PCCW + Mikrotik + NAS (V2Ray + h2 + tls) using self-signed certificate and key
在设置[1]里,certificate and key都是由Let's Encrypt来制作出来,用它有一个好处就是制作出来的certificate and key都是trusted,但是制作比较麻烦,这次我用自己的signed的certificate and key,效果跟Let's Encrypt一样——差不多。那么用self-signed certificate and key要主要什么呢?就是在[code]
tlsSettings:
{
"allowInsecure": false
}
[/code],
server and client nodes都要各自标注,那么具体位置在哪里呢?请看下文。
References:
[1] [url]http://www.telecom-cafe.com/forum/viewthread.php?tid=7414&extra=page%3D1[/url] 用openssl去create self-signed certificate and key[1], 我采用下面的script:[code]
openssl req \
-newkey rsa:2048 -nodes -keyout domain.key \
-x509 -days 365 -out domain.crt
[/code]Reference:
[1] [url]https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs[/url] Local V2Ray node settings (可以说是客户端)
<hostname>: a1.v2ray.com
<UUID>: 7153bf6a-a1da-4933-88d4-975f22b5233f, 你可以你的uuid
V2ray: 4.18[code]
{
"inbounds": [
{
"port": 1080,
"protocol": "http"
},
{
"port": 1081,
"protocol": "socks"
},
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": “<hostname>”,
"port": 443,
"users": [
{
"id": “<UUID>",
"security": "nono"
}
]
}
]
},
"streamSettings": {
"network": "http",
"tlsSettings": {
"allowInsecure": true
},
"httpSettings": {
"host": [“<hostname>"],
"path": “/vpath/"
},
"security": "tls"
}
},
{
"protocol": "freedom",
"tag": "direct",
"settings": {}
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [ "geosite:cn"],
"outboundTag": "direct"
},
{
"type": "field",
"ip": ["geoip:cn"],
"outboundTag": "direct"
}
]
}
}
[/code] [i=s] 本帖最後由 角色 於 2019-4-7 13:18 編輯 [/i]
Hong Kong NAS V2Ray Settings:[code]
{
"inbounds":[
{
"protocol": "vmess",
"port": 443,
"settings": {
"clients": [
{
"id": “<UUID>",
"alterId": 64
}
]
},
"streamSettings": {
"network": "http",
"tlsSettings": {
"allowInsecure": true
},
"httpSettings": {
"host": [“<hostnmae>"],
"path": “/vpath/"
},
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/v2ray/domain.crt",
"keyFile": "/etc/v2ray/domaint.key"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
[/code]
頁:
[1]