Example of V2Ray with meek

Posted on Edited on

V2Ray version 5.7.0 introduces the possibility of using meek transport protocol.

Meek is a censorship-resistant protocol that encodes traffic as plain HTTP requests and responses. This allows traffic to penetrate environments where it would otherwise be blocked.

The performance of meek is low. It is not intended for situations where you want a speedy ping or to transfer gigabytes and gigabytes of data. Meek is intended for situations where most other protocols are blocked and you need a last resort.

This post gives an example of configuring V2Ray with meek.

With thanks to @xiaokangwang and to David Fifield, the developer of the original implementation of meek.

VPS

You will need your own virtual private server or VPS.

We will run Ubuntu 22.04 on the demonstration VPS. This server has 1 GB of RAM.

Domain name

You will need your own domain name. Our examples will use the domain name:

1
cscot.buzz

Create a DNS A record pointing from the hostname of the server to the IP address of the server. Our example:

1
www.cscot.buzz

DNS A record pointing from the hostname of the server to the IP address of the server

Universally unique id

On Linux servers, you can generate a UUID with the command:

1
uuidgen

Alternatively, generate a UUID on the web by visiting https://www.uuidgenerator.net.

Example:

1
f48fd3ae-0c24-433e-af3b-e87338b74705

Path

Generate a secret path:

1
< /dev/urandom tr -dc a-z | head -c${1:-8};echo;

Example:

1
vrezdxop

Linux server

If your server is protected by a firewall or your cloud provider’s security groups, open ports 80/tcp and 443/tcpfor input.

Switch to the root user.

Install a web server:

1
2
apt update && apt upgrade
apt install nginx

Edit the web server’s default site configuration file /etc/nginx/sites-available/default.

Insert the real hostname.

Also insert a proxy_pass line for the secret path.

Example of completed default site configuration file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name www.cscot.buzz;

        location / {
                try_files $uri $uri/ =404;
        }

        location /vrezdxop {
                proxy_pass http://127.0.0.1:17773;
        }

}

Restart the web server with this configuration:

1
systemctl restart nginx

Install snapd if it is not already installed:

1
apt install snapd

Ensure that your version of snapd is up to date:

1
snap install core; snap refresh core

Run the following command on the command line to install certbot:

1
snap install --classic certbot

Execute the following instruction to ensure that the certbot command can be run:

1
ln -s /snap/bin/certbot /usr/bin/certbot

Run the next command to get an SSL certificate and have Certbot edit your Nginx configuration automatically to serve the HTTPS version of your site:

1
certbot --nginx --register-unsafely-without-email --agree-tos

The certbot packages on your system come with a cron job or systemd timer that will renew your certificate automatically before it expires. You can test automatic renewal by running the command below:

1
certbot renew --dry-run

If you are using Cloudflare CDN, visit the SSL/TLS page for your domain. Make sure your SSL/TLS encryption mode is set to Full (strict).

To confirm that your site is set up properly, visit:

1
https://www.cscot.buzz

in your browser and look for the padlock icon in the address bar.

Now you can install version v5.7.0 of V2Ray:

1
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --version v5.7.0

Meek is only supported in JSON5 configuration format.

Therefore edit the server configuration file /usr/local/etc/v2ray/config.json based on the example below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
  "log": {
    "error": {
      "level": "Info",
      "type": "Console"
    },
    "access": {
      "type": "None"
    }
  },
  "outbounds": [
    {
      "protocol": "freedom"
    }
  ],
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 17773,
      "protocol": "vmess",
      "settings": {
        "users": [
          "f48fd3ae-0c24-433e-af3b-e87338b74705"
        ]
      },
      "streamSettings": {
        "transport": "meek",
        "transportSettings": {
          "url": "http://127.0.0.1:17773"
        },
        "security": "none",
        "securitySettings": {
        }
      }
    }
  ]
}

Edit the systemd service unit /etc/systemd/system/v2ray.service.

Make the ExecStart line look like this:

1
ExecStart=/usr/local/bin/v2ray run -format jsonv5 -c /usr/local/etc/v2ray/config.json

Save the file. Reload the systemd daemon:

1
2
rm -rf /etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf
systemctl daemon-reload

Start V2Ray with the new configuration file:

1
2
systemctl enable v2ray
systemctl start v2ray

Windows client

Download the v5.7.0 zip file for Windows, v2ray-windows-64.zip, from https://github.com/v2fly/v2ray-core/releases/tag/v5.7.0.

Unzip the zip file.

User Notepad to edit the client configuration file, Downloads\v2ray-windows-64\config.json, based on the example below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
  "log": {
    "error": {
      "level": "Info",
      "type": "Console"
    },
    "access": {
      "type": "None"
    }
  },
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "address": "www.cscot.buzz",
        "port": 443,
        "uuid": "f48fd3ae-0c24-433e-af3b-e87338b74705"
      },
      "streamSettings": {
        "transport": "meek",
        "transportSettings": {
          "url": "https://www.cscot.buzz/vrezdxop"
        },
        "security": "tls",
        "securitySettings": {
        }
      }
    }
  ],
  "inbounds": [
    {
      "protocol": "socks",
      "settings": {
        "udpEnabled": true,
        "address": "127.0.0.1",
        "packetEncoding": "Packet"
      },
      "port": 10808,
      "listen": "127.0.0.1"
    },
    {
      "protocol": "http",
      "settings": {
      },
      "port": 10809,
      "listen": "127.0.0.1"
    }
  ]
}

Open a Command Prompt window.

Run the V2Ray client with your configuration:

1
2
cd Downloads\v2ray-windows-64
v2ray.exe run -format jsonv5 -c config.json

You should see messages that look like this:

1
2
3
4
5
6
V2Ray 5.7.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.20.4 windows/amd64)
A unified platform for anti-censorship.
2023/05/31 18:06:26 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10808
2023/05/31 18:06:26 [Info] transport/internet/udp: listening UDP on 127.0.0.1:10808
2023/05/31 18:06:26 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10809
2023/05/31 18:06:26 [Warning] V2Ray 5.7.0 started

Leave the Command Prompt window open with V2Ray running in it.

The most convenient browser to use with a proxy server is Firefox. Therefore install Firefox now if you do not already have Firefox on your PC.

Open Firefox Settings.

On the General page, scroll down to Network Settings.

Configure Firefox so that the browser uses the V2Ray proxy:

  1. Select the radio button for Manual proxy configuration
  2. Set the SOCKS Host to 127.0.0.1
  3. Set the Port to 10808
  4. Select the version SOCKS v5
  5. Check the box for Proxy DNS when using SOCKS v5