="hljs-comment">; User and group the process will run as.</span>
<span class="hljs-attr">User</span>=caddy
<span class="hljs-attr">Group</span>=caddy

<span class="hljs-comment">; Letsencrypt-issued certificates will be written to this directory.</span>
<span class="hljs-attr">Environment</span>=CADDYPATH=/etc/ssl/caddy

<span class="hljs-comment">; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.</span>
<span class="hljs-attr">ExecStart</span>=/usr/local/bin/caddy -log stdout -agree=<span class="hljs-literal">true</span> -conf=/etc/caddy/Caddyfile -root=/var/tmp
<span class="hljs-attr">ExecReload</span>=/bin/kill -USR1 <span class="hljs-variable">$MAINPID</span>

<span class="hljs-comment">; Use graceful shutdown with a reasonable timeout</span>
<span class="hljs-attr">KillMode</span>=mixed
<span class="hljs-attr">KillSignal</span>=SIGQUIT
<span class="hljs-attr">TimeoutStopSec</span>=<span class="hljs-number">5</span>s

<span class="hljs-comment">; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.</span>
<span class="hljs-attr">LimitNOFILE</span>=<span class="hljs-number">1048576</span>
<span class="hljs-comment">; Unmodified caddy is not expected to use more than that.</span>
<span class="hljs-attr">LimitNPROC</span>=<span class="hljs-number">512</span>

<span class="hljs-comment">; Use private /tmp and /var/tmp, which are discarded after caddy stops.</span>
<span class="hljs-attr">PrivateTmp</span>=<span class="hljs-literal">true</span>
<span class="hljs-comment">; Use a minimal /dev</span>
<span class="hljs-attr">PrivateDevices</span>=<span class="hljs-literal">true</span>
<span class="hljs-comment">; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.</span>
<span class="hljs-attr">ProtectHome</span>=<span class="hljs-literal">true</span>
<span class="hljs-comment">; Make /usr, /boot, /etc and possibly some more folders read-only.</span>
<span class="hljs-attr">ProtectSystem</span>=full
<span class="hljs-comment">; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.</span>
<span class="hljs-comment">;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!</span>
<span class="hljs-attr">ReadWriteDirectories</span>=/etc/ssl/caddy

<span class="hljs-comment">; The following additional security directives only work with systemd v229 or later.</span>
<span class="hljs-comment">; They further retrict privileges that can be gained by caddy. Uncomment if you like.</span>
<span class="hljs-comment">; Note that you may have to add capabilities required by any plugins in use.</span>
<span class="hljs-comment">;CapabilityBoundingSet=CAP_NET_BIND_SERVICE</span>
<span class="hljs-comment">;AmbientCapabilities=CAP_NET_BIND_SERVICE</span>
<span class="hljs-comment">;NoNewPrivileges=true</span>
<span class="hljs-section">
[Install]</span>
<span class="hljs-attr">WantedBy</span>=multi-user.target

[Unit]

Description=Caddy HTTP/2 web server

Documentation=https://caddyserver.com/docs

After=network-online.target

Wants=network-online.target systemd-networkd-wait-online.service

[Service]

Restart=on-abnormal

; User and group the process will run as.

User=caddy

Group=caddy

; Letsencrypt-issued certificates will be written to this directory.

Environment=CADDYPATH=/etc/ssl/caddy

; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.

ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp

ExecReload=/bin/kill -USR1 $MAINPID

; Use graceful shutdown with a reasonable timeout

KillMode=mixed

KillSignal=SIGQUIT

TimeoutStopSec=5s

; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.

LimitNOFILE=1048576

; Unmodified caddy is not expected to use more than that.

LimitNPROC=512

; Use private /tmp and /var/tmp, which are discarded after caddy stops.

PrivateTmp=true

; Use a minimal /dev

PrivateDevices=true

; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.

ProtectHome=true

; Make /usr, /boot, /etc and possibly some more folders read-only.

ProtectSystem=full

; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.

; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!

ReadWriteDirectories=/etc/ssl/caddy

; The following additional security directives only work with systemd v229 or later.

; They further retrict privileges that can be gained by caddy. Uncomment if you like.

; Note that you may have to add capabilities required by any plugins in use.

;CapabilityBoundingSet=CAP_NET_BIND_SERVICE

;AmbientCapabilities=CAP_NET_BIND_SERVICE

;NoNewPrivileges=true

[Install]

WantedBy=multi-user.target

保存并退出

<span class="hljs-symbol">:wq!</span>

1	<span class="hljs-symbol">:wq!</span>

启动Caddy服务并使其在系统启动时自动启动：

sudo<span class="hljs-keyword"> system</span>ctl daemon-reload
sudo<span class="hljs-keyword"> system</span>ctl start caddy.service
sudo<span class="hljs-keyword"> system</span>ctl enable caddy.service

sudo systemctl daemon-reload

sudo systemctl start caddy.service

sudo systemctl enable caddy.service

修改防火墙规则

为了允许访问者访问您的Caddy站点，您需要打开端口80和443：

sudo firewall-<span class="hljs-keyword">cmd</span><span class="bash"> --permanent --zone=public --add-service=http 
</span>sudo firewall-<span class="hljs-keyword">cmd</span><span class="bash"> --permanent --zone=public --add-service=https
</span>sudo firewall-<span class="hljs-keyword">cmd</span><span class="bash"> --reload</span>

sudo firewall-cmd --permanent --zone=public --add-service=http

sudo firewall-cmd --permanent --zone=public --add-service=https

sudo firewall-cmd --reload

为您的网站创建测试页
使用以下命令在Caddy站点主目录中创建名为index.html的文件：

<span class="hljs-keyword">echo</span> <span class="hljs-string">'&lt;h1&gt;Hello World!&lt;/h1&gt;'</span> | sudo tee /var/www/example.<span class="hljs-keyword">com</span>/<span class="hljs-built_in">index</span>.html

1	<span class="hljs-keyword">echo</span> <span class="hljs-string">'<h1>Hello World!</h1>'</span> \| sudo tee /var/www/example.<span class="hljs-keyword">com</span>/<span class="hljs-built_in">index</span>.html

重新启动Caddy服务以加载新内容：

<span class="hljs-selector-tag">sudo</span> <span class="hljs-selector-tag">systemctl</span> <span class="hljs-selector-tag">restart</span> <span class="hljs-selector-tag">caddy</span><span class="hljs-selector-class">.service</span>

1	<span class="hljs-selector-tag">sudo</span> <span class="hljs-selector-tag">systemctl</span> <span class="hljs-selector-tag">restart</span> <span class="hljs-selector-tag">caddy</span><span class="hljs-selector-class">.service</span>

最后，将您的Web浏览器指向http://example.com或https://example.com。您应该看到消息Hello World！。

MAC客户端配置

下载地址

安装启动后会看到一个这样的图标

点击Configure进入配置

接下来点击transport settings进入配置
websocket

http/2

tls

最后ok,在开启服务端V2ray和Caddy服务后看看是否能Google了

serverSpeeder(锐速)（centos7）

更换内核

wget https://buildlogs.centos.org/c<span class="hljs-number">7.1511.00</span>/kernel/<span class="hljs-number">20151119220809</span>/<span class="hljs-number">3</span>.<span class="hljs-number">10.0-327</span>.el7.x86_64/kernel-<span class="hljs-number">3</span>.<span class="hljs-number">10.0-327</span>.el7.x86_64.rpm

yum install kernel-<span class="hljs-number">3</span>.<span class="hljs-number">10.0-327</span>.el7.x86_64.rpm -y

reboot

wget https://buildlogs.centos.org/c7.1511.00/kernel/20151119220809/3.10.0-327.el7.x86_64/kernel-3.10.0-327.el7.x86_64.rpm

yum install kernel-3.10.0-327.el7.x86_64.rpm -y

reboot

重启后查看内核是不是3.10.0-327.el7.x86_64

<span class="hljs-selector-tag">uname</span> <span class="hljs-selector-tag">-r</span>
# 3<span class="hljs-selector-class">.10</span><span class="hljs-selector-class">.0-327</span><span class="hljs-selector-class">.el7</span><span class="hljs-selector-class">.x86_64</span>

1 2	<span class="hljs-selector-tag">uname</span> <span class="hljs-selector-tag">-r</span> # 3<span class="hljs-selector-class">.10</span><span class="hljs-selector-class">.0-327</span><span class="hljs-selector-class">.el7</span><span class="hljs-selector-class">.x86_64</span>

安装serverSpeeder(一路回车键)

wget --no-check-certificate -qO /tmp/appex<span class="hljs-selector-class">.sh</span><span class="hljs-string">"https://raw.githubusercontent.com/0oVicero0/serverSpeeder_Install/master/appex.sh"</span>&amp;&amp; bash /tmp/appex<span class="hljs-selector-class">.sh</span> <span class="hljs-string">'install'</span>

wget --no-check-certificate -qO /tmp/appex.sh"https://raw.githubusercontent.com/0oVicero0/serverSpeeder_Install/master/appex.sh"&& bash /tmp/appex.sh 'install'

卸载serverSpeeder

wget --no-check-certificate -qO /tmp/appex<span class="hljs-selector-class">.sh</span><span class="hljs-string">"https://raw.githubusercontent.com/0oVicero0/serverSpeeder_Install/master/appex.sh"</span>&amp;&amp; bash /tmp/appex<span class="hljs-selector-class">.sh</span> <span class="hljs-string">'uninstall'</span>

服务命令

启动命令 /appex/bin/serverSpeeder<span class="hljs-selector-class">.sh</span> start
停止加速 /appex/bin/serverSpeeder<span class="hljs-selector-class">.sh</span> stop
状态查询 /appex/bin/serverSpeeder<span class="hljs-selector-class">.sh</span> status
更新许可 /appex/bin/serverSpeeder<span class="hljs-selector-class">.sh</span> renewLic
重新启动 /appex/bin/serverSpeeder<span class="hljs-selector-class">.sh</span> restart

启动命令 /appex/bin/serverSpeeder.sh start

停止加速 /appex/bin/serverSpeeder.sh stop

状态查询 /appex/bin/serverSpeeder.sh status

更新许可 /appex/bin/serverSpeeder.sh renewLic

重新启动 /appex/bin/serverSpeeder.sh restart

启动之后然后去打开YouTube( 一定要重新打开哦)，看看速度是不是有很大的改善啊（OVER）

参考：
https://toutyrater.github.io/…
https://www.vultr.com/docs/ho…
https://moeclub.org/2017/03/0…

IT问题

程序员的疑难杂症录

V2ray+websocket+tls+caddy+serverSpeeder

Linux 安装脚本（centos7)

服务端配置

Caddy 安装

Caddy 配置

修改防火墙规则

MAC客户端配置

serverSpeeder(锐速)（centos7）

发表评论取消回复

Linux 安装脚本 （centos7)

服务端配置

Caddy 安装

Caddy 配置

修改防火墙规则

MAC客户端配置

serverSpeeder(锐速)（centos7）

发表评论 取消回复

Linux 安装脚本（centos7)

发表评论取消回复