Install V2Ray+TLS+Cloudflare


Prepare

Enter to project root

cd ~

Create directory for v2ray and enter to this directory

mkdir v2ray
cd v2ray

Check the OS bit

uname -a
uname -m

Download and unzip the related version

wget https://github.com/v2ray/v2ray-core/releases/download/v4.21.3/v2ray-linux-32.zip -O v2ray-linux-32-4.21.3.zip
unzip v2ray-linux-32-4.21.3.zip

List all files after unzip

ls -la

Generate the v2ray path

v2ray_path=$(head /dev/urandom | tr -dc 0-9a-zA-Z | head -c 12)

Generate the v2ray port

v2ray_port=$(shuf -i 10000-65000 -n 1)

Generate the v2ray client id

v2ray_client_id=$(head /proc/sys/kernel/random/uuid)

Generate the v2ray client alter id

v2ray_client_alter_id=$(shuf -i 0-100 -n 1)

Cloudflare

  1. Login to the control panel
  2. add the domain name and point to your server
  3. set the ssl/tls encryption mode to Full (Flexible will cause TOO_MANY_REDIRECTS)

Nginx

Edit nginx config

vim /path/to/nginx/conf/my.domain.com.conf

With Content

server {
    listen      80;
    server_name my.domain.com;

    return 301 https://my.domain.com$request_uri;
}

server {
    listen      443 ssl http2;
    charset     utf-8;
    server_name my.domain.com;
    root        /www/root/my.domain.com;
    index       index.html index.htm index.php;

    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

    ssl_certificate     /path/to/cert/live/my.domain.com/fullchain.pem;
    ssl_certificate_key /path/to/cert/live/my.domain.com/privkey.pem;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_timeout 1d;

    ssl_prefer_server_ciphers   on;
    ssl_protocols               TLSv1.1 TLSv1.2 TLSv1.3;

    ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;";

    ssl_stapling        on;
    ssl_stapling_verify on;

    resolver            8.8.8.8 valid=300s;
    resolver_timeout    10s;

    location ^~ /.well-known/acme-challenge/ {
        root        /usr/local/nginx/html;
        try_files   $uri =404;
    }

    location /__V2RAY_PATH__ {
        proxy_redirect      off;
        proxy_pass          http://127.0.0.1:__V2RAY_PORT__;
        proxy_http_version  1.1;
        proxy_set_header    Upgrade     $http_upgrade;
        proxy_set_header    Connection  "upgrade";
        proxy_set_header    Host        $http_host;
    }

    location ~ \.php$ {
        fastcgi_pass            127.0.0.1:9000;
        fastcgi_index           index.php;
        fastcgi_connect_timeout 300s;
        fastcgi_read_timeout    300s;
        fastcgi_param           SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include                 fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~ /.*\.db {
        deny all;
    }
}

Replace the v2ray path variable in nginx config

sed -i "s/__V2RAY_PATH__/$v2ray_path/" /path/to/nginx/conf/my.domain.com.conf

Replace the v2ray port variable in nginx config

sed -i "s/__V2RAY_PORT__/$v2ray_port/" /path/to/nginx/conf/my.domain.com.conf

Create directory for domain root

mkdir /www/root/my.domain.com

Create dummy index page

echo "Hello World" > /www/root/my.domain.com/index.html

Change the owner for the domain root

chown -Rf www:www /www/root/my.domain.com

Generate the cert for domain

letsencrypt certonly --webroot -w /path/to/nginx/html -d my.domain.com --email [email protected] --agree-tos --renew-by-default

Restart nginx

/path/to/script/nginx.sh test
/path/to/script/nginx.sh restart

V2Ray

Create custom config and logs directories

mkdir config
mkdir logs

Create server config

vim config/server.json

With content

{
    "log":{
        "loglevel": "warning",
        "access": "__V2RAY_LOG_PATH__/access.log",
        "error": "__V2RAY_LOG_PATH__/error.log"
    },
    "inbounds": [
        {
            "port": __V2RAY_PORT__,
            "listen": "127.0.0.1",
            "tag": "vmess-in",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "__V2RAY_CLIENT_ID__",
                        "alterId": __V2RAY_CLIENT_ALTER_ID__
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/__V2RAY_PATH__"
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "settings": {},
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "dns": {
        "server": [
            "1.1.1.1",
            "1.0.0.1",
            "8.8.8.8",
            "8.8.4.4",
            "localhost"
        ]
    },
    "routing": {
        "domainStrategy": "IPOnDemand",
        "rules": [
            {
                "type": "field",
                "ip": [
                    "geoip:private"
                ],
                "outboundTag": "blocked"
            }
        ]
    }
}

Replace the v2ray log path in server config

sed -i "s#__V2RAY_LOG_PATH__#/path/to/logs#" config/server.json

Replace the v2ray port in server config

sed -i "s/__V2RAY_PORT__/$v2ray_port/" config/server.json

Replace the v2ray client id in server config

sed -i "s/__V2RAY_CLIENT_ID__/$v2ray_client_id/" config/server.json

Replace the v2ray client alter id in server config

sed -i "s/__V2RAY_CLIENT_ALTER_ID__/$v2ray_client_alter_id/" config/server.json

Replace the v2ray path in server config

sed -i "s/__V2RAY_PATH__/$v2ray_path/" config/server.json

Test the v2ray server config

./v2ray -config ./config/server.json -test

Start the v2ray server

./v2ray -config ./config/server.json

Add it to rc.local

screen -dmS v2ray /path/to/v2ray -config /path/to/v2ray/config/server.json