基于腾讯云Lighthouse代理实现无公网CVM访问公网
本文最后更新于 606 天前, 如有失效请评论区留言.
前提
-
已经有一个腾讯云轻量云实例
-
已经有一个腾讯云CVM竞价实例(无公网)
-
需要同地域且已经云联网
安利
Spot我写的竞价机器小助手: ysicing/spot 解决频繁开通/销毁竞价CVM实例👍
轻量部署Socks5服务
在腾讯云轻量上部署代理服务
示例docker-compose.yaml
version: '3.9'
services:
socks5:
image: serjs/go-socks5-proxy
container_name: socks5
environment:
- PROXY_USER="xxx"
- PROXY_PASSWORD="xxx"
network_mode: host
restart: always
将上述docker-compose.yaml跑起来即可
docker compose -f docker-compose.yaml up -d
提示这个socks5是我随便找的一个镜像哈,你也可以用其他工具跑socks5服务哈
CVM部署Clash服务
下载三个文件哈,手动同步到CVM上
- clash-linux-amd64
- https://cdn.jsdelivr.net/gh/Hackl0us/GeoIP2-CN@release/Country.mmdb
- https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
部署Clash
/etc/clash目录结构
目录结构
root@VM-0-15-debian:/etc/clash# tree
.
├── config.yaml
├── Country.mmdb
└── ruleset
└── lancidr.yaml
1 directory, 4 files
clash.yaml配置文件
clash.yaml配置文件
mixed-port: 7890
# linux
tproxy-port: 7893
routing-mark: 7777
allow-lan: true
bind-address: "*"
mode: rule
log-level: debug
interface-name: eth0
external-controller: 10.0.0.15:22222
secret: "eeg7sachu3ca0O666ccpnb666ie1Shoh3veiCh8Ju"
profile:
store-selected: true
store-fake-ip: true
tracing: true
dns:
enable: true
listen: 0.0.0.0:1053
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
default-nameserver:
- 183.60.83.19
- 183.60.82.98
nameserver:
- 183.60.83.19
- 183.60.82.98
fake-ip-filter:
- '+.tencentyun.com'
- '+.tencentcs.com'
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 240.0.0.0/4
- 0.0.0.0/32
- 127.0.0.1/32
tun:
enable: true
stack: system
dns-hijack:
- any:53
auto-route: true
proxies:
- { name: "lh", type: socks5, server: 10.0.4.1, port: 1080, username: admin, password: admin, tls: false, skip-cert-verify: true, udp: false}
- { name: "lh2", type: socks5, server: 10.0.4.2, port: 1080, username: admin, password: admin, tls: false, skip-cert-verify: true, udp: false}
proxy-groups:
- name: auto
type: select
proxies:
- lh
- lh2
rule-providers:
lancidr:
type: file
behavior: ipcidr
path: ./ruleset/lancidr.yaml
rules:
- RULE-SET,lancidr,DIRECT
- GEOIP,LAN,DIRECT
- MATCH,auto
clash服务
[Unit]
Description=A rule based proxy.
After=network.target
[Service]
Type=simple
User=root
Restart=on-abort
ExecStart=/usr/bin/clash -d /etc/clash
[Install]
WantedBy=multi-user.target
将上述文件保存
systemctl enable clash --now
测试
CVM安装docker哈,或者访问百度
root@VM-0-15-debian:/etc/clash# curl -I www.baidu.com -vvv
* Trying 198.18.0.4:80...
* Connected to www.baidu.com (198.18.0.4) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.baidu.com
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
