Summary · AI
ByteVirt-JP-CF优选方案
AI 2026-05-30 · 9 min read · 2 backlinks
ByteVirt-JP CF 优选方案
背景
ByteVirt-JP (140.235.37.81) 走电信 163 线路,晚高峰(20:00-23:00)带宽跌至 2-3 Mbps,基本不可用。通过 Cloudflare CDN 优选 IP 中转,晚高峰可稳定 117+ Mbps,4K YouTube 无压力。
架构
客户端 (Clash Verge)
│
│ TLS + WS (SNI: proxy-jp-cf.seesaw.icu)
↓
CF 优选 IP (108.162.194.215:443, SIN 节点)
│
│ CF 内网回源 (HTTPS:443)
↓
bv-jp nginx stream (:443, SNI 分流)
│
├─ SNI = proxy-jp-cf.seesaw.icu → nginx :8443 (TLS 终结 + WS)
│ ↓
│ xray :10086 (VLESS+WS)
│
└─ 其他 SNI → xray :4443 (VLESS+Reality 直连节点, 透传)
关键配置
Cloudflare Dashboard
- DNS:
proxy-jp-cf.seesaw.icu → A → 140.235.37.81,橙色云开启
- SSL/TLS: Full(不是 Flexible,不是 Full Strict)
bv-jp 服务端
nginx.conf 末尾追加 stream block:
stream {
map $ssl_preread_server_name $backend {
proxy-jp-cf.seesaw.icu cf_backend;
default xray_backend;
}
upstream cf_backend {
server 127.0.0.1:8443;
}
upstream xray_backend {
server 127.0.0.1:4443;
}
server {
listen 443;
ssl_preread on;
proxy_pass $backend;
}
}
nginx sites-enabled/proxy-jp-cf.conf:
server {
listen 80;
server_name proxy-jp-cf.seesaw.icu;
location /ws {
proxy_pass http://127.0.0.1:10086;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
location / {
return 200 "ok";
add_header Content-Type text/plain;
}
}
server {
listen 8443 ssl;
server_name proxy-jp-cf.seesaw.icu;
ssl_certificate /etc/letsencrypt/live/proxy-jp.seesaw.icu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proxy-jp.seesaw.icu/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location /ws {
proxy_pass http://127.0.0.1:10086;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
location / {
return 200 "ok";
add_header Content-Type text/plain;
}
}
xray config.json:端口从 443 改为 4443(Reality 直连入站),其余不变。
端口分布
| 端口 | 服务 | 用途 | | 443 | nginx stream | SNI 分流入口 |
| 8443 | nginx HTTPS | CF 回源 WS 终结 |
| 4443 | xray | VLESS+Reality 直连 |
| 10086 | xray | VLESS+WS(内部) |
| 80 | nginx HTTP | Flexible 模式备用 |
客户端订阅 (clash.yaml)
- name: ByteVirt-JP-CF
type: vless
server: 108.162.194.215
port: 443
uuid: 00414335-d7e2-4ef6-9ec3-718cf2efa465
network: ws
tls: true
udp: false
servername: proxy-jp-cf.seesaw.icu
ws-opts:
path: /ws
headers:
Host: proxy-jp-cf.seesaw.icu
Clash 客户端注意事项
TUN 模式下 sniffer 的 override-destination: true 会覆盖优选 IP,需在客户端本地配置或订阅中加:
sniffer:
enable: true
override-destination: true
skip-domain:
- "proxy-jp-cf.seesaw.icu"
或者关闭 TUN,仅用系统代理模式。
CF 优选 IP
使用 CloudflareSpeedTest 工具筛选:
cd ~/cfst
./cfst -url "https://speed.cloudflare.com/__down?bytes=10000000" -tl 200 -sl 2 -dn 10
当前优选结果:108.162.194.215(SIN 落地,29ms,7.37 MB/s)
更新优选 IP 后需同步到 bv-la 和 tc-sv 两台订阅服务器。
测速数据
| 时段 | 163 直连 | CF 优选 | | 凌晨 03:00 | 125-169 Mbps | 227 Mbps |
| 晚高峰 22:00 | 2-3 Mbps | 117-185 Mbps |
排坑记录
- CF SSL 模式必须是 Full:Flexible 导致 CF 从 SIN/AMS/LAX 绕路回源,Full 模式走正确路径
- sniffer override-destination:TUN 模式下会把优选 IP 覆盖回域名解析的 IP,需 skip-domain
- nginx stream 模块:Ubuntu 需要
apt install libnginx-mod-stream
- 测速目标选择:不能用 speed.cloudflare.com(会二次经过 CF),应直接从源站下载文件测
- xray Reality 和 TLS 不能共存同端口:用 nginx stream SNI 分流解决
备份恢复
备份文件位置(在 bv-jp 上):
/etc/nginx/nginx.conf.bak/etc/nginx/proxy-jp-cf.conf.bak/usr/local/etc/xray/config.json.bak
恢复命令:
cp /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
cp /etc/nginx/proxy-jp-cf.conf.bak /etc/nginx/sites-enabled/proxy-jp-cf.conf
cp /usr/local/etc/xray/config.json.bak /usr/local/etc/xray/config.json
systemctl restart nginx && systemctl restart xray