前言
本文参考了如下大佬的,转自:一匹孤独的狼
感谢不良林大佬的hy2的自签证书的命令
https://www.youtube.com/watch?v=CXj-ID33MhU
感谢chika0801大佬的的singbox模板
https://github.com/chika0801/sing-box-examples
感谢anytls hy2 reality等协议开发者,感谢singbox开发者
1 安装singbox beta
由于anytls只能用beta版,所以我直接用beta版的singbox
基于debian的,其他的自己看singbox的文档
来自文档https://sing-box.sagernet.org/zh/installation/package-manager/
sudo curl -fsSL https://sing-box.app/gpg.key -o /etc/apt/keyrings/sagernet.asc
sudo chmod a+r /etc/apt/keyrings/sagernet.asc
echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/sagernet.asc] https://deb.sagernet.org/ * *" | \
sudo tee /etc/apt/sources.list.d/sagernet.list > /dev/null
sudo apt-get update
sudo apt-get install sing-box-beta安装完记得sing-box version 查看下singbox的版本,1.12.0 beta8现在是
2 自签证书
openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout /etc/sing-box/server.key -out /etc/sing-box/server.crt -subj "/CN=itunes.apple.com" -days 36500 && sudo chown root /etc/sing-box/server.key && sudo chown root /etc/sing-box/server.crt3 设置配置文件
singbox的配置文件位于 /etc/sing-box/config.json
设置参数
3.1 设置hysteria2
①listen_port的话你的hy2的端口,建议高端口
②up_mbps的和down_mbps的话改成你自己的
服务器上的上传就是客户端的下载,服务器的下载就是客户端的上传
③password的话用sing-box generate uuid生成
3.2 设置reality
① listen_port的话你的reality的端口,建议高端口
② uuid的话用sing-box generate uuid生成
③ private_key的话用sing-box generate reality-keypair 生成
privateKey用在服务器上,public Key用在客户端上,记得保存下
④ short_id的话用sing-box generate rand 8 --hex 生成
⑤ reality偷的证书的话我一直用苹果的,我懒得换了,你们自己可以换个别的
3.3 设置anytls
① listen_port的话你的anytls的端口,建议高端口
② erpassword的话用sing-box generate uuid生成
{
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 30104,
"up_mbps": 500,
"down_mbps": 150,
"users": [
{
"name": "us_hysteria2",
"password": "594604c5-a39e-4fea-b6c6-f6feb7c6e60d"
}
],
"tls": {
"enabled": true,
"server_name": "itunes.apple.com",
"alpn": ["h3"],
"certificate_path": "/etc/sing-box/server.crt",
"key_path": "/etc/sing-box/server.key"
}
},
{
"type": "vless",
"tag": "VLESSReality",
"listen": "::",
"listen_port": 38199,
"users": [
{
"name": "us_reality",
"uuid": "85660dc9-7474-42df-947d-525f6fb9fb8a",
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "itunes.apple.com",
"reality": {
"enabled": true,
"handshake": {
"server": "itunes.apple.com",
"server_port": 443
},
"private_key": "OHO-NInX3MjD9LziVvntRDWlFp2xl94DYdHPd29C8m8",
"short_id": [
"fb718aafc2bc48b5"
]
}
}
},
{
"type": "anytls",
"listen": "::",
"listen_port": 39833,
"users": [
{
"password": "157f7b5f-17f5-4934-969e-f0b54386d8e3"
}
],
"tls": {
"enabled": true,
"server_name": "itunes.apple.com",
"certificate_path": "/etc/sing-box/server.crt",
"key_path": "/etc/sing-box/server.key"
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}4 启动singbox
设置singbox开机自启
sudo systemctl enable sing-box启动singbox
sudo systemctl start sing-box查看状态
如果是running的话就是ok了
sudo systemctl status sing-box常用命令如下
- 启用:
sudo systemctl enable sing-box - 禁用:
sudo systemctl disable sing-box - 启动:
sudo systemctl start sing-box - 停止:
sudo systemctl stop sing-box - 查看状态:
sudo systemctl status sing-box - 强行停止:
sudo systemctl kill sing-box - 重新启动:
sudo systemctl restart sing-box - 查看日志:
sudo journalctl -u sing-box --output cat -e - 实时日志:
sudo journalctl -u sing-box --output cat -f
5 客户端
singbox当客户端太复杂了
我客户端用的mihomo
模板如下
具体参数自己替换下
server换成你的服务器的ip
端口换成自己的端口
password自己也替换下
relaity的话public-key和private_key要对应的
proxies:
- {name: 🇭🇰 bestvm香港hy2, server: 1.1.1.1, port: 30104, client-fingerprint: chrome, type: hysteria2, password: 594604c5-a39e-4fea-b6c6-f6feb7c6e60d, up: "150 Mbps", down: "500 Mbps", sni: itunes.apple.com, skip-cert-verify: true, alpn: [h3], udp: true}
- {name: 🇭🇰 bestvm香港reality, server: 1.1.1.1, port: 38199, reality-opts: {public-key: ZmjKWu2XQxMCm3prFqsvEs4MDHq_ujKsk2NGtuXwEXs, short-id: fb718aafc2bc48b5}, client-fingerprint: chrome, type: vless, uuid: 85660dc9-7474-42df-947d-525f6fb9fb8a, tls: true, tfo: false, servername: itunes.apple.com, flow: xtls-rprx-vision, skip-cert-verify: true, udp: true}
- {name: 🇭🇰 bestvm香港anytls, server: 1.1.1.1, port: 39833, type: anytls, password: "157f7b5f-17f
暂无评论