xray搭建

初始化环境,创建相应的目录

1
2
3
4
mkdir -pv /usr/local/xray
mkdir -pv /var/log/xray
chmod 777 -R /var/log/xray
mkdir -pv /usr/local/etc/xray/cert

下载xray

1
wget https://github.com/XTLS/Xray-core/releases/download/v1.7.5/Xray-linux-64.zip

解压

1
unzip Xray-linux-64.zip

拷贝文件到指定目录

1
cp geoip.dat  geosite.dat  xray /usr/loca/bin

下载证书

1
wget http://47.115.201.215/ssl.tar.gz

解压证书

1
tar -zxf ssl.tar.gz

拷贝证书到指定目录

1
cp ssl/ssl* /usr/local/etc/xray/cert

编写config.json文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

{
  "log": {
    "access": "/var/log/xray/access.log",
    "error": "/var/log/xray/error.log",
    "loglevel": "info"
  },
  "inbounds": [
    {
      "port": 65535,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "63a1897b-895d-4307-ae9f-558cf04d4138" //表示符用于客户端验证
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "dest": 80
          }
        ]
      },
      "streamSettings": {
        "network": "kcp",
        "security": "tls",
        "tlsSettings": {
          "certificates": [
            {
              "certificateFile": "/usr/local/xray/cert/ssl.crt",
              "keyFile": "/usr/local/xray/cert/ssl.key"
            }
          ]
        },
        "tcpSettings": {},
        "httpSettings": {},
        "kcpSettings": {
          "mtu": 1350,
          "tti": 50,
          "uplinkCapacity": 100,
          "downlinkCapacity": 100,
          "congestion": false,
          "readBufferSize": 2,
          "writeBufferSize": 2,
          "header": {
            "type": "wechat-video"
          },
          "seed": "9yPvIsO0"
        },
        "wsSettings": {},
        "quicSettings": {}
      },
      "domain": "v.tbctl.cn"
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "block"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/8",
          "10.0.0.0/8",
          "100.64.0.0/10",
          "169.254.0.0/16",
          "172.16.0.0/12",
          "192.0.0.0/24",
          "192.0.2.0/24",
          "192.168.0.0/16",
          "198.18.0.0/15",
          "198.51.100.0/24",
          "203.0.113.0/24",
          "::1/128",
          "fc00::/7",
          "fe80::/10"
        ],
        "outboundTag": "block"
      }
    ]
  }
}

将文件拷贝到指定目录

1
2

cp config.json /usr/local/etc/xray/

编写xray.service文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
vim xray.service
将下列写入xray.service文件中
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target

[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000

[Install]
WantedBy=multi-user.target

拷贝文件到指定目录

1
cp xray.service /etc/systemd/system/

重载service

1
systemctl daemon-reload

启动xray

1
sudo systemctl start xray

配置防火墙

1
2
iptables -t filter -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -t filter -A INPUT -p tcp --dport 25 -j DROP
xray搭建
https://dreamaccount.github.io/2023/06/11/xray搭建/
作者
404NotFound
发布于
2023年6月11日
许可协议