如果各位佬买的低配vps可以试试下面方案,把vps的性能压榨到极致,把网络瓶颈交给cloudflare cdn上
搭建方案是:
1、准备两个域名,一个域名(two.com)托管到cloudflare上使用自定义主机,一个域名(one.com)托管到其他服务商(比如spaceship)
2、方案是cloudflare+nginx+sing-box(vless+tls+websocket)
3、优选ip的可以使用大佬提供的https://cf.090227.xyz/
4、ssl证书可以用acme.sh脚本签注
cloudflare(免费账号)建议开启的配置:
cloudflare的SSL/TLS 加密是完全(严格)
cloudflare的0-RTT已开启
cloudflare的最低 TLS 版本调到tls 1.2
nginx可以升级到1.29.4,不升级也可以
低配vps(racknerd购买)是:
1 GB KVM VPS (Black Friday 2025)
1 vCPU Core
25 GB PURE SSD RAID-10 Storage
1 GB RAM
2000GB Monthly Premium Bandwidth
1Gbps Public Network Port
Full Root Admin Access
1 Dedicated IPv4 Address
KVM / SolusVM Control Panel - Reboot, Reinstall, Manage rDNS, & much more
Operating System: Ubuntu 24.04 64 Bit
racknerd vps的机房建议避开圣何塞机房,圣何塞ip容易被google标记成国内用户,推荐选择洛杉矶机房
修改vps的内核配置,在/etc/sysctl.d目录新建一个99-sing-box.conf文件
99-sing-box.conf文件内容(基于1cpu和1GB内存):
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_fastopen = 3 # TCP FastOpen,降 100–200ms
net.ipv4.tcp_mtu_probing = 1 # MTU 自适应
#调整缓冲区大小,适配 1GB 内存 (防止 OOM)
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 87380 67108864
#针对 Cloudflare 这种反代环境,优化 TIME_WAIT
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_tw_reuse = 1
#拥塞控制保持 BBR (确保生效)
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_fin_timeout = 15
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 8192
#开启 TCP 窗口缩放 (对高带宽很重要)
net.ipv4.tcp_window_scaling = 1
#针对视频突发流量的优化
net.ipv4.tcp_slow_start_after_idle = 0
执行sysctl -p 99-sing-box.conf,对配置生效
sysctl –system 可以查看当前系统的配置
nginx(版本1.29.4)的配置:
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
#worker_connections 768;
worker_connections 2048;
use epoll;
multi_accept on;
}
http {
limit_conn_zone $binary_remote_addr zone=wsconn:10m;
sendfile off; # 反向代理必须关
tcp_nopush off;
tcp_nodelay on;
keepalive_timeout 65s 180s;
keepalive_requests 100000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off; # 全局关闭响应缓冲
proxy_request_buffering off; # 全局关闭请求缓冲
#把Early-Data 头透传给所有 WebSocket 路径
proxy_set_header Early-Data $http_early_data;
types_hash_max_size 2048;
#server_names_hash_bucket_size 64;
#server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
gzip off;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
#0-RTT 必须开
ssl_early_data on;
#开启 OCSP Stapling (必须配置 resolver,这里用 Google DNS)
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
server_name *.two.com *.one.com;
#优先使用计算量较小的加密算法 (Cloudflare 会处理客户端兼容性,这里只管 CF 到 VPS)
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_buffer_size 4k; # 减小 Buffer 尺寸,虽然牺牲极少吞吐,但显著降低首字节延迟 (TTFB),利于视频秒开
#配置证书的路径
ssl_certificate /etc/nginx/ssl/two.com.pem;
ssl_certificate_key /etc/nginx/ssl/two.com.key;
http2_max_concurrent_streams 512; # 支持适度并发 保留,支持高并发
large_client_header_buffers 4 64k; # 头部缓冲区 替换 http2_max_field_size 和 http2_max_header_size
client_header_timeout 30s; # 头部超时 替换 http2_recv_timeout
keepalive_timeout 180s; # 覆盖客户端值,和上游保持一致更稳
keepalive_requests 100000;
gzip off;
location /v1 {
limit_conn wsconn 6;
proxy_redirect off;
proxy_pass http://127.0.0.1:38123;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Sec-WebSocket-Protocol "";
#下面这几行是核心(原来你缓冲太大 + 超时太短)
proxy_buffering off; # 彻底关闭缓冲
proxy_request_buffering off; # 客户端上传也不缓冲
proxy_cache off;
proxy_connect_timeout 15s; # 快速失败
# 保持连接活跃
proxy_read_timeout 3600s; # 延长到1小时,防止看长视频时断连
proxy_send_timeout 3600s;
#必须加的两个头(解决 Cloudflare → 源站首次慢)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#核心优化:确保压缩完全关闭
gzip off;
#缓冲区调优:虽然你关了 buffering,但 Nginx 仍有内部 buffer
#这种设置适合 WebSocket 大流量
proxy_buffer_size 8k;
proxy_busy_buffers_size 16k;
#0-RTT 支持(第二次连接基本 0ms 握手)
proxy_set_header Early-Data $http_early_data;
proxy_socket_keepalive on; # 确保 Nginx 到 sing-box 后端长连接
#增加这两个设置防止 Nginx 在缓冲区满时卡死
proxy_max_temp_file_size 0; # 禁用临时文件
proxy_buffers 4 8k; # 缓冲区调小,更快转发
}
location / {
index index.htm index.html index.php;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
}
}
sing-box(版本1.12.13)的配置:
{
"log": { "level": "warn", "timestamp": true },
"inbounds": [
{
"type": "vless",
"tag": "VLESS-WS-TLS",
"listen": "127.0.0.1",
"listen_port": 38123,
"users": [{ "uuid": "xxx-xxx-xxx-xxx" }],
"tls": { "enabled": false },
"transport": {
"type": "ws",
"path": "/v1",
"max_early_data": 2048,
"early_data_header_name": "Early-Data"
},
"tcp_fast_open": true,
"multiplex": {
"enabled": true,
// "padding": true // 可选,开启填充提高抗检测能力
}
}
],
"outbounds": [{ "type": "direct" }]
}
客户端使用:
本地客户端v2rayn(sing-box核心):
已开启 h2mux (多路复用)
手机客户端是shadowrocket:
开启多路复用
这个套方案是经过两三个星期的验证的,速度是杠杠的,没掉链子过的
感谢您的来访,获取更多精彩文章请收藏本站。
© 版权声明
文章版权归作者所有,未经允许请勿转载。声明:下载本站资源即同意用户协议,本站程序只是提供给开发者学习研究。
THE END
暂无评论内容