There are a few Github projects to show you how to use Cloudflare workers / pages to generate your own proxy nodes or subscription group. (https://github.com/yonggekkk/Cloudflare_vless_trojan, https://github.com/vfarid/v2ray-worker)
Note: Starting from Nov 23 2024 (Based on my testing, most likely earlier, but not earlier than Nov 16), Cloudflare is checking the code in the new deployment for this kind of workers or pages. The existing ones have not got issue, but new deployment will get an error 1101 "Worker threw exception".
Use Cloudflare to Generate vless nodes
Github project:- https://github.com/51sec/ss_generator/blob/main/worker2vless.js
- Original one: https://github.com/zizifn/edgetunnel/tree/main/src
Create a new worker using js code in the Github project. You can use Cloudflare own workers sub-domain.
You can use the code from Github:
- https://github.com/51sec/ss_generator/blob/main/worker2vless.js
You also can use a group of random ProxyIP instead of single one by modifying code as show below.
- const proxyIPs = ['cdn.xn--b6gac.eu.org', 'cdn-all.xn--b6gac.eu.org', 'workers.cloudflare.cyou'];
-
- // if you want to use ipv6 or single proxyIP, please add comment at this line and remove comment at the next line
- let proxyIP = proxyIPs[Math.floor(Math.random() * proxyIPs.length)];
- // use single proxyIP instead of random
- // let proxyIP = 'cdn.xn--b6gac.eu.org';
- // ipv6 proxyIP example remove comment to use
- // let proxyIP = "[2a01:4f8:c2c:123f:64:5:6810:c55a]"
1. UUID
2. Proxyip
More:
大佬们搭建好的订阅器(生成器)
- aliyun.classelivre.eu.org 天城大佬
- cm.godns.onflashdrive.app 天城大佬
- 3k.fxxk.dedyn.io 3K大佬
- vmess.fxxk.dedyn.io CM大佬
- vless.fxxk.dedyn.io CM大佬
订阅器使用格式:https://生成器地址(订阅器)/sub?host=伪装域名&uuid=你的UUID&path=路径
For example:
https://v.51sec.workers.dev/sub?host=v.51sec.workers.dev&decade00-0000-4000-a000-000000000000&path=/?ed=2048
伪装域名 (host)
- in my example, it is same as 优选IP (Address)
- It can be different and some other hosts on internet
- such as th.amazinglinyy.workers.dev
Peformance Priority IP (Address)
- in my example, it is same as 伪装域名 (host)
- But it can be different.
- such as www.visa.com:8880 to replace my v.51sec.workers.dev:443
After you deployed successfully, you can access your worker with uuid (https://<subdomain name>/UUID)
You also can assign your own subdomain to this worker then use your subdomain to access it with uuid.
Re-generate uuid in v2rayN:
Note: generate a sub link from above screenshot:
For example:
https://v.51sec.workers.dev/sub?host=v.51sec.workers.dev&decade00-0000-4000-a000-000000000000&path=/?ed=2048
You can add this link to v2rayN's sub group to get a bunch of links. Then you will find a best optimized link with an ip inside to use.
Note: Chagne Address (v.51sec.workers.dev) to a optimized IP:
将复制的 V2ray 配置链接粘贴到 V2rayN 客户端,地址填入优选 IP ,即可成功科学上网。优选 IP 可通过 https://stock.hostmonit.com/CloudFlareYes.
Note: A simple and easy to remember uuid:
- decade00-0000-4000-a000-000000000000
Output for https://v.51sec.workers.dev/decade00-0000-4000-a000-000000000000
################################################################
v2ray
---------------------------------------------------------------
vless://[email protected]:443?encryption=none&security=tls&sni=v.51sec.workers.dev&fp=randomized&type=ws&host=v.51sec.workers.dev&path=%2F%3Fed%3D2048#v.51sec.workers.dev
---------------------------------------------------------------
################################################################
clash-meta
---------------------------------------------------------------
- type: vless
name: v.51sec.workers.dev
server: v.51sec.workers.dev
port: 443
uuid: decade00-0000-4000-a000-000000000000
network: ws
tls: true
udp: false
sni: v.51sec.workers.dev
client-fingerprint: chrome
ws-opts:
path: "/?ed=2048"
headers:
host: v.51sec.workers.dev
---------------------------------------------------------------
################################################################Note:https://v2rayssr.com/worker-vless.html
BPB Project
- https://github.com/bia-pain-bache/BPB-Worker-Panel
Steps
1 Fork https://github.com/bia-pain-bache/BPB-Worker-Panel project into your own Github repository
2 Log into Cloudflare
Creaet KV
It has to be bpb this name for your Namespace.
3 Create Page and Connect to Git (Your Github account)
4 After follow the wizard to complete the setup, go back to the project.
5 Go to Setttings page to create two variables:
UUID will need to generate a new one. Default is [89b3cbba-e6ac-485a-9481-976a0415eab9], which will cause a security concern. It is easy to regenerate one from 在线生成 UUID 1 | 在线生成 UUID 2
PROXYIP:Go here to randomly select one: 随机选择一个代理 IP,or directly set your proxy ip to
cdn-b100.xn--b6gac.eu.org6 Bind KV namespace
You only can use bpb this name.
After all done, redeploy the project:
Access the Pages
- https://<name.pages.dev>/panel
Deply to Pages:
点击 Workers 和 Pages ,创建 Pages 选择 上传资产 资源地址:
https://raw.githubusercontent.com/cmliu/edgetunnel/main/worker.zip设置 UUID 变量
https://1024tools.com/uuid
到设置 – 环境变量 – 添加变量,变量名称:UUID
设置自定义域
找到设置 – 触发器,添加自定义域,输入 没使用过 的 已经托管在 CF 上面 的,二级域名
重新部署 Pages
回到项目,找到 部署,点击下面的 创建新部署,再次上传刚才的 worker.zip 文件,保存并部署!
查看节点
我们可以访问 https://域/UUID ,来查看我们的节点
Proxy IP
Proxy IPs source: https://rentry.co/CF-proxyIPCF反代IP=Proxy IP = 优选ip = Clean IP
ProxyIP explaination: https://upsangel.com/security/vpn/cloudflare-worker-vless%E7%BF%BB%E7%89%86%E4%BB%A3%E7%90%86%E5%8E%9F%E7%90%86-proxyip%E7%B4%B0%E7%AF%80%E7%A0%94%E7%A9%B6/
一些神奇的ip,可以无条件的转发所有cf流量
如果上面的proxyip用不了了,可以替换成下面这些域名
cdn-all.xn–b6gac.eu.org
cdn.xn–b6gac.eu.org
cdn-b100.xn–b6gac.eu.org
edgetunnel.anycast.eu.org
cdn.anycast.eu.org
另外可以参考这个issues进行proxyip查找
issues:https://github.com/zizifn/edgetunnel/issues/162
這個#162issue幫我指引我到了正確的答案,z大在自己的repo issue中解釋到:
由于cf bug,现在cf worker 不能直接访问cf 托管的网站。。所以需要配置一个中转ip。。。而有一些神奇的 ip,可以无条件转发所有 cf 的流量。
z大口中的“神奇的ip”,就是proxyIP。而這個“cf bug”其實是Cloudflare的“有意爲之”,Cloudflare已在網誌上說:
Outbound TCP sockets to Cloudflare IP ranges are temporarily blocked, but will be re-enabled shortly.
也就是說CF Worker是不能訪問CF自家的IP,是不是很不可思議?而z大的代碼就考慮到這一點,如果出現遠端TCP不返回數據(例如遠端的IP是CF自家的IP),就會觸發 retry() 函數,把TCP包再發給proxyIP retry,讓proxyIP丟回給CF的目的IP。
Verify:
browser to https://51sec.org/cdn-cgi/trace
Without VLESS = Without Poxy IP
fl=785f46
h=51sec.org
ip=16.32.19.10
ts=1732462022.517
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
colo=YYZ
sliver=none
http=http/2
loc=CA
tls=TLSv1.3
sni=encrypted
warp=off
gateway=off
rbi=off
kex=X25519MLKEM768
IP=16.32.19.10 which is my home ISP ip.
After enabled VLESS , ip changed to 62.72.163.109.
https://ipcheck.ing/
优选ip = Clean IP
Clean IPs via IRCF Space Repo
Clean IP Scanner: https://drunkleen.github.io/ip-scanner/
注意面板上 proxyIP 项可使用反代 CF 的 IP,但更推荐在 page 里设置 proxyip 变量。 clean IP 项是指得优选 IP,可利用 BPB 面板自带的 IP 进行优选,貌以不能测速和选择国家地区。所以大家也可使用其它优选工具优选,也可以在 fofa 上手搓去寻找个性化的 CFIP
Security Concerns
Search from https://fofa.info/
fofa 筛选指定 IP 利用 fofa,去筛选 CF 家 IP,然后筛选反代 CF 的 IP(非 CF 的 IP,是反代了 CFIP 的 IP)。
如筛选 cloudflare 的 IP,端口是 443、地区限定香港、AS 号限定 CF 家的 AS 号:
server=="cloudflare" && port=="443" && region=="HK" && (asn=="13335" || asn=="209242" || asn=="396982" || asn=="132892" || asn=="202623")
如筛选反代 cloudflare 的 IP,端口 443、地区限定香港、头部特征隐藏、排除 CF 的 AS 号:
server=="cloudflare" && port=="443" && header="Forbidden" && region=="HK" && asn!="13335" && asn!="209242" && asn!="396982" && asn!="132892" && asn!="202623"
没有 fofa 帐号的话,可用临时邮箱去注册,批量下载筛选的 IP。
note: https://blog.taoshuge.eu.org/p/288/
Free VLESS Site Collections
Free
- https://pclwgdwv.serv00.net/
![[5 Mins Docker] Deploy FreshRSS Using Docker Run Command and Deploy To Fly.io](https://blog.51sec.org/ezoimgfmt/lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s16XsLJtyCIDLWF0SWdgrDMt0oUfn7CnHpm5HGX8esqSNEq-zAjiHofMrbZ7VP6hUsGh92HsSEnXkNxDQCg3XptYsTn43ZzRpfWMFS-nBjzQ)
No comments:
Post a Comment