sing-box手动配置
·
any-reality原理
- 其实我们可以把处理需要代理的数据分成三个部分:
- 最上层的第一个部分就是我们熟知的各种代理协议,比如ss、vmess、vless、trojan、socks、anytls等等
- 第二部分是传输方式,也就是上层经过代理协议处理的数据用什么方式传输,比如raw原始状态、ws、kcp、grpc、xhttp、httpupgrade、meek等等 我们熟悉的vmess+ws,就是将上层vmess处理后的数据通过ws传输,这层一般不对数据进行加密,要么是在第一层就通过代理协议加密了,要么是交给第三层的传输安全来处理
- 最底层也就是我们熟知的tls以及reality
配置组合
- 通过这个图我们就可以实现任意协议组合任意传输,比如我可以搭建普通的vmess节点,也可以搭建ss+ws的节点,或者ss+grpc+reality
- 还可以将原本的协议组合打乱,比如trojan协议默认情况下就是套了tls,我们可以给她换成reality或者直接脱掉tls让她裸奔
- anytls也是类似,协议默认设计成了套tls,但我们可以给他套上reality,也就变成了anyreality了
配置any-reality
sudo loginctl enable-linger peter
sudo loginctl show-user peter
如果您希望为所有用户启用linger,可以编辑 /etc/systemd/logind.conf 文件,并将 LingerDefault 选项设置为 yes,然后重启 systemd-logind
生成reality keypair
sing-box generate reality-keypair
anytls-reality server 配置
sudo mkdir -p /opt/sing-box/conf
wget https://github.com/SagerNet/sing-box/releases/download/v1.12.9/sing-box-1.12.9-linux-amd64.tar.gz
sudo tar xvzf sing-box-1.12.9-linux-amd64.tar.gz -C /opt/sing-box/
sudo cp /opt/sing-box/sing-box-1.12.9-linux-amd64/sing-box /opt/sing-box/sing-box
cat <<EOF |sudo tee /etc/systemd/system/sing-box-manual.service
[Unit]
Description=sing-box Service
Documentation=https://sing-box.sagernet.org/
After=network.target nss-lookup.target
[Service]
User=peter
ExecStart=/opt/sing-box/sing-box run -c /opt/sing-box/config.json -C /opt/sing-box/conf
Restart=on-failure
RestartPreventExitStatus=23
RestartSec=10s
LimitNPROC=10000
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
# 后续需要添加新的outbounds可以直接添加在/opt/sing-box/conf/中, sing-box 会自动merge
# 主配置在config.json中
cat <<EOF | sudo tee /opt/sing-box/config.json
{
"inbounds": [
{
"type": "anytls",
"listen": "::",
"listen_port": 6443,
"users": [
{
"name": "user",
"password": "123456"
}
],
"padding_scheme": [
"stop=8",
"0=30-30",
"1=100-400",
"2=400-500,c,500-1000,c,500-1000,c,500-1000,c,500-1000",
"3=9-9,500-1000",
"4=500-1000",
"5=500-1000",
"6=500-1000",
"7=500-1000"
],
"tls": {
"enabled": true,
"server_name": "yahoo.com",
"reality": {
"enabled": true,
"handshake": {
"server": "yahoo.com",
"server_port": 443
},
"private_key": "eO3B3EMGXrYfGOe87NkUVusaeUxtLB4vxiqjVXqb9GU",
"short_id": "0123456789abcdef"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "public_key_u4v3a_-uhIXPE2RoGaNy9_W5EK5UYV_hVN4Vpei75lM"
}
]
}
EOF
anytls-reality client 配置
mkdir -p ~/.proxy/conf
wget https://github.com/SagerNet/sing-box/releases/download/v1.12.9/sing-box-1.12.9-linux-amd64.tar.gz
tar xvzf sing-box-1.12.9-linux-amd64.tar.gz -C ~/.proxy/
cp ~/.proxy/sing-box-1.12.9-linux-amd64/sing-box ~/.proxy/
# cat <<EOF | sudo tee /etc/systemd/user/sing-box-manual.service
cat <<EOF > ~/.config/systemd/user/sing-box-manual.service
[Unit]
Description=sing-box Service
Documentation=https://sing-box.sagernet.org/
After=network.target nss-lookup.target
[Service]
ExecStart=/home/peter/.proxy/sing-box run -c /home/peter/.proxy/config.json -C /home/peter/.proxy/conf
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=default.target
EOF
systemctl --user daemon-reload
systemctl --user start sing-box-manual.service
systemctl --user show-environment
journalctl --user -ex -u sing-box-manual.service
cat <<EOF > /home/peter/.proxy/conf/anytls-reality.json
{
"outbounds": [
{
"type": "anytls",
"tag": "anytls-out",
"server": "10.32.118.200",
"server_port": 6443,
"password": "123456",
"idle_session_check_interval": "30s",
"idle_session_timeout": "30s",
"min_idle_session": 5,
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yahoo.com",
"insecure": false,
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "u4v3a_-uhIXPE2RoGaNy9_W5EK5UYV_hVN4Vpei75lM",
"short_id": "0123456789abcdef"
}
}
},
{
"type": "direct",
"tag": "direct"
}
]
}
EOF
基础配置
cat <<EOF > /home/peter/.proxy/config.json
{
"log": {
"disabled": false,
"level": "debug",
"output": "",
"timestamp": true
},
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:10807",
"external_ui": "ui",
"external_ui_download_url": "https://github.com/MetaCubeX/metacubexd/archive/gh-pages.zip",
"external_ui_download_detour": "vless-out",
"default_mode": "rule",
"access_control_allow_origin": [ "*" ],
"access_control_allow_private_network": false
},
"cache_file": {
"enabled": true,
"path": "cache.db",
"cache_id": "",
"store_fakeip": true,
"store_rdrc": true,
"rdrc_timeout": "7d"
}
},
"inbounds": [
{
"address": ["172.18.0.1/30", "fdfe:dcba:9876::1/126"],
"route_address": ["0.0.0.0/1", "128.0.0.0/1", "::/1", "8000::/1"],
"route_exclude_address": [
"192.168.0.0/16",
"10.0.0.0/8",
"172.16.0.0/12",
"fc00::/7"
],
"auto_route": true,
"strict_route": true,
"type": "tun"
},
{
"type": "mixed",
"tag": "mixed-in",
"listen": "127.0.0.1",
"listen_port": 10806,
"tcp_fast_open": false,
"tcp_multi_path": false,
"udp_fragment": false
}
],
"outbounds": [
{
"type": "vless",
"tag": "vless-out",
"server": "10.50.228.53",
"server_port": 13584,
"uuid": "211d952d-cbef-4811-a3f0-xxxxxxxxxxxx",
"flow": "xtls-rprx-vision",
"network": "tcp",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "aws.amazon.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "xxxxxx-3J5ReO_EpOBSix7PYhFOzaor0r8xQtEUdjS8",
"short_id": ""
}
}
},
{
"type": "selector",
"tag": "🚀 Select",
"interrupt_exist_connections": true,
"outbounds": [
"vless-out",
"🎈 Auto"
]
},
{
"type": "urltest",
"tag": "🎈 Auto",
"url": "https://www.gstatic.com/generate_204",
"interval": "3m",
"tolerance": 150,
"interrupt_exist_connections": true,
"outbounds": [
"vless-out"
]
},
{
"type": "direct",
"tag": "🎯 Direct"
},
{
"type": "selector",
"tag": "🐟 Fallback",
"interrupt_exist_connections": true,
"outbounds": [
"🚀 Select",
"🎯 Direct"
]
},
{
"type": "selector",
"tag": "GLOBAL",
"interrupt_exist_connections": true,
"outbounds": [
"🚀 Select",
"🎈 Auto",
"🎯 Direct",
"🐟 Fallback"
]
},
],
"route": {
"rules": [
{
"action": "hijack-dns",
"protocol": "dns"
},
{
"action": "route",
"clash_mode": "direct",
"outbound": "🎯 Direct"
},
{
"action": "route",
"clash_mode": "global",
"outbound": "GLOBAL"
},
{
"action": "route",
"network": "icmp",
"outbound": "🎯 Direct"
},
{
"action": "reject",
"protocol": "quic"
},
{
"action": "reject",
"rule_set": [
"Category-Ads"
]
},
{
"action": "route",
"rule_set": [
"GeoSite-Private"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoSite-CN"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoIP-Private"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoIP-CN"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoLocation-!CN"
],
"outbound": "🚀 Select"
}
],
"rule_set": [
{
"tag": "Category-Ads",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/category-ads-all.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoIP-Private",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/private.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoSite-Private",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/private.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoIP-CN",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/cn.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoSite-CN",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/cn.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoLocation-!CN",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-!cn.srs",
"format": "binary",
"download_detour": "🎯 Direct"
}
],
"auto_detect_interface": true,
"final": "🐟 Fallback",
"default_domain_resolver": {
"server": "Local-DNS"
}
},
"dns": {
"servers": [
{
"tag": "Local-DNS",
"type": "https",
"domain_resolver": "Local-DNS-Resolver",
"server_port": 443,
"server": "223.5.5.5",
"path": "/dns-query"
},
{
"tag": "Local-DNS-Resolver",
"type": "udp",
"server_port": 53,
"server": "223.5.5.5"
},
{
"tag": "Remote-DNS",
"type": "tls",
"detour": "🚀 Select",
"domain_resolver": "Remote-DNS-Resolver",
"server_port": 853,
"server": "8.8.8.8"
},
{
"tag": "Remote-DNS-Resolver",
"type": "udp",
"detour": "🚀 Select",
"server_port": 53,
"server": "8.8.8.8"
}
],
"rules": [
{
"action": "route",
"clash_mode": "direct",
"server": "Local-DNS"
},
{
"action": "route",
"clash_mode": "global",
"server": "Remote-DNS"
},
{
"action": "route",
"rule_set": [
"GeoSite-CN"
],
"server": "Local-DNS"
},
{
"action": "route",
"rule_set": [
"GeoLocation-!CN"
],
"server": "Remote-DNS"
}
],
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"final": "Remote-DNS"
}
}
EOF
andriod 版本使用
{
"log": {
"disabled": false,
"level": "debug",
"output": "",
"timestamp": true
},
"inbounds": [
{
"type": "tun",
"address": ["172.19.0.1/30"],
"auto_route": true,
// "auto_redirect": true, // On linux
"strict_route": true
}
],
"outbounds": [
{
"type": "selector",
"tag": "🚀 Select",
"interrupt_exist_connections": true,
"outbounds": [
"vless-out",
"🎈 Auto"
]
},
{
"type": "urltest",
"tag": "🎈 Auto",
"url": "https://www.gstatic.com/generate_204",
"interval": "3m",
"tolerance": 150,
"interrupt_exist_connections": true,
"outbounds": [
"vless-out"
]
},
{
"type": "direct",
"tag": "🎯 Direct"
},
{
"type": "selector",
"tag": "🐟 Fallback",
"interrupt_exist_connections": true,
"outbounds": [
"🚀 Select",
"🎯 Direct"
]
},
{
"type": "selector",
"tag": "GLOBAL",
"interrupt_exist_connections": true,
"outbounds": [
"🚀 Select",
"🎈 Auto",
"🎯 Direct",
"🐟 Fallback"
]
},
{
"type": "vless",
"tag": "vless-out",
"server": "10.50.228.53",
"server_port": 13584,
"uuid": "211d952d-cbef-4811-a3f0-xxxxxxxxxxxx",
"flow": "xtls-rprx-vision",
"network": "tcp",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "aws.amazon.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "Uqr4g5-3J5ReO_EpOBSix7PYhxxxxxxxxxxxxxxxxxx",
"short_id": ""
}
}
}
],
"route": {
"rules": [
{
"action": "hijack-dns",
"protocol": "dns"
},
{
"action": "route",
"clash_mode": "direct",
"outbound": "🎯 Direct"
},
{
"action": "route",
"clash_mode": "global",
"outbound": "GLOBAL"
},
{
"action": "route",
"network": "icmp",
"outbound": "🎯 Direct"
},
{
"action": "reject",
"protocol": "quic"
},
{
"action": "reject",
"rule_set": [
"Category-Ads"
]
},
{
"action": "route",
"rule_set": [
"GeoSite-Private"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoSite-CN"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoIP-Private"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoIP-CN"
],
"outbound": "🎯 Direct"
},
{
"action": "route",
"rule_set": [
"GeoLocation-!CN"
],
"outbound": "🚀 Select"
}
],
"rule_set": [
{
"tag": "Category-Ads",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/category-ads-all.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoIP-Private",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/private.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoSite-Private",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/private.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoIP-CN",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/cn.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoSite-CN",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/cn.srs",
"format": "binary",
"download_detour": "🎯 Direct"
},
{
"tag": "GeoLocation-!CN",
"type": "remote",
"url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-!cn.srs",
"format": "binary",
"download_detour": "🎯 Direct"
}
],
"auto_detect_interface": true,
"final": "🐟 Fallback",
"default_domain_resolver": {
"server": "Local-DNS"
}
},
"dns": {
"servers": [
{
"tag": "Local-DNS",
"type": "https",
"domain_resolver": "Local-DNS-Resolver",
"server_port": 443,
"server": "223.5.5.5",
"path": "/dns-query"
},
{
"tag": "Local-DNS-Resolver",
"type": "udp",
"server_port": 53,
"server": "223.5.5.5"
},
{
"tag": "Remote-DNS",
"type": "tls",
"detour": "🚀 Select",
"domain_resolver": "Remote-DNS-Resolver",
"server_port": 853,
"server": "8.8.8.8"
},
{
"tag": "Remote-DNS-Resolver",
"type": "udp",
"detour": "🚀 Select",
"server_port": 53,
"server": "8.8.8.8"
}
],
"rules": [
{
"action": "route",
"clash_mode": "direct",
"server": "Local-DNS"
},
{
"action": "route",
"clash_mode": "global",
"server": "Remote-DNS"
},
{
"action": "route",
"rule_set": [
"GeoSite-CN"
],
"server": "Local-DNS"
},
{
"action": "route",
"rule_set": [
"GeoLocation-!CN"
],
"server": "Remote-DNS"
}
],
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"final": "Remote-DNS"
}
}