【科学上网】使用Tuic v5作为服务端

TUIC 安装指南#

一键脚本（安装原版 Tuic）#

wget https://raw.githubusercontent.com/imbalaomao/tuic-install/main/tuic.sh && bash tuic.sh

项目
程序	/opt/tuic/tuic_server
配置	/opt/tuic/server_config.json
查看日志	`journalctl -u tuic --output cat -e`
实时日志	`journalctl -u tuic --output cat -f`

一键脚本（安装 Clash.meta 服务端）#

wget https://raw.githubusercontent.com/imbalaomao/tuic-install/main/tuic_clash.sh && bash tuic_clash.sh

项目
程序	/opt/tuic_clash/server
配置	/opt/tuic_clash/server_config.yaml
查看日志	`journalctl -u tuic_clash --output cat -e`
实时日志	`journalctl -u tuic_clash --output cat -f`

分步搭建（仅供参考）#

1. 安装必要软件#

apt-get -y update && apt-get install -y net-tools curl socat jq && mkdir /opt/tuic

2. acme 申请证书#

如果有证书请在下方自定义证书位置，并跳过本步骤

mkdir -p /etc/ssl/private  
curl https://get.acme.sh | sh -s email=$(date +%s%N | md5sum | cut -c 1-16)@gmail.com && ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt && ~/.acme.sh/acme.sh --issue -d $domain --standalone --keylength ec-256 --install-cert -d $domain --ecc --fullchain-file /etc/ssl/private/fullchain.cer --key-file /etc/ssl/private/private.key

3. 下载 Tuic v5 服务端#

x86_64 版本

wget -O /opt/tuic/server $(curl -s https://api.github.com/repos/EAimTY/tuic/releases/latest | jq -r '.assets[28].browser_download_url') && chmod +x /opt/tuic/server

aarch64 版本

wget -O /opt/tuic/server $(curl -s https://api.github.com/repos/EAimTY/tuic/releases/latest | jq -r '.assets[2].browser_download_url') && chmod +x /opt/tuic/server

4. 创建配置文件#

vi /opt/tuic/server_config.json

并粘贴以下内容：

{  
  "server": "0.0.0.0:自定义端口",  
  "users": {  
      "自定义UUID": "自定义密码"  
  },  
  "certificate": "/etc/ssl/private/fullchain.cer",  
  "private_key": "/etc/ssl/private/private.key",  
  "congestion_control": "bbr",  
  "alpn": [  
      "spdy/3.1"  
  ],  
  "max_external_packet_size": 1500,  
  "log_level": "debug",  
  "gc_interval": "3s",  
  "max_idle_time": "30s"  
}

5. 配置服务环境#

vi /etc/systemd/system/tuic.service

并输入以下内容：

[Unit]  
After=network.target nss-lookup.target  
  
[Service]  
User=root  
WorkingDirectory=/opt/tuic  
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW  
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW  
ExecStart=/opt/tuic/server -c /opt/tuic/server_config.json  
Restart=on-failure  
RestartSec=10  
LimitNOFILE=infinity  
  
[Install]  
WantedBy=multi-user.target

6. 客户端配置#

Nekoray / V2rayN 配置：

    {  
      "relay": {  
        "server": "服务器IP绑定的域名:自定义的端口",  
        "uuid": "自定义的UUID",  
        "password": "自定义的密码",  
        "ip": "你服务器的IP",  
        "udp_relay_mode": "quic",  
        "congestion_control": "bbr",  
        "alpn": ["spdy/3.1"],  
        "gc_lifetime": "15s",  
        "gc_interval": "3s"  
      },  
      "local": {  
        "server": "127.0.0.1:1080"  
      },  
      "log_level": "debug"  
    }

Clash 配置：

    - {name: Tuic, server: 服务器IP绑定的域名, port: 自定义的端口, type: tuic, uuid: 自定义的UUID, password: 自定义的密码, ip: 你服务器的IP, alpn: ["spdy/3.1"], request-timeout: 8000, udp-relay-mode: quic, congestion-controller: bbr, fast-open: true, skip-cert-verify: false, max-open-streams: 10}