静看光阴荏苒
不管不顾不问不说也不念

sing-box的一些配置示例

下面所有的配置都是用nginx做sni分流共用443端口的,并且全部启用了proxy_protocol。另外使用websocket传输方式的配置可以套cdn使用。

nginx配置:

stream {
        map $ssl_preread_server_name $singbox {
                trojan.example.com trojan;
                trojan-websocket.example.com trojan-websocket;
                vmess.example.com vmess;
                vmess-websocket.example.com vmess-websocket;
                naive.example.com naive;
        }
        upstream trojan {
                server 127.0.0.1:52000;
        }
        upstream trojan-websocket {
                server 127.0.0.1:52001;
        }
        upstream vmess {
                server 127.0.0.1:52002;
        }
        upstream vmess-websocket {
                server 127.0.0.1:52003;
        }
        upstream naive {
                server 127.0.0.1:52004;
        }
        server {
                listen 443      reuseport;
                listen [::]:443 reuseport;
                proxy_pass      $singbox;
                ssl_preread     on;
                proxy_protocol  on;
        }
}

trojan-tls-tcp-server.json:

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "trojan",
      "tag": "trojan-in",
      "listen": "127.0.0.1",
      "listen_port": 52000,
      "tcp_fast_open": true,
      "udp_fragment": true,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_timeout": 300,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "imlala",
          "password": "password"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "trojan.example.com",
        "alpn": [
          "http/1.1"
        ],
        "min_version": "1.2",
        "max_version": "1.3",
        "acme": {
          "domain": ["trojan.example.com"],
          "data_directory": "/usr/local/etc/sing-box",
          "default_server_name": "",
          "email": "imlala@example.com",
          "provider": "letsencrypt"
        } 
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

trojan-tls-tcp-client.json:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "china",
        "address": "local",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "domain": "trojan.example.com",
        "geosite": "cn",
        "server": "china"
      }
    ],
    "disable_cache": true,
    "disable_expire": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 20080,
      "sniff": true,
      "set_system_proxy": false
    }
  ],
  "outbounds": [
    {
      "type": "trojan",
      "tag": "trojan-out",
      "server": "trojan.example.com",
      "server_port": 443,
      "password": "password",
      "tls": {
        "enabled": true,
        "disable_sni": false,
        "server_name": "trojan.example.com",
        "insecure": false,
        "alpn": [
          "http/1.1"
        ]
      },
      "multiplex": {
        "enabled": true,
        "protocol": "smux",
        "max_connections": 5,
        "min_streams": 4,
        "max_streams": 0
      },
      "connect_timeout": "5s",
      "tcp_fast_open": true,
      "udp_fragment": true
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

trojan-tls-websocket-server.json:

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "trojan",
      "tag": "trojan-in",
      "listen": "127.0.0.1",
      "listen_port": 52001,
      "tcp_fast_open": true,
      "udp_fragment": true,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_timeout": 300,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "imlala",
          "password": "password"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "trojan-websocket.example.com",
        "alpn": [
          "http/1.1"
        ],
        "min_version": "1.2",
        "max_version": "1.3",
        "acme": {
          "domain": ["trojan-websocket.example.com"],
          "data_directory": "/usr/local/etc/sing-box",
          "default_server_name": "",
          "email": "imlala@example.com",
          "provider": "letsencrypt"
        } 
      },
      "transport": {
        "type": "ws",
        "path": "/debian",
        "max_early_data": 0,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

trojan-tls-websocket-client.json:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "china",
        "address": "local",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "domain": "trojan-websocket.example.com",
        "geosite": "cn",
        "server": "china"
      }
    ],
    "disable_cache": true,
    "disable_expire": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 20080,
      "sniff": true,
      "set_system_proxy": false
    }
  ],
  "outbounds": [
    {
      "type": "trojan",
      "tag": "trojan-out",
      "server": "trojan-websocket.example.com",
      "server_port": 443,
      "password": "password",
      "tls": {
        "enabled": true,
        "disable_sni": false,
        "server_name": "trojan-websocket.example.com",
        "insecure": false,
        "alpn": [
          "http/1.1"
        ]
      },
      "multiplex": {
        "enabled": true,
        "protocol": "smux",
        "max_connections": 5,
        "min_streams": 4,
        "max_streams": 0
      },
      "transport": {
        "type": "ws",
        "path": "/debian",
        "max_early_data": 0,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      },
      "connect_timeout": "5s",
      "tcp_fast_open": true,
      "udp_fragment": true
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

vmess-tls-tcp-server.json:

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "vmess",
      "tag": "vmess-in",
      "listen": "127.0.0.1",
      "listen_port": 52002,
      "tcp_fast_open": true,
      "udp_fragment": true,
      "sniff": true,
      "sniff_override_destination": false,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "imlala",
          "uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
          "alterId": 0
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "vmess.example.com",
        "alpn": [
          "http/1.1"
        ],
        "min_version": "1.2",
        "max_version": "1.3",
        "acme": {
          "domain": ["vmess.example.com"],
          "data_directory": "/usr/local/etc/sing-box",
          "default_server_name": "",
          "email": "imlala@example.com",
          "provider": "letsencrypt" 
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

vmess-tls-tcp-client.json:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "china",
        "address": "local",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "domain": "vmess.example.com",
        "geosite": "cn",
        "server": "china"
      }
    ],
    "disable_cache": true,
    "disable_expire": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 20080,
      "sniff": true,
      "set_system_proxy": false
    }
  ],
  "outbounds": [
    {
      "type": "vmess",
      "tag": "vmess-out",
      "server": "vmess.example.com",
      "server_port": 443,
      "uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
      "security": "auto",
      "alter_id": 0,
      "global_padding": false,
      "authenticated_length": true,
      "tls": {
        "enabled": true,
        "disable_sni": false,
        "server_name": "vmess.example.com",
        "insecure": false,
        "alpn": [
          "http/1.1"
        ]
      },
      "multiplex": {
        "enabled": true,
        "protocol": "smux",
        "max_connections": 5,
        "min_streams": 4,
        "max_streams": 0
      },
      "connect_timeout": "5s",
      "tcp_fast_open": true,
      "udp_fragment": true
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

vmess-tls-websocket-server.json:

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "vmess",
      "tag": "vmess-in",
      "listen": "127.0.0.1",
      "listen_port": 52003,
      "tcp_fast_open": true,
      "udp_fragment": true,
      "sniff": true,
      "sniff_override_destination": false,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "imlala",
          "uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
          "alterId": 0
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "vmess-websocket.example.com",
        "alpn": [
          "http/1.1"
        ],
        "min_version": "1.2",
        "max_version": "1.3",
        "acme": {
          "domain": ["vmess-websocket.example.com"],
          "data_directory": "/usr/local/etc/sing-box",
          "default_server_name": "",
          "email": "imlala@example.com",
          "provider": "letsencrypt" 
        }
      },
      "transport": {
        "type": "ws",
        "path": "/nixos",
        "max_early_data": 0,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

vmess-tls-websocket-client.json:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "china",
        "address": "local",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "domain": "vmess-websocket.example.com",
        "geosite": "cn",
        "server": "china"
      }
    ],
    "disable_cache": true,
    "disable_expire": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 20080,
      "sniff": true,
      "set_system_proxy": false
    }
  ],
  "outbounds": [
    {
      "type": "vmess",
      "tag": "vmess-out",
      "server": "vmess-websocket.example.com",
      "server_port": 443,
      "uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
      "security": "auto",
      "alter_id": 0,
      "global_padding": false,
      "authenticated_length": true,
      "tls": {
        "enabled": true,
        "disable_sni": false,
        "server_name": "vmess-websocket.example.com",
        "insecure": false,
        "alpn": [
          "http/1.1"
        ]
      },
      "multiplex": {
        "enabled": true,
        "protocol": "smux",
        "max_connections": 5,
        "min_streams": 4,
        "max_streams": 0
      },
      "transport": {
      	"type": "ws",
      	"path": "/nixos",
      	"max_early_data": 0,
      	"early_data_header_name": "Sec-WebSocket-Protocol"
      },
      "connect_timeout": "5s",
      "tcp_fast_open": true,
      "udp_fragment": true
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

naive-tls-tcp-server.json:

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "naive",
      "tag": "naive-in",
      "network": "tcp",
      "listen": "127.0.0.1",
      "listen_port": 52004,
      "tcp_fast_open": true,
      "sniff": true,
      "sniff_override_destination": false,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "username": "imlala",
          "password": "password"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "naive.example.com",
        "acme": {
          "domain": ["naive.example.com"],
          "data_directory": "/usr/local/etc/sing-box",
          "default_server_name": "",
          "email": "imlala@example.com",
          "provider": "letsencrypt"
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

naive-tls-tcp-client.json:

{
  "listen": "socks://127.0.0.1:30080",
  "proxy": "https://imlala:password@naive.example.com",
  "log": ""
}

注:

sing-box没有naive出站,客户端还是用:https://github.com/klzgrad/naiveproxy/releases/download/v105.0.5195.52-1/naiveproxy-v105.0.5195.52-1-win-x64.zip

套cdn的配置,cdn(cloudflare)这里需要这样设置:

赞(17)
未经允许不得转载:荒岛 » sing-box的一些配置示例
分享到: 更多 (0)

评论 7

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    lala,这个工具的trojan的fallback回落好像不管用 :grin: ,另外这个支不支持nginx location转发,因为还有正常网站要放 :razz: :razz: 研究了半天,网站和trojan只能活一个 :cry:

    cupidads2个月前 (09-25) Google Chrome 105.0.0.0 Google Chrome 105.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
    • fallback是可以用的,只是sing-box的fallback功能不完善。支持nginx location转发,你说的这个应该就是指反代websocket吧?我文章里面的配置就是和网站共存的,只不过是通过sni分流实现的。

      LALA2个月前 (09-27) Google Chrome 104.0.0.0 Google Chrome 104.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
      • 分流应该需要重开一个二级域名用来转发?
        源网站带path,比如aaaa.com/blog 访问博客,aaaa.com/vmess 反代;
        想保留原来的都不动,只想重新分流trojan,比如分个域名 tj.aaaa.com 用来转发到trojan,这样要怎么弄?
        我直接分流,tj.aaaa.com 到trojan 端口,默认转发到8000;网站监听8000,转成443;
        我弄完后,源网站aaaa.com正常访问,但是源网站带path的都不行。

        卡卡2个月前 (10-16) Microsoft Edge 104.0.1293.47 Microsoft Edge 104.0.1293.47 Mac OS X  10.15.7 Mac OS X 10.15.7回复
        • 你原来的配置是怎样的?你说的aaaa.com/vmess反代是指用的这样的nginx配置吗:
          location /vmess {
          proxy_pass http://127.0.0.1:vmessport;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection “upgrade”;

          }
          如果是,那你只需要配置一个trojan-websocket,然后在nginx加一个location反代就行了,无非就是把vmess协议换成了trojan。
          如果你想用我这篇文章里面的sni分流,又想实现你说的功能,用不用新的二级域名不重要,主要是sing-box不支持按path分流,建议使用xray。

          LALA2个月前 (10-17) Google Chrome 106.0.0.0 Google Chrome 106.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
  2. #2

    请问shadowsocks2022可以搭配websocket吗

    haha2个月前 (09-28) Google Chrome 105.0.0.0 Google Chrome 105.0.0.0 Android 12 Android 12回复
  3. #3

    很希望出一份 naive 里套其他协议的教程,之后应该很有用,谢谢 :roll:

    lala-best2个月前 (10-16) Google Chrome 106.0.0.0 Google Chrome 106.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
  4. #4

    你好,请问,客户端把数据加密后,在头部套上VPS的二级域名,传输时是能被防火墙看到二级域名的吧?那墙用这二级域名探测一下,不就被nginx送到梯子的端口了吗?返回来的数据还是可能被检测到特征的吧照我理解。这还不如用WS,根据路径来反代

    Pony332周前 (11-20) Firefox 107.0 Firefox 107.0 Android 11 Android 11回复

分享创造快乐

广告合作资源投稿