Using VPS, set up ssr and v2ray
Background
Network freedom is demanding for everyone, especially for programmers and researchers. However, because of the reason everyone knows, there is a barrier in Chinese mainland towards some sites(e.g. Google, Facebook, Twitter, Youtube, etc.). In the beginning, this post is only a note for myself about how to cross the network barrier, but many of my friends keep asking me how to have network freedom in China, so I revised this post and make things clearer and easy to understand. I hope this post can help you perform better in learning and developing. As an individual, we must have the ability to distinguish what information on the Internet should trust. And here, I claim that this post is only for learning and research.
If you want to buy a VPN (proxy), you do not need to read this post, most of VPN vendors provide a shared proxy server and limit bandwidth to users, so it may be real slow. Moreover, you may not trust the vendor and worry about they may monitor you data, so you can create your proxy server by yourself and exclusive bandwidth, if you wish to achieve that, you can read this post and learn how to do it. If there has something unclear, feel free to leave a comment.
Virtual Private Server(VPS) is a virtual machine run on cloud and used by individual. Companies like Google, ,Amazon, AWS, Alibaba, Tencent etc. provide their servers to customers, and people can use these server to host there website, do computing, set up proxy etc.
Here I will introduce how to set up a Google VPS and set up a network proxy server on it. For how to set up a website on VPS, refer to my post—Create your website on cloud.
Requirements
- You need a temporary available VPN to visit Google and setup your server, and after you set up your server, you just switch to your own service and no need for the a temporary VPN.
How to get temporary available VPN?
you can find a VPN vendor and start a free trial, Lol.
- You should have some background of computer system(especially Linux system), otherwise its may hard for you to understand some terms and implement these things. For this case, you can learn to build your proxy by some more step-by-step video tutorials, you may find it on Youtube by searching ssr and v2ray.
1. Set up cloud Virtual Private Server (VPS)
You can use any server which can visit freedom network, most of them are out side of China, and you can buy a mini-server from cloud server provider, e.g. Google, AWS, BandwagonHost. a mini-server often very cheap, and you can pay by a double currency credit card. Here I tell you how to set up a server on Google cloud.
-
buy a VM on Google cloud (it has one year free trial now) or any other vendor, choose Debian Linux and the place near to get fast access (eg,
asia-east
,asia-noutheast
,hongkong
,Seoul
) -
use ssh connect VPS (you can use browser ssh or ssh key on terminal)
-
if you found ssh is slow, many be some problem with port 22. just change it
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup sudo vim /etc/ssh/sshd_config
remove
#
beforePort 22
, and add new ports, e.g.Port xxxxx
. note that do not deletePort 22
, Otherwise, is you other port was baned, you can not link your server anymore.systemctl restart sshd or /etc/init.d/sshd restart
then you can
ssh -p xxxxx user@ip scp -P username@server:(remote location) (local location)
check opening port
sudo netstat -tulpn | grep LISTEN
2. Set up proxy server
Here I list two popular ways to go through the special firewall, one is ssr, the other is v2ray. Both of them are kind of proxy protocol and can achieve your goal of visiting some banned websites.
SSR is a protocol to avoid censorship, recently it stopped maintain and GFW has ability to ban some of ssr data flow, so it is not very stable.
v2ray is a platform for anti-censorship, and it can use Vmess protocol, at least present it is more stable than SSR. V2ray is a strong and powerful tool, it not only a anti-censor tool, it also has many other functions, e.g. multi-hop network configuration, intra-net penetration etc.
2.1 Set up BBR and ssr
Set up BBR and ssr through script on VPS connected by ssh
sudo -i
wget --no-check-certificate https://github.com/iyuco/scripts/raw/master/bbr.sh
chmod +x bbr.sh
./bbr.sh
wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh
./shadowsocksR.sh
and if you want to create multi-user accounts, the following one is more convenient
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssrmu.sh && chmod +x ssrmu.sh && bash ssrmu.sh
Notice: Don’t forget set up you cloud server firewall to allow your ssr port in both http and https
2.2 Set up v2ray
Please refer the v2ray official website for detail. For more brainless method, refer toutyrater.
or you can just run this scrip to set up it without thinking
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
I recommend you do it by your self if you know basic knowledge about computer, it is safer.
-
synchronize you time first by
sudo apt-get install ntp ntpdate -y sudo ntpdate -u ntp.api.bz sudo hwclock -w # write to hardware date # check time
list of time server
time.nist.gov time.nuri.net 0.asia.pool.ntp.org 1.asia.pool.ntp.org 2.asia.pool.ntp.org 3.asia.pool.ntp.org us.pool.ntp.org ntp.api.bz
you can use crontab create auto tasks for time synchronization, use
crontab -e
to edit configure file, add following line to the configure means synchronize time in 2:10 everyday.10 2 * * * sudo ntpdate -u ntp.api.bz
-
download install script
wget https://install.direct/go.sh
-
run install and set up
sudo ./go.sh
-
change your
config.json
file in/etc/v2ray/
-
start v2ray
sudo systemctl start v2ray
WebSocket+TLS+Nginx
WebSocket+TLS+Nginx configuration is a good choice in v2ray if you already have a website on the server. but if you are new to v2ray, you may just try basic TPC first.
How to do WebSocket+TLS+Nginx?
make sure you install Nginx and configure ssl certificate configured in /etc/nginx/sites-enabled/default
, and then you have to add your Websocket configuration to it, just add a new location into your server in the default
file:
location /ray { # same as it in v2ray config
proxy_redirect off;
proxy_pass http://127.0.0.1:10000; # assume the WebSocket listen on 10000
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Refer here for detail configuration of v2ray client and server. If you add location
to your orignal Nginx server , then the client port will be 443, or you can add listen port (e.g. 8080) in your server part in you Nginx configuration.
3. set up Linux PC client
3.1 set up ssr
wget http://www.djangoz.com/ssr sudo mv ssr /usr/local/bin sudo chmod 766 /usr/local/bin/ssr ssr install ssr config #this will install ssr to /usr/local/share/shadowsocksr
3.2 Set up v2ray client
same as server:
-
synchronize you time first
-
download install script
wget https://install.direct/go.sh
-
run install and set up
sudo go.sh
-
move your
config.json
file to/etc/v2ray/
and delete the default config file -
start v2ray
sudo systemctl start v2ray
-
check status
service v2ray status
ssr and v2ray coexist
If you want ssr and v2ray coexist, just set ssr client local port different from v2ray, e.g. v2ray inbound port: 1080, ssr port: 2080
v2ray with many protocols
On server, add new inbound instance with new setting (port, protocol, id, etc.).
On client, one way is switch the config file, the other way is add new inbound and new outbound with tag, then create route rule to map inbound and outbound. Then you can switch the required protocol by switching the proxy port of your browser.
v2ray with many users
There are many ways to do that. On server, single port with many users (add user to inbound-settings), many ports with many user (add a new inbound instance).
tsl+nginx with many users, single port is same as without tsl.
multi-port with many users should add new listening port in nginx (and in v2ray, one port is Okey).
Troubleshot
If there are some troubles, first check service v2ray status
, and then you can try:
Set log level in config.json
as info
or debug
, and check the log file, it usually located at /var/log/v2ray/
. (on both client and server)
finally, you may use wireshark
to analyze packages.
4. using socks on terminal with privoxy
Privoxy is a tool which can listen to specific port and forward it’s traffic to user defined socks proxys.
Privoxy setup
-
sudo apt-get install privoxy
-
edit /etc/privoxy/config, below is an example
listen-address 127.0.0.1:8118 # in line 783 forward-socks5 / 127.0.0.1:1080 . # in line 1336
-
sudo /etc/init.d/privoxy restart
Config bash
-
configure terminal environment by run or add following to
.bashrc
export http_proxy="127.0.0.1:8118" export https_proxy="127.0.0.1:8118"
or maybe you want set it manually, do not add the previous two lines, and add follows to
.bashrc
:#Set Proxy function setproxy() { export {http,https,ftp}_proxy="http://127.0.0.1:8118" export {HTTP,HTTPS,FTP}_PROXY="http://127.0.0.1:8118" } # Unset Proxy function unsetproxy() { unset {http,https,ftp}_proxy unset {HTTP,HTTPS,FTP}_PROXY }
-
try
curl http://www.google.com
to test.Note that you can not use
ping
to test since it uses ICMP protocol, but the proxy only support HTTP, HTTPS, FTP and SOCKS.You may use
httping
for testing latency, it send a HEAD request (by default) to a web server and measures the time it took to get a response.if you use
httping
, you can test byhttping -E http://www.google.com httping -x 127.0.0.1:8118 http://www.google.com
for more details, refer
man httping
Snap store with proxy
You can also apply proxy to system-wide by editing /etc/environment
- The snap using
/etc/environment
as env variables, so you have to set proxy in it for snap,sudo vim /etc/environment
, add
http_proxy=http://127.0.0.1:8118
https_proxy=http://127.0.0.1:8118
HTTP_PROXY=http://127.0.0.1:8118
HTTPS_PROXY=http://127.0.0.1:8118
- for snap>=2.28, use:
sudo snap set system proxy.http="http://127.0.0.1:8118"
sudo snap set system proxy.https="http://127.0.0.1:8118"
- or you can edit
snapd.service
bysudo systemctl edit snapd.service
add
[Service]
Environment=http_proxy=http://127.0.0.1:8118
Environment=https_proxy=http://127.0.0.1:8118
then
sudo systemctl daemon-reload
sudo systemctl restart snapd.service
Apt use proxy
- The env variables do not effect the
sudo apt update
, you should do:
sudo vim /etc/apt/apt.conf.d/05proxy
add line
Acquire {
HTTP::proxy "http://127.0.0.1:8118";
HTTPS::proxy "http://127.0.0.1:8118";
}
Set up git proxy
git config --global http.proxy 'socks5://127.0.0.1:1080'
git config --global https.proxy 'socks5://127.0.0.1:1080'
Chrome management
if you want to use chrome to manage your redirection, you can use Proxy SwitchyOmega
extension.
5. set up other clients
5.1 SSR client
- IOS (wingy)
- Windows (ShadowsocksR-win)
- MAC (ShadowsocksX)
- Android(shadowsocksr-android)
5.2 V2ray client
visit V2ray github rep to find it.
Special statement: This tutorial is only for learning and research, thanks.
Comments