How to set Shadowsocks over HTTPS With Nginx
将 Shadowsocks 流量伪装成 HTTPS 请求
借助 Nginx 并配合 V2ray 插件,根据路由配置判断,将流量转发到代理程序,实现 HTTPS 与代理共用 443 端口
原料
- Shadowsocks-libev
- Nginx
- acme.sh
- DNS 解析
- V2Ray-plugin
配置 Nginx 及证书
颁发 SSL 证书
将 Nginx 配置中
server_name的值更改为你的域名server { server_name mydomain.com; listen 443 ssl http2; ... }然后使用 Nginx 模式颁发证书
acme.sh --issue -d mydomain.com --nginx复制/安装
不要让直接使用
~/.acme.sh/下的文件,将生成的证书复制到/etc/nginx/certs/下后,再更新 Nginx 配置中关于 SSL 的部分server { server_name mydomain.com; listen 443 ssl http2; #listen [::]:443 ssl http2; # 没有 ipv6 可以不写这行 ssl_certificate /etc/nginx/certs/fullchain.cer; ssl_certificate_key /etc/nginx/certs/mydomain.com.key; ssl_session_timeout 3m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; server_name mydomain.com; location /ray { proxy_redirect off; proxy_pass http://127.0.0.1:8008; proxy_set_header Host $http_host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }设置自动更新
acme.sh --upgrade --auto-upgrade
Shadowsocks 配置
安装 v2ray 插件
将下载的 release 解压到
/usr/bin服务端配置
/etc/shadowsocks-libev/config.json{ "server": "localhost", "server_port": 8008, "mode": "tcp_only", "password": "***", "timeout": 5, "method": "chacha20-ietf-poly1305", "plugin": "v2ray-plugin", "plugin_opts": "server;host=mydomain.com;path=/ray" }因为是通过 Nginx 转发,同时也配置了 HTTPS,所以
plugin_opts不需要再填证书参数Windows 客户端配置
编辑配置文件
gui-config.json{ "server": "mydomain.com", "server_port": 443, "password": "***", "method": "chacha20-ietf-poly1305", "plugin": "v2ray-plugin.exe", "plugin_opts": "tls;host=mydomain.com;path=/ray", "timeout": 5 }
DNS 解析
最后一步,使用 DNS 解析服务,将你的域名解析到主机
参考
说明 · acmesh-official/acme.sh Wiki
Use v2ray-plugin after Nginx · Issue #48 · shadowsocks/v2ray-plugin