WebSocket+TLS+CDN+Web，Apache2 部署V2Ray

网上教程怎么配置WebSocket TLS CDN Web大部份是Nginx的Apache2的或多或少有些错误，这里做一些完善、总结。这篇文章参考了官方文档、白话文教程 ，Github issue，前提条件：你有一台使用 Apache2 建立了博客的服务器。

配置 Apache

我们假设，你已经有了一个可以正常运行的V2Ray环境和Apache2。
1. 在服务器上开启以下 Apache 模组

sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_wstunnel
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo a2enmod headers

2. 修改Apache 配置文件
我们找到配置文件，一般在 /etc/apache2 文件夹下。

一般，我们可以在该目录下找到sites-available（可用的配置文件） 和 sites-enabled（启用的配置文件）

我们进入 sites-enabled，找到 443（即 HTTPS 配置文件，例如：000-default-le-ssl.conf）。

把以下配置加到<VirtualHost></VirtualHost>之间

<LocationMatch "/{ws_path}}/">
ProxyPass ws://127.0.0.1:{port}/{ws_path}/ upgrade=WebSocket
ProxyAddHeaders Off
ProxyPreserveHost On
RequestHeader set Host %{HTTP_HOST}s
RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
</LocationMatch>

例如，我的配置文件如下所示：

<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

ServerName www.xzos.net
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias xzos.net
SSLCertificateFile /etc/letsencrypt/live/www.xzos.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.xzos.net/privkey.pem

<LocationMatch "/ray/">
ProxyPass ws://127.0.0.1:1080/ray/ upgrade=WebSocket
ProxyAddHeaders Off
ProxyPreserveHost On
RequestHeader set Host %{HTTP_HOST}s
RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
</LocationMatch>
</VirtualHost>
</IfModule>

3. 重启 Apache 服务

sudo systemctl restart apache2.service

这时，你通过浏览器访问 https://<你的域名>/ray/ 应该是这样的

配置 V2Ray（参考白话文教程，但有所不同）
V2Ray 配置文件
服务器 V2Ray 配置

{
"inbounds": [
{
"port": 1080,
"listen":"127.0.0.1",//只监听 127.0.0.1，避免除本机外的机器探测到开放了 10000 端口，docker运行需要0.0.0.0
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray/" // 这里是 “/ray/”
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}

客户端 V2Ray 配置

{
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "xzos.net",
"port": 443,
"users": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/ray/" // 这里是 “/ray/”
}
}
}
]
}

关注公众号『窗外天空』

获取更多建站运营运维新知！
互联网创业、前沿技术......