A VPS server can host websites, network agents, cloud backups, etc. My website is hosted on Github, so I use VPS to build a vmess node as a proxy server.
The VPS provider in this demonstration is Vultr. The operating system is Ubantu22.04, and the type of the node is vmess+ws+tls. Record the operation steps so that the node can be quickly built when needed.
目前最稳定的节点搭建方式:使用Vultr的VPS搭建vmess+ws+tls节点的详细步骤
1、VPS服务器
2、连接主机
FinalShell新建连接
输入主机IP和root密码连接
3、节点搭建 FinalShell # 更新软件源 apt update # 启用 BBR TCP 拥塞控制算法 echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf sysctl -p # 安装x-ui: bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh) # 安装nginx apt install nginx # 安装acme: curl https://get.acme.sh | sh # 安装socat:(如果要使用独立模式--standalone) apt install socat # 添加软链接: ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh # 开放端口: ufw allow 80 ufw allow 443 ufw allow 9999 # 注册账号: acme.sh --register-account -m [email protected] # 等待域名DNS解析完成 # 申请证书: (改域名) acme.sh --issue -d d.leonore.cf -k ec-256 --webroot /var/www/html # 申请证书: acme.sh --issue -d a.leonore.cf --standalone -k ec-256 # 安装证书: (改域名) acme.sh --install-cert -d d.leonore.cf --ecc --key-file /etc/x-ui/server.key --fullchain-file /etc/x-ui/server.crt --reloadcmd "systemctl force-reload nginx" # 安装证书(Trojan: acme.sh --installcert -d 替换为你的域名 --ecc --key-file /root/trojan/server.key --fullchain-file /root/trojan/server.crt # 如果默认CA无法颁发,则可以切换下列CA: # 切换 Let’s Encrypt: acme.sh --set-default-ca --server letsencrypt # 切换 Buypass: acme.sh --set-default-ca --server buypass # 切换 ZeroSSL: acme.sh --set-default-ca --server zerossl # 切换CA机构: acme.sh --set-default-ca --server letsencrypt
4、寻找伪装网站 示例关键字:intext:登录 Cloudreve
5、登录xui
6、配置nginx 配置文件路径:/etc/nginx/nginx.conf
nginx.conf user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024 ; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65 ; types_hash_max_size 2048 ; include /etc/nginx/mime.types; default_type application/octet-stream; gzip on; server { listen 443 ssl; server_name d.leonore.cf; ssl_certificate /etc/x-ui/server.crt; ssl_certificate_key /etc/x-ui/server.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; location / { proxy_pass https://cloud.forevers.top; proxy_redirect off; proxy_ssl_server_name on; sub_filter_once off; sub_filter "cloud.forevers.top" $server_name; proxy_set_header Host "cloud.forevers.top" ; proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Encoding "" ; proxy_set_header Accept-Language "zh-CN" ; } location /1a2569a8-eabd-4039-e53f-df76b491745f { proxy_redirect off; proxy_pass http://127.0.0.1:10000; proxy_http_version 1.1 ; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade" ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /1a2569a8-eabd-4039-e53f-df76b491745f-xui { proxy_redirect off; proxy_pass http://127.0.0.1:9999; proxy_http_version 1.1 ; proxy_set_header Host $host; } } server { listen 80 ; location /.well-known/ { root /var/www/html; } location / { rewrite ^(.*)$ https://$host$1 permanent; } } }
7、重新加载配置文件 FinalShell
8、导入节点
9、测速!!! 10、多用户合租(可选)
通过修改nginx的配置文件实现ws path路径分流
nginx.conf location /ray { proxy_redirect off; proxy_pass http://127.0.0.1:10000; proxy_http_version 1.1 ; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade" ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
