本文详细讲解V2Ray WebSocket+TLS模式的配置流程,包括服务端与客户端设置、证书申请、Nginx反向代理等关键步骤,提供可复用的配置代码片段,帮助用户快速实现加密代理并突破网络限制。
一、WebSocket+TLS模式核心优势
该组合通过双重加密实现流量伪装:
- WebSocket:将代理流量伪装成普通Web流量
- TLS:提供端到端加密,防止中间人攻击
- Nginx反向代理实现流量分流,降低特征检测风险
二、服务端配置流程
1. 准备域名与证书
使用acme.sh申请Let's Encrypt证书
curl https://get.acme.sh | sh
acme.sh --issue -d yourdomain.com --standalone -k ec-256
acme.sh --install-cert -d yourdomain.com --key-file /etc/v2ray/key.pem --fullchain-file /etc/v2ray/cert.pem2. 配置Nginx反向代理
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/v2ray/cert.pem;
ssl_certificate_key /etc/v2ray/key.pem;
location /websocket-path {
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}3. V2Ray服务端配置
{
"inbounds": [{
"port": 10000,
"protocol": "vmess",
"settings": {
"clients": [{"id": "your-uuid-here"}]
},
"streamSettings": {
"network": "ws",
"wsSettings": {"path": "/websocket-path"}
}
}]
}三、客户端配置
{
"outbounds": [{
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "yourdomain.com",
"port": 443,
"users": [{"id": "your-uuid-here"}]
}]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {"path": "/websocket-path"},
"tlsSettings": {"serverName": "yourdomain.com"}
}
}]
}四、高级优化建议
- 开启TCP Fast Open:
echo 3 > /proc/sys/net/ipv4/tcp_fastopen - 配置BBR加速:
modprobe tcp_bbr && echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - 定期更新V2Ray核心:
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
五、常见问题排查
- 证书错误:检查证书路径和Nginx reload状态
- 连接超时:确认防火墙放行443端口
- 协议不匹配:确保服务端和客户端的UUID、path完全一致
评论