Break GFW related
Opened this issue · 12 comments
- BifrostV - Google Play 應用程式: V2Ray Android client
Install on a brand new machine
sudo apt update
sudo apt install curl
sudo bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
sudo systemctl v2ray enable; sudo systemctl v2ray start
/etc/systemd/system/v2ray.service
[Unit]
Description=V2Ray Service
Documentation=https://www.v2ray.com/ https://www.v2fly.org/
After=network.target nss-lookup.target
[Service]
# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
#Type=exec
Type=simple
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting User=nobody and commenting out User=root, the service will run as user nobody.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
User=root
#User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray -config /etc/v2ray/config.json
Restart=on-failure
[Install]
WantedBy=multi-user.target
/etc/v2ray/config.json
{
"inbounds": [
{
"port": 16823, // 服务器监听端口
"protocol": "vmess", // 主传入协议
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811", // 用户 ID,客户端与服务器必须相同
"alterId": 64
}
]
}
}
],
"outbounds": [
{
"protocol": "freedom", // 主传出协议
"settings": {}
}
]
}
Install Docker Engine on Ubuntu | Docker Documentation
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo sh -eux <<EOF
# Install newuidmap & newgidmap binaries
apt-get install -y uidmap
EOF
# Add this to ~/.bashrc
export DOCKER_HOST=unix:///run/user/1000/docker.sock
shadowsocks server systemd service
- arzyu/shadowsocks: Running shadowsocks in docker container =>
aes-256-gcm
curl -fsSL https://github.com/arzyu/shadowsocks/raw/master/setup.sh | bash
How To Set Up a Firewall with UFW on Ubuntu 18.04 | DigitalOcean
簡易的防火牆 - UFW & GUFW · 完全用 GNU/Linux 工作
SSR
git clone https://github.com/shadowsocksrr/shadowsocksr.git
cd shadowsocksr
bash initcfg.sh
cd shadowsocks
sudo python3 server.py -p 20443 -k password -m aes-128-cfb -O auth_aes128_md5 -o tls1.2_ticket_auth_compatible
Client
SS就是用小丑面具蒙面,SSR就是尝试把小丑面具涂白或者涂黑。都是戴面具。V2ray_WS_TLS相当于带人皮面具,易容。torjan基本上是带了人皮面具,但是这张面具是逃犯的。
git clone https://github.com/atrandys/v2ray-ws-tls.git
cd v2ray-ws-tls
sudo bash 2ray_ws_tls1.3.sh
Trojan
- Trojan Documentation | trojan
- trojan-gfw/trojan: An unidentifiable mechanism that helps you bypass GFW.
- trojan-gfw/trojan-quickstart: A simple installation script for trojan server.
- trojan教程 - tlanyan
- Shadowsocks vs V2Ray vs Trojan 都有什么区别? - LightyearVPN
- trojan一键安装 - wiki
Get nginx and open 80, 443 port
Basically this is used for "fake webpage"
sudo apt install nginx-full
- Setup Nginx with HTTPS on Azure VM using Certbot - DEV Community
- NGINX | High Performance Load Balancer, Web Server, & Reverse Proxy
- nginx- duplicate default server error - Stack Overflow
You should be able to test if the HTTP work
Get a certificate and set it for nginx
Whether you use nginx or not, you will need the certificate anyway
- 使用Let's Encrypt获取免费证书 - tlanyan
- Let's Encrypt
- Certbot
- Update: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX - NGINX
- Installing snapd | Snapcraft documentation
- Installing snap on Debian | Snapcraft documentation (Ubuntu default has this)
sudo apt install snap
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo certbot certonly --nginx
# email
# y
# y
# domain name
/etc/nginx/sites-available/default
Enable 443 settings(this will left for trojan- set server_name as the domain name
- follow by
# managed by Certbot
is the auto setting
By default, it should automatically set for the nginx (/etc/nginx/sites-available/default
). To check where the certificates are sudo certbot certificates
.
You should be able to test if the HTTPS work
Install trojan
sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
/etc/systemd/system/trojan.service
/usr/local/etc/trojan/config.json
- Modify Certificate Path and Private Key Path
- Since nginx use the 443 port, so you might need to change it
sudo /usr/local/bin/trojan /usr/local/etc/trojan/config.json
test if this work
sudo systemctl restart trojan
Client
Windows
- Download windows zip
- Change
config.json