分享 | 交流
让学习成为一种习惯

为V2Ray部署TLS

接上次v2ray的部署安装  今天扩展安装TLS加密

获取安装脚本

curl https://get.acme.sh | sh

有可能需要安装socat

yum/apt install -y socat

报错提示少什么就装什么

~/.acme.sh/acme.sh –issue -d msc.cockpit.ml –standalone -k ec-256

root@instance-5:~# ~/.acme.sh/acme.sh –issue -d tw.cockpit.ml –standalone -k ec-256
[Wed Jan 31 11:09:41 CST 2018] Standalone mode.
[Wed Jan 31 11:09:42 CST 2018] Creating domain key
[Wed Jan 31 11:09:42 CST 2018] The domain key is here: /root/.acme.sh/tw.cockpit.ml_ecc/tw.cockpit.ml.key
[Wed Jan 31 11:09:42 CST 2018] Single domain=’tw.cockpit.ml’
[Wed Jan 31 11:09:42 CST 2018] Getting domain auth token for each domain
[Wed Jan 31 11:09:42 CST 2018] Getting webroot for domain=’tw.cockpit.ml’
[Wed Jan 31 11:09:42 CST 2018] Getting new-authz for domain=’tw.cockpit.ml’
[Wed Jan 31 11:09:44 CST 2018] The new-authz request is ok.
[Wed Jan 31 11:09:44 CST 2018] Verifying:tw.cockpit.ml
[Wed Jan 31 11:09:44 CST 2018] Standalone mode server
[Wed Jan 31 11:09:51 CST 2018] Success
[Wed Jan 31 11:09:51 CST 2018] Verify finished, start to sign.
[Wed Jan 31 11:09:52 CST 2018] Cert success.
—–BEGIN CERTIFICATE—–
MIIEMjCCAxqgAwIBAgISA4eLja4pKJOiSPSq3QcSFLZAMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMzEwMjA5NTJaFw0x
ODA1MDEwMjA5NTJaMBgxFjAUBgNVBAMTDXR3LmNvY2twaXQubWwwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAAQZu02RfsrLfxwC8yx2KPtrAf/eiNDsxkviPfqUOuUM
GTt7ql2AhTQPAVYfQkRXeNX8O+K2G5YISXqgR2DThBbgo4ICDTCCAgkwDgYDVR0P
AQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBSsfJzGnQgahXAQA9E0SSotI3cp2jAfBgNVHSMEGDAW
gBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUH
MAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUH
MAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBgGA1UdEQQR
MA+CDXR3LmNvY2twaXQubWwwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysG
AQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5
IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBh
Y2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBo
dHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsF
AAOCAQEAA4FhNxdWzK3vc8t2Nu75sWlUUbGmKlv5t7Tozu3luFoO4Vmo1CDSx4LU
GdX6faaW7zb2Mo8baMS1aHp0oatjIJjBgyL6vv14u1OFgNcLFdQuDwBCoZODLYVB
pkuIPyXbUvOowEoitxLcPzolkXTm4Q52BHCoaDS7Szv8Nm+MmfMTXQk15hxC4nuy
lLSh2D/bmFYhq2UCfa1u096gGcOQ4mKOMOAirmKj/4wuZ5nVfhb/HtvlIvE9yEpo
+ijwdNB4cKjafYBotSGbw3ZWnoFSKwRMkHau/0Ocw20fJ1wplWiHn4f51Q5DC9D2
WCeHouUSycOgPKtoIrz/cB/BuK+EMA==
—–END CERTIFICATE—–
[Wed Jan 31 11:09:52 CST 2018] Your cert is in /root/.acme.sh/tw.cockpit.ml_ecc/tw.cockpit.ml.cer
[Wed Jan 31 11:09:53 CST 2018] Your cert key is in /root/.acme.sh/tw.cockpit.ml_ecc/tw.cockpit.ml.key
[Wed Jan 31 11:09:53 CST 2018] The intermediate CA cert is in /root/.acme.sh/tw.cockpit.ml_ecc/ca.cer
[Wed Jan 31 11:09:53 CST 2018] And the full chain certs is there: /root/.acme.sh/tw.cockpit.ml_ecc/fullchain.cer

安装证书

将证书和密钥安装到 /etc/v2ray 中:
~/.acme.sh/acme.sh –installcert -d tw.cockpit.ml –fullchainpath /etc/v2ray/v2ray.crt –keypath /etc/v2ray/v2ray.key –ecc

[root@xianku ~]# cd /etc/v2ray/
[root@xianku v2ray]# ls
config.json config.json.bak v2ray.crt v2ray.key

证书安装之后在v2ray的配置文件目录就多出两个密钥文件
不出意外配置文件可以自动配置好,但是在我尝试的过程中,有时候配置文件不会变
所以下面分享配置文件模板,上传覆盖原有配置文件就可以直接用了

{
  "inbound": {
    "port": 443,
    "protocol": "vmess",    
    "settings": {
      "clients": [
        {
          "id": "61f4b414-ce21-468b-b8b7-52599955b07d",  
          "alterId": 64
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "tls",
      "tlsSettings": {
        "certificates": [
          {
            "certificateFile": "/etc/v2ray/v2ray.crt",
            "keyFile": "/etc/v2ray/v2ray.key"
          }
        ]
      }
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  }
}

有问题可以留言交流

未经允许不得转载:留时刻运维网 » 为V2Ray部署TLS

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

留时刻 - Linux系统教程,运维经验分享

加入我们给我留言