2024最新主流,Sing-Box手动搭建reality和hysteria2教程(无需域名)

5,569次阅读
没有评论

共计 4546 个字符,预计需要花费 12 分钟才能阅读完成。

前言:

Clash 删库跑路后,建议转战 Sing-Box 内核搭建,且配置简单,软路由最新版 passwall 和 openclash 都可以使用。

附上官网:sing-box

官网配置说明不全,配置文件部分建议看这个:sing-box-examples

无需域名,使用自签证书配置 hysteria2

2024 最新主流,Sing-Box 手动搭建 reality 和 hysteria2 教程(无需域名)

一、安装 sing-box

官网一键安装脚本(Debian/Ubuntu):

bash <(curl -fsSL https://sing-box.app/deb-install.sh)

官网一键安装脚本(CentOs):

bash <(curl -fsSL https://sing-box.app/rpm-install.sh)

 

官网版配置文件是在:/etc/sing-box/config.json

行动命令
启用sudo systemctl enable sing-box
禁用sudo systemctl disable sing-box
启动sudo systemctl start sing-box
停止sudo systemctl stop sing-box
强行停止sudo systemctl kill sing-box
重新启动sudo systemctl restart sing-box
查看日志sudo journalctl -u sing-box --output cat -e
实时日志sudo journalctl -u sing-box --output cat -f

 

安装后脚本菜单:sing-box

 

二、服务端配置

 

自签证书命令

用自签证书的好处就是不需要有自己的域名,需要 开启允许不安全连接,为 bing.com 生成一个 100 年的自签证书

mkdir -p /root/hysteria && openssl ecparam -genkey -name prime256v1 -out /root/hysteria/private.key && openssl req -new -x509 -days 36500 -key /root/hysteria/private.key -out /root/hysteria/cert.pem -subj "/CN=bing.com"

编辑配置文件

vi /etc/sing-box/config.json

覆盖内容

{
    "inbounds": [
        {
            "type": "hysteria2",
            "listen": "::",
            "listen_port": 8443,
            "users": [
                {
                    "password": "" //your password
                }
            ],
            "tls": {
                "enabled": true,
                "alpn": [
                    "h3"
                ],
                "certificate_path": "/root/hysteria/cert.pem", // 证书路径
                "key_path": "/root/hysteria/private.key"
            }
        },
        {
            "type": "vless",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "uuid": "", // 执行此命令后删除注释 sing-box generate uuid
                    "flow": "xtls-rprx-vision"
                }
            ],
            "tls": {
                "enabled": true,
                "server_name": "yahoo.com", // 偷取证书的域名,tls1.3,h2
                "reality": {
                    "enabled": true,
                    "handshake": {
                        "server": "yahoo.com", // 偷取证书的域名
                        "server_port": 443
                    },
                    "private_key": "", // 执行此命令后删除注释 sing-box generate reality-keypair
                    "short_id": [
                        "b2c86d5449d237fa"
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

三、客户端配置

 

sing-box

{
  "dns": {
    "rules": [
      {
        "clash_mode": "global",
        "server": "remote"
      },
      {
        "clash_mode": "direct",
        "server": "local"
      },
      {
        "outbound": [
          "any"
        ],
        "server": "local"
      },
      {
        "geosite": "cn",
        "server": "local"
      }
    ],
    "servers": [
      {
        "address": "https://1.1.1.1/dns-query",
        "detour": "select",
        "tag": "remote"
      },
      {
        "address": "https://223.5.5.5/dns-query",
        "detour": "direct",
        "tag": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "experimental": {
    "clash_api": {
      "external_controller": "127.0.0.1:9090",
      "secret": "",
      "store_selected": true
    }
  },
  "inbounds": [
    {
      "auto_route": true,
      "domain_strategy": "ipv4_only",
      "endpoint_independent_nat": true,
      "inet4_address": "172.19.0.1/30",
      "mtu": 9000,
      "sniff": true,
      "sniff_override_destination": true,
      "strict_route": true,
      "type": "tun"
    },
    {
      "domain_strategy": "ipv4_only",
      "listen": "127.0.0.1",
      "listen_port": 2333,
      "sniff": true,
      "sniff_override_destination": true,
      "tag": "socks-in",
      "type": "socks",
      "users": []
    },
    {
      "domain_strategy": "ipv4_only",
      "listen": "127.0.0.1",
      "listen_port": 2334,
      "sniff": true,
      "sniff_override_destination": true,
      "tag": "mixed-in",
      "type": "mixed",
      "users": []
    }
  ],
  "log": {
    "disabled": false,
    "level": "info",
    "timestamp": true
  },
  "outbounds": [
    {
      "tag": "select",
      "type": "selector",
      "default": "urltest",
      "outbounds": [
        "urltest",
        "sing-box-reality",
        "sing-box-hysteria2"
      ]
    },
    {
      "type": "vless",
      "tag": "sing-box-reality",
      "uuid": "", // 你的 uuid
      "flow": "xtls-rprx-vision",
      "packet_encoding": "xudp",
      "server": "", // 你的 ip 地址
      "server_port": 7443, //reality 端口号
      "tls": {
        "enabled": true,
        "server_name": "yahoo.com", // 修改为你的偷取的网站,离自己近的
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        },
        "reality": {
          "enabled": true,
          "public_key": "", // 修改为你的 public-key
          "short_id": "b2c86d5449d237fa"   // 修改为你的 shortid
        }
      }
    },
    {
      "type": "hysteria2",
      "server": "", // 你的 vps ip 地址
      "server_port": 8443,   //hy2 端口号
      "tag": "sing-box-hysteria2",
      "up_mbps": 30,
      "down_mbps": 150,  // 根据自己的带宽填也可以跟我一样
      "password": "", // 你的 hysteria2 密码
      "tls": {
        "enabled": true,
        "server_name": "bing.com", // 自签域名
        "insecure": true, // 自签就 true,不自签 false,跳过证书验证
        "alpn": [
          "h3"
        ]
      }
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    },
    {
      "tag": "dns-out",
      "type": "dns"
    },
    {
      "tag": "urltest",
      "type": "urltest",
      "outbounds": [
        "sing-box-reality",
        "sing-box-hysteria2"
      ]
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "rules": [
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      },
      {
        "outbound": "dns-out",
        "protocol": "dns"
      },
      {
        "clash_mode": "direct",
        "outbound": "direct"
      },
      {
        "clash_mode": "global",
        "outbound": "select"
      },
      {
        "geoip": [
          "cn",
          "private"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "geolocation-!cn",
        "outbound": "select"
      },
      {
        "geosite": "cn",
        "outbound": "direct"
      }
    ],
    "geoip": {
            "download_detour": "select" 
        },
    "geosite": {
            "download_detour": "select"
        }
  }
}

 

clash-meta

reality 配置

- name: Reality-RN
  type: vless
  server: ip 地址
  port: 端口号
  uuid: 0000000-0000-0000-0000-0000000
  network: tcp
  udp: true
  tls: true
  flow: xtls-rprx-vision
  servername: www.lovelive-anime.jp #偷取的域名
  client-fingerprint: chrome
  reality-opts:
    public-key: 你的公钥
    short-id: b2c86d5449d237fa


hysteria

- name: "hysteria2"
  type: hysteria2
  server: 122.122.11.22# 服务器 ip
  port: 8443 #端口号
  #  up 和 down 均不写或为 0 则使用 BBR 流控
  # up: "30 Mbps" # 若不写单位,默认为 Mbps
  # down: "200 Mbps" # 若不写单位,默认为 Mbps
  password: yourpassword
  sni: bing.com #自签域名
  skip-cert-verify: true #如果自签则为 true
  alpn:
   - h3

 

正文完
 1
alecctv
版权声明:本站原创文章,由 alecctv 2024-01-18发表,共计4546字。
转载说明:除特殊说明外本站文章皆由ooly.cc发布,转载请注明出处。
评论(没有评论)
验证码