Hysteria 简单搭建 作者: Hogwarts 发布于: 2023-10-05 更新于: 2023-10-18 分类: 红杏出墙 看完不良林的视频和博客,尝试搭建了Hysteria。 #一、搭建准备 自签或Acme申请证书密钥,本例以自有域名、证书为例。 #二、搭建步骤 ##2.1 下载客户端 wget https://github.com/apernet/hysteria/releases/download/app%2Fv2.0.3/hysteria-linux-arm64 -O /usr/local/bin/hysteria chmod +x /usr/local/bin/hysteria ##2.2 新建配置文件 mkdir /etc/hysteria/ vim /etc/hysteria/config.json { "listen": ":YourPort", "auth": { "type": "password", "password": "YourPassWord" }, "masquerade": { "type": "proxy", "proxy": { "url": "https://yourdomain.com", "rewriteHost": true } }, "tls": { "cert": "/PathTo/fullchain.cer", "key": "/ PathTo /private.key" } } ##2.3 开机启动 vim /etc/systemd/system/hysteria.servicee [Unit] Description=Hysteria Server Service (config.json) After=network.target [Service] Type=simple ExecStart=/usr/local/bin/hysteria -c /etc/hysteria/config.json server WorkingDirectory=/etc/hysteria/ User=nobody Group=nogroup Environment=HYSTERIA_LOG_LEVEL=info CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW NoNewPrivileges=true [Install] WantedBy=multi-user.target chown -R nobody:nogroup /etc/hysteria/ systemctl daemon-reload systemctl start hysteria systemctl status hysteria systemctl enable hysteria ##2.3 设置防火墙 以ufw为例 ufw allow yourport/udp ufw reload #三、客户端json ##3.1 一般设置 { "server": "yourdomain.com:yorport", "auth": "yourpassword", "bandwidth": { "up": "50 mbps", "down": "200 mbps" }, "tls": { "sni": " yourdomain.com ", "insecure": false }, "socks5": { "listen": "127.0.0.1:10808" }, "http": { "listen": "127.0.0.1:10809" } } ##3.2 进阶设置 ###3.2.1 端口跳跃 { "server": " yourdomain.com:port1-port2", "transport": { "udp": { "hopInterval": "60s" } }, "auth": " yourpassword", "bandwidth": { "up": "50 mbps", "down": "200 mbps" }, "tls": { "sni": " yourdomain.com ", "insecure": false }, "socks5": { "listen": "127.0.0.1:10808" }, "http": { "listen": "127.0.0.1:10809" } } ###3.2.2 服务端防火墙 iptables -t nat -A PREROUTING -i eth0 -p udp --dport port1:port2 -j DNAT --to-destination :yourport ufw allow port1:port2/udp ufw reload #四、参考 [不良林博客](https://bulianglin.com/archives/hysteria2.html "不良林博客") [Hysteria 2 文档之端口跳跃](https://v2.hysteria.network/zh/docs/advanced/Port-Hopping/ "Hysteria 2 文档") [Hysteria 2 文档之格式转换](https://v2.hysteria.network/zh/docs/misc/Hate-YAML/ "Hysteria 2 文档之格式转换") [Hysteria 2 文档](https://v2.hysteria.network/zh/ "Hysteria 2 文档") 这篇也不错适合firewall防火墙-[Hysteria 节点纯手动安装教程](https://www.hicairo.com/post/60.html "Hysteria 节点纯手动安装教程") #五、测试结果 1. 和Trojan相比没啥感觉。 2. 在Win端用 V2rayN-5.39 做的客户端,需下载Hysteria.exe放入V2rayN文件夹中,自定义配置,并选择Hysteria为核心。看不到日志。改用6.29新版本后正常。虽然5系较轻巧,还得是用新不用旧呀! 3. 安卓端用 [sing-box (releases)](https://github.com/SagerNet/sing-box/releases "sing-box") ,一个纯英文的软体。不过 [sing-box (官网) ](https://sing-box.sagernet.org/zh/ "sing-box")好像挺牛X的,待学习。不过对于端口跳跃的设置还没搞定,单端口照抄不良林的配置没问题。 4. [NekoBox for Android](https://github.com/MatsuriDayo/NekoBoxForAndroid/releases "NekoBox for Android") 不错。 5. 客户端还是不大友好,官方推荐的[第三方客户端](https://v2.hysteria.network/zh/docs/getting-started/3rd-party-apps/ "第三方客户端")。 6. [有可能被封端口](https://github.com/MatsuriDayo/NekoBoxForAndroid/issues/347 "有可能被封端口")。 7. 能用就行了。 8. 感觉联通的QOS特别严重,即使端口转换的情况下有时连接起来也有卡顿现象。按瞬时爆发速度感觉没有tls快。 #六、加入quic的yaml格式 ##6.1 服务端 listen: :yourport tls: cert: /pathto/fullchain.cer key: /pathto/private.key quic: initStreamReceiveWindow: 26843545 maxStreamReceiveWindow: 26843545 initConnReceiveWindow: 67108864 maxConnReceiveWindow: 67108864 auth: type: password password: yourpasswod resolver: type: https https: addr: 8.8.8.8:443 timeout: 10s masquerade: type: proxy proxy: url: https://bing.com rewriteHost: true ##6.2 客户端 server: yourdomain.com:yourport1-yourport2 auth: yourpassword tls: sni: yourdomain.com insecure: false quic: initStreamReceiveWindow: 26843545 maxStreamReceiveWindow: 26843545 initConnReceiveWindow: 67108864 maxConnReceiveWindow: 67108864 transport: type: udp udp: hopInterval: 30s bandwidth: up: 50 mbps down: 500 mbps socks5: listen: 127.0.0.1:10808 http: listen: 127.0.0.1:10809 标签: hysteria, hysteria2