净化阿里云镜像

https://www.moerats.com/archives/625/

##防火墙管理
https://www.cnblogs.com/moxiaoan/p/5683743.html
(firewalld-cmd中,用-连接端口范围)
需要开放的端口(在阿里云管理平台上也要打开)
20 、21、 39000-40000端口(linux 系统 ),3000-4000(windows系统)
22 (SSH)
80、443(网站及SSL)
3306 (数据库远程连接)
888 (phpmyadmin)

https://www.4spaces.org/v2ray-nginx-tls-websocket/

##安装lnmp
https://lnmp.org/install.html
无人值守命令(密码请自行替换)
wget http://soft.vpser.net/lnmp/lnmp1.5.tar.gz -cO lnmp1.5.tar.gz && tar zxf lnmp1.5.tar.gz && cd lnmp1.5 && LNMP_Auto="y" DBSelect="2" DB_Root_Password="**********" InstallInnodb="n" PHPSelect="8" SelectMalloc="1" ./install.sh lnmp

============================== Check install ==============================
Checking ...
Nginx: OK
MySQL: OK
PHP: OK
PHP-FPM: OK
Clean src directory...
+------------------------------------------------------------------------+
|          LNMP V1.5 for CentOS Linux Server, Written by Licess          |
+------------------------------------------------------------------------+
|           For more information please visit https://lnmp.org           |
+------------------------------------------------------------------------+
|    lnmp status manage: lnmp {start|stop|reload|restart|kill|status}    |
+------------------------------------------------------------------------+
|  phpMyAdmin: http://IP/phpmyadmin/                                     |
|  phpinfo: http://IP/phpinfo.php                                        |
|  Prober:  http://IP/p.php                                              |
+------------------------------------------------------------------------+
|  Add VirtualHost: lnmp vhost add                                       |
+------------------------------------------------------------------------+
|  Default directory: /home/wwwroot/default                              |
+------------------------------------------------------------------------+
|  MySQL/MariaDB root password: **************                          |
+------------------------------------------------------------------------+
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
nginx (pid 11904 11901) is running...
php-fpm is runing!
 SUCCESS! MySQL running (12337)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:32000         0.0.0.0:*               LISTEN 

添加虚拟主机
https://lnmp.org/faq/lnmp-vhost-add-howto.html
记得要开启phpinfo

================================================
Virtualhost infomation:
Your domain: www.vidaima.com
Home Directory: /home/wwwroot/www.vidaima.com
Rewrite: typecho
Enable log: no
Database username: ******
Database userpassword: ******
Database Name: *******
Create ftp account: no
Enable SSL: yes
  =>Let's Encrypt
================================================

下载网站程序到虚拟主机
cd /home/wwwroot/www.vidaima.com/
wget -c http://typecho.org/downloads/1.1-17.10.30-release.tar.gz
解压
tar zxvf 1.1-17.10.30-release.tar.gz
将解压出来的build文件夹的文件放到虚拟主机的根目录(build的上一级目录)
cd build/
mv * ../
cd ..

进入网站继续安装

##安装v2ray
使用WebSocket+TLS+Web的加密方式
###1. 安装v2ray程序
https://toutyrater.github.io/prep/install.html
###2. 在lnmp创建新的虚拟主机,同时将域名的子域名解析到服务器
(目前是ray.vidaima.com)
lnmp vhost add
就只绑定个域名,生成个ssl证书就行,其他全部选否,不要。
###3.填写配置文件
####客户端

{
  "inbounds": [
    {
      "port": 10808,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "ray.vidaima.com",
            "port": 443,
            "users": [
              {
                "id": "*********",
                "alterId": 64
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/myay/"
        }
      }
    }
  ]
}

####服务端

{
  "log": {
    "loglevel": "debug"
  }, 
  "inbounds": [
    {
      "port": 10086, 
      "listen": "127.0.0.1", 
      "tag": "vmess-in", 
      "protocol": "vmess", 
      "settings": {
        "clients": [
          {
            "id": "********", 
            "alterId": 64
          }
        ]
      }, 
      "streamSettings": {
        "network": "ws", 
        "wsSettings": {
          "path": "/myay/", //路径
          "headers": { }
        }
      }
    }
  ], 
  "outbounds": [
    {
      "protocol": "freedom", 
      "settings": { }, 
      "tag": "direct"
    }, 
    {
      "protocol": "blackhole", 
      "settings": { }, 
      "tag": "blocked"
    }
  ], 
  "routing": {
    "domainStrategy": "AsIs", 
    "rules": [
      {
        "type": "field", 
        "inboundTag": [
          "vmess-in"
        ], 
        "outboundTag": "direct"
      }
    ]
  }
}

####nginx配置
在/usr/local/nginx/conf/vhost/ray.vidaima.com.conf中的443口的后面加一条location,将上面wssettings词条的path路径中写到的路径重写给v2ray的服务器端

location /myay/ {	#注:修改路径
			proxy_redirect off;
			proxy_pass http://127.0.0.1:10086; #注:与服务端的inbound要一致
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			proxy_set_header Host $http_host;
		}

现在可以给新的虚拟主机扔个静态网页