skip to content
Logo 三七の小站

hysteria2

/ 3 min read

Hysteria 是一个强大、快速、抗审查的代理工具。

1、一键安装脚本

Terminal window
bash <(curl -fsSL https://get.hy2.sh/)

2、无域名生成自签证书

Terminal window
openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout /etc/hysteria/server.key -out /etc/hysteria/server.crt -subj "/CN=bing.com" -days 36500 && sudo chown hysteria /etc/hysteria/server.key && sudo chown hysteria /etc/hysteria/server.crt

命令会在 VPS 目录 /etc/hysteria 中生成 server.crtserver.key 文件,并变更相关权限

3、服务端配置文件

Terminal window
nano /etc/hysteria/config.yaml
listen: :8443
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: 88888888 # 请及时更改密码
masquerade:
type: proxy
proxy:
url: https://bing.com
rewriteHost: true
quic:
initStreamReceiveWindow: 26843545
maxStreamReceiveWindow: 26843545
initConnReceiveWindow: 67108864
maxConnReceiveWindow: 67108864

4、开启服务

Terminal window
systemctl start hysteria-server.service # 启动 hysteria 服务
systemctl enable hysteria-server.service # 设置 hysteria 服务 开机自启
systemctl restart hysteria-server.service # 重启 hysteria 服务
systemctl stop hysteria-server.service # 停止 hysteria 服务
systemctl status hysteria-server.service # 查看 hysteria 服务 状态

如果需要配置端口跳跃

Terminal window
# 将10000-11000端口映射到8443端口
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 10000:11000 -j REDIRECT --to-ports 8443
# 查看iptables规则
iptables -t nat -L PREROUTING -v -n
# 删除iptables规则
iptables -t nat -D PREROUTING -i eth0 -p udp --dport 10000:11000 -j REDIRECT --to-ports 8443

5、官方客户端

新建一个文件夹

可执行文件 2于配置文件放在目录下

配置文件config.yaml如下

server: ip:8443 # 改为你服务器的ip和端口
auth: 88888888 # 改为你的密码
bandwidth:
up: 50 mbps
down: 500 mbps # 根据你的网络情况设置
socks5:
listen: 127.0.0.1:1080 # 提供一个1080端口的socks5代理
tls:
sni: bing.com # 与服务器配置对应
insecure: true
pinSHA256: 0B:B4:3A:03:24:A8:D1:44:CF:91:FB:D
quic: # 调节发送窗口,与服务器保持一致
initStreamReceiveWindow: 26843545
maxStreamReceiveWindow: 26843545
initConnReceiveWindow: 67108864
maxConnReceiveWindow: 67108864

其中 pinSHA256 是服务器的证书的 SHA256 值,通过下面的命令获取

Terminal window
openssl x509 -noout -fingerprint -sha256 -in path_to_your_cert.crt

6、v2rayN 配置

新建文件 hy.yml 修改 ip、密码、带宽

server: ip:8443
auth: 88888888
bandwidth:
up: 50 mbps
down: 100 mbps
tls:
sni: bing.com
insecure: true
socks5:
listen: 127.0.0.1:1080
http:
listen: 127.0.0.1:8080

7、Clash.meta 配置

- name: "hysteria2"
type: hysteria2
server: ip
port: 8443
up: "50 Mbps"
down: "100 Mbps"
password: 88888888
sni: bing.com
skip-cert-verify: true

8、官方客户端配置

server: 107.141.100.49:10000-11000
auth: 88888888
bandwidth:
up: 50 mbps
down: 100 mbps
socks5:
listen: 0.0.0.0:1080
http:
listen: 127.0.0.1:8080
tls:
sni: bing.com
insecure: true
pinSHA256: 72:8A:69:38:6F:7D:D3:BA:3D:EF:BB:86:F5:58:94:E3:3E:B6:75:0A:6D:BE:BD:3B:26:3E
quic:
initStreamReceiveWindow: 26843545
maxStreamReceiveWindow: 26843545
initConnReceiveWindow: 67108864
maxConnReceiveWindow: 67108864
maxIdleTimeout: 30s
keepAlivePeriod: 10s