v2好像支持grpc有一段时间了,听说对于速度有比较明显的提升,而且和ws一样也可以使用cloudflare的cdn。
然而grpc可能会引来主动探测,所以最好还是添加一个nginx做前端。
简单体验了一下好像也没有太大的感觉,对于速度还是延迟,最主要还是看线路。线路好点,这些协议什么的影响应该也不是很大。目前比较稳的方案还是ws+tls+cdn。grpc毕竟是比较新的协议,体验一下也好。
vless+grpc+tls+nginx+cdn:
1、服务端配置。
//注释的地方根据自己的情况修改。
{
"stats": {},
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 8012, //端口,nginx反代的就是这个端口
"tag": "tcp",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"listen": "0.0.0.0",
"protocol": "vless", //协议
"settings": {
"clients": [
{
"id": "xxxxx", //你的uuid
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "grpc",
"grpcSettings": {
"serviceName": "zsxwz" //这里相当于路径
}
}
},
{
"listen": "127.0.0.1",
"port": 10085,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
}
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}
2、客户度配置。
{
"log": {
"loglevel": "warning"
},
"inbounds": [{
"listen": "127.0.0.1",
"port": "1080", //本地端口
"protocol": "socks", //socks代理
"settings": {
"auth": "noauth"
}
}],
"outbounds": [{
"protocol": "vless",
"settings": {
"vnext": [{
"address": "1.0.0.1", //域名或者ip,或者cf自选ip
"port": 443,
"users": [{
"id": "xxxxxxxx", //你的uuid
"encryption": "none"
}]
}]
},
"streamSettings": {
"network": "grpc",
"security": "tls",
"tlsSettings": {
"serverName": "your_domain", //域名
"alpn": [
"h2"
]
},
"grpcSettings": {
"serviceName": "zsxwz" //类似与路径和服务端配置一致
}
}
}]
}
3、nginx配置文件。
server {
listen 80;
listen [::]:80;
server_name v2.zsxwz.ml; //域名
return 301 https://v2.zsxwz.ml$request_uri; //域名
location /nginx_path {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name v2.zsxwz.ml; //域名
root /root/wwwroot/html;
index index.html;
ssl_certificate /root/.acme.sh/v2.zsxwz.ml_ecc/fullchain.cer; //证书
ssl_certificate_key /root/.acme.sh/v2.zsxwz.ml_ecc/v2.zsxwz.ml.key; //证书
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Public-Key-Pins 'pin-sha256="amMeV6gb9QNx0Zf7FtJ19Wa/t2B7KpCF/1n2Js3UuSU="; pin-sha256="6YBE8kK4d5J1qu1wEjyoKqzEIvyRY5HyM/NB2wKdcZo="; max-age=2592000; includeSubDomains';
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1 valid=60s;
resolver_timeout 60s;
location /zs123xwz { //路径,与v2服务端配置一致
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
keepalive_requests 42949672;
client_body_timeout 10719064m;
send_timeout 10719064m;
lingering_close always;
grpc_read_timeout 10719064m;
grpc_send_timeout 10719064m;
grpc_pass grpc://127.0.0.1:8012; //反代的v2端口
}
location /nginx_status {
access_log off;
allow 127.0.0.1;
deny all;
}
}
4、cloudclare开启grpc。
网站——网络——开启grpc。
最后于 22/05.15 20:24
被zsxwz编辑
,原因: