共计 4546 个字符,预计需要花费 12 分钟才能阅读完成。
前言:
Clash 删库跑路后,建议转战 Sing-Box 内核搭建,且配置简单,软路由最新版 passwall 和 openclash 都可以使用。
附上官网:sing-box
官网配置说明不全,配置文件部分建议看这个:sing-box-examples
无需域名,使用自签证书配置 hysteria2
一、安装 sing-box
官网一键安装脚本(Debian/Ubuntu):
bash <(curl -fsSL https://sing-box.app/deb-install.sh)官网一键安装脚本(CentOs):
bash <(curl -fsSL https://sing-box.app/rpm-install.sh)
官网版配置文件是在:/etc/sing-box/config.json
| 行动 | 命令 |
|---|---|
| 启用 | sudo systemctl enable sing-box |
| 禁用 | sudo systemctl disable sing-box |
| 启动 | sudo systemctl start sing-box |
| 停止 | sudo systemctl stop sing-box |
| 强行停止 | sudo systemctl kill sing-box |
| 重新启动 | sudo systemctl restart sing-box |
| 查看日志 | sudo journalctl -u sing-box --output cat -e |
| 实时日志 | sudo journalctl -u sing-box --output cat -f |
安装后脚本菜单:sing-box
二、服务端配置
自签证书命令
用自签证书的好处就是不需要有自己的域名,需要 开启允许不安全连接,为 bing.com 生成一个 100 年的自签证书
mkdir -p /root/hysteria && openssl ecparam -genkey -name prime256v1 -out /root/hysteria/private.key && openssl req -new -x509 -days 36500 -key /root/hysteria/private.key -out /root/hysteria/cert.pem -subj "/CN=bing.com"
编辑配置文件
vi /etc/sing-box/config.json覆盖内容
{
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 8443,
"users": [
{
"password": "" //your password
}
],
"tls": {
"enabled": true,
"alpn": [
"h3"
],
"certificate_path": "/root/hysteria/cert.pem", // 证书路径
"key_path": "/root/hysteria/private.key"
}
},
{
"type": "vless",
"listen": "::",
"listen_port": 443,
"users": [
{
"uuid": "", // 执行此命令后删除注释 sing-box generate uuid
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "yahoo.com", // 偷取证书的域名,tls1.3,h2
"reality": {
"enabled": true,
"handshake": {
"server": "yahoo.com", // 偷取证书的域名
"server_port": 443
},
"private_key": "", // 执行此命令后删除注释 sing-box generate reality-keypair
"short_id": [
"b2c86d5449d237fa"
]
}
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}三、客户端配置
sing-box
{
"dns": {
"rules": [
{
"clash_mode": "global",
"server": "remote"
},
{
"clash_mode": "direct",
"server": "local"
},
{
"outbound": [
"any"
],
"server": "local"
},
{
"geosite": "cn",
"server": "local"
}
],
"servers": [
{
"address": "https://1.1.1.1/dns-query",
"detour": "select",
"tag": "remote"
},
{
"address": "https://223.5.5.5/dns-query",
"detour": "direct",
"tag": "local"
}
],
"strategy": "ipv4_only"
},
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:9090",
"secret": "",
"store_selected": true
}
},
"inbounds": [
{
"auto_route": true,
"domain_strategy": "ipv4_only",
"endpoint_independent_nat": true,
"inet4_address": "172.19.0.1/30",
"mtu": 9000,
"sniff": true,
"sniff_override_destination": true,
"strict_route": true,
"type": "tun"
},
{
"domain_strategy": "ipv4_only",
"listen": "127.0.0.1",
"listen_port": 2333,
"sniff": true,
"sniff_override_destination": true,
"tag": "socks-in",
"type": "socks",
"users": []
},
{
"domain_strategy": "ipv4_only",
"listen": "127.0.0.1",
"listen_port": 2334,
"sniff": true,
"sniff_override_destination": true,
"tag": "mixed-in",
"type": "mixed",
"users": []
}
],
"log": {
"disabled": false,
"level": "info",
"timestamp": true
},
"outbounds": [
{
"tag": "select",
"type": "selector",
"default": "urltest",
"outbounds": [
"urltest",
"sing-box-reality",
"sing-box-hysteria2"
]
},
{
"type": "vless",
"tag": "sing-box-reality",
"uuid": "", // 你的 uuid
"flow": "xtls-rprx-vision",
"packet_encoding": "xudp",
"server": "", // 你的 ip 地址
"server_port": 7443, //reality 端口号
"tls": {
"enabled": true,
"server_name": "yahoo.com", // 修改为你的偷取的网站,离自己近的
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "", // 修改为你的 public-key
"short_id": "b2c86d5449d237fa" // 修改为你的 shortid
}
}
},
{
"type": "hysteria2",
"server": "", // 你的 vps ip 地址
"server_port": 8443, //hy2 端口号
"tag": "sing-box-hysteria2",
"up_mbps": 30,
"down_mbps": 150, // 根据自己的带宽填也可以跟我一样
"password": "", // 你的 hysteria2 密码
"tls": {
"enabled": true,
"server_name": "bing.com", // 自签域名
"insecure": true, // 自签就 true,不自签 false,跳过证书验证
"alpn": [
"h3"
]
}
},
{
"tag": "direct",
"type": "direct"
},
{
"tag": "block",
"type": "block"
},
{
"tag": "dns-out",
"type": "dns"
},
{
"tag": "urltest",
"type": "urltest",
"outbounds": [
"sing-box-reality",
"sing-box-hysteria2"
]
}
],
"route": {
"auto_detect_interface": true,
"rules": [
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"outbound": "dns-out",
"protocol": "dns"
},
{
"clash_mode": "direct",
"outbound": "direct"
},
{
"clash_mode": "global",
"outbound": "select"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
},
{
"geosite": "geolocation-!cn",
"outbound": "select"
},
{
"geosite": "cn",
"outbound": "direct"
}
],
"geoip": {
"download_detour": "select"
},
"geosite": {
"download_detour": "select"
}
}
}
clash-meta
reality 配置
- name: Reality-RN
type: vless
server: ip 地址
port: 端口号
uuid: 0000000-0000-0000-0000-0000000
network: tcp
udp: true
tls: true
flow: xtls-rprx-vision
servername: www.lovelive-anime.jp #偷取的域名
client-fingerprint: chrome
reality-opts:
public-key: 你的公钥
short-id: b2c86d5449d237fa
hysteria
- name: "hysteria2"
type: hysteria2
server: 122.122.11.22# 服务器 ip
port: 8443 #端口号
# up 和 down 均不写或为 0 则使用 BBR 流控
# up: "30 Mbps" # 若不写单位,默认为 Mbps
# down: "200 Mbps" # 若不写单位,默认为 Mbps
password: yourpassword
sni: bing.com #自签域名
skip-cert-verify: true #如果自签则为 true
alpn:
- h3
正文完
