v2Board机场后端节点对接是通过开源一键脚本XrayR或者V2bX来进行对接,过程并不复杂,安装本教程即可实现对接Reality节点和对接VLESS+gRPC+CDN节点。
如果还没有搭建完前端,可以参考教程 LNMP下安装V2Board机场管理面板教程
XrayR是一个基于Xray的后端框架,支持V2ay,Trojan,Shadowsocks协议,极易扩展,支持多面板对接。
这里我们采用修改版XrayR的后端一键脚本( https://github.com/wyx2685/XrayR )来配置后端节点,主要是因为支持vless,Trojan, Shadowsocks多种协议。
特点
- 永久开源且免费。
- 支持vless,Trojan, Shadowsocks多种协议。
- 支持Vless和XTLS等新特性。
- 支持单实例对接多面板、多节点,无需重复启动。
- 支持限制在线IP
- 支持节点端口级别、用户级别限速。
- 配置简单明了。
- 修改配置自动重启实例。
- 方便编译和升级,可以快速更新核心版本, 支持Xray-core新特性。
功能介绍
| 功能 | vmess | vless | trojan | shadowsocks |
|---|---|---|---|---|
| 获取节点信息 | √ | √ | √ | √ |
| 获取用户信息 | √ | √ | √ | √ |
| 用户流量统计 | √ | √ | √ | √ |
| 服务器信息上报 | √ | √ | √ | √ |
| 自动申请tls证书 | √ | √ | √ | √ |
| 自动续签tls证书 | √ | √ | √ | √ |
| 在线人数统计 | √ | √ | √ | √ |
| 在线用户限制 | √ | √ | √ | √ |
| 审计规则 | √ | √ | √ | √ |
| 节点端口限速 | √ | √ | √ | √ |
| 按照用户限速 | √ | √ | √ | √ |
| 自定义DNS | √ | √ | √ | √ |
安装后端
wget -N https://raw.githubusercontent.com/wyx2685/XrayR-release/master/install.sh && bash install.sh
v2board对接Reality节点
在面板新建vless节点,按下图配置:
编辑安全性设置,按下图配置:
记住节点ID
然后编辑后端配置文件
进入 /etc/XrayR 编辑config.yml文件
示例配置
- PanelType: "NewV2board" # Panel type: SSpanel, NewV2board, PMpanel, Proxypanel, V2RaySocks, GoV2Panel
ApiConfig:
ApiHost: "https://jiemahao.com"
ApiKey: "6e264cd9-e192-49e9-b5aa"
NodeID: 1
NodeType: V2ray # Node type: V2ray, Shadowsocks, Trojan, Shadowsocks-Plugin
Timeout: 30 # Timeout for the api request
EnableVless: true # Enable Vless for V2ray Type
VlessFlow: "xtls-rprx-vision" # Only support vless
SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
DisableCustomConfig: false # disable custom config for sspanel
ControllerConfig:
ListenIP: 0.0.0.0 # IP address you want to listen
SendIP: 0.0.0.0 # IP address you want to send pacakage
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
DeviceOnlineMinTraffic: 100 # V2board面板设备数限制统计阈值,大于此流量时上报设备数在线,单位kB,不填则默认上报
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
EnableProxyProtocol: false # Only works for WebSocket and TCP
AutoSpeedLimitConfig:
Limit: 0 # Warned speed. Set to 0 to disable AutoSpeedLimit (mbps)
WarnTimes: 0 # After (WarnTimes) consecutive warnings, the user will be limited. Set to 0 to punish overspeed user immediately.
LimitSpeed: 0 # The speedlimit of a limited user (unit: mbps)
LimitDuration: 0 # How many minutes will the limiting last (unit: minute)
GlobalDeviceLimitConfig:
Enable: false # Enable the global device limit of a user
RedisAddr: 127.0.0.1:6379 # The redis server address
RedisPassword: YOUR PASSWORD # Redis password
RedisDB: 0 # Redis DB
Timeout: 5 # Timeout for redis request
Expiry: 60 # Expiry time (second)
EnableFallback: false # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
- SNI: # TLS SNI(Server Name Indication), Empty for any
Alpn: # Alpn, Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/features/fallback.html for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for disable
DisableLocalREALITYConfig: true # 是否忽略本地 REALITY 配置
EnableREALITY: false # 是否开启 REALITY
REALITYConfigs: # 本地 REALITY 配置
Show: false # Show REALITY debug
Dest: m.media-amazon.com:443 # REALITY 目标地址
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for disable
ServerNames: # Required, list of available serverNames for the client, * wildcard is not supported at the moment.
- m.media-amazon.com
PrivateKey: # 可不填
MinClientVer: # Optional, minimum version of Xray client, format is x.y.z.
MaxClientVer: # Optional, maximum version of Xray client, format is x.y.z.
MaxTimeDiff: 0 # Optional, maximum allowed time difference, unit is in milliseconds.
ShortIds: # 可不填
- ""
CertConfig:
CertMode: none # Option about how to get certificate: none, file, http, tls, dns. Choose "none" will forcedly disable the tls config.
CertDomain: "jiemahao.com" # Domain to cert
CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
KeyFile: /etc/XrayR/cert/node1.test.com.key
Provider: cloudflare # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
Email: test@me.com
DNSEnv: # DNS ENV option used by DNS provider
CLOUDFLARE_EMAIL: service@jiemahao.com
CLOUDFLARE_API_KEY: ace474942f68b8c16af367421ae27d9ef82e7
说明:DisableLocalREALITYConfig使用这个选项后,直接从面板下发reality节点配置信息,所以配置文件里面就不需要配置reality相关的东西了。
最后上传,启动后端。
V2board对接VLESS+gRPC+CDN节点
在面板新建vless节点,按下图配置
编辑安全性设置,按下图配置,注意这里只需要配置一个SNI即可,其他的都留空。
编辑协议配置:
{
"serviceName": "jiemahao"
}
编辑后端配置文件config.yml:
- PanelType: "NewV2board" # Panel type: SSpanel, NewV2board, PMpanel, Proxypanel, V2RaySocks, GoV2Panel
ApiConfig:
ApiHost: "https://jiemahao.com"
ApiKey: "6e264cd9-e192-49e9-b5aa"
NodeID: 2
NodeType: V2ray # Node type: V2ray, Shadowsocks, Trojan, Shadowsocks-Plugin
Timeout: 30 # Timeout for the api request
EnableVless: true # Enable Vless for V2ray Type
VlessFlow: "xtls-rprx-vision" # Only support vless
SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
DisableCustomConfig: false # disable custom config for sspanel
ControllerConfig:
ListenIP: 0.0.0.0 # IP address you want to listen
SendIP: 0.0.0.0 # IP address you want to send pacakage
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
DeviceOnlineMinTraffic: 100 # V2board面板设备数限制统计阈值,大于此流量时上报设备数在线,单位kB,不填则默认上报
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
EnableProxyProtocol: false # Only works for WebSocket and TCP
AutoSpeedLimitConfig:
Limit: 0 # Warned speed. Set to 0 to disable AutoSpeedLimit (mbps)
WarnTimes: 0 # After (WarnTimes) consecutive warnings, the user will be limited. Set to 0 to punish overspeed user immediately.
LimitSpeed: 0 # The speedlimit of a limited user (unit: mbps)
LimitDuration: 0 # How many minutes will the limiting last (unit: minute)
GlobalDeviceLimitConfig:
Enable: false # Enable the global device limit of a user
RedisAddr: 127.0.0.1:6379 # The redis server address
RedisPassword: YOUR PASSWORD # Redis password
RedisDB: 0 # Redis DB
Timeout: 5 # Timeout for redis request
Expiry: 60 # Expiry time (second)
EnableFallback: false # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
- SNI: # TLS SNI(Server Name Indication), Empty for any
Alpn: # Alpn, Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/features/fallback.html for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for disable
DisableLocalREALITYConfig: false # 是否忽略本地 REALITY 配置
EnableREALITY: false # 是否开启 REALITY
REALITYConfigs: # 本地 REALITY 配置
Show: false # Show REALITY debug
Dest: m.media-amazon.com:443 # REALITY 目标地址
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for disable
ServerNames: # Required, list of available serverNames for the client, * wildcard is not supported at the moment.
- m.media-amazon.com
PrivateKey: # 可不填
MinClientVer: # Optional, minimum version of Xray client, format is x.y.z.
MaxClientVer: # Optional, maximum version of Xray client, format is x.y.z.
MaxTimeDiff: 0 # Optional, maximum allowed time difference, unit is in milliseconds.
ShortIds: # 可不填
- ""
CertConfig:
CertMode: none # Option about how to get certificate: none, file, http, tls, dns. Choose "none" will forcedly disable the tls config.
CertDomain: "jiemahao.com" # Domain to cert
CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
KeyFile: /etc/XrayR/cert/node1.test.com.key
Provider: cloudflare # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
Email: test@me.com
DNSEnv: # DNS ENV option used by DNS provider
CLOUDFLARE_EMAIL: service@jiemahao.com
CLOUDFLARE_API_KEY: ace474942f68b8c16af367w21ae27defw2e7
安装nginx:
apt -y install nginx
新建nginx配置文件:
nano /etc/nginx/sites-available/grpc
写入如下配置
server {
listen 80;
server_name grpc.example.com;
if ($host = grpc.example.com) {
return 301 https://$host$request_uri;
}
return 404;
}
server {
listen 443 ssl http2 so_keepalive=on;
server_name grpc.example.com;
index index.nginx-debian.html;
root /var/www/html;
ssl_certificate /etc/nginx/cert/grpc.example.com.pem;
ssl_certificate_key /etc/nginx/cert/grpc.example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
location /jiemhao{
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 1m;
client_body_timeout 1h;
grpc_pass grpc://127.0.0.1:53000;
grpc_set_header X-Real-IP $remote_addr;
}
}
启用站点:
ln -s /etc/nginx/sites-available/grpc /etc/nginx/sites-enabled/grpc
转到cloudflare,添加域名a记录并启用cdn:
转到Network,启用gRPC回源
转到SSL/TLS-Overview,将encryption mode改为Full (strict):
转到SS/TLS-Origin Server,申请一个免费15年的证书:
类型选ECC,hostnames填你的域名或者直接通配符也行:
将证书(PEM)和密钥(KEY)分别复制保存到如下文件:
mkdir -p /etc/nginx/cert nano /etc/nginx/cert/grpc.example.com.pem nano /etc/nginx/cert/grpc.example.com.key
重载nginx使其生效:
systemctl reload nginx
原文链接:https://jiemahao.com/v2board-xrayr/,转载请注明出处。
