The idea is your computer running v2ray client sends traffic to an https website address like https://domainhostseotool.com/ray. This website returns normal website content except for location /ray. For this special location, the httpd server Apache behaviors as a reverse proxy and transfers the traffic it receives to v2ray server running on the same machine. The v2ray server routes the traffic to external websites and transfers back the response it receives from external websites to apache server which transfers the data back to the v2ray client.
install and config v2ray server
use the following command to install v2ray:
|
1 |
bash <(curl -L -s https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) |
edit the v2ray config file /usr/local/etc/v2ray/config.json(not /etc/v2ray/config.json which was used by old version of v2ray)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
{ "inbounds": [ { "listen": "127.0.0.1", "port": 12345, "protocol": "vmess", "tag": "proxy", "settings": { "clients": [ {"id": "xxxx-xxx-xx-xx-xxxx", "email": "admin@domainhostseotool.com", "level": 0, "alterId": 0} ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/ray" } } } ], "outbounds": [{ "protocol": "freedom", "settings": {} }], "log": { "access": "/var/log/v2ray/access.log", "error": "/var/log/v2ray/error.log", "loglevel": "warning" } } |
The uuid for settings/clients/id can be generated with the following command:
|
1 |
cat /proc/sys/kernel/random/uuid |
restart and enable v2ray:
|
1 2 3 |
systemctl restart v2ray systemctl enable v2ray |
Now, you should see v2ray is listening on port 12345. You should configure your firewall to unblock this port.
set up apache as reverse proxy
Assume you’ve already set up an https website domainhostseotool.com, the left work is just adding several lines(the <Location> part) to the virtual host for the domain:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
<virtualhost *:443> ServerName domainhostseotool.com ServerAlias www.domainhostseotool.com ServerAdmin admin@domainhostseotool.com DocumentRoot "/var/www/domainhostseotool.com/public_html" <Directory "/var/www/domainhostseotool.com/public_html"> Options +FollowSymLinks -Indexes AllowOverride All Require all granted </Directory> AddType application/x-httpd-php .php3 .php DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm # Custom Global Settings (if any exist) # Custom VH settings (if any exist) SSLEngine On SSLCertificateFile /etc/letsencrypt/live/domainhostseotool.com/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/domainhostseotool.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/domainhostseotool.com/privkey.pem # SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!aNULL <Location "/ray"> ProxyPass ws://127.0.0.1:12345/ray ProxyAddHeaders Off ProxyPreserveHost On RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s </Location> </virtualhost> # END DOMAIN: domainhostseotool.com ################################################################ |
Note that the location must keep consistent with the path in /usr/local/etc/v2ray/config.json.
restart httpd
If you find the following errors in the error log of this website:
AHxxxxx: failed to make connection to backend: 127.0.0.1
Permission denied: AHyyyyy: WS: attempt to connect to 127.0.0.1:12345 (127.0.0.1) failed
but there is no error in /var/log/v2ray/error.log, it indicates selinux is preventing httpd from connecting to v2ray server. You can use the following command to stop selinux from doing this:
|
1 |
setsebool -P httpd_can_network_connect 1 |
set up v2ray client
We use QV2ray as an example to demonstrate how to config v2ray client.
You can download qv2ray prebuilt or download source code to build yourself. However, after install qv2ray, it cannot be used immediately. You have to download v2ray-core 4.45.2, unzip to a folder, and copy everything in this folder to config/vcore sub-directory under the qv2ray installation directory. Note that don’t download latest version of v2ray-core which won’t work with qv2ray. You can check if v2ray-core works by clicking the “Check V2ray Core Settings” button on the Preferences window of qv2ray.
You almost don’t need to change anything on the Preference window for qv2ray to work. What you need to do is to click the new button on the home UI of qv2ray to create a link.
pay attention to keep the Path parameter consistent with that in httpd.conf and config.json for v2ray on remote server, otherwisem qv2ray will fail to connect and produce the following error:
app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://domainhostseotool.com/ray/): 404 Not Found > websocket: bad handshake] > common/retry: all retry attempts failed
Don’t use AlterID(let it be zero), otherwise you will see the following warning:
vmess md5 with non-zero alterid has been deprecated please use vmessaead
and the connection would fail with the following errors:
app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > proxy/vmess/outbound: failed to read header > proxy/vmess/encoding: failed to read response header > websocket: close 1000 (normal)
app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > proxy/vmess/outbound: failed to read header > proxy/vmess/encoding: failed to read response header > websocket: close 1000 (normal)
app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://domainhostseotool.com/ray): > malformed HTTP status code "set," transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://domainhostseotool.com/ray): > malformed HTTP response "\xxx\xxx\xxx\xxx" transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://domainhostseotool.com/ray): > malformed HTTP status code "set," transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://domainhostseotool.com/ray): > malformed HTTP response "\xxx\xxx\xxx\xxx" transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://domainhostseotool.com/ray): > malformed HTTP status code "set,"] > common/retry: all retry attempts failed
Be careful in filling the UUID. Missing a character would void the link and the buttons to start/edit the link would be disabled(greyed out).
The above is all that need to configure the QV2ray client. After creating the link, click the start button to connect to server and see whether you can visit websites normally in browser.
