静看光阴荏苒
不管不顾不问不说也不念

配置TUIC代理+V2Ray分流

tuic是一个基于quic协议的高性能代理,更多介绍:https://github.com/EAimTY/tuic

安装服务端:

apt -y update
apt -y install wget certbot
mkdir /opt/tuic && cd /opt/tuic
wget https://github.com/EAimTY/tuic/releases/download/0.8.1/tuic-server-0.8.1-x86_64-linux-gnu
chmod +x tuic-server-0.8.1-x86_64-linux-gnu

新建tuic配置文件:

nano config.json

写入如下配置:

{
    "port": 443,
    "token": ["example"],
    "certificate": "/opt/tuic/fullchain.pem",
    "private_key": "/opt/tuic/privkey.pem",
    "ip": "0.0.0.0",
    "congestion_controller": "bbr",
    "alpn": ["h3"]
}

新建systemd配置文件:

nano /lib/systemd/system/tuic.service

写入如下配置:

[Unit]
Description=Delicately-TUICed high-performance proxy built on top of the QUIC protocol
Documentation=https://github.com/EAimTY/tuic
After=network.target

[Service]
User=root
WorkingDirectory=/opt/tuic
ExecStart=/opt/tuic/tuic-server-0.8.1-x86_64-linux-gnu -c config.json
Restart=on-failure
RestartPreventExitStatus=1
RestartSec=5

[Install]
WantedBy=multi-user.target

申请证书:

certbot certonly \
--standalone \
--agree-tos \
--no-eff-email \
--email imlala@example.com \
-d tuic.example.com

将证书保存到tuic配置文件内配置的位置:

cat /etc/letsencrypt/live/tuic.example.com/fullchain.pem > /opt/tuic/fullchain.pem
cat /etc/letsencrypt/live/tuic.example.com/privkey.pem > /opt/tuic/privkey.pem

启动tuic服务并设置开机自启:

systemctl enable --now tuic.service

新建一个certbot的hook脚本文件,用于让tuic重新加载续期后的新证书:

nano /etc/letsencrypt/renewal-hooks/post/tuic.sh

写入如下内容:

#!/bin/bash
cat /etc/letsencrypt/live/tuic.example.com/fullchain.pem > /opt/tuic/fullchain.pem
cat /etc/letsencrypt/live/tuic.example.com/privkey.pem > /opt/tuic/privkey.pem
systemctl restart tuic.service

给脚本执行权限:

chmod +x tuic.sh

测试续期的情况以及脚本能否正常运行:

certbot renew --cert-name tuic.example.com --dry-run

服务端到这里就全部配置完成了,接下来在这个页面下载客户端:

https://github.com/EAimTY/tuic/releases

我这里使用windows,下载对应架构的文件:

https://github.com/EAimTY/tuic/releases/download/0.8.1/tuic-client-0.8.1-x86_64-windows-gnu.exe

新建客户端的config.json配置文件,在文件内写入如下配置:

{
    "relay": {
        "server": "tuic.example.com",
        "port": 443,
        "token": "example",
        "udp_relay_mode": "quic",
        "congestion_controller": "bbr",
        "alpn": ["h3"],
        "disable_sni": false,
        "reduce_rtt": true
    },
    "local": {
        "port": 2080,
        "ip": "127.0.0.1"
    },
    "log_level": "info"
}

打开powershell运行tuic客户端:

./tuic-client-0.8.1-x86_64-windows-gnu.exe -c config.json

接下来配置v2ray的分流,这里我使用v2rayn,直接给出一份适用于v2rayn的配置文件:

{
  "policy": {
    "system": {
      "statsOutboundUplink": true,
      "statsOutboundDownlink": true
    }
  },
  "log": {
    "access": "",
    "error": "",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "tag": "socks",
      "port": 10808,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "http",
      "port": 10809,
      "listen": "127.0.0.1",
      "protocol": "http",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "socks",
      "settings": {
        "servers": [
          {
            "address": "127.0.0.1",
            "port": 2080,
            "users": []
          }
        ]
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {}
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "outboundTag": "block",
        "domain": ["geosite:category-ads-all"]
      },
      {
      	"type": "field",
        "outboundTag": "direct",
        "domain": ["geosite:cn"]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "ip": [
          "geoip:cn",
          "geoip:private"
        ]
      }
    ]
  }
}

将上面的配置保存为任意名字的.json配置文件,然后在v2rayn添加自定义配置服务器即可:

赞(3)
未经允许不得转载:荒岛 » 配置TUIC代理+V2Ray分流
分享到: 更多 (0)

评论 6

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    大佬,有空时能不能写下这个项目的教程:https://github.com/fuzhengwei/itstack-ark-wx-test

    dad2周前 (07-30) Google Chrome 103.0.0.0 Google Chrome 103.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
  2. #2

    大佬,聊天室我的账号登录不了@protonmail.com的,邀请码是啥呢?

    prajna1682周前 (07-31) Firefox 91.0 Firefox 91.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
    • 登录不了是密码忘记了吗?里面没什么重要信息的话,自己重新注册一个吧,邮箱随便填,我没有配置smtp。没有邀请码,注册好了就自动加入默认的群组。

      LALA2周前 (07-31) Google Chrome 103.0.0.0 Google Chrome 103.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
      • 没有邀请码注册不了,提示必须填写邀请码才可以注册

        prajna1682周前 (07-31) Firefox 91.0 Firefox 91.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
        • 我大概知道怎么回事了,你可能注册错了,现在的聊天室网址是chat.ohsb.net,原来的那个chat.233.fi已经作废了,我博客上面的地址没更新过来。。。
          另外chat.233.fi现在指向的这个网站也不是我的,我之前的聊天室搭建在甲骨文,后来甲骨文的这台机器我释放了,但是域名解析记录没删,现在这个站应该是别人开的甲骨文正好又分配到我之前的ip了。。。

          LALA2周前 (07-31) Google Chrome 103.0.0.0 Google Chrome 103.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
          • 无巧不成书 :idea:

            hofaeair1周前 (08-04) Microsoft Edge 103.0.1264.77 Microsoft Edge 103.0.1264.77 Windows 10 x64 Edition Windows 10 x64 Edition

分享创造快乐

广告合作资源投稿