[resolved] v2ray前置代理 #1736
Comments
|
同问,使用proxifier进行正向代理似乎不可行 |
|
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位! |
能不能贴下怎么配置呢? |
把你现在的配置和场景描述下 |
您好,我上网需要先通过一个简单的无需用户名密码的socks5代理,请问我该如何配置? @phantomedc |
1.你的v2ray是基于朴素tcp吗? |
1、v2ray是基于kcp协议的 |
你的inbouds中需要增加一个dokodemo-door的协议,将vmess的vnext指向你的dokodemo-door监听的端口,然后你在outbounds需要增加你socks5代理的配置,最后在路由层将v2ray从应用接收到的数据从你的socks5的tag转发出去。以下是基于tsl+ws+web的配置仅供参考,重点在dokodemo-door和你的二级代理的配置。 |
|
@phantomedc 请问你上面这个配置文件是不是直接使用socks5作为中转的啊?有几个问题请教一下
|
|
@phantomedc 我想加入socks5地址:123.123.123.123;端口:12345;ID:abcdef;PWD:147852@abc 应该怎么写呢?下面的配置是由v2rayN 自动生成,服务器信息都改掉了。 |
就按照我上面写的,从头到尾看一下,我是已经写了英文的注释的,你可以直接往里面填就可以了,唯一区别是你需要在socks代理的outbound那里增加一个代理的用户名和密码,这个你去v2ray官方文档看就可以了。 |
|
@phantomedc 我把你写的dokodemo那段,复制了再改,然后执行的时候发现语法上都没通过…… 好几个都是 [] 或者 {} 后面有没有逗号导致( ╯□╰ ) |
|
你这个是6666走8081跳任意门 但是socks的2333根本就没碰到. 任意门就是个端口转发 你转了一次相当于没转一样 我看不懂哇 原来是这样啊 任意门就是把出站代理变换成入站然后就可以被路由调用了. |
|
现在不用detour开头的配置那么麻烦 直接路由转发一下就ok |
|
请问能否给一个范例什么的? |
|
建立任意门 路由用这个 { 出站里面加代理 用什么代理写什么 多加一个然后写个标签 和路由控制里面的对应即可. |
|
好的,谢谢!有空我去测试一下。 |
|
@kxmp 谢谢,proxySettings果然不足,终于以这种映射下级 vps v2ray 端口的方式级连 ws_tls 成功:
|
|
我都不知道proxySettings是干啥的 用了之后没啥效果. 对的 路由我写的是规则里面的一个 没写完整的(不过对于已经有路由规则的直接复制过去就ok). 不熟悉的可以参考楼上. |
ghost
mentioned this issue
|
感觉目前 vmess + ws + tls 方式加前置代理比较麻烦/反直觉,不像纯的 vmess 直接加 |
|
@Phuker 请问proxychains是另一个软件么?然后在这个里面填写前置代理,最后从这个工具中启动你需要的软件? |
@Yamazaki-wu 是的 https://github.com/rofl0r/proxychains-ng 在原来的 v2ray 命令行前面加上 proxychains 的命令: proxychains4 -q -f /PATH/TO/proxychains.conf v2ray -config=/PATH/TO/v2ray.json这个是个 Unix/Linux 的工具,Windows 上好像没有 |
ghost
mentioned this issue
|
大佬能否分享一下ws+tls使用无需用户名和密码的局域网http代理的配置文件呢?ws+tls已经配置成功了 |
|
@phantomedc 我跟你的配置类似,服务器测WS+TLS+V2RAY,客户端用V2RAYN。客户端直接连接服务器已经验证工作正常。客户端在另一个环境(有一个HTTP代理,需要用户名和密码)中,客户端RAY2N的配置文件中,依照二级代理的模式给OUTBOUND增加了一级前置代理,实验失败,还在继续尝试,RAY2N客户端配置如下,请大侠和大家指教指点迷津: 更详细的描述在 v2ray/discussion#651 |
|
通过参考高人大侠的解说,怀疑真的是有这个冲突:proxySettings 和 streamSettings有冲突:
|
经过我的测试,确认了streamSettings 和 proxySettings是有冲突,也就是说像这篇文章https://ailitonia.com/archives/v2ray%E5%AE%8C%E5%85%A8%E9%85%8D%E7%BD%AE%E6%8C%87%E5%8D%97/comment-page-1/#outboundproxy%E2%80%9D 评论中所说: |
proxySettings本来就只支持朴素TCP的代理,官方文档一直都是这么说的,不然为什么上面一圈人还在纠结前置代理如何配置呢…当你使用ws+tls的时候,就需要考虑使用sreamSettings 和 dokodemo-door实现前置代理。 |
你说的对。我之前先入为主 没有认识到官方文档说的proxySettings和streamSettings冲突。 我自己的情况也想采用dokodemo-door: outbounds中也定义两个,一个是正常把收到的源数据进行ws_tls_v2ray处理的部分, "tag":"ws_tls_v2ray", 其vmess指向的是自由门 127.0.0.1:2080. 另一个是把收到的数据转发给HTTP代理(需要的用户名和密码写明),"tag":"http_proxy_with_usrpwd"。 然后在routing中指定:把v2ray经过ws+tls包装后的数据流vmess指向dokodemo-door, 由dokodemo-door再发给真正的服务器和端口。然后在routing部分把从自由门收到的数据指向HTTP前置代理. "routing": {
"domainStrategy": "AsIs",,
"rules": [
{
"type": "field",
"inboundTag": ["plain_data"],
"outboundTag": "ws_tls_v2ray" ##vmess会指向dokodemo-door
},
{
"type": "filed",
"inboundTag": ["dokodemo-door_data"], ##其实内容是指向真正VPS服务器和端口的ws_tls_v2ray结果
"outboundTag": "http_proxy_with_usrpwd"
}]
}如果有什么误解,还请不吝赐教。谢谢. {
"policy": null,
"log": {
"access": "/var/log/v2ray/Vaccess.log",
"error": "/var/log/v2ray/Verror.log",
"loglevel": "debug"#正常运行时改为error
},
"inbounds": [
{
"tag": "plain_data",
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"ip": null,
"address": null,
"clients": null
},
"streamSettings": null
},
{
"tag": "dokodemo_door_data",
"protocol": "dokodemo-door",
"port": 8080,
"listen": "127.0.0.1",
"settings": {
"address": "真实V2RAY服务器IP地址",
"port": 真实V2RAY服务器端口号,
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"tag": "ws_tls_v2ray",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "127.0.0.1",
"port": 8080,
"users": [
{
"id": "11111111-222222222-333333-44444444-5555555555",
"alterId": 0,
"email": "testtesttest@testtesttest@test.test",
"security": "auto"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "www.自己实际的域名.com"
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/verylooooooooooooooooooooooooooooooooooograndomid",
"headers": {
"Host": "www.自己实际的域名.com"
}
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"tag": "http_proxy_with_usrpwd",
"protocol": "http",
"settings": {
"servers": [
{
"address": "HTTP代理服务器IP地址",
"port": HTTP代理服务器端口号,
"users": [
{
"user": "HTTP代理服务器用户名",
"pass": "HTTP代理服务器密码"
}
]
}
]
}
}
],
"routing": {
"domainStrategy": "rules",
"rules": [
{
"type": "field",
"inboundTag": ["plain_data"],
"outboundTag": "ws_tls_v2ray"
},
{
"type": "field",
"inboundTag": ["dokodemo_door_data"],
"outboundTag": "http_proxy_with_usrpwd"
}
]
}
} |
相当棒的解决办法! |
|
我用的xray-tcp-xtls,照着设置了,跑不通,哪位老大能帮着看下 { |
|
您好: 【基础环境】 【配置文件】 {
"inbounds": [
{
"tag": "plain_data",
"port": 1090, //留给本机socks使用
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": null
}
},
{
"port": 10901, //留给本机http协议使用
"listen": "127.0.0.1",
"protocol": "http",
"settings": {
"auth": "noauth",
"udp": true,
"ip": null
}
},
{
"tag": "dokodemo_door_data",
"protocol": "dokodemo-door",
"port": 50001, //桥接端口
"listen": "127.0.0.1",
"settings": {
"address": "{vm_ip}", //脱敏,vm服务器ip
"port": 2443, //vm服务器 端口
"network": "tcp"
}
}
],
"outbounds": [
{
"tag": "ws_tls_v2ray",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "127.0.0.1",
"port": 50001, //桥接端口
"users": [
{
"id": "xx-xxx-xxxxx-xxxx-xxx-xxx-xxx", //脱敏
"alterId": 2, //脱敏
"email": "x@x.xx", //脱敏
"security": "auto" //脱敏
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "{vm_host.com}" //脱敏vm服务器主机名
},
"wsSettings": {
"path": "/v2ray",
"headers": {
"Host": "{vm_host.com}" //脱敏vm服务器主机名
}
}
}
},
{
"tag": "h2s",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "127.0.0.1",
"port": 1088 //h2s 使用的端口
}
]
}
}
],
"routing": {
"domainStrategy": "rules",
"rules": [
{
"type": "field",
"inboundTag": [
"plain_data"
],
"outboundTag": "ws_tls_v2ray"
},
{
"type": "field",
"inboundTag": [
"dokodemo_door_data"
],
"outboundTag": "h2s"
}
]
}
}
###h2s_config {
"bind": "127.0.0.1:1088",
"upstreams": [
{
"address": "10.173.110.10:3128"
}
],
"timeout": "20s",
"retries": 3
}
附件亦附上文件 但是出现了 且通过端口 127.0.0.1:1090(socks) 和 127.0.0.1:10901(http) 皆无法上网 请问 针对之前的方向 这两个配置是否正确? 万分感谢! |
|
@YCUXTX 你这个403看起来很像是你们内部一级代理没有放行你的vm地址,vm是ws+tls的话,尝试通过你们的一级代理访问你的vm域名试试看。 |
|
@phantomedc |
|
For Jesus’ sake, wasting so much time on this, here is the working version. This should be working on most of enterprise network environment which usually behinds a http-proxy.
Configuration for Bridge-Node, Click to expand!This is for http80 port, if you are going to use 443, uncomment the tls part.{
"policy":
{
"system":
{
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log":
{
//"access": "v2ray_access.log",
"access": "",
"error": "",
"loglevel": "debug"
},
"reverse":
{
// 这是 A 的反向代理设置,必须有下面的 bridges 对象
"bridges": [
{
"tag": "bridge", // 关于 A 的反向代理标签,在路由中会用到
"domain": "pc1.localhost" // 一个域名,用于标识反向代理的流量,不必真实存在,但必须跟下面 B 中的 reverse 配置的域名一致
}
]
},
"inbounds": [
{
"tag": "pre-proxy",
"listen": "127.0.0.1",
"port": 8081,
"protocol": "dokodemo-door",
"settings":
{
"network": "tcp",
"address": "your.domain.com",
"port": 80
}
}
],
"outbounds": [
{
//A连接B的outbound
"tag": "tunnel", // A 连接 B的 outbound 的标签,在路由中会用到
"protocol": "vmess",
"settings":
{
"vnext": [
{
"address": "127.0.0.1",
"port": 8081,
"users": [
{
"id": "c299cc7e-89e4-439c-ccdf-a53cd597306d",
"alterId": 1,
"security": "auto"
}
]
}
]
},
"streamSettings":
{
"network": "ws",
//"security": "tls",
//"tlsSettings":
//{
// "serverName": "your.domain.com"
//},
"wsSettings":
{
"path": "/your_path",
"headers":
{
"Host": "your.domain.com"
}
}
},
"mux":
{
"enabled": false,
"concurrency": -1
}
},
{ // 另一个 outbound,最终连接私有网盘
"protocol": "freedom",
"settings":
{
// "redirect": "127.0.0.1:7890"
},
"tag": "out"
},
{
"tag": "http-out",
"protocol": "http",
"settings":
{
"servers": [
{
"address": "127.0.0.1", //服务器IP
"port": 7890, //服务器端口
"users": [
{
"user": "", //你的用户名.
"pass": "" //你的密码
}
]
}
]
}
}
],
"routing":
{
"rules": [
{
// 配置 A 主动连接 B 的路由规则
"type": "field",
"inboundTag": [
"bridge"
],
"domain": [
"full:pc1.localhost"
],
"outboundTag": "tunnel"
},
{
// 反向连接访问私有网盘的规则
"type": "field",
"inboundTag": [
"bridge"
],
"outboundTag": "out"
},
{
"type": "field",
"inboundTag": "pre-proxy",
"outboundTag": "http-out"
}
]
}
}Configuration for Protal-Node, Click to expand!This v2ray server rely on nginx HAProxy.{
"log":
{
"access": "/var/log/v2ray_access.log",
"error": "none",
"loglevel": "warning"
},
"api":
{
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"reverse":
{
"portals": [
{
"tag": "portal",
"domain": "pc1.localhost"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings":
{
"address": "127.0.0.1"
},
"tag": "api"
},
{
"listen": "0.0.0.0",
"port": 50117,
"protocol": "vmess",
"settings":
{
"clients": [
{
"id": "c299cc7e-89e4-439c-ccdf-a53cd597306d",
"alterId": 1
}
],
"disableInsecureEncryption": false
},
"streamSettings":
{
"network": "ws",
"security": "none",
"wsSettings":
{
"path": "/50117",
"headers": {}
}
},
"tag": "inbound-50117",
"sniffing":
{
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "dns",
"tag": "dns-out",
"streamSettings":
{
"sockopt":
{
"mark": 255
}
}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy":
{
"system":
{
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"dns":
{
"hosts":
{
"dns.google": "8.8.8.8"
},
"servers": [
"8.8.8.8",
"8.8.4.4",
"1.1.1.1"
],
"tag": "dns_in"
},
"routing":
{
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"type": "field",
"inboundTag": ["dns-in"],
"outboundTag": "dns-out"
},
{
"type": "field",
"inboundTag": [
"interconn",
"inbound-50117"
],
"outboundTag": "portal"
},
{
"type": "field",
"domain": [
"full:private.cloud.com"
],
"outboundTag": "portal"
},
{
"domain": [
"domain:google.com",
"domain:apple.com",
"domain:oppomobile.com"
],
"type": "field",
"outboundTag": "allowed"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}/etc/nginx/nginx.conf, Click to expand!Supports HTTP80 and HTTPS443 for v2ray. Nginx is sharing with Trojan, MTProxy, Website, and so on.user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
#load_module modules/ngx_stream_geoip_module.so;
events {
worker_connections 4096;
# multi_accept on;
}
stream {
log_format streamlog ' $remote_addr \t[$time_iso8601] '
' $protocol $status '
' R:$bytes_received T:$bytes_sent $upstream_addr $ssl_preread_server_name';
#------------------------------
server {
listen 80;
proxy_pass LocalHttp80End;
proxy_protocol on;
access_log /var/log/nginx/stream_80_access.log streamlog;
error_log /var/log/nginx/stream_80_error.log;
}
#------------------------------
server {
listen 443;
listen [::]:443;
proxy_pass $ssl_backend;
proxy_protocol on; # Key step support HAProxy proxy_protocol
ssl_preread on; # preread SNI hostname
access_log /var/log/nginx/stream_access.log streamlog;
error_log /var/log/nginx/stream_error.log; # Health check notifications
}
map $ssl_preread_server_name $ssl_backend {
"~^t\d{0,1}\.domain\.com$" trojan_pre;
www.ti.com mtproxy;
"~^v\d{0,1}\.domain\.com$" LocalBackEnd;
"~^r\d{0,1}\.domain\.com$" LocalBackEnd;
"~^p\d{0,1}\.domain\.com$" LocalBackEnd;
your.domain.com LocalBackEnd;
default LocalBackEnd;
}
#------------------------------
upstream trojan_pre {
server 127.0.0.1:2442;
}
server {
listen localhost:2442 reuseport proxy_protocol;
proxy_pass trojan;
}
upstream trojan {
server 127.0.0.1:2443;
}
#------------------------------
upstream mtproxy {
server 127.0.0.1:3443;
}
upstream mtproxy_pre {
server 127.0.0.1:3445;
}
server {
listen localhost:3445 reuseport proxy_protocol;
#proxy_pass mtproxy1;
# set_real_ip_from 127.0.0.1;
# real_ip_header proxy_protocol;
proxy_pass 127.0.0.1:3444;
}
upstream mtproxy1 {
server 127.0.0.1:3444;
}
#------------------------------
upstream LocalBackEnd {
server localhost:1443; # temp server
}
#------------------------------
upstream LocalHttp80End {
server localhost:2080; # temp server
}
#------------------------------
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
ssl_protocols TLSv1.2 TLSv1.3; # Dropping TLSv1 TLSv1.1 TLSv1.2 SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Client IP MAP Settings
##
map $http_x_forwarded_for $client_ip {
# IPv4 addresses can be sent as-is
~^[0-9.]+$ "$http_x_forwarded_for";
default "$proxy_protocol_addr";
}
##
# Logging Settings
##
#keyval_zone zone=clients:80m timeout=3600s;
#keyval $remote_addr:$http_user_agent $seen zone=clients;
#include log.conf;
log_format main ' $remote_addr\t[$time_iso8601] '
' $status TX:$body_bytes_sent\t'
' $client_ip\t'
' "$request" '
' "$http_user_agent" '
' "$http_referer" ';
log_format main2 ' $client_ip:$proxy_protocol_port\t[$time_iso8601] '
' $status T:$body_bytes_sent '
' "$request" $host '
' | pa:$proxy_protocol_addr | cf:$http_cf_connecting_ip | xf:$http_x_forwarded_for | xr:$http_x_real_ip ' ;
log_format main3 ' $remote_addr\t[$time_iso8601] '
' $status TX:$body_bytes_sent\t'
' $http_x_forwarded_for\t'
' $proxy_protocol_addr:$proxy_protocol_port\t'
' $request ' ;
access_log /var/log/nginx/access_http.log main;
error_log /var/log/nginx/error_http.log;
##
# Gzip Settings
##
gzip on;
# https://nginx.org/cn/docs/http/ngx_http_proxy_module.html
# 1MB = 8000key
proxy_cache_path cache
levels=1:2
keys_zone=my_cache:32m
max_size=20g
inactive=6h
use_temp_path=off
;
#------------------------------
##
# Http 80 Host Configs
##
include /etc/nginx/http80.conf;
#------------------------------
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}/etc/nginx/http80.conf, Click to expand!HTTP80 redirect # ------------------------------------------------
server {
listen 127.0.0.1:2080 proxy_protocol;
server_name ~^(v|r)\d+\.domain\.(com|org)$; #equals to v1.domain.com v2.domain.com;
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
location = / {
return 204;
}
access_log /var/log/nginx/access_80_50xxx.log main2;
# Regex for vmess /501xx
location ~ "^/(501[\d]{2})$" {
proxy_pass http://127.0.0.1:$1;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Show real IP in v2ray access.log
proxy_set_header X-Forwarded-For $client_ip;
}
}
# ------------------------------------------------
server {
listen 127.0.0.1:2080 default_server proxy_protocol;
set_real_ip_from 127.0.0.1;
#server_name _;
server_name ~^(r\d+|p\d+)\.domain\.(com|org)$;
access_log /var/log/nginx/access_301.log main2;
return 301 https://$host$request_uri;
}/etc/nginx/v2ray-ports.conf, Click to expand!V2ray websocket revers proxy access_log /var/log/nginx/access_50xxx.log main2;
# Regex for vmess /501xx
location ~ "^/(501[\d]{2})$" {
proxy_pass http://127.0.0.1:$1;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Show real IP in v2ray access.log
proxy_set_header X-Forwarded-For $client_ip;
}/etc/nginx/domain.com.comm.conf, Click to expand! ssl_certificate /home/ubuntu/.acme.sh/domain.com/fullchain.cer;
ssl_certificate_key /home/ubuntu/.acme.sh/domain.com/domain.com.key;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1500;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling off;
ssl_stapling_verify on;
ssl_trusted_certificate /home/ubuntu/.acme.sh/domain.com/fullchain.cer;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
location = /204 {
return 204;
}/etc/nginx/sites-available/domain.com, Click to expand!server {
server_name ~^v\d+\.domain\.com$ ~^r\d+\.domain\.com$; #equals to v1.domain.com;
listen 127.0.0.1:1443 ssl http2 proxy_protocol;
include /etc/nginx/domain.com.comm.conf;
access_log /var/log/nginx/access_v2ray_domain.com.log main2;
location /ip {
default_type text/plain;
return 200 "$remote_addr\n";
}
include /etc/nginx/v2ray-ports.conf;
} |
and others
目前已经基于ws+tls完成了服务端的搭建,普通环境下使用正常,但是在需要前置代理的环境下,(如 在公司需要通过公司代理进行上网,在学校实验室需要通过学校代理进行上网),配置无法成功,研究了v2ray链式代理的特性,该特性需要每一级中转都需要配置v2ray,但是公司代理、学校代理,对于用户来说都是黑盒,通常都是类似squid等http或socks代理,在这种情况下,v2ray能否有一个比较友好的支持呢?目前的情况看,经过一个星期的配置与尝试,发现不可行。
思路是:通过dokodemo-door将流量转发到前置代理。
尝试配置如下:
The text was updated successfully, but these errors were encountered: