V2ray结合Provoxy上网

安装V2ray

项目地址：https://github.com/v2fly/v2ray-core
官方给出了安装脚本 可通过脚本快速安装 https://github.com/v2fly/fhs-install-v2ray

脚本会自动创建的配置文件：

installed: /usr/local/bin/v2ray
installed: /usr/local/bin/v2ctl
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/v2ray@.service

执行命令即可安装

// 安裝執行檔和 .dat 資料檔
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

修改配置文件

官方提供了详细的实例：https://www.v2fly.org/

// Config file of V2Ray. This file follows standard JSON format, with comments support.
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
// https://www.v2fly.org/
{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",

    // Log level, one of "debug", "info", "warning", "error", "none"
    "loglevel": "debug"
  },
  // List of inbound proxy configurations.
  "inbounds": [{
    // Port to listen on. You may need root access if the value is less than 1024.
    "port": 1080,

    // IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
    // "listen": "0.0.0.0",

    // Tag of the inbound proxy. May be used for routing.
    "tag": "in-0",

    // Protocol name of inbound proxy.
    "protocol": "socks",

    // Settings of the protocol. Varies based on protocol.
    "settings": {
      "auth": "noauth",
      "udp": true
    },

    // Enable sniffing on TCP connection.
    "sniffing": {
      "enabled": true,
      // Target domain will be overriden to the one carried by the connection, if the connection is HTTP or HTTPS.
      "destOverride": ["http", "tls"]
    }
  }],
  // List of outbound proxy configurations.
  "outbounds": [{
    // Protocol name of the outbound proxy.
    "protocol": "vmess",

    // Settings of the protocol. Varies based on protocol.
    "settings": {
      "vnext": [
        {
          "address": "de-detourXXXXXXXX",
          "port": 15XXX,
          "users": [
            {
              "id": "XXXXXXXX",
              "alterId": 60
            }
          ]
        }
      ]
    },

    // Tag of the outbound. May be used for routing.
    "tag": "out-0",
    "streamSettings": {
      "security": "auto",
      "allowInsecure": true,
      "tlsSettings": {
        "serverName": "de-detourXXXXXXXX"
      }
    }
  },
  {
    "tag":"direct",
    "protocol":"freedom",
    "settings":{}
  },
  {
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],

  // Transport is for global transport settings. If you have multiple transports with same settings
  // (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
  //"transport": {},

  // Routing controls how traffic from inbounds are sent to outbounds.
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules":[
      {
        // Blocks access to private IPs. Remove this if you want to access your router.
        "type": "field",
        "ip": ["geoip:cn"],
        "outboundTag": "direct"
      },
      {
        // Blocks major ads.
        "type": "field",
        "domain": ["geosite:cn"],
        "outboundTag": "direct"
      }
    ]
  },

  // Dns settings for domain resolution.
  "dns": {},

  // Policy controls some internal behavior of how V2Ray handles connections.
  // It may be on connection level by user levels in 'levels', or global settings in 'system.'
  "policy": {},

  // Stats enables internal stats counter.
  // This setting can be used together with Policy and Api. 
  //"stats":{},

  // Api enables gRPC APIs for external programs to communicate with V2Ray instance.
  //"api": {
    //"tag": "api",
    //"services": [
    //  "HandlerService",
    //  "LoggerService",
    //  "StatsService"
    //]
  //},

  // You may add other entries to the configuration, but they will not be recognized by V2Ray.
  "other": {}
}

安装Privoxy

yum install -y epel-release
yum install -y privoxy

全局模式配置

代理模式同其他平台上方式，将所有http/https请求走代理服务

# 添加本地ssr服务到配置文件
# 使用shadowsocksr需要添加的
// echo 'forward-socks5 / 127.0.0.1:1080 .' >> /etc/privoxy/config

# Privoxy 默认监听端口8118
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export no_proxy=localhost

# 启动服务
systemctl start privoxy.service

PAC模式（生成proxy文件）

GFWList 项目地址：https://github.com/snachx/gfwlist2privoxy 由众多网民收集整理的一个中国大陆防火长城的屏蔽列表。

gfw就是有名的中国网络防火墙。

cd gfwlist2privoxy
# 项目目录中的shell脚本会生成这些文件
bash gfwlist2privoxy

[root@localhost gfwlist2privoxy]# bash gfwlist2privoxy
proxy(socks5): 127.0.0.1:1080       # 注意，如果你修改了ssr本地监听端口是需要设置对应的
{+forward-override{forward-socks5 127.0.0.1:1080 .}}  # 在文件的顶部就生成了privoxy的地址端口
=================================================================
"cp -af /root/gfwlist2privoxy/gfw.action /etc/privoxy/"
[root@localhost ~]# cp -af gfw.action /etc/privoxy/
[root@localhost ~]# echo 'actionsfile gfw.action' >> /etc/privoxy/config
# 启动服务
systemctl start privoxy.service

• /etc/privoxy/gfw.action 所以这里面的文件内容就取决于能访问哪里

proxy 环境变量

配置到系统环境变量中

# Privoxy 默认监听端口是是8118
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export no_proxy=localhost

no_proxy是不经过privoxy代理的地址只能填写具体的ip、域名后缀，多个条目之间使用','逗号隔开。比如: export no_proxy="localhost, 192.168.1.1, ip.cn, chinaz.com"访问 localhost、192.168.1.1、ip.cn、.ip.cn、chinaz.com、.`chinaz.com 将不使用代理

配置socks 5

由于socks5无法进行http的代理，则需要privoxy搭配将http转发给socks5以达到目的。

修改 /etc/privoxy/config

enable-remote-toggle 1
enable-remote-http-toggle 1

# 注释
#actions file user.action
#filterfile user.filter

# 8087为privoxy本地的http监听端口，允许局域网的连接
listen-address :8087

此时其他电脑就可以指向这台服务器实现代理上网了。

proxy配置文件示例

cat /etc/privoxy/config|grep -Ev "^#|^$"
confdir /etc/privoxy
logdir /var/log/privoxy
filterfile default.filter
logfile logfile
listen-address  0.0.0.0:8118
toggle  1
enable-remote-toggle  1
enable-remote-http-toggle  1
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries  0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
actionsfile gfw.action  # 引用PAC配置文件，注意配置文件顶部的端口是否对应。

注：配置结束后启动privoxy,此时本地扶墙的代理地址就是0.0.0.0:8118

使用nginx代理

# 创建代理文件 proxy.pac

# 文件头部，这里是privoxy的地址端口
var proxy = "PROXY 10.150.3.129:8118;";

var domains = {
  "pinterest.com": 1,
  .........
  ......... # 这里面的地址和gfw.action文件中对应一致
  .........
  "v2fly.org": 1
};

var direct = 'DIRECT;';

var hasOwnProperty = Object.hasOwnProperty;

function FindProxyForURL(url, host) {
 //   if (host == "www.so.com") {
 //       return "PROXY xx:80";
 //   }

    var suffix;
    var pos = host.lastIndexOf('.');
    while(1) {
        suffix = host.substring(pos + 1);
        if (hasOwnProperty.call(domains, suffix)) {
            return proxy;
        }
        if (pos <= 0) {
            break;
        }
        pos = host.lastIndexOf('.', pos - 1);
    }
    return direct;
}