Two months ago, I just bought a VPS and was very excited. That night, I tried installing V2Ray and started using it without any disguise. However, I woke up the next morning and found that my IP was blocked. Luckily, I had just purchased it, so after submitting a ticket, they helped me change my IP.
After that, I became more obedient and properly configured VMess-WS-TLS (or VLESS-WS-TLS) disguise. I also set up Cloudflare proxy, which made the speed a bit slow but still usable for over a month.
The day before yesterday, I turned off the CF proxy to pursue speed, but I found that it didn't work the next morning. I quickly got up and checked, and strangely, my IP was not blocked. After struggling for a day, I found out that port 443 was blocked 😢. Fortunately, it still worked after using CF proxy.
It seems that not only VMess/VLESS-WS-TLS disguise is needed, but also Cloudflare proxy. I also configured DNSSEC (to prevent DNS pollution). This is probably the answer I have come up with after thinking about it for a long time, and it can barely be used. I am not talented (😅), so if there is a better solution, please kindly teach me.
Materials for the ladder:
- A VPS
- A domain name
- A brave heart (😅)
Building the ladder:
Cloudflare Configuring the Domain Name#
VMess-WS-TLS requires using a domain name to disguise traffic as normal website access, so you need to prepare a domain name and add it to Cloudflare (referred to as CF below).
Then use CF's DNS to resolve the domain name to the VPS and enable proxy.
In the Baota panel, use the resolved domain name to create a new site and apply for an SSL certificate.
In CF, select SSL/TLS encryption mode as Full (or Strict).
Access the newly created site to confirm success.
Installing and Configuring V2Ray Disguise#
V2Ray Installation Detailed Tutorial · 233boy/v2ray Wiki
Installing V2Ray#
Using 233boy's one-click installation script: https://github.com/233boy/v2ray
Enter the following command and press Enter:
bash <(wget -qO- -o- https://git.io/v2ray.sh)
After the installation is complete, an automatic VMess-TCP configuration will be created. It is recommended not to use this configuration without disguise. Enter the command v2ray and select 4) Delete Configuration to delete this configuration.
Adding Disguise Configuration#
According to the tutorial, the command to add is v2ray add ws, but because I already have a website deployed, the port is occupied.
https://233boy.com/v2ray/no-auto-tls/
So I used the command v2ray no-auto-tls and selected 2) VMess-WS-TLS. Then I entered the prepared domain name to complete the configuration creation.
Take note of the port and path in --- no-auto-tls INFO ---.
Then, in the Baota panel, modify the configuration file of the domain name's site and add the following content at the end:
# Configure Nginx to forward access to the disguised path to v2ray
location /weizhuanglujing { # Fill in the path from no-auto-tls INFO
proxy_redirect off;
proxy_pass http://127.0.0.1:12345; # Fill in the listening address of v2ray, the port from no-auto-tls INFO
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Finally, access the domain name + disguised path. If it shows "Bad Request," it means the configuration is successful.
Connecting with V2Ray Client#
Use V2RayN on PC and V2RayNG on Android.
A GUI client for Windows and Linux, support Xray core and others
Copy the V2Ray configuration link and import it from the clipboard.
Right-click the V2RayN taskbar icon and select "Auto Configure System Proxy" to enable it. You also need to set the routing to global (I don't know how to set up a whitelist for now).
If V2RayNG shows net/http: tls handshake timeout, click "Edit Configuration File" and set "allowinsecure" to true.
In actual use, 1080P on YouTube can barely be watched, but sometimes it may be slow during peak hours.