最近hysteria发布了2.0 API与1.0 不一样 暂时没有客户端适配,只能使用原生配置的方式运行
下载发行包
1
| curl -Lo /root/hysteria https://github.com/apernet/hysteria/releases/latest/download/hysteria-linux-amd64 && chmod +x /root/hysteria && mv -f /root/hysteria /usr/local/bin
|
Acme 申请证书
省略
创建简单配置
服务端
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
listen: :27042
tls:
cert: /root/.acme.sh/www.ruha11.xyz_ecc/fullchain.cer
key: /root/.acme.sh/www.ruha11.xyz_ecc/ruha11.xyz.key
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
auth:
type: password
password: chika
masquerade:
type: proxy
proxy:
url: https://www.lovelive-anime.jp
rewriteHost: true
|
客户端
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| server: $remote_ip:27042
auth: $password
tls:
sni: $domain
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
fastOpen: true
socks5:
listen: 127.0.0.1:50000
|
创建复杂配置
服务端
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
listen: :27042
tls:
cert: /root/.acme.sh/ruha11.xyz_ecc/ruha11.xyz.cer
key: /root/.acme.sh/ruha11.xyz_ecc/ruha11.xyz.key
auth:
type: password
password: chika
resolver:
type: https
https:
addr: 1.1.1.1:443
timeout: 10s
quic:
initStreamReceiveWindow: 8388608
maxStreamReceiveWindow: 8388608
initConnReceiveWindow: 20971520
maxConnReceiveWindow: 20971520
maxIdleTimeout: 30s
maxIncomingStreams: 1024
disablePathMTUDiscovery: false
bandwidth:
up: 300 mbps
down: 30 mbps
transport:
udp:
hopInterval: 30s
masquerade:
type: proxy
proxy:
url: https://www.lovelive-anime.jp
rewriteHost: true
|
开启端口跳跃 防止运营商qos
1
2
3
4
| # IPv4
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 48001:50000 -j DNAT --to-destination :27042
# IPv6
ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 48001:50000 -j DNAT --to-destination :27042
|
或者
1
| firewall-cmd --permanent --add-forward-port=port=48001-50000:proto=udp:toport=27042
|
客户端
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| server: 198.211.26.214:48001-50000
auth: chika
tls:
sni: ruha11.xyz
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
fastOpen: true
bandwidth:
up: 30 mbps
down: 300 mbps
http:
listen: 127.0.0.1:5183
realm: martian
socks5:
listen: 127.0.0.1:5182
tcpForwarding:
- listen: 127.0.0.1:6600
remote: 127.0.0.1:6600
|
编辑systemd配置
vim /etc/systemd/service/hysteria2.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [Unit]
After=network.target nss-lookup.target
[Service]
User=root
WorkingDirectory=/etc/hysteria2
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
ExecStart=/usr/local/bin/hysteria server -c /etc/hysteria2/config.yaml --log-level info
Restart=on-failure
RestartSec=10
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
|
执行 重载配置文件
1
2
| systemctl daemon-reload
systemctl enable --now hysteria
|