本文供高级玩家阅读,请先阅读 Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装。 相比 TCP,Domain Socket 更为高效。 本文针对使用 Debian 10 的用户,其他系统请自行摸索。
-
首先按照先前的教程安装好 HaProxy 和 V2Ray。
-
修改以下文件,示例见下方
- /etc/haproxy/haproxy.cfg
- /etc/v2ray/config.json
{ | |
"inbounds": [ | |
{ | |
"protocol": "vmess", | |
"listen": "127.0.0.1", | |
"port": 40001, | |
"settings": { | |
"clients": [ | |
{ | |
"id": "f2435e5c-9ad9-4367-836a-8341117d0a5f" | |
} | |
] | |
}, | |
"streamSettings": { | |
"network": "ds", | |
"dsSettings": { | |
"path": "@v2ray", | |
"abstract": true | |
} | |
} | |
} | |
], | |
"outbounds": [ | |
{ | |
"protocol": "freedom" | |
} | |
] | |
} |
本文供高级玩家阅读,请先阅读 Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装。 相比 TCP,Domain Socket 更为高效。 本文针对使用 Debian 10 的用户,其他系统请自行摸索。
首先按照先前的教程安装好 HaProxy 和 V2Ray。
修改以下文件,示例见下方
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
chroot /var/lib/haproxy | |
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners | |
stats timeout 30s | |
user haproxy | |
group haproxy | |
daemon | |
ca-base /etc/ssl/certs | |
crt-base /etc/ssl/private | |
# 仅使用支持 FS 和 AEAD 的加密套件 | |
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | |
# 禁用 TLS 1.2 之前的 TLS | |
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 | |
tune.ssl.default-dh-param 2048 | |
defaults | |
log global | |
# 我们需要使用 tcp 模式 | |
mode tcp | |
option dontlognull | |
timeout connect 5s | |
# 空闲连接等待时间,这里使用与 V2Ray 默认 connIdle 一致的 300s | |
timeout client 300s | |
timeout server 300s | |
frontend tls-in | |
# 监听 443 tls,tfo 根据自身情况决定是否开启,证书放置于 /etc/ssl/private/example.com.pem | |
bind *:443 tfo ssl crt /etc/ssl/private/example.com.pem | |
tcp-request inspect-delay 5s | |
tcp-request content accept if HTTP | |
# 将 HTTP 流量发给 web 后端 | |
use_backend web if HTTP | |
# 将其他流量发给 vmess 后端 | |
default_backend vmess | |
backend web | |
server server1 127.0.0.1:8080 | |
backend vmess | |
# 填写 chroot 后的路径 | |
server server1 abns@v2ray |
注意:在4.32.0+版本中,可以设置inbounds[].listen 为 @@v2ray, 此时dsSetting可以省略
Hi, i have setup it by first manual, works without problem, but when i have modified it with Domain Socket manual, v2ray stops working. Have check configs many times, it just doesn't works. Maybe i have missed something inside Debian system?
Hi, i have setup it by first manual, works without problem, but when i have modified it with Domain Socket manual, v2ray stops working. Have check configs many times, it just doesn't works. Maybe i have missed something inside Debian system?
Maybe its a domain socket path padding question, in v2ray config @@ is meaning padding path, in haproxy its always padding path
我使用xray 1.8.3测试了一下这7种入站协议vmess,vless, trojan,shadowsocks,dokodemo-door,socks,http。
其中vmess和http支持@@地址
vless和trojan监听@@地址会导致xray进程崩溃
shadowsocks, dokodemo-door, socks就好像没监听一样
传输协议:
vmess:
http代理:
关于出站:猜测应该和入站配置看到的效果相对应,测试太麻烦了,就先不测了。
分享一下,仅供参考。
最新版本已经可以在 .inbounds[].listen 里填 unix domain socket 和 abstract socket 地址了