配置sing-box+REALITY+NginxSNI分流-荒岛

sing-box在1.2-beta5版本中也加入了对reality的支持。

不过根据文档里面的说明：https://sing-box.sagernet.org/configuration/shared/tls/#reality-fields

默认是不包含reality server的，所以也需要自己编译。

安装需要用到的软件包：

apt -y update
apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx

安装golang：

curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh
source /etc/profile.d/golang.sh

编译linux平台的二进制文件：

go install -v -tags \
with_reality_server,\
with_utls \
github.com/sagernet/sing-box/cmd/sing-box@v1.2-beta5

编译windows平台的二进制文件：

env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
go install -v -tags \
with_reality_server,\
with_utls \
github.com/sagernet/sing-box/cmd/sing-box@v1.2-beta5

复制编译好的文件：

cp $(go env GOPATH)/bin/sing-box /usr/local/bin/

新建sing-box需要用到的目录：

mkdir -p /usr/local/etc/sing-box

新建systemd服务：

systemctl edit --full --force sing-box.service

写入如下配置：

[Unit]
Description=sing-box service
Documentation=https://sing-box.sagernet.org
After=network.target nss-lookup.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

新建sing-box的配置文件：

nano /usr/local/etc/sing-box/config.json

写入如下配置：

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "vless-in",
      "listen": "127.0.0.1",
      "listen_port": 52002,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "imlala",
          "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "www.docker.com",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "www.docker.com",
            "server_port": 443
          },
          "private_key": "CFm4JMiU6-7d79yJ0H49vSQUpLK6YWrnqJdeLDR6K50",
          "short_id": [
            "5d2e3ed92cf8a73b"
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

注：目前private_key需要用xray来生成，参考这篇文章：https://lala.im/8602.html

启动sing-box并设置开机自启：

systemctl enable --now sing-box

确保服务正常运行：

接下来编辑nginx的主配置文件：

nano /etc/nginx/nginx.conf

写入如下配置，用于sni分流，注意这里启用了proxy_protocol：

stream {
        map $ssl_preread_server_name $backend {
                www.docker.com singbox;
        }
        upstream singbox {
                server 127.0.0.1:52002;
        }
        server {
                listen 443      reuseport;
                listen [::]:443 reuseport;
                proxy_pass      $backend;
                ssl_preread     on;
                proxy_protocol  on;
        }
}

重载nginx使配置生效：

systemctl reload nginx

至此，服务端的配置就全部完成了。

将之前编译好的windows平台的文件下载到你的电脑上，然后将下面的客户端配置保存为config.json文件：

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "china",
        "address": "local",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "china"
      }
    ],
    "disable_cache": true,
    "disable_expire": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 20080,
      "sniff": true,
      "set_system_proxy": false
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "vless-out",
      "server": "1.2.3.4", // 你的VPS服务器IP
      "server_port": 443,
      "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",
      "flow": "xtls-rprx-vision",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "www.docker.com",
        "utls": {
      	  "enabled": true,
      	  "fingerprint": "chrome"
         },
        "reality": {
      	  "enabled": true,
      	  "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",
      	  "short_id": "5d2e3ed92cf8a73b"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

启动客户端：

./sing-box run -c config.json

也可以看看：

https://sing-box.sagernet.org/configuration/inbound/vless/
https://sing-box.sagernet.org/configuration/outbound/vless/
https://sing-box.sagernet.org/configuration/shared/tls/