这篇文章很久之前就写了,但一直放在wordpress博客的草稿里不敢发布。原因是去年我wp博客突然被下备案了,什么原因都没有告知,后面打电话问了管局才知道是因为博客存在搭建VPN、翻墙教程,被工信部永久拉入黑名单了(呜呜呜,5年的备案域名,收录还这么多就这样没了)。今天突然想起还有hexo博客,就索性在这里发布算了。
Reality协议的优势:
- 消除TLS指纹:通过伪装成普通的HTTPS流量,Reality协议避免了被特定TLS特征识别的风险。
- 前向保密性:确保即使私钥泄露,之前的通信内容也无法被解密。
- 无需自有域名:可以指向任何支持TLS 1.3和H2的网站,无需购买或配置自己的域名。
- 不受端口限制:可以使用非443端口,增加了部署的灵活性。
reality在流行代理协议中是最强的,强于TLS,至于会不会被GFW封,目前没有收到大规模报告。如果流量大了,还是会封的。
多的就不写了(下面的教程比较简略),别到时候把这博客给整墙了
建议debian12系统
面板安装脚本
1
2
3
4
5
6
7
8
9
| # 3x-ui(伊朗的,功能多,推荐)
bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)
# x-ui(原版,停更)
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh
# x-ui(二改)
bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/master/install.sh)
# x-ui(二改)
bash <(curl -Ls https://raw.githubusercontent.com/yonggekkk/x-ui-yg/main/install.sh)
|
给面板加SSL(可忽略,但强烈建议设置)
安装cf证书,需要cf上有域名
解析一个A记录的域名到服务器ip
然后打开个人资料:https://dash.cloudflare.com/profile/api-tokens,找到Global API Key复制下来
在ssh终端输入x-ui,输入19(Cloudflare SSL Certificate),然后接着输入解析的域名,cf的key,邮箱,一直按着执行下去就会出现面板地址了(如果忘记了,脚本命令第10就是面板信息)
添加节点
打开面板,直接上配置图
Dest和SNI填一个支持H2,且ping值低的网站填上去(要用服务器ping该网站),注意别漏:443
如何寻找 TLS1.3/H2 的网站
- 目标网站最低标准:国外网站,支持 TLSv1.3 与 H2,域名非跳转用
- 加分项:IP 相近(更像,且延迟低),Server Hello 后的握手消息一起加密(如 dl.google.com),有 OCSP Stapling
- 配置加分项:禁回国流量,TCP/80、UDP/443 也转发(REALITY 对外表现即为端口转发,目标 IP 冷门或许更好)
查询目标网站是否支持 OCSP Stapling:http://web.chacuo.net/netocspstapling
TLS1.3 / X25519 / H2:https://www.ssllabs.com/ssltest/index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| # 域名推荐
gateway.icloud.com
itunes.apple.com
download-installer.cdn.mozilla.net
airbnb【这个不同的区有不同的域名建议自己搜索】
addons.mozilla.org
www.microsoft.com
www.lovelive-anime.jp
# CDN
Apple:
swdist.apple.com
swcdn.apple.com
updates.cdn-apple.com
mensura.cdn-apple.com
osxapps.itunes.apple.com
aod.itunes.apple.com
Microsoft:
cdn-dynmedia-1.microsoft.com
update.microsoft
software.download.prss.microsoft.com
Amazon:
s0.awsstatic.com
d1.awsstatic.com
images-na.ssl-images-amazon.com
m.media-amazon.com
player.live-video.net
Google:
dl.google.com
|
到这里已经全部配置完了,下面是其他设置,可以不用看
其他设置
更新软件库
1
2
3
4
5
| # 更新软件包列表
apt-get update
# 升级已安装的软件包
apt-get upgrade
|
Debian12更换镜像源
备份:mv /etc/apt/sources.list /etc/apt/sources.list.old
1
2
3
4
5
6
7
8
9
10
11
| # 官方源
cat > /etc/apt/sources.list << EOF
deb https://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb-src https://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb https://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src https://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
deb https://deb.debian.org/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src https://deb.debian.org/debian/ bookworm-backports main contrib non-free non-free-firmware
deb https://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
deb-src https://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
EOF
|
1
2
3
4
5
6
7
8
9
10
11
| # 清华源 https://mirrors.tuna.tsinghua.edu.cn/help/debian/
cat > /etc/apt/sources.list << EOF
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
EOF
|
1
2
3
4
5
6
7
8
9
10
11
| # 阿里云源
cat > /etc/apt/sources.list << EOF
deb http://mirrors.cloud.aliyuncs.com/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://mirrors.cloud.aliyuncs.com/debian/ bookworm main contrib non-free non-free-firmware
deb http://mirrors.cloud.aliyuncs.com/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src http://mirrors.cloud.aliyuncs.com/debian/ bookworm-updates main contrib non-free non-free-firmware
deb http://mirrors.cloud.aliyuncs.com/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src http://mirrors.cloud.aliyuncs.com/debian/ bookworm-backports main contrib non-free non-free-firmware
deb http://mirrors.cloud.aliyuncs.com/debian-security/ bookworm-security main contrib non-free non-free-firmware
deb-src http://mirrors.cloud.aliyuncs.com/debian-security/ bookworm-security main contrib non-free non-free-firmware
EOF
|
防火墙设置
1
2
3
4
5
6
7
8
9
| Ubuntu防火墙
# 查看防火墙状态
sudo ufw status
# 开启防火墙
sudo ufw enable
# 永久关闭
sudo ufw disable
|
1
2
3
4
5
6
7
8
9
| centos防火墙
# 查看防火墙状态
systemctl status firewalld
# 开启命令
systemctl start firewalld
# 永久关闭
systemctl disable firewalld
|
绑定多IP
Debian
1
2
3
4
5
6
7
8
| # 编辑,也有可能在network文件夹下
vim /etc/network/interfaces
# 重启网络
systemctl restart networking
# 查看生效
ip route
|
Ubuntu
1
2
3
4
5
6
7
8
| # 配置文件在这个路径下,ls看一下
vim /etc/netplan/
# 应用配置
netplan apply
# 查看是否生效
ip route
|
