Skip to content

Instantly share code, notes, and snippets.

@phlinhng

phlinhng/a-v2ray-wss-cdn-without-proxy.md

Last active October 13, 2023 19:59
Show Gist options
  • Save phlinhng/a72e1f2e06c2cf99b37e97ce1d9557c4 to your computer and use it in GitHub Desktop.
Save phlinhng/a72e1f2e06c2cf99b37e97ce1d9557c4 to your computer and use it in GitHub Desktop.
Download ZIP
v2ray wss不开cloudflare proxy套用cdn (让同一个域名既能直连也能通过cdn中转)
Raw
a-v2ray-wss-cdn-without-proxy.md

动机

在v2ray+ws+tls+web的情况下,不管cloudflare dns有没有开启云朵(proxy),都可以透过address填cf节点ip,ws头部host填域名的方式连接上v2Ray服务器。写这篇的目的是想测试在没有web的情况下使用同一招,让同一个域名既能直连也能通过cdn中转。

有web时的连接方法

地址: cloudflare.com (或1.1.1.1或任何cloudflare节点IP)
端口: web服务器的端口 (通常为443)
tls: 开
不安全连接: 不允许
混淆: websocket
混淆域名: web服务器域名 (一定要写!)
混淆路径: web服务器上反代到v2Ray的路径

有web时,tls证书在web服务器上,v2Ray服务端不需要设定tls。

客户端连接测试

测试域名test.mydomain.cc(隐私处理,非真正域名),由cloudflare解析并关闭proxy,tls证书用cloudflare的回源证书(期限7天,测完就删),SSL/TLS encryption mode模式Full (strict)。用的客户端是Shadowrocket。分别用以下三种客户端设置测试两种服务端config,验证服务端应该怎么配置才正确。

域名直连

地址: test.mydomain.cc
混淆域名: 
混淆路径: /testws

域名直连+混淆域名

地址: test.mydomain.cc
混淆域名: test.mydomain.cc
混淆路径: /testws

CF节点连接

地址: cloudflare.com
混淆域名: test.mydomain.cc
混淆路径: /testws

结果不管服务端有没有加header,以上设置都连得上。

结论

  1. ws+tls直连时,客户端的混淆域名加或不加都无所谓,服务端的wsSettingsheaders也是加或不加都无所谓
  2. ws+tls+cf节点连接时,服务端的wsSettingsheaders加或不加都无所谓
  3. ws+tls+cf节点连接时,客户端的混淆域名要和服务端tlsSettings中的serverName一致,否则cloudflare找不到你的服务器

延伸

可以另外注冊一个地址(cf节点分流地址),用智能dns (dnspod/dnsdun/dnsla)做三网分流到cloudflare不同节点,连接address填cf节点分流地址实现三网分流。三网分流细节详见https://github.com/techphl/v2ray-agent/blob/master/optimize_V2Ray.md (感谢原作者mack-a)

Raw
config-with-header.json
{
"port": 443,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "e653e187-eef4-42f5-e84a-bab520983d01",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "test.mydomain.cc",
"allowInsecure": false,
"certificates": [
{
"certificate": [
"-----BEGIN CERTIFICATE-----",
"MIIEmjCCA4KgAwIBAgIUEwFbc/UEZuR1EuQtuJuKqHjxWTgwDQYJKoZIhvcNAQEL",
"BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw",
"MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y",
"aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh",
"MB4XDTIwMDQwMjA5MDIwMFoXDTIwMDQwOTA5MDIwMFowYjEZMBcGA1UEChMQQ2xv",
"dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk",
"BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG",
"9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+Z4RDa4hP1k/XH7xEV5AjbYFZMUVDJi12WQ",
"h8pyVEWqnXrusJfaoqPWspdnCEhE0yF/YPVuSVFicLt/BGhQFAMKADMH/xr1HaZ1",
"xGFtJkvdy4qv7SRLU85uhUbrrvjsteX03Odjcz5brkvKq9Gm9IOu1R+oc3DXSQAM",
"bVfjJt742gPtC42gE2Uv/vMf31UwCVNQgwtXSJwK7A4xGqnZvwWArVWn2FEgpqda",
"vPcUHARYxeD5UVTXmaTUXhW+UUE+WD9tP6TRiWFlR8VfZzjtgf8uT3qvRQvkVWqJ",
"ya0Ujeiwq8aaLiEkYjTQc/fCQH5NFnNNkBiJ4dM6MmJEcrEB8QIDAQABo4IBHDCC",
"ARgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD",
"ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRA0ag+TlTBfigBpjtWE+FDoGbkKTAf",
"BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw",
"MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j",
"YTAdBgNVHREEFjAUggkqLm50aHUuY2OCB250aHUuY2MwOAYDVR0fBDEwLzAtoCug",
"KYYnaHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fY2EuY3JsMA0GCSqG",
"SIb3DQEBCwUAA4IBAQCo/jsMQzIPt6BMBNgE9WwmZ7pGqdgx5cUIuPPR+TGkVLtU",
"sGBh6Nzjy7b24UVTZgazUqxIS9ph518aK0+x2lCME8oh154q5UC/QzERdiI1UxaR",
"lDP6rK3YqKj2wetSpgiMDbKwY6f+sg7rtK8QX0k1C4NZWO5GwTeHZr1myKvWgu34",
"Th5b3FS0r2l8wSCxbpA9wpDF3k37wDBnPGsFjgqrIny0Kpgl19o4uYyncqDNnQ0S",
"8ymqZ4QUb3+hRxEEYeTL3Qu6YDKy8eKmULcn1TPE1ITymP7ViRHl2203ThEedap/",
"RFBunMfbiIIcPWesOdzOSf3UPlgMMC7MjZrjJJNn",
"-----END CERTIFICATE-----"
],
"key": [
"-----BEGIN PRIVATE KEY-----",
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDj5nhENriE/WT9",
"cfvERXkCNtgVkxRUMmLXZZCHynJURaqdeu6wl9qio9ayl2cISETTIX9g9W5JUWJw",
"u38EaFAUAwoAMwf/GvUdpnXEYW0mS93Liq/tJEtTzm6FRuuu+Oy15fTc52NzPluu",
"S8qr0ab0g67VH6hzcNdJAAxtV+Mm3vjaA+0LjaATZS/+8x/fVTAJU1CDC1dInArs",
"DjEaqdm/BYCtVafYUSCmp1q89xQcBFjF4PlRVNeZpNReFb5RQT5YP20/pNGJYWVH",
"xV9nOO2B/y5Peq9FC+RVaonJrRSN6LCrxpouISRiNNBz98JAfk0Wc02QGInh0zoy",
"YkRysQHxAgMBAAECggEACgnsEJ5+c0aRgm6DwhSzV2B2FUE00IlQUZ+k2wO/vyw7",
"GekWhuCG3h+BxL0m6eD7vcxzHCDDhRGY2Ka8Whku3yrLxSV6UTJCoNXlHcuS2hsr",
"v8cHUoFaRhdI8Vr7OmphoZjpt9SuIfSZvOw+wbcgTRNYigUfz5ylXGRW/SFgHU/4",
"w0tl4tc/g7f3VWTj2Pe0lJrT5JWbq869VuCRlUS7uX1fgbf68vDDcdt1Sbn+Buvf",
"CbYOjeIZpr/7CZvBwrHsc4jt6FZhXqMvjB2QNTWoK/8xDnnSj/47S+NW6FhpMAwn",
"RW0j273Mo4xc1KSS1PUHhvp/QcMwHo3iQCxXHofElwKBgQD/TtyEu1JVb33HSovo",
"E5aqi4vDFrCb0HlTsGyoNFf7CZ7Er081ooKdI+2mv3JtQCZmn8mJqoii26Ri3pwQ",
"yPhAf79Ir8q1lWe+bYKn3t7n4g7tYAU3Hqj1e07Ku1XQGT+2gS0Gb8sxk9YgBAJo",
"5JWA1nvZ3qlbJlqVt2Zqd+BsrwKBgQDkhJedNCco21CfE7Z11s8/c8CP00uXB6el",
"hDUsVXNCDZVZmGpi/ntnEE8oZNzk2k8xIf05D3vUqFZzZYpRExSGeS6IvrUzWQjB",
"S+CjsFP80TJb1Z6r/7YaP96iqZp7ln1/Gmi/yGqTqunDOM8SXoIUelCcrxMOW6Oc",
"GGFJ2+9jXwKBgCDeESuRRf8ztDiU00AUTYA1KM/7us7EXuo0OzjITE9IJMVjYEoi",
"WrhKKM0ftmZ0LL1ncrWjW6XDqv0DdYn/pV4AVCrSXsFTs6BjTr+3xHCLvKo4g1Ne",
"QhggQLt+tIRuy7H+HULH35vJUXabrYe9bbXBZv5cWOcgH+dITgoE1sKHAoGBALY0",
"nqsC7YJfNG5SinZ0+7StN8m2ARyARwTrYHZj/82YBRB2PcWHAaAQ2fzsR1DWXLRh",
"VIXNub+7JYtHWD0CyKfcMeVoohQ6FogBVzFNI/p+VvfwYV7lOi695GewcfO+73uL",
"9B+OzqPFcDRvtHQCFRf82w/DbJ9TJCYPLmt0yPBjAoGADYBvQoIo9VKQ2GakhRx2",
"z9nfBOvKR9nIwdbjQuZV17DSlw2fustveAne5+e88GKrqnLEB9GiNQ6BuGY+9Uld",
"AFvk/7D53BUBdKxJsr9pf8VHLGA+XKSvDkuOiS3Kpu/NylPqNWsqQNExMkS9d2Bs",
"GL7q0Clg86Wdu3bKgVi2rYo=",
"-----END PRIVATE KEY-----"
]
}
]
},
"wsSettings": {
"path": "/testws",
"headers": {
"Host": "test.mydomain.cc"
}
}
},
"tag": "",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
Raw
config-without-header.json
{
"port": 443,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "e653e187-eef4-42f5-e84a-bab520983d01",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "test.mydomain.cc",
"allowInsecure": false,
"certificates": [
{
"certificate": [
"-----BEGIN CERTIFICATE-----",
"MIIEmjCCA4KgAwIBAgIUEwFbc/UEZuR1EuQtuJuKqHjxWTgwDQYJKoZIhvcNAQEL",
"BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw",
"MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y",
"aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh",
"MB4XDTIwMDQwMjA5MDIwMFoXDTIwMDQwOTA5MDIwMFowYjEZMBcGA1UEChMQQ2xv",
"dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk",
"BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG",
"9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+Z4RDa4hP1k/XH7xEV5AjbYFZMUVDJi12WQ",
"h8pyVEWqnXrusJfaoqPWspdnCEhE0yF/YPVuSVFicLt/BGhQFAMKADMH/xr1HaZ1",
"xGFtJkvdy4qv7SRLU85uhUbrrvjsteX03Odjcz5brkvKq9Gm9IOu1R+oc3DXSQAM",
"bVfjJt742gPtC42gE2Uv/vMf31UwCVNQgwtXSJwK7A4xGqnZvwWArVWn2FEgpqda",
"vPcUHARYxeD5UVTXmaTUXhW+UUE+WD9tP6TRiWFlR8VfZzjtgf8uT3qvRQvkVWqJ",
"ya0Ujeiwq8aaLiEkYjTQc/fCQH5NFnNNkBiJ4dM6MmJEcrEB8QIDAQABo4IBHDCC",
"ARgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD",
"ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRA0ag+TlTBfigBpjtWE+FDoGbkKTAf",
"BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw",
"MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j",
"YTAdBgNVHREEFjAUggkqLm50aHUuY2OCB250aHUuY2MwOAYDVR0fBDEwLzAtoCug",
"KYYnaHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fY2EuY3JsMA0GCSqG",
"SIb3DQEBCwUAA4IBAQCo/jsMQzIPt6BMBNgE9WwmZ7pGqdgx5cUIuPPR+TGkVLtU",
"sGBh6Nzjy7b24UVTZgazUqxIS9ph518aK0+x2lCME8oh154q5UC/QzERdiI1UxaR",
"lDP6rK3YqKj2wetSpgiMDbKwY6f+sg7rtK8QX0k1C4NZWO5GwTeHZr1myKvWgu34",
"Th5b3FS0r2l8wSCxbpA9wpDF3k37wDBnPGsFjgqrIny0Kpgl19o4uYyncqDNnQ0S",
"8ymqZ4QUb3+hRxEEYeTL3Qu6YDKy8eKmULcn1TPE1ITymP7ViRHl2203ThEedap/",
"RFBunMfbiIIcPWesOdzOSf3UPlgMMC7MjZrjJJNn",
"-----END CERTIFICATE-----"
],
"key": [
"-----BEGIN PRIVATE KEY-----",
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDj5nhENriE/WT9",
"cfvERXkCNtgVkxRUMmLXZZCHynJURaqdeu6wl9qio9ayl2cISETTIX9g9W5JUWJw",
"u38EaFAUAwoAMwf/GvUdpnXEYW0mS93Liq/tJEtTzm6FRuuu+Oy15fTc52NzPluu",
"S8qr0ab0g67VH6hzcNdJAAxtV+Mm3vjaA+0LjaATZS/+8x/fVTAJU1CDC1dInArs",
"DjEaqdm/BYCtVafYUSCmp1q89xQcBFjF4PlRVNeZpNReFb5RQT5YP20/pNGJYWVH",
"xV9nOO2B/y5Peq9FC+RVaonJrRSN6LCrxpouISRiNNBz98JAfk0Wc02QGInh0zoy",
"YkRysQHxAgMBAAECggEACgnsEJ5+c0aRgm6DwhSzV2B2FUE00IlQUZ+k2wO/vyw7",
"GekWhuCG3h+BxL0m6eD7vcxzHCDDhRGY2Ka8Whku3yrLxSV6UTJCoNXlHcuS2hsr",
"v8cHUoFaRhdI8Vr7OmphoZjpt9SuIfSZvOw+wbcgTRNYigUfz5ylXGRW/SFgHU/4",
"w0tl4tc/g7f3VWTj2Pe0lJrT5JWbq869VuCRlUS7uX1fgbf68vDDcdt1Sbn+Buvf",
"CbYOjeIZpr/7CZvBwrHsc4jt6FZhXqMvjB2QNTWoK/8xDnnSj/47S+NW6FhpMAwn",
"RW0j273Mo4xc1KSS1PUHhvp/QcMwHo3iQCxXHofElwKBgQD/TtyEu1JVb33HSovo",
"E5aqi4vDFrCb0HlTsGyoNFf7CZ7Er081ooKdI+2mv3JtQCZmn8mJqoii26Ri3pwQ",
"yPhAf79Ir8q1lWe+bYKn3t7n4g7tYAU3Hqj1e07Ku1XQGT+2gS0Gb8sxk9YgBAJo",
"5JWA1nvZ3qlbJlqVt2Zqd+BsrwKBgQDkhJedNCco21CfE7Z11s8/c8CP00uXB6el",
"hDUsVXNCDZVZmGpi/ntnEE8oZNzk2k8xIf05D3vUqFZzZYpRExSGeS6IvrUzWQjB",
"S+CjsFP80TJb1Z6r/7YaP96iqZp7ln1/Gmi/yGqTqunDOM8SXoIUelCcrxMOW6Oc",
"GGFJ2+9jXwKBgCDeESuRRf8ztDiU00AUTYA1KM/7us7EXuo0OzjITE9IJMVjYEoi",
"WrhKKM0ftmZ0LL1ncrWjW6XDqv0DdYn/pV4AVCrSXsFTs6BjTr+3xHCLvKo4g1Ne",
"QhggQLt+tIRuy7H+HULH35vJUXabrYe9bbXBZv5cWOcgH+dITgoE1sKHAoGBALY0",
"nqsC7YJfNG5SinZ0+7StN8m2ARyARwTrYHZj/82YBRB2PcWHAaAQ2fzsR1DWXLRh",
"VIXNub+7JYtHWD0CyKfcMeVoohQ6FogBVzFNI/p+VvfwYV7lOi695GewcfO+73uL",
"9B+OzqPFcDRvtHQCFRf82w/DbJ9TJCYPLmt0yPBjAoGADYBvQoIo9VKQ2GakhRx2",
"z9nfBOvKR9nIwdbjQuZV17DSlw2fustveAne5+e88GKrqnLEB9GiNQ6BuGY+9Uld",
"AFvk/7D53BUBdKxJsr9pf8VHLGA+XKSvDkuOiS3Kpu/NylPqNWsqQNExMkS9d2Bs",
"GL7q0Clg86Wdu3bKgVi2rYo=",
"-----END PRIVATE KEY-----"
]
}
]
},
"wsSettings": {
"path": "/testws",
"headers": {}
}
},
"tag": "",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
@puzzle9
Copy link

puzzle9 commented Mar 20, 2021

学到了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment