荒岛
记录下sing-box的ruleset/selector/urltest/clashapi配置。
ruleset是1.8.0加入的新功能,一组规则集。
selector是选择器,当一个配置文件内有多个出站时,可以配置一个选择器,然后在ui上面就可以选择对应的出站了。
urltest类似于负载均衡,根据测试的延迟自动选择出站。
clashapi,配合一些webui使用。并且刚才提到的选择器只能通过这个来控制。
服务端安装,系统debian12,执行官方的这个脚本即可完成安装:
apt -y update apt -y install curl sudo bash <(curl -fsSL https://sing-box.app/deb-install.sh)
编辑配置文件:
nano /etc/sing-box/config.json
假设我要在两台机器上分别配置一个hy2和reality节点,hy2配置示例:
{
"log": {
"level": "info"
},
"dns": {
"servers": [
{
"address": "tls://8.8.8.8",
"strategy": "ipv4_only"
}
]
},
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 8080,
"sniff": true,
"up_mbps": 300, // 服务器上行带宽
"down_mbps": 300, // 服务器下行带宽
"users": [
{
"name": "imlala",
"password": "example" // 设置连接密码
}
],
"tls": {
"enabled": true,
"server_name": "hy2.example.com", // 域名
"acme": {
"domain": "hy2.example.com", // 域名
"email": "example@example.com", // 邮箱
"dns01_challenge": {
"provider": "cloudflare",
"api_token": "example" // https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
}
}
}
}
],
"outbounds": [
{
"type": "direct"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
]
}
}
reality配置示例:
{
"log": {
"level": "info"
},
"dns": {
"servers": [
{
"address": "tls://8.8.8.8",
"strategy": "ipv4_only"
}
]
},
"inbounds": [
{
"type": "vless",
"tag": "vless-in",
"listen": "::",
"listen_port": 443,
"sniff": true,
"users": [
{
"name": "imlala",
"uuid": "57f12945-8219-4460-992f-3d3cd1e08612", // sing-box generate uuid
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "www.python.org",
"reality": {
"enabled": true,
"handshake": {
"server": "www.python.org",
"server_port": 443
},
"private_key": "8I-y81DD78_hXKiid6RosnSSVh-DmqQrMe2VkVtIXHE", // sing-box generate reality-keypair
"short_id": [
"6e1a647f0311592a" // sing-box generate rand --hex 8
]
}
}
}
],
"outbounds": [
{
"type": "direct"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
]
}
}
启动并设置开机自启:
systemctl start sing-box systemctl enable sing-box
客户端配置示例:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://dns.google",
"address_resolver": "resolver",
"strategy": "ipv4_only",
"detour": "select"
},
{
"tag": "tencent",
"address": "tls://dot.pub",
"address_resolver": "resolver",
"strategy": "ipv4_only",
"detour": "direct"
},
{
"tag": "resolver",
"address": "223.5.5.5",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "tencent"
},
{
"clash_mode": "direct",
"server": "tencent"
},
{
"clash_mode": "global",
"server": "google"
},
{
"rule_set": "geosite-geolocation-cn",
"server": "tencent"
}
],
"final": "google"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun0",
"inet4_address": "172.17.0.1/30",
"auto_route": true,
"strict_route": true,
"stack": "mixed",
"sniff": true
}
],
"outbounds": [
{
"type": "selector",
"tag": "select",
"outbounds": [
"oracle-kr-hy2",
"oracle-us-reality",
"auto"
],
"default": "oracle-us-reality",
"interrupt_exist_connections": true
},
{
"type": "hysteria2",
"tag": "oracle-kr-hy2",
"server": "vpsip",
"server_port": 8080,
"up_mbps": 30,
"down_mbps": 200,
"password": "example",
"tls": {
"enabled": true,
"server_name": "hy2.example.com"
}
},
{
"type": "vless",
"tag": "oracle-us-reality",
"server": "vpsip",
"server_port": 443,
"uuid": "57f12945-8219-4460-992f-3d3cd1e08612",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "www.python.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "bPBCZqA2lsDKDM83fJLJgm_BEsEja2K8zWrAmZ7FbFY",
"short_id": "6e1a647f0311592a"
}
}
},
{
"type": "urltest",
"tag": "auto",
"outbounds": [
"oracle-kr-hy2",
"oracle-us-reality"
],
"url": "https://www.gstatic.com/generate_204",
"interval": "10m",
"interrupt_exist_connections": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns"
},
{
"ip_is_private": true,
"outbound": "direct"
},
{
"clash_mode": "direct",
"outbound": "direct"
},
{
"clash_mode": "global",
"outbound": "select"
},
{
"rule_set": [
"geosite-category-ads-all"
],
"outbound": "block"
},
{
"rule_set": [
"geoip-cn",
"geosite-geolocation-cn"
],
"outbound": "direct"
}
],
"rule_set": [
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
"download_detour": "select",
"update_interval": "7d"
},
{
"type": "remote",
"tag": "geosite-geolocation-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
"download_detour": "select",
"update_interval": "7d"
},
{
"type": "remote",
"tag": "geosite-category-ads-all",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads-all.srs",
"download_detour": "select",
"update_interval": "7d"
}
],
"final": "select",
"auto_detect_interface": true
},
"experimental": {
"cache_file": {
"enabled": true
},
"clash_api": {
"external_controller": "127.0.0.1:9090",
"external_ui": "ui",
"external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip",
"external_ui_download_detour": "select",
"default_mode": "rule"
}
}
}
webui访问地址:http://127.0.0.1:9090/ui/,效果:
配置文件里面配置了clash_mode,所以这里的模式也可以使用direct或者global:
为什么服务端listen的都是所以ipv6地址