In this post, I will introduce my method to set up a V2Ray service using WebSocket, TLS, and apache. This technique will hide your network traffic just like any other normal https traffic. It will not affect your existing sites on Apache if you configure it right. For further details of this tool, you can find it on the web anywhere.
Before start, we have the following steps to be done in total:
- Get a VPS
- Own a domain
- Generate certificates for VPS
- Configure Apache server
- Install and configure V2Ray server side
- Install and configure V2Ray client side
If you already have a VPS, a domain and SSL certificates, you can jump to the configuration part directly.
Get a VPS
I’ve introduced the VPS part in my past post. My setup includes 1 vCore, 2 GB RAM, 20 GB SSD, 40TB traffic, 1000 1000 MBit/s, 1 IPv4 address etc. KVM virtualization and Linux/Ubuntu combination are preferred.
Own a Domain
For buying a domain and setting nameserver, it’s included in my past post as well. You can choose from well-known domain providers like GoDaddy and Namecheap. DNS records need to be set after purchased a domain (your domain should bring you to your server’s IP).
Generate Certificates
This part is also included in my past post where you need to buy a certificate, activate it, and deploy it.
If you only want to use the webserver for V2Ray (no actual site deployed), you can create a free certificate from Let’s Encrypt using acme.sh script. You can follow the tutorial here to apply a certificate (NB! only valid for 3 months, the certificate path will influence your configuration).
Configure Apache Server
In this section, you need to install Apache on your VPS first. The methods of installing Apache can be searched on the web (for example here). Then, you need to enable the following modules for Apache:
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_wstunnel
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo a2enmod headersNext, you need to create/change your Apache’s site configuration file. Because I have a WordPress site running, I need Apache to handle both V2Ray network and the network connecting to my site (thanks to 90life).
The default configuration file would be 000-default.conf, located at /etc/apache2/sites-available/. If you don’t have a 443 port configuration (https enabled), you have to create one at the location above mentioned and write like the following codes. If you have one, you need to append to your configuration based on the following codes:
<VirtualHost *:443>
# change your domain
ServerName example.com
# you may have a different root
DocumentRoot /var/www/
# the SSL configuration enable https for your site and it’s also required by V2Ray
SSLEngine on
SSLCertificateFile /path/to/your/cert
SSLCertificateKeyFile /path/to/your/private/key
# the following file can be omitted
SSLCertificateChainFile /key/bundle/file
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL
# here configure how apache treat your incoming traffic.
# It will redirect websocket traffic to V2ray, but preserve other traffic for your site
# Note: {port} should change to the same as V2Ray server config.
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:{port}/$1 [P,L]
# {path} must be the same in V2Ray server config
SSLProxyEngine On
Proxypass /{path} http://127.0.0.1:{port}
ProxyPassReverse /{path} http://127.0.0.1:{port}
</VirtualHost>Note that you need to change the above configure based on your specific setup (domain, key files, port, path, etc.).
Install and Configure V2Ray Server Side
Before install, you need to make sure that the time on your VPS is calibrated and accurate. V2Ray won’t work if the time difference is greater than 90 seconds (Don’t worry about timezone, V2Ray will convert it automatically).
Then, installing it is as easy as one command:
bash <(curl -L -s https://install.direct/go.sh)We need to configure our server side:
vim /etc/v2ray/config.jsonWrite the following JSON script, modified it based on your setup as well as your configuration in Apache:
{
"inbounds": [{
"port": {port}, // set your port (same as apache config)
"listen":"127.0.0.1", // Only listen to local host 127.0.0.1, avioding other external inspection to your port
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "your-own-id-generated-when-installing",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/{path}" // set your path (same as apache config)
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}]
}Now, you can start V2Ray service using systemctl provided in Debian.
sudo systemctl start v2rayInstall and configure V2Ray client side
You can install client side application based on your devices. For example, Mac has V2RayX and V2RayU. Normally, you can use GUI to add configuration on your app (set domain, IP, port, ws, tls as configured in server). If you need a JSON configuration on your client, you can use the following template (some settings are not used):
{
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "example.com", // set domain
"port": 443, // Note! https port
"users": [
{
"id": "your-own-id-generated-when-installing", // change your id
"alterId": 64
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/{path}" // change your path
}
}
}
]
}Recently, Surge app also supports vmess protocol. Hence, we can add one line to the configuration file:
# proxy_name = protocol, domain, port, id, ws, tls
name = vmess, your_domain, 443, username=your_id, ws=true, ws-path=/{path}, tls=1.2