荒岛
前段时间看到消息就申请了一个,没抱着开通的希望,等了一天没想到竟然开通了。。
既然开通了就折腾一哈,搭个梯子玩玩。。顺带测试一下我自己的NAT64+DNS64服务。
这小鸡只有ipv6,如果我们本地没有ipv6,要想顺利连上小鸡的v2ray,就必须套CloudFlare。此外小鸡上要想访问只有ipv4解析记录的网站就必须更改一个支持NAT64+DNS64的DNS服务。
首先把CloudFlare这边设置好,准备一个域名添加AAAA记录到你的小鸡上,注意勾选云朵图标:
接着在SSL/TLS这里把模式选为Full (strict):
然后在Firewall-Settings,把Security Level改为Essentially Off:
这个Security Level选项默认其实就是Essentially Off,但有些人配置完发现死活连不上V2Ray的原因就是你之前设置了这个选项为其他值。
比如你的这个域名之前被CC攻击了,你把Security Level改为了Im Under Attack那么CloudFlare每次在访问你域名的时候会弹一个验证的网页用于抵御攻击,这个网页就阻挡了你的连接。
CloudFlare这边的配置就完成了,接下来登录到我们的小鸡内。
系统这边是Debian10,首先来安装nginx/certbot:
apt -y update apt -y install nginx python-certbot-nginx
安装v2ray/清空默认的配置文件/生成一个uuid:
bash <(curl -L -s https://install.direct/go.sh) echo > /etc/v2ray/config.json cat /proc/sys/kernel/random/uuid
编辑配置文件:
nano /etc/v2ray/config.json
写入如下配置:
{
"log": {
"loglevel": "info",
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log"
},
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "你生成的UUID",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/sometimesnaive"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
检查v2ray配置是否有误:
/usr/bin/v2ray/v2ray -config /etc/v2ray/config.json -test
没问题的话重启v2ray使新的配置生效:
systemctl restart v2ray
接着新建nginx配置文件:
nano /etc/nginx/conf.d/v2ray.conf
写入如下配置:
server {
listen [::]:80;
listen [::]:443 ssl;
server_name dns64.233.fi;
location /sometimesnaive {
proxy_pass http://127.0.0.1:10000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
检查nginx配置是否有误:
nginx -t
没问题的话使用certbot签发一个ssl证书:
certbot --nginx --agree-tos --no-eff-email --email xxxx@qq.com
certbot是一个非常方便的ssl证书申请工具,可以自动为nginx配置证书/自动续期,按照下面的步骤选择即可:
Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: dns64.233.fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Cert not yet due for renewal You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/dns64.233.fi.conf) What would you like to do? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Attempt to reinstall this existing certificate 2: Renew & replace the cert (limit ~5 per 7 days) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Keeping the existing certificate Deploying Certificate to VirtualHost /etc/nginx/conf.d/v2ray.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/v2ray.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://dns64.233.fi
设置v2ray/nginx开机自启:
systemctl enable v2ray nginx
最后修改机器的DNS服务器地址:
nano /etc/resolv.conf
你得找一个支持NAT64+DNS64的DNS,这个是我用Linode搭建的:
nameserver 2600:3c01::f03c:92ff:fe60:7e3
折腾的时候没有考虑到Euserv的机器在德国,我应该在Linode的德国开一台部署NAT64+DNS64的,这样梯子速度应该可以快不少。可惜这机器在Linode的佛里蒙特。。这样等于是环球旅行了一圈。。懒得骚扰别人客服了。。
老哥 cf现在有中文的
发现了。。竟然还有日本语。。
https://blog.okkk.ml
应该是最全的EUServer玩鸡方案
看了一眼本地sb联通 还是没有ipv6
稍微玩了一下,虽然euserv有个console功能,但十分鶸
可以给本地的ssh客户端做个代理用ipv6地址登录,之后就很舒服了 
另外这速度白天1080p还ok,不知道晚上会咋样,算是个备用JJ了
橘酱玩出了新高度。。
已被打入冷宫
然后又申请了一个
装了个宝塔然后第二天机器boooom了
网卡断线只能重装
机房失火,德国灭亡 
重装失败 没人管了 一次性主机i了i了
这鸡鸡在无任何压力的情况下跑着跑着又die了
难道必须自己搭建一个nat64吗?可以用现成的吗?
可以。
免费CDN就是好啊,付费的流量稍微一跑,钱包就顶不住了(关键境外到大陆的流量费用死贵)。
大大請教下 輸入bash <(curl -L -s https://install.direct/go.sh)
顯示 Failed to fetch release information. Please check your network or try again.
該怎麼解決
ping install.direct能通么。。
安装完成了,浏览器打开网址是443的nginx安装成功页面。但是小火箭怎么配置啊,一直不通!
成功了!感谢博主教程
大佬请问我的v2ray erro log里显示都指向了v4地址
岛主,请问可以转载吗,注明文章来源
同样免费,适合白嫖还有 hax 和 woiden.id
HAX IPv6 VPS 搭 V2ray 梯子 VLESS+Websocket+TLS 模式 Warp开IPv4’网口’ 免费 白嫖 全程手机操作
https://zelikk.blogspot.com/2022/03/hax-ipv6-only-vps-v2ray-vmess-tcp-warp-ipv4.html
Woiden IPv6 VPS 搭 V2ray 梯子 VLESS+Websocket+TLS 模式 免费 白嫖 全程手机操作
https://zelikk.blogspot.com/2022/04/woiden-ipv6-vps-v2ray-vless-websocket-tls.html
大佬最后的vmess://链接配置怎么写啊,小白不太会转
Base64 编码
https://www.youtube.com/watch?v=nv3Q6UMr__g