脚本安装#
VMESS/VLESS/TROJAN/SHADOWSOCKS
- 自用脚本,此脚本只为隧道或 IPLC/IEPL 中转而生,无任何伪装
- Trojan 的 tls 除非自定义证书路径,否则也是本地生成的无效证书
- Trojan 非自定义证书路径请务必开启: skip-cert-verify: true
一键脚本#
bash <(curl -fsSL https://raw.githubusercontent.com/Slotheve/SingBox/main/singbox.sh)
Docker 安装#
配置示例
{
"log": {
"level": "trace",
"output": "/data/sing-box.log",
"timestamp": true
},
"inbounds": [
{
"type": "shadowsocks",
"listen": "::",
"listen_port": 25550,
"method": "chacha20-ietf-poly1305",
"password": "IloveNekopara"
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"path": "/data/geoip.db",
"download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
"download_detour": "direct"
},
"geosite": {
"path": "/data/geosite.db",
"download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
"download_detour": "direct"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
],
"final": "direct",
"auto_detect_interface": true
}
}
1. 文件目录#
需要在服务器构建如下目录结构:
其中,data/config.json是sing-box的配置文件,所有节点配置信息都在里面。
data/entry.sh是容器启动脚本。
tls 文件夹用于存储 tls 证书,sing-box可以自动颁发证书,你也可以使用自己现有的证书。如果自动颁发,就空文件夹就行,运行后该目录下会生成证书文件;如果要使用现有证书,可以将证书拷贝到当前文件夹下。
2. docker compose#
docker-compose.yml参考内容如下:
version: '3'
services:
sing-box:
image: ghcr.io/sagernet/sing-box
container_name: sing-box
restart: unless-stopped
network_mode: "host"
# ports:
# - 80:80
# - 443:443
# - 8090:8090
# - 10080-10099:10080-10099/udp
volumes:
- ./data:/data
- ./tls:/tls
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
entrypoint: ["/bin/bash", "/data/entry.sh"]
其中,网络模式使用了network_mode: "host",直接使用了宿主机的网络环境,需要关闭宿主机的防火墙,命令如下:
# CentOS:
systemctl disable firewalld
# Debian/Ubuntu:
sudo ufw disable
如果host模式有问题,也可以切换到指定 ports 模式(注释掉network_mode,然后删掉下方 prots 的注释)
3. entry.sh#
参考内容如下:
#!/bin/bash
set -e
configFilePath="/data/config.json"
logFilePath="/data/sing-box.json"
echo "entry"
sing-box version
# https://sing-box.sagernet.org/configuration/
echo -e "\nconfig:"
sing-box check -c $configFilePath || cat $configFilePath
sing-box format -c /data/config.json -w
cat $configFilePath
echo -e "\nstarting"
sing-box run -c $configFilePath
tail -f $logFilePath
会输出sing-box版本,检查并格式化配置文件,启动sing-box,并追踪日志。
4. config.json#
最关键的配置文件,参考内容如下:
{
"log": {
"level": "trace",
"output": "/data/sing-box.log",
"timestamp": true
},
"inbounds": [
{
"type": "hysteria",
"tag": "hysteria-in",
"listen": "0.0.0.0",
"listen_port": 10080,
"domain_strategy": "ipv4_only",
"up_mbps": 50,
"down_mbps": 50,
"obfs": "nicetofuckyou",
"users": [
{
"name": "<proxy_name>",
"auth_str": "<proxy_pwd>"
}
],
"tls": {
"enabled": true,
"server_name": "<domain>",
"acme": {
"domain": "<domain>",
"data_directory": "/tls",
"default_server_name": "<domain>",
"email": "<email>"
}
}
},
{
"type": "naive",
"tag": "naive-in",
"listen": "0.0.0.0",
"listen_port": 8090,
"domain_strategy": "ipv4_only",
"users": [
{
"username": "<proxy_name>",
"password": "<proxy_pwd>"
}
],
"network": "tcp",
"tls": {
"enabled": true,
"server_name": "<domain>",
"acme": {
"domain": "<domain>",
"data_directory": "/tls",
"default_server_name": "<domain>",
"email": "<email>"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"path": "/data/geoip.db",
"download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
"download_detour": "direct"
},
"geosite": {
"path": "/data/geosite.db",
"download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
"download_detour": "direct"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
],
"final": "direct",
"auto_detect_interface": true
}
}
其中,有几处需要替换的地方:
<proxy_name>替换为代理的用户名,自己取,如Ray<proxy_pwd>替换为代理的密码,自己取,如1234@qwer<domain>替换为域名<email>替换为邮箱obfs是hysteria混淆字符串,可以自定义
如上就配置了两个节点,一个基于 udp 的 10080 端口的hysteria节点,一个基于 tcp 的 8090 端口的naive节点。
如果你的云上有安全策略,请确保这两个端口都开放了。
证书的话,如果 tls 目录下没有现有证书,会自动颁发。
其他配置可以查阅官方文档了解。
5. 运行#
在docker-compose.yml同级目录下,执行:
等待容器启动。
如果一切正常,就是启动成功,可以去使用自己的客户端连接了。(就是这么简单)
其他参考指令:
# 查看当前运行中的容器
docker ps
# 查看容器启动日志
docker logs sing-box
# 追踪容器运行日志(使用Ctrl C退出追踪)
docker logs -f sing-box
# 进入容器
docker exec -it sing-box bash
完全手动安装#
wget https://github.com/SagerNet/sing-box/releases/download/v1.7.2/sing-box-1.7.2-linux-amd64.tar.gz
tar -zxvf sing-box-1.7.2-linux-amd64.tar.gz
Reality#
root@xiaolv:~/singbox# ./sing-box generate reality-keypair
PrivateKey: GPqJLU6HiFGE4EnuRoj7PUR3Eb2yr0vVycZVwaoQXng
PublicKey: cE6e-BbY2zu-8TMEb6sWSh8PTemcd-hqVfaUFtAoAzI
{
"inbounds": [
{
"type": "vless",
"tag": "vless-in",
"listen": "::",
"listen_port": 25001,
"sniff": true,
"sniff_override_destination": true,
"users": [
{
"uuid": "3e8e5eae-6720-4668-8187-052840b385a7",
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "oceanhero.today",
"reality": {
"enabled": true,
"handshake": {
"server": "oceanhero.today",
"server_port": 443
},
"private_key": "GPqJLU6HiFGE4EnuRoj7PUR3Eb2yr0vVycZVwaoQXng",
"short_id": [
"8535dfc6b2e73c78"
]
}
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
Config
{
"inbounds": [
{
"type": "shadowsocks",
"listen": "::",
"listen_port": 25565,
"method": "2022-blake3-aes-128-gcm",
"password": "LZ/4gLsyAbJQCWdT6iu1aQ==", // 执行 sing-box generate rand 16 --base64 生成
"multiplex": {
"enabled": true
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
{
"inbounds": [
{
"type": "shadowsocks",
"listen": "::",
"listen_port": 25565,
"method": "chacha20-ietf-poly1305",
"password": "LZ/4gLsyAbJQCWdT6iu1aQ==", // 执行 sing-box generate rand 16 --base64 生成
"multiplex": {
"enabled": true
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
系统服务#
vim /etc/systemd/system/singbox.service
[Unit]
Description=singbox
After=network.target
[Service]
ExecStart=/root/singbox/sing-box run -C /root/singbox
Restart=always
User=root
[Install]
WantedBy=multi-user.target
分流规则示例#
{
"inbounds": [
{
"type": "shadowsocks",
"listen": "::",
"listen_port": 2023,
"method": "chacha20-ietf-poly1305",
"password": "LZ/4gLsyAbJQCWdT6iu1aQ==",
"multiplex": {
"enabled": true
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "socks",
"tag": "hosthijack",
"server": "74.48.100.149",
"server_port": 10800,
"version": "5",
"username": "neko",
"password": "Vzkjs&Cm4@#TT5"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db",
"download_detour": "proxy"
},
"geosite": {
"download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db",
"download_detour": "proxy"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"protocol": [
"quic"
],
"outbound": "block"
},
{
"domain": [
"ip.sb",
"ai.com",
"claude.ai",
"geosite:openai",
"cdn.openai.com",
"chat.openai.com",
"pay.openai.com",
"challenges.cloudflare.com",
"auth0.openai.com",
"platform.openai.com",
"invoice.stripe.com",
"stripe.com"
],
"outbound": "hosthijack"
}
],
"auto_detect_interface": true
}
}