下面所有的配置都是用nginx做sni分流共用443端口的,并且全部启用了proxy_protocol。另外使用websocket传输方式的配置可以套cdn使用。
nginx配置:
stream {
map $ssl_preread_server_name $singbox {
trojan.example.com trojan;
trojan-websocket.example.com trojan-websocket;
vmess.example.com vmess;
vmess-websocket.example.com vmess-websocket;
naive.example.com naive;
}
upstream trojan {
server 127.0.0.1:52000;
}
upstream trojan-websocket {
server 127.0.0.1:52001;
}
upstream vmess {
server 127.0.0.1:52002;
}
upstream vmess-websocket {
server 127.0.0.1:52003;
}
upstream naive {
server 127.0.0.1:52004;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $singbox;
ssl_preread on;
proxy_protocol on;
}
}
trojan-tls-tcp-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "trojan",
"tag": "trojan-in",
"listen": "127.0.0.1",
"listen_port": 52000,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"udp_timeout": 300,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "trojan.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["trojan.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "[email protected]",
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
trojan-tls-tcp-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "trojan.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "trojan",
"tag": "trojan-out",
"server": "trojan.example.com",
"server_port": 443,
"password": "password",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "trojan.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
trojan-tls-websocket-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "trojan",
"tag": "trojan-in",
"listen": "127.0.0.1",
"listen_port": 52001,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"udp_timeout": 300,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "trojan-websocket.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["trojan-websocket.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "[email protected]",
"provider": "letsencrypt"
}
},
"transport": {
"type": "ws",
"path": "/debian",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
trojan-tls-websocket-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "trojan-websocket.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "trojan",
"tag": "trojan-out",
"server": "trojan-websocket.example.com",
"server_port": 443,
"password": "password",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "trojan-websocket.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"transport": {
"type": "ws",
"path": "/debian",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
vmess-tls-tcp-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "vmess",
"tag": "vmess-in",
"listen": "127.0.0.1",
"listen_port": 52002,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"alterId": 0
}
],
"tls": {
"enabled": true,
"server_name": "vmess.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["vmess.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "[email protected]",
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
vmess-tls-tcp-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "vmess.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "vmess",
"tag": "vmess-out",
"server": "vmess.example.com",
"server_port": 443,
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"security": "auto",
"alter_id": 0,
"global_padding": false,
"authenticated_length": true,
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "vmess.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
vmess-tls-websocket-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "vmess",
"tag": "vmess-in",
"listen": "127.0.0.1",
"listen_port": 52003,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"alterId": 0
}
],
"tls": {
"enabled": true,
"server_name": "vmess-websocket.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["vmess-websocket.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "[email protected]",
"provider": "letsencrypt"
}
},
"transport": {
"type": "ws",
"path": "/nixos",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
vmess-tls-websocket-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "vmess-websocket.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "vmess",
"tag": "vmess-out",
"server": "vmess-websocket.example.com",
"server_port": 443,
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"security": "auto",
"alter_id": 0,
"global_padding": false,
"authenticated_length": true,
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "vmess-websocket.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"transport": {
"type": "ws",
"path": "/nixos",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
naive-tls-tcp-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "naive",
"tag": "naive-in",
"network": "tcp",
"listen": "127.0.0.1",
"listen_port": 52004,
"tcp_fast_open": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"username": "imlala",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "naive.example.com",
"acme": {
"domain": ["naive.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "[email protected]",
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
naive-tls-tcp-client.json:
{
"listen": "socks://127.0.0.1:30080",
"proxy": "https://imlala:[email protected]",
"log": ""
}
注:
sing-box没有naive出站,客户端还是用:https://github.com/klzgrad/naiveproxy/releases/download/v105.0.5195.52-1/naiveproxy-v105.0.5195.52-1-win-x64.zip
套cdn的配置,cdn(cloudflare)这里需要这样设置: