最近买了点DMM的片,想着随便搞个梯子就能看了吧,然后就买了台某日本VPS,结果发现这台VPS的IP不太行,能访问DMM但解不了DMM TV,播放的时候弹个这个玩意出来:
我也是醉了,不过好在这台VPS的线路很不错,所以我后面又特地花钱买了台落地鸡,这个落地鸡它真的名副其实,真就只能拿来落地,电信NTT日常BOOM。。然后我现在搭梯子清一色全部用的sing-box(以下简称sb),中转的方法是很多,工具也很多,但是想着我还真没有用过sb来中转,我就想折腾一下了,就有了下面的记录。。
我研究了一会儿,发现sb可以用多种方式来达到中转或者说解锁的目的,我分别记录一下。
准备工作
首先在两台VPS上面安装sb,我两台VPS都是Debian12,直接用官方的这个一键脚本就可以安装了:
bash <(curl -fsSL https://sing-box.app/deb-install.sh)
更多安装方式:https://sing-box.sagernet.org/installation/package-manager/
假设VPS1是中转鸡,VPS2是落地鸡。先在落地鸡上搭建一个节点:
nano /etc/sing-box/config.json
我的配置如下:
{ "log": { "level": "info" }, "dns": { "servers": [ { "address": "tls://8.8.8.8", "strategy": "ipv4_only" } ] }, "inbounds": [ { "type": "vless", "tag": "vless-in", "listen": "0.0.0.0", "listen_port": 443, "sniff": true, "users": [ { "name": "imlala", "uuid": "87599169-0bc7-4fae-b730-f6d109db4614", // sing-box generate uuid "flow": "xtls-rprx-vision" } ], "tls": { "enabled": true, "server_name": "www.python.org", "reality": { "enabled": true, "handshake": { "server": "www.python.org", "server_port": 443 }, "private_key": "SKvL0iVINPOi5EtxRzx2qG4Nyy00CC0iPqqyPWut214", // sing-box generate reality-keypair "short_id": [ "64d7038842bbc9cc" // sing-box generate rand --hex 8 ] } } } ], "outbounds": [ { "type": "direct" }, { "type": "dns", "tag": "dns-out" } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns-out" } ] } }
启动:
systemctl enable --now sing-box
方式一:端口转发
端口转发就是所有流量都经过落地鸡,如果落地鸡的流量足够用,这种方式简单粗暴。
在中转鸡上编辑sb的配置文件:
nano /etc/sing-box/config.json
写入如下配置:
{ "log": { "level": "info" }, "inbounds": [ { "type": "direct", "tag": "direct-in", "listen": "0.0.0.0", "listen_port": 61000, "override_address": "落地鸡的公网IP", "override_port": 443 } ] }
启动:
systemctl enable --now sing-box
客户端配置:
{ "log": { "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "google", "address": "tls://dns.google", "address_resolver": "resolver", "strategy": "ipv4_only", "detour": "fwd" }, { "tag": "tencent", "address": "tls://dot.pub", "address_resolver": "resolver", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "resolver", "address": "223.5.5.5", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "deniend", "address": "rcode://refused" } ], "rules": [ { "outbound": "any", "server": "tencent" }, { "rule_set": "geosite-geolocation-cn", "server": "tencent" } ], "final": "google" }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet4_address": "172.16.0.1/30", "auto_route": true, "strict_route": true, "stack": "mixed", "sniff": true } ], "outbounds": [ { "type": "vless", "tag": "fwd", "server": "中转鸡的公网IP", "server_port": 61000, "uuid": "87599169-0bc7-4fae-b730-f6d109db4614", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.python.org", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "guBvyGCyqglGWWQ1bQ5vXXy78YlshWb0aYX6-uAwEDk", "short_id": "64d7038842bbc9cc" } } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns" } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns" }, { "ip_is_private": true, "outbound": "direct" }, { "rule_set": [ "geoip-cn", "geosite-geolocation-cn" ], "outbound": "direct" } ], "rule_set": [ { "type": "remote", "tag": "geoip-cn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs", "download_detour": "fwd", "update_interval": "7d" }, { "type": "remote", "tag": "geosite-geolocation-cn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs", "download_detour": "fwd", "update_interval": "7d" } ], "final": "fwd", "auto_detect_interface": true } }
方式二:二级代理(按规则进行分流)
这种方式其实就相当于是按规则进行分流,适用于落地鸡流量不够用的情况,或者你想精确控制流量的走向。
大概的步骤是:在中转鸡上搭一个节点,同时写好分流规则,客户端连接中转鸡的节点,只有命中规则的流量走落地鸡,其余的都走中转鸡。
在中转鸡上编辑sb的配置文件:
nano /etc/sing-box/config.json
写入如下配置:
{ "log": { "level": "info" }, "dns": { "servers": [ { "address": "tls://8.8.8.8", "strategy": "ipv4_only" } ] }, "inbounds": [ { "type": "vless", "tag": "vless-in", "listen": "0.0.0.0", "listen_port": 443, "sniff": true, "users": [ { "name": "imlala", "uuid": "f6bb53c9-7afe-46a0-9fff-d770d2aec0f2", "flow": "xtls-rprx-vision" } ], "tls": { "enabled": true, "server_name": "www.python.org", "reality": { "enabled": true, "handshake": { "server": "www.python.org", "server_port": 443 }, "private_key": "OLXR9twjmwlhwyiiNwne9ghFJ0YyXHP4xYGUfo0wWUA", "short_id": [ "00b9f5bf53744433" ] } } } ], "outbounds": [ { "type": "direct", "tag": "direct" }, { "type": "dns", "tag": "dns-out" }, { "type": "vless", "tag": "unlock-out", "server": "落地鸡的公网IP", "server_port": 443, "uuid": "87599169-0bc7-4fae-b730-f6d109db4614", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.python.org", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "guBvyGCyqglGWWQ1bQ5vXXy78YlshWb0aYX6-uAwEDk", "short_id": "64d7038842bbc9cc" } } } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "rule_set": [ "geosite-dmm", "geosite-dmm-porn", "geosite-abema", "geosite-reddit" ], "outbound": "unlock-out" } ], "rule_set": [ { "type": "remote", "tag": "geosite-dmm", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-dmm.srs", "download_detour": "direct", "update_interval": "7d" }, { "type": "remote", "tag": "geosite-dmm-porn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-dmm-porn.srs", "download_detour": "direct", "update_interval": "7d" }, { "type": "remote", "tag": "geosite-abema", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-abema.srs", "download_detour": "direct", "update_interval": "7d" }, { "type": "remote", "tag": "geosite-reddit", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-reddit.srs", "download_detour": "direct", "update_interval": "7d" } ] } }
启动:
systemctl enable --now sing-box
客户端配置:
{ "log": { "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "google", "address": "tls://dns.google", "address_resolver": "resolver", "strategy": "ipv4_only", "detour": "fwd" }, { "tag": "tencent", "address": "tls://dot.pub", "address_resolver": "resolver", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "resolver", "address": "223.5.5.5", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "deniend", "address": "rcode://refused" } ], "rules": [ { "outbound": "any", "server": "tencent" }, { "rule_set": "geosite-geolocation-cn", "server": "tencent" } ], "final": "google" }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet4_address": "172.16.0.1/30", "auto_route": true, "strict_route": true, "stack": "mixed", "sniff": true } ], "outbounds": [ { "type": "vless", "tag": "fwd", "server": "中转鸡的公网IP", "server_port": 443, "uuid": "f6bb53c9-7afe-46a0-9fff-d770d2aec0f2", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.python.org", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "yD6TNRviqs_P3h6S7U12ObAGBd9NLgxY7rXfHP4g10U", "short_id": "00b9f5bf53744433" } } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns" } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns" }, { "ip_is_private": true, "outbound": "direct" }, { "rule_set": [ "geoip-cn", "geosite-geolocation-cn" ], "outbound": "direct" } ], "rule_set": [ { "type": "remote", "tag": "geoip-cn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs", "download_detour": "fwd", "update_interval": "7d" }, { "type": "remote", "tag": "geosite-geolocation-cn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs", "download_detour": "fwd", "update_interval": "7d" } ], "final": "fwd", "auto_detect_interface": true } }
方式三:链式代理
像端口转发、二级代理都需要在服务端进行配置,如果你没有这台服务器的控制权,自然就无法使用上述两种方式进行中转。
而链式代理不需要对服务端的配置进行修改,所以非常适合那些没有服务器访问权限的用户使用,比如你买了一个机场,但是机场肯定只会给你节点连接信息,不会把节点服务器的SSH登录信息也给你,但现在通过链式代理,你可以把自建的节点与机场的节点进行整合,这样就可以实现用机场来中转你的自建节点,反之亦然。
另外链式代理配置起来也相当简单,在sb中主要依靠detour这个字段。前提条件是中转鸡与落地鸡都同时搭建了一个节点。节点的配置可以参考本文上述的内容。
客户端配置:
{ "log": { "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "google", "address": "tls://dns.google", "address_resolver": "resolver", "strategy": "ipv4_only", "detour": "select" }, { "tag": "tencent", "address": "tls://dot.pub", "address_resolver": "resolver", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "resolver", "address": "223.5.5.5", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "deniend", "address": "rcode://refused" } ], "rules": [ { "outbound": "any", "server": "tencent" }, { "clash_mode": "direct", "server": "tencent" }, { "clash_mode": "global", "server": "google" }, { "rule_set": "geosite-geolocation-cn", "server": "tencent" } ], "final": "google" }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet4_address": "172.16.0.1/30", "auto_route": true, "strict_route": true, "stack": "mixed", "sniff": true } ], "outbounds": [ { "type": "selector", "tag": "select", "outbounds": [ "korean", "us", "fwd", "unlock", "auto" ], "default": "us", "interrupt_exist_connections": true }, { "type": "hysteria2", "tag": "korean", "server": "hidden", "server_port": 8080, "up_mbps": 30, "down_mbps": 300, "password": "hidden", "tls": { "enabled": true, "server_name": "hidden" } }, { "type": "vless", "tag": "us", "server": "hidden", "server_port": 443, "uuid": "hidden", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.python.org", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "hidden", "short_id": "hidden" } } }, { "type": "vless", "tag": "fwd", "server": "中转鸡的公网IP", "server_port": 443, "uuid": "f6bb53c9-7afe-46a0-9fff-d770d2aec0f2", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.python.org", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "yD6TNRviqs_P3h6S7U12ObAGBd9NLgxY7rXfHP4g10U", "short_id": "00b9f5bf53744433" } } }, { "type": "vless", "tag": "unlock", "server": "落地鸡的公网IP", "server_port": 443, "uuid": "87599169-0bc7-4fae-b730-f6d109db4614", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.python.org", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "guBvyGCyqglGWWQ1bQ5vXXy78YlshWb0aYX6-uAwEDk", "short_id": "64d7038842bbc9cc" } }, "detour": "fwd" }, { "type": "urltest", "tag": "auto", "outbounds": [ "korean", "us", "fwd", "unlock" ], "url": "https://www.gstatic.com/generate_204", "interval": "10m", "interrupt_exist_connections": true }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns" } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns" }, { "ip_is_private": true, "outbound": "direct" }, { "clash_mode": "direct", "outbound": "direct" }, { "clash_mode": "global", "outbound": "select" }, { "rule_set": [ "geoip-cn", "geosite-geolocation-cn" ], "outbound": "direct" } ], "rule_set": [ { "type": "remote", "tag": "geoip-cn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs", "download_detour": "select", "update_interval": "7d" }, { "type": "remote", "tag": "geosite-geolocation-cn", "format": "binary", "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs", "download_detour": "select", "update_interval": "7d" } ], "final": "select", "auto_detect_interface": true }, "experimental": { "cache_file": { "enabled": true }, "clash_api": { "external_controller": "127.0.0.1:9090", "external_ui": "ui", "external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip", "external_ui_download_detour": "select", "default_mode": "rule" } } }
在上面的这个配置中,tag为fwd的是中转鸡,tag为unlock的是落地鸡,我在tag为unlock的落地鸡配置了一个detour,指定上游出站为fwd。这样配置之后,在yacd的webui上选择tag为unlock的节点即可。
另外提一嘴,如果只是单纯的想解锁某些东西,还有一个DNS分流,也可以使用sb来实现。这里先不介绍了。。。
我只能说有点让我上头的是,今天我又测了下这个中转鸡,它竟然又能解DMM TV了,它真的,我哭死,我折腾了半天就是为了让它能够解锁,结果它现在自己能解了!
哥,你早说,我这有解锁DMM的机器的啊。
不知就问,版主那家的日本VPS和那家的落地鸡?
链式代理怎么试都不行,不加detour都正常,加了以后落地鸡就不通了。。。
中转的是你自建的节点还是机场的,有些机场的节点不行被限制了。。
自建的两个节点,都是香港的。
感谢博主!
请教下,有1个机场,还有1个买的socks5类型的住宅IP(给了IP+账号密码),怎样使用singbox进行链式代理呢?服务端无任何权限的
大佬,请教一下,这个sing-box直接端口转发的性能和其他的,比如realm、gost相比,有没有差距?