74

配置sing-box+REALITY+NginxSNI分流

 1 year ago
source link: https://vpsxb.net/4035/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

配置sing-box+REALITY+NginxSNI分流 | VPS小白

> 网络资源 > 配置sing-box+REALITY+NginxSNI分流
202206191902179.png

sing-box在1.2-beta5版本中也加入了对reality的支持。

不过根据文档里面的说明:https://sing-box.sagernet.org/configuration/shared/tls/#reality-fields

默认是不包含reality server的,所以也需要自己编译。

安装需要用到的软件包:




  1. apt -y update
  2. apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx


安装golang:





  1. curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz
  2. tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
  3. echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh
  4. source /etc/profile.d/golang.sh


编译linux平台的二进制文件:





  1. go install -v -tags \
  2. with_reality_server,\
  3. with_utls \
  4. github.com/sagernet/sing-box/cmd/[email protected]


编译windows平台的二进制文件:





  1. env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
  2. go install -v -tags \
  3. with_reality_server,\
  4. with_utls \
  5. github.com/sagernet/sing-box/cmd/[email protected]


复制编译好的文件:





  1. cp $(go env GOPATH)/bin/sing-box /usr/local/bin/


新建sing-box需要用到的目录:





  1. mkdir -p /usr/local/etc/sing-box


新建systemd服务:





  1. systemctl edit --full --force sing-box.service


写入如下配置:





  1. [Unit]
  2. Description=sing-box service
  3. Documentation=https://sing-box.sagernet.org
  4. After=network.target nss-lookup.target
  5. [Service]
  6. CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
  7. AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
  8. ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json
  9. Restart=on-failure
  10. RestartPreventExitStatus=23
  11. LimitNOFILE=infinity
  12. [Install]
  13. WantedBy=multi-user.target


新建sing-box的配置文件:





  1. nano /usr/local/etc/sing-box/config.json


写入如下配置:





  1.   "log": {
  2.     "level": "info"
  3.   "inbounds": [
  4.       "type": "vless",
  5.       "tag": "vless-in",
  6.       "listen": "127.0.0.1",
  7.       "listen_port": 52002,
  8.       "proxy_protocol": true,
  9.       "proxy_protocol_accept_no_header": false,
  10.       "users": [
  11.           "name": "imlala",
  12.           "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062"
  13.       "tls": {
  14.         "enabled": true,
  15.         "server_name": "www.docker.com",
  16.         "reality": {
  17.           "enabled": true,
  18.           "handshake": {
  19.             "server": "www.docker.com",
  20.             "server_port": 443
  21.           "private_key": "CFm4JMiU6-7d79yJ0H49vSQUpLK6YWrnqJdeLDR6K50",
  22.           "short_id": [
  23.             "5d2e3ed92cf8a73b"
  24.   "outbounds": [
  25.       "type": "direct",
  26.       "tag": "direct"


注:目前private_key需要用xray来生成,参考这篇文章:https://lala.im/8602.html


启动sing-box并设置开机自启:





  1. systemctl enable --now sing-box


确保服务正常运行:


0EUkd0x.png


接下来编辑nginx的主配置文件:





  1. nano /etc/nginx/nginx.conf


写入如下配置,用于sni分流,注意这里启用了proxy_protocol:





  1. stream {
  2.         map $ssl_preread_server_name $backend {
  3.                 www.docker.com singbox;
  4.         upstream singbox {
  5.                 server 127.0.0.1:52002;
  6.         server {
  7.                 listen 443      reuseport;
  8.                 listen [::]:443 reuseport;
  9.                 proxy_pass      $backend;
  10.                 ssl_preread     on;
  11.                 proxy_protocol  on;


重载nginx使配置生效:





  1. systemctl reload nginx


至此,服务端的配置就全部完成了。


将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:





  1.   "log": {
  2.     "level": "info",
  3.     "timestamp": true
  4.   "dns": {
  5.     "servers": [
  6.         "tag": "cloudflare",
  7.         "address": "https://1.1.1.1/dns-query"
  8.         "tag": "china",
  9.         "address": "local",
  10.         "detour": "direct"
  11.     "rules": [
  12.         "geosite": "cn",
  13.         "server": "china"
  14.     "disable_cache": true,
  15.     "disable_expire": true
  16.   "inbounds": [
  17.       "type": "mixed",
  18.       "tag": "mixed-in",
  19.       "listen": "::",
  20.       "listen_port": 20080,
  21.       "sniff": true,
  22.       "set_system_proxy": false
  23.   "outbounds": [
  24.       "type": "vless",
  25.       "tag": "vless-out",
  26.       "server": "1.2.3.4", // 你的VPS服务器IP
  27.       "server_port": 443,
  28.       "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",
  29.       "flow": "xtls-rprx-vision",
  30.       "network": "tcp",
  31.       "tls": {
  32.         "enabled": true,
  33.         "server_name": "www.docker.com",
  34.         "utls": {
  35.       	  "enabled": true,
  36.       	  "fingerprint": "chrome"
  37.         "reality": {
  38.       	  "enabled": true,
  39.       	  "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",
  40.       	  "short_id": "5d2e3ed92cf8a73b"
  41.       "type": "direct",
  42.       "tag": "direct"
  43.       "type": "block",
  44.       "tag": "block"
  45.   "route": {
  46.     "rules": [
  47.         "geosite": "cn",
  48.         "geoip": "cn",
  49.         "outbound": "direct"
  50.         "geosite": "category-ads-all",
  51.         "outbound": "block"


启动客户端:





  1. ./sing-box run -c config.json


也可以看看:


https://sing-box.sagernet.org/configuration/inbound/vless/
https://sing-box.sagernet.org/configuration/outbound/vless/
https://sing-box.sagernet.org/configuration/shared/tls/





原文:https://lala.im/8610.html





VPS小白 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 
转载请注明原文链接
 


        

        

            

                report
            

        

    







        
Recommend

        



                

    
About Joyk

    
 





Aggregate valuable and interesting links.

Joyk means Joy of geeK