hysteria2 - 三七の小站

Hysteria 是一个强大、快速、抗审查的代理工具。

1、一键安装脚本

bash <(curl -fsSL https://get.hy2.sh/)

2、无域名生成自签证书

openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout /etc/hysteria/server.key -out /etc/hysteria/server.crt -subj "/CN=bing.com" -days 36500 && sudo chown hysteria /etc/hysteria/server.key && sudo chown hysteria /etc/hysteria/server.crt

命令会在 VPS 目录 /etc/hysteria 中生成 server.crt 及 server.key 文件，并变更相关权限

3、服务端配置文件

nano /etc/hysteria/config.yaml

listen: :8443

tls:
  cert: /etc/hysteria/server.crt
  key: /etc/hysteria/server.key

auth:
  type: password
  password: 88888888   # 请及时更改密码

masquerade:
  type: proxy
  proxy:
    url: https://bing.com
    rewriteHost: true

quic:
  initStreamReceiveWindow: 26843545
  maxStreamReceiveWindow: 26843545
  initConnReceiveWindow: 67108864
  maxConnReceiveWindow: 67108864

4、开启服务

systemctl start hysteria-server.service    # 启动 hysteria 服务
systemctl enable hysteria-server.service   # 设置 hysteria 服务 开机自启
systemctl restart hysteria-server.service  # 重启 hysteria 服务
systemctl stop hysteria-server.service     # 停止 hysteria 服务
systemctl status hysteria-server.service   # 查看 hysteria 服务 状态

如果需要配置端口跳跃

# 将10000-11000端口映射到8443端口
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 10000:11000 -j REDIRECT --to-ports 8443
# 查看iptables规则
iptables -t nat -L PREROUTING -v -n
# 删除iptables规则
iptables -t nat -D PREROUTING -i eth0 -p udp --dport 10000:11000 -j REDIRECT --to-ports 8443

5、官方客户端

新建一个文件夹

将可执行文件 2于配置文件放在目录下

配置文件config.yaml如下

server: ip:8443   # 改为你服务器的ip和端口

auth: 88888888   # 改为你的密码

bandwidth:
  up: 50 mbps
  down: 500 mbps   # 根据你的网络情况设置

socks5:
  listen: 127.0.0.1:1080   # 提供一个1080端口的socks5代理

tls:
  sni: bing.com   # 与服务器配置对应
  insecure: true
  pinSHA256: 0B:B4:3A:03:24:A8:D1:44:CF:91:FB:D

quic:   # 调节发送窗口，与服务器保持一致
  initStreamReceiveWindow: 26843545
  maxStreamReceiveWindow: 26843545
  initConnReceiveWindow: 67108864
  maxConnReceiveWindow: 67108864

其中 pinSHA256 是服务器的证书的 SHA256 值，通过下面的命令获取

openssl x509 -noout -fingerprint -sha256 -in path_to_your_cert.crt

6、v2rayN 配置

新建文件 hy.yml 修改 ip、密码、带宽

server: ip:8443
auth: 88888888

bandwidth:
  up: 50 mbps
  down: 100 mbps

tls:
  sni: bing.com
  insecure: true

socks5:
  listen: 127.0.0.1:1080
http:
  listen: 127.0.0.1:8080

7、Clash.meta 配置

  - name: "hysteria2"
    type: hysteria2
    server: ip
    port: 8443
    up: "50 Mbps"
    down: "100 Mbps"
    password: 88888888
    sni: bing.com
    skip-cert-verify: true

8、官方客户端配置

server: 107.141.100.49:10000-11000

auth: 88888888

bandwidth:
  up: 50 mbps
  down: 100 mbps

socks5:
  listen: 0.0.0.0:1080

http:
  listen: 127.0.0.1:8080

tls:
  sni: bing.com
  insecure: true
  pinSHA256: 72:8A:69:38:6F:7D:D3:BA:3D:EF:BB:86:F5:58:94:E3:3E:B6:75:0A:6D:BE:BD:3B:26:3E


quic:
  initStreamReceiveWindow: 26843545
  maxStreamReceiveWindow: 26843545
  initConnReceiveWindow: 67108864
  maxConnReceiveWindow: 67108864
  maxIdleTimeout: 30s
  keepAlivePeriod: 10s