荒岛
下面所有的配置都是用nginx做sni分流共用443端口的,并且全部启用了proxy_protocol。另外使用websocket传输方式的配置可以套cdn使用。
nginx配置:
stream {
map $ssl_preread_server_name $singbox {
trojan.example.com trojan;
trojan-websocket.example.com trojan-websocket;
vmess.example.com vmess;
vmess-websocket.example.com vmess-websocket;
naive.example.com naive;
}
upstream trojan {
server 127.0.0.1:52000;
}
upstream trojan-websocket {
server 127.0.0.1:52001;
}
upstream vmess {
server 127.0.0.1:52002;
}
upstream vmess-websocket {
server 127.0.0.1:52003;
}
upstream naive {
server 127.0.0.1:52004;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $singbox;
ssl_preread on;
proxy_protocol on;
}
}
trojan-tls-tcp-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "trojan",
"tag": "trojan-in",
"listen": "127.0.0.1",
"listen_port": 52000,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"udp_timeout": 300,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "trojan.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["trojan.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "imlala@example.com",
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
trojan-tls-tcp-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "trojan.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "trojan",
"tag": "trojan-out",
"server": "trojan.example.com",
"server_port": 443,
"password": "password",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "trojan.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
trojan-tls-websocket-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "trojan",
"tag": "trojan-in",
"listen": "127.0.0.1",
"listen_port": 52001,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"udp_timeout": 300,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "trojan-websocket.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["trojan-websocket.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "imlala@example.com",
"provider": "letsencrypt"
}
},
"transport": {
"type": "ws",
"path": "/debian",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
trojan-tls-websocket-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "trojan-websocket.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "trojan",
"tag": "trojan-out",
"server": "trojan-websocket.example.com",
"server_port": 443,
"password": "password",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "trojan-websocket.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"transport": {
"type": "ws",
"path": "/debian",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
vmess-tls-tcp-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "vmess",
"tag": "vmess-in",
"listen": "127.0.0.1",
"listen_port": 52002,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"alterId": 0
}
],
"tls": {
"enabled": true,
"server_name": "vmess.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["vmess.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "imlala@example.com",
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
vmess-tls-tcp-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "vmess.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "vmess",
"tag": "vmess-out",
"server": "vmess.example.com",
"server_port": 443,
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"security": "auto",
"alter_id": 0,
"global_padding": false,
"authenticated_length": true,
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "vmess.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
vmess-tls-websocket-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "vmess",
"tag": "vmess-in",
"listen": "127.0.0.1",
"listen_port": 52003,
"tcp_fast_open": true,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"name": "imlala",
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"alterId": 0
}
],
"tls": {
"enabled": true,
"server_name": "vmess-websocket.example.com",
"alpn": [
"http/1.1"
],
"min_version": "1.2",
"max_version": "1.3",
"acme": {
"domain": ["vmess-websocket.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "imlala@example.com",
"provider": "letsencrypt"
}
},
"transport": {
"type": "ws",
"path": "/nixos",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
vmess-tls-websocket-client.json:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "china",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"domain": "vmess-websocket.example.com",
"geosite": "cn",
"server": "china"
}
],
"disable_cache": true,
"disable_expire": true
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 20080,
"sniff": true,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "vmess",
"tag": "vmess-out",
"server": "vmess-websocket.example.com",
"server_port": 443,
"uuid": "1577ac7c-bc02-44ce-b851-8da0516473da",
"security": "auto",
"alter_id": 0,
"global_padding": false,
"authenticated_length": true,
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "vmess-websocket.example.com",
"insecure": false,
"alpn": [
"http/1.1"
]
},
"multiplex": {
"enabled": true,
"protocol": "smux",
"max_connections": 5,
"min_streams": 4,
"max_streams": 0
},
"transport": {
"type": "ws",
"path": "/nixos",
"max_early_data": 0,
"early_data_header_name": "Sec-WebSocket-Protocol"
},
"connect_timeout": "5s",
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}
naive-tls-tcp-server.json:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "naive",
"tag": "naive-in",
"network": "tcp",
"listen": "127.0.0.1",
"listen_port": 52004,
"tcp_fast_open": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": true,
"proxy_protocol_accept_no_header": false,
"users": [
{
"username": "imlala",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "naive.example.com",
"acme": {
"domain": ["naive.example.com"],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "imlala@example.com",
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
naive-tls-tcp-client.json:
{
"listen": "socks://127.0.0.1:30080",
"proxy": "https://imlala:password@naive.example.com",
"log": ""
}
注:
sing-box没有naive出站,客户端还是用:https://github.com/klzgrad/naiveproxy/releases/download/v105.0.5195.52-1/naiveproxy-v105.0.5195.52-1-win-x64.zip
套cdn的配置,cdn(cloudflare)这里需要这样设置:
lala,这个工具的trojan的fallback回落好像不管用
,另外这个支不支持nginx location转发,因为还有正常网站要放 
研究了半天,网站和trojan只能活一个 
fallback是可以用的,只是sing-box的fallback功能不完善。支持nginx location转发,你说的这个应该就是指反代websocket吧?我文章里面的配置就是和网站共存的,只不过是通过sni分流实现的。
分流应该需要重开一个二级域名用来转发?
源网站带path,比如aaaa.com/blog 访问博客,aaaa.com/vmess 反代;
想保留原来的都不动,只想重新分流trojan,比如分个域名 tj.aaaa.com 用来转发到trojan,这样要怎么弄?
我直接分流,tj.aaaa.com 到trojan 端口,默认转发到8000;网站监听8000,转成443;
我弄完后,源网站aaaa.com正常访问,但是源网站带path的都不行。
你原来的配置是怎样的?你说的aaaa.com/vmess反代是指用的这样的nginx配置吗:
location /vmess {
proxy_pass http://127.0.0.1:vmessport;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
…
}
如果是,那你只需要配置一个trojan-websocket,然后在nginx加一个location反代就行了,无非就是把vmess协议换成了trojan。
如果你想用我这篇文章里面的sni分流,又想实现你说的功能,用不用新的二级域名不重要,主要是sing-box不支持按path分流,建议使用xray。
请问shadowsocks2022可以搭配websocket吗
很希望出一份 naive 里套其他协议的教程,之后应该很有用,谢谢
你好,请问,客户端把数据加密后,在头部套上VPS的二级域名,传输时是能被防火墙看到二级域名的吧?那墙用这二级域名探测一下,不就被nginx送到梯子的端口了吗?返回来的数据还是可能被检测到特征的吧照我理解。这还不如用WS,根据路径来反代
nginx只关分流,回落照常回落吧?直接访问torjan的sni也是一个normal网页吧
学到了