-
Notifications
You must be signed in to change notification settings - Fork 1.5k
To use the VLESS protocol
IceCodeNew edited this page Aug 16, 2020
·
4 revisions
# useradd -s /usr/sbin/nologin v2ray
# systemctl edit v2ray.service
[Service]
User=v2ray
這裡假定你已經通過 Certbot 獲取了證書文檔。
-
/etc/letsencrypt/live/example.com/fullchain.pem。 -
/etc/letsencrypt/live/example.com/privkey.pem。
如果你使用 Debian 發行版,在安裝 Certbot 後,renew 是會定期執行的。
建立 V2Ray 專用的證書文檔目錄:
# install -d -o v2ray -g v2ray /etc/ssl/v2ray/
將證書以指定權限部署到指定路徑:
# install -m 644 -o v2ray -g v2ray /etc/letsencrypt/live/example.com/fullchain.pem -t /etc/ssl/v2ray/
# install -m 600 -o v2ray -g v2ray /etc/letsencrypt/live/example.com/privkey.pem -t /etc/ssl/v2ray/
為在後續 renew 重新部署證書後,自動重新部署證書到指定路徑,並重啟 V2Ray 服務,需要一個腳本,以下是參照內容:
# vim /etc/letsencrypt/renewal-hooks/deploy/v2ray.sh
#!/bin/bash
V2RAY_DOMAIN='example.com'
if [[ "$RENEWED_LINEAGE" == "/etc/letsencrypt/live/$V2RAY_DOMAIN" ]]; then
install -m 644 -o v2ray -g v2ray "/etc/letsencrypt/live/$V2RAY_DOMAIN/fullchain.pem" -t /etc/ssl/v2ray/
install -m 600 -o v2ray -g v2ray "/etc/letsencrypt/live/$V2RAY_DOMAIN/privkey.pem" -t /etc/ssl/v2ray/
sleep "$((RANDOM % 2048))"
systemctl restart v2ray.service
fi# chmod +x /etc/letsencrypt/renewal-hooks/deploy/v2ray.sh
renew 重新部署證書後,會自動執行 deploy/ 下具有可執行權限的腳本。
"certificates": [
{
"certificateFile": "/etc/ssl/v2ray/fullchain.pem",
"keyFile": "/etc/ssl/v2ray/privkey.pem"
}
]