banner
oldcatY

oldcatY

中轻度LoveLive厨,主推莲团,二推水+虹团(缪团是神,星团……)
twitter
github
bilibili
steam
Home归档VPS评测日常琐事技巧分享科学上网博客站分享服务器探针Hexo 博客

【科学上网】使用Tuic v5作为服务端

#科学上网841
AI-generated summary
The article provides instructions on how to use Tuic v5 as a server for scientific internet access. It includes a one-click script for installing the original Tuic and Clash.meta servers, as well as step-by-step instructions for manual installation. The article also provides configuration details for the server and client, including Nekoray/V2rayN and Clash configurations.

TUIC 安装指南#

一键脚本(安装原版 Tuic)#

wget https://raw.githubusercontent.com/imbalaomao/tuic-install/main/tuic.sh && bash tuic.sh
项目
程序/opt/tuic/tuic_server
配置/opt/tuic/server_config.json
查看日志journalctl -u tuic --output cat -e
实时日志journalctl -u tuic --output cat -f

一键脚本(安装 Clash.meta 服务端)#

wget https://raw.githubusercontent.com/imbalaomao/tuic-install/main/tuic_clash.sh && bash tuic_clash.sh
项目
程序/opt/tuic_clash/server
配置/opt/tuic_clash/server_config.yaml
查看日志journalctl -u tuic_clash --output cat -e
实时日志journalctl -u tuic_clash --output cat -f

分步搭建(仅供参考)#

1. 安装必要软件#

apt-get -y update && apt-get install -y net-tools curl socat jq && mkdir /opt/tuic

2. acme 申请证书#

如果有证书请在下方自定义证书位置,并跳过本步骤

mkdir -p /etc/ssl/private  
curl https://get.acme.sh | sh -s email=$(date +%s%N | md5sum | cut -c 1-16)@gmail.com && ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt && ~/.acme.sh/acme.sh --issue -d $domain --standalone --keylength ec-256 --install-cert -d $domain --ecc --fullchain-file /etc/ssl/private/fullchain.cer --key-file /etc/ssl/private/private.key

3. 下载 Tuic v5 服务端#

  • x86_64 版本

    wget -O /opt/tuic/server $(curl -s https://api.github.com/repos/EAimTY/tuic/releases/latest | jq -r '.assets[28].browser_download_url') && chmod +x /opt/tuic/server

  • aarch64 版本

    wget -O /opt/tuic/server $(curl -s https://api.github.com/repos/EAimTY/tuic/releases/latest | jq -r '.assets[2].browser_download_url') && chmod +x /opt/tuic/server

4. 创建配置文件#

vi /opt/tuic/server_config.json

并粘贴以下内容:

{  
  "server": "0.0.0.0:自定义端口",  
  "users": {  
      "自定义UUID": "自定义密码"  
  },  
  "certificate": "/etc/ssl/private/fullchain.cer",  
  "private_key": "/etc/ssl/private/private.key",  
  "congestion_control": "bbr",  
  "alpn": [  
      "spdy/3.1"  
  ],  
  "max_external_packet_size": 1500,  
  "log_level": "debug",  
  "gc_interval": "3s",  
  "max_idle_time": "30s"  
}

5. 配置服务环境#

vi /etc/systemd/system/tuic.service

并输入以下内容:

[Unit]  
After=network.target nss-lookup.target  
  
[Service]  
User=root  
WorkingDirectory=/opt/tuic  
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW  
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW  
ExecStart=/opt/tuic/server -c /opt/tuic/server_config.json  
Restart=on-failure  
RestartSec=10  
LimitNOFILE=infinity  
  
[Install]  
WantedBy=multi-user.target

6. 客户端配置#

  • Nekoray / V2rayN 配置:
    {  
      "relay": {  
        "server": "服务器IP绑定的域名:自定义的端口",  
        "uuid": "自定义的UUID",  
        "password": "自定义的密码",  
        "ip": "你服务器的IP",  
        "udp_relay_mode": "quic",  
        "congestion_control": "bbr",  
        "alpn": ["spdy/3.1"],  
        "gc_lifetime": "15s",  
        "gc_interval": "3s"  
      },  
      "local": {  
        "server": "127.0.0.1:1080"  
      },  
      "log_level": "debug"  
    }
  • Clash 配置:
    - {name: Tuic, server: 服务器IP绑定的域名, port: 自定义的端口, type: tuic, uuid: 自定义的UUID, password: 自定义的密码, ip: 你服务器的IP, alpn: ["spdy/3.1"], request-timeout: 8000, udp-relay-mode: quic, congestion-controller: bbr, fast-open: true, skip-cert-verify: false, max-open-streams: 10}
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.