sing-box在1.2-beta5版本中也加入了对reality的支持。
不过根据文档里面的说明:https://sing-box.sagernet.org/configuration/shared/tls/#reality-fields
默认是不包含reality server的,所以也需要自己编译。
安装需要用到的软件包:
apt -y update apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx
安装golang:
curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh source /etc/profile.d/golang.sh
编译linux平台的二进制文件:
go install -v -tags \ with_reality_server,\ with_utls \ github.com/sagernet/sing-box/cmd/[email protected]
编译windows平台的二进制文件:
env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \ go install -v -tags \ with_reality_server,\ with_utls \ github.com/sagernet/sing-box/cmd/[email protected]
复制编译好的文件:
cp $(go env GOPATH)/bin/sing-box /usr/local/bin/
新建sing-box需要用到的目录:
mkdir -p /usr/local/etc/sing-box
新建systemd服务:
systemctl edit --full --force sing-box.service
写入如下配置:
[Unit] Description=sing-box service Documentation=https://sing-box.sagernet.org After=network.target nss-lookup.target [Service] CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json Restart=on-failure RestartPreventExitStatus=23 LimitNOFILE=infinity [Install] WantedBy=multi-user.target
新建sing-box的配置文件:
nano /usr/local/etc/sing-box/config.json
写入如下配置:
{ "log": { "level": "info" }, "inbounds": [ { "type": "vless", "tag": "vless-in", "listen": "127.0.0.1", "listen_port": 52002, "proxy_protocol": true, "proxy_protocol_accept_no_header": false, "users": [ { "name": "imlala", "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062" } ], "tls": { "enabled": true, "server_name": "www.docker.com", "reality": { "enabled": true, "handshake": { "server": "www.docker.com", "server_port": 443 }, "private_key": "CFm4JMiU6-7d79yJ0H49vSQUpLK6YWrnqJdeLDR6K50", "short_id": [ "5d2e3ed92cf8a73b" ] } } } ], "outbounds": [ { "type": "direct", "tag": "direct" } ] }
注:目前private_key需要用xray来生成,参考这篇文章:https://lala.im/8602.html
启动sing-box并设置开机自启:
systemctl enable --now sing-box
确保服务正常运行:
接下来编辑nginx的主配置文件:
nano /etc/nginx/nginx.conf
写入如下配置,用于sni分流,注意这里启用了proxy_protocol:
stream { map $ssl_preread_server_name $backend { www.docker.com singbox; } upstream singbox { server 127.0.0.1:52002; } server { listen 443 reuseport; listen [::]:443 reuseport; proxy_pass $backend; ssl_preread on; proxy_protocol on; } }
重载nginx使配置生效:
systemctl reload nginx
至此,服务端的配置就全部完成了。
将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:
{ "log": { "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "cloudflare", "address": "https://1.1.1.1/dns-query" }, { "tag": "china", "address": "local", "detour": "direct" } ], "rules": [ { "geosite": "cn", "server": "china" } ], "disable_cache": true, "disable_expire": true }, "inbounds": [ { "type": "mixed", "tag": "mixed-in", "listen": "::", "listen_port": 20080, "sniff": true, "set_system_proxy": false } ], "outbounds": [ { "type": "vless", "tag": "vless-out", "server": "1.2.3.4", // 你的VPS服务器IP "server_port": 443, "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062", "flow": "xtls-rprx-vision", "network": "tcp", "tls": { "enabled": true, "server_name": "www.docker.com", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA", "short_id": "5d2e3ed92cf8a73b" } } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" } ], "route": { "rules": [ { "geosite": "cn", "geoip": "cn", "outbound": "direct" }, { "geosite": "category-ads-all", "outbound": "block" } ] } }
启动客户端:
./sing-box run -c config.json
也可以看看:
https://sing-box.sagernet.org/configuration/inbound/vless/
https://sing-box.sagernet.org/configuration/outbound/vless/
https://sing-box.sagernet.org/configuration/shared/tls/
原文:https://lala.im/8610.html