Alfred's Blog
0%

Set up a proxy service on a remote server

发表于 分类于

The article will only introduce the basic concept and the process about how to set up a service.

You should refer to the exact step on this page.

Basic concept

Unlike ss, there is no such a software as v2ray-client or v2ray-server. It’s just v2ray. In other words, the server and the client use the same softwore, v2ray-core.

Model

Each instance accpet data from the defined inbounds rules, then sent data to the defined outbound according to the router rules.

For a server, we can simply accept vmess protocol and just sent directly to where it should go.

Config Sample

Here is a simple example. By the below configuration, there will be a service that listens to port 443 with the vmess protocol. Outbounds is using the freedom protocol, so the packets that are received from 443 will be sent to where they are used to meant to go.

The service is ready to serve by using this configuration.

And you could enhance the security by enabling TLS in the next section.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
    "inbounds": [
        {
            "port": 443,
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                        "level": 0,
                        "alterId": 0
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp"
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "settings": {}
        }
    ]
}

Issue cert for your website

We should have our own domain name if we want to use the vmess over TLS, .

Then we can use acme.sh to issue certs. It’s charged free. 

1
2
3
acme.sh --register-account -m $YOUR_EMAIL
sudo ~/.acme.sh/acme.sh --issue -d $YOUR_DOMAIN_ADDRESS --standalone -k ec-256
sudo ~/.acme.sh/acme.sh --installcert -d $YOUR_DOMAIN_ADDRESS --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc

And change streamSettings part of the configuration of the server to enabling TLS.

1
2
3
4
5
6
7
8
9
10
11
12
"streamSettings": {
    "network": "tcp",
    "security": "tls",
    "tlsSettings": {
        "certificates": [
            {
                "certificateFile": "/etc/v2ray/v2ray.crt",
                "keyFile": "/etc/v2ray/v2ray.key"
            }
        ]
    }
}

Then it’s all set.