静看光阴荏苒
不管不顾不问不说也不念

EUserv的IPv6小鸡上搭建V2Ray套CloudFlare

前段时间看到消息就申请了一个,没抱着开通的希望,等了一天没想到竟然开通了。。

既然开通了就折腾一哈,搭个梯子玩玩。。顺带测试一下我自己的NAT64+DNS64服务。

这小鸡只有ipv6,如果我们本地没有ipv6,要想顺利连上小鸡的v2ray,就必须套CloudFlare。此外小鸡上要想访问只有ipv4解析记录的网站就必须更改一个支持NAT64+DNS64的DNS服务。

首先把CloudFlare这边设置好,准备一个域名添加AAAA记录到你的小鸡上,注意勾选云朵图标:

接着在SSL/TLS这里把模式选为Full (strict):

然后在Firewall-Settings,把Security Level改为Essentially Off:

这个Security Level选项默认其实就是Essentially Off,但有些人配置完发现死活连不上V2Ray的原因就是你之前设置了这个选项为其他值。

比如你的这个域名之前被CC攻击了,你把Security Level改为了Im Under Attack那么CloudFlare每次在访问你域名的时候会弹一个验证的网页用于抵御攻击,这个网页就阻挡了你的连接。

CloudFlare这边的配置就完成了,接下来登录到我们的小鸡内。

系统这边是Debian10,首先来安装nginx/certbot:

apt -y update 
apt -y install nginx python-certbot-nginx

安装v2ray/清空默认的配置文件/生成一个uuid:

bash <(curl -L -s https://install.direct/go.sh)
echo > /etc/v2ray/config.json
cat /proc/sys/kernel/random/uuid

编辑配置文件:

nano /etc/v2ray/config.json

写入如下配置:

{
  "log": {
    "loglevel": "info",
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log"
  },
  "inbounds": [
    {
      "port": 10000,
      "listen":"127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "你生成的UUID",
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/sometimesnaive"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

检查v2ray配置是否有误:

/usr/bin/v2ray/v2ray -config /etc/v2ray/config.json -test

没问题的话重启v2ray使新的配置生效:

systemctl restart v2ray

接着新建nginx配置文件:

nano /etc/nginx/conf.d/v2ray.conf

写入如下配置:

server {
    listen       [::]:80;
    listen       [::]:443 ssl;
    server_name  dns64.233.fi;

location /sometimesnaive {
    proxy_pass       http://127.0.0.1:10000;
    proxy_redirect             off;
    proxy_http_version         1.1;
    proxy_set_header Upgrade   $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host      $http_host;
    }
}

检查nginx配置是否有误:

nginx -t

没问题的话使用certbot签发一个ssl证书:

certbot --nginx --agree-tos --no-eff-email --email xxxx@qq.com

certbot是一个非常方便的ssl证书申请工具,可以自动为nginx配置证书/自动续期,按照下面的步骤选择即可:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: dns64.233.fi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/dns64.233.fi.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/v2ray.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/v2ray.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://dns64.233.fi

设置v2ray/nginx开机自启:

systemctl enable v2ray nginx

最后修改机器的DNS服务器地址:

nano /etc/resolv.conf

你得找一个支持NAT64+DNS64的DNS,这个是我用Linode搭建的:

nameserver 2600:3c01::f03c:92ff:fe60:7e3

折腾的时候没有考虑到Euserv的机器在德国,我应该在Linode的德国开一台部署NAT64+DNS64的,这样梯子速度应该可以快不少。可惜这机器在Linode的佛里蒙特。。这样等于是环球旅行了一圈。。懒得骚扰别人客服了。。

赞(5)
未经允许不得转载:荒岛 » EUserv的IPv6小鸡上搭建V2Ray套CloudFlare
分享到: 更多 (0)

评论 21

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    老哥 cf现在有中文的 :razz:

    xx2个月前 (03-30) Google Chrome 80.0.3987.149 Google Chrome 80.0.3987.149 Mac OS X  10.15.4 Mac OS X 10.15.4回复
    • 发现了。。竟然还有日本语。。

      LALA2个月前 (03-30) Google Chrome 74.0.3729.169 Google Chrome 74.0.3729.169 Windows 10 x64 Edition Windows 10 x64 Edition回复
  2. #2

    https://blog.okkk.ml

    应该是最全的EUServer玩鸡方案

    lala迷妹2个月前 (03-30) Google Chrome 80.0.3987.149 Google Chrome 80.0.3987.149 Mac OS X  10.15.3 Mac OS X 10.15.3回复
  3. #3

    看了一眼本地sb联通 还是没有ipv6 :razz:

    橘子2个月前 (03-31) Google Chrome 75.0.3770.112 Google Chrome 75.0.3770.112 Windows 7 x64 Edition Windows 7 x64 Edition回复
  4. #4

    稍微玩了一下,虽然euserv有个console功能,但十分鶸 :eek: 可以给本地的ssh客户端做个代理用ipv6地址登录,之后就很舒服了 :wink:

    橘子2个月前 (03-31) Google Chrome 75.0.3770.92 Google Chrome 75.0.3770.92 Windows 8 Windows 8回复
    • 另外这速度白天1080p还ok,不知道晚上会咋样,算是个备用JJ了 :arrow:

      橘子2个月前 (03-31) Google Chrome 75.0.3770.144 Google Chrome 75.0.3770.144 Windows 8.1 x64 Edition Windows 8.1 x64 Edition回复
    • 橘酱玩出了新高度。。

      LALA2个月前 (04-02) Google Chrome 74.0.3729.169 Google Chrome 74.0.3729.169 Windows 10 x64 Edition Windows 10 x64 Edition回复
      • 已被打入冷宫 :razz:

        橘子2个月前 (04-03) Google Chrome 76.0.3809.104 Google Chrome 76.0.3809.104 Windows 7 x64 Edition Windows 7 x64 Edition回复
        • 然后又申请了一个 :cool:

          橘子2个月前 (04-07) Google Chrome 76.0.3809.101 Google Chrome 76.0.3809.101 Windows 10 Windows 10回复
          • 装了个宝塔然后第二天机器boooom了 :razz:

            橘子2个月前 (04-08) Google Chrome 76.0.3809.134 Google Chrome 76.0.3809.134 Windows 7 Windows 7
          • 网卡断线只能重装 :razz: 机房失火,德国灭亡 :smile:

            橘子2个月前 (04-08) Google Chrome 77.0.3833.90 Google Chrome 77.0.3833.90 Windows 8 x64 Edition Windows 8 x64 Edition
          • 重装失败 没人管了 一次性主机i了i了 :oops:

            橘子2个月前 (04-09) Google Chrome 76.0.3809.143 Google Chrome 76.0.3809.143 Windows 10 x64 Edition Windows 10 x64 Edition
          • 这鸡鸡在无任何压力的情况下跑着跑着又die了 :razz: :razz:

            橘子3周前 (05-09) Google Chrome 81.0.4404.122 Google Chrome 81.0.4404.122 Windows 10 Windows 10
  5. #5

    难道必须自己搭建一个nat64吗?可以用现成的吗?

    shang2个月前 (04-01) Google Chrome 80.0.3987.149 Google Chrome 80.0.3987.149 Android 8.0.0 Android 8.0.0回复
    • 可以。

      LALA2个月前 (04-02) Google Chrome 74.0.3729.169 Google Chrome 74.0.3729.169 Windows 10 x64 Edition Windows 10 x64 Edition回复
  6. #6

    免费CDN就是好啊,付费的流量稍微一跑,钱包就顶不住了(关键境外到大陆的流量费用死贵)。

    Summer2个月前 (04-05) Google Chrome 79.0.3945.130 Google Chrome 79.0.3945.130 Windows 10 x64 Edition Windows 10 x64 Edition回复
  7. #7

    大大請教下 輸入bash <(curl -L -s https://install.direct/go.sh)
    顯示 Failed to fetch release information. Please check your network or try again.
    該怎麼解決

    VuSu2个月前 (04-09) Google Chrome 80.0.3987.163 Google Chrome 80.0.3987.163 Windows 10 x64 Edition Windows 10 x64 Edition回复
    • ping install.direct能通么。。

      LALA2个月前 (04-10) Google Chrome 81.0.4044.92 Google Chrome 81.0.4044.92 Windows 10 x64 Edition Windows 10 x64 Edition回复
  8. #8

    安装完成了,浏览器打开网址是443的nginx安装成功页面。但是小火箭怎么配置啊,一直不通!

    ios1个月前 (04-18) Chrome 81.0.4044.62 Chrome 81.0.4044.62 iPhone iOS 13.4 iPhone iOS 13.4回复
    • 成功了!感谢博主教程

      ios1个月前 (04-18) Chrome 81.0.4044.62 Chrome 81.0.4044.62 iPhone iOS 13.4 iPhone iOS 13.4回复
  9. #9

    大佬请问我的v2ray erro log里显示都指向了v4地址 :cry:

    sa4周前 (04-27) Google Chrome 81.0.4044.122 Google Chrome 81.0.4044.122 Windows 10 x64 Edition Windows 10 x64 Edition回复

分享创造快乐

广告合作资源投稿