sing-box搭建Hysteria节点
1、关闭防火墙或放行指定端口
#关闭防火墙
ufw disable#放行指定端口
ufw allow 80
ufw allow 4432、更新软件源及安装依赖
apt update && apt -y install wget git build-essential zlib1g-dev libssl-dev libevent-dev gcc-mingw-w643、安装go
wget -c https://go.dev/dl/go1.20.2.linux-amd64.tar.gz -O - | tar -xz -C /usr/localecho 'export PATH=$PATH:/usr/local/go/bin' > /etc/profilesource /etc/profile4、编译安装sing-box
go install -v -tags \
with_quic,\
with_grpc,\
with_dhcp,\
with_wireguard,\
with_shadowsocksr,\
with_ech,\
with_utls,\
with_reality_server,\
with_acme,\
with_clash_api,\
with_v2ray_api,\
with_gvisor,\
with_lwip \
github.com/sagernet/sing-box/cmd/sing-box@latest5、复制编译好的sing-box到/usr/local/bin/目录
cp ~/go/bin/sing-box /usr/local/bin/6、为sing-box创建开机自启服务
cat > /etc/systemd/system/sing-box.service <<EOF[Unit]
Description=sing-box service
Documentation=https://sing-box.sagernet.org
After=network.target nss-lookup.target
[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json
Restart=on-failure
RestartSec=1800s
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
EOF7、创建sing-box文件夹
mkdir /usr/local/etc/sing-box && cd $_8、创建sing-box配置文件
touch config.json#服务端配置信息
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "local",
"address": "https://1.1.1.1/dns-query",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"domain": "xxx.yy", //你的域名
"geosite": "cn",
"server": "local"
},
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
}
]
},
"inbounds": [
{
"type": "hysteria",
"tag": "hysteria-in",
"listen": "::",
"listen_port": 443, //监听端口
"tcp_fast_open": false,
"udp_fragment": true,
"sniff": true,
"sniff_override_destination": false,
"proxy_protocol": false,
"proxy_protocol_accept_no_header": false,
"up_mbps": 500, //上行速度
"down_mbps": 500, //下行速度
"obfs": "obfs123", //混淆密码
"users": [
{
"auth_str": "password" //验证密钥
}
],
"recv_window_conn": 15728640,
"recv_window_client": 67108864,
"max_conn_client": 2048,
"disable_mtu_discovery": false,
"tls": {
"enabled": true,
"server_name": "xxx.yy", //你的域名
"alpn": [
"h3"
],
"min_version": "1.2",
"max_version": "1.3",
"certificate_path": "",
"key_path": "",
"acme": {
"domain": [
"xxx.yy" //你的域名
],
"data_directory": "/usr/local/etc/sing-box",
"default_server_name": "",
"email": "email@gmail.com", //你的邮箱
"provider": "letsencrypt"
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}9、测试配置文件是否有效
/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json10、启动并设置sing-box为开机自启
systemctl enable --now sing-box11、查看sing-box启动状态
systemctl status sing-box#客户端配置信息
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "local",
"address": "https://1.1.1.1/dns-query",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"domain": "xxx.yy", //你的域名
"geosite": "cn",
"server": "local"
},
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
}
]
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 1080, //本地监听端口
"sniff": true,
"set_system_proxy": true
}
],
"outbounds": [
{
"type": "hysteria",
"tag": "hysteria-out",
"server": "xxx.yy", //你的域名
"server_port": 443, 服务端监听端口
"up_mbps": 100, //上行速度
"down_mbps": 500, //下行速度
"obfs": "obfs123", //混淆密码
"auth_str": "password", //验证密钥
"disable_mtu_discovery": false,
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "xxx.yy", //你的域名
"insecure": false,
"alpn": [
"h3"
]
},
"connect_timeout": "5s",
"tcp_fast_open": false,
"udp_fragment": true
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"geosite": "cn",
"geoip": "cn",
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
}
]
}
}Clash配置文件示例(yaml文件)
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 127.0.0.1:9090
ipv6: true
hosts: null
dns:
enable: true
listen: 0.0.0.0:53
ipv6: true
default-nameserver:
- 223.5.5.5
- 114.114.114.114
enhanced-mode: redir-host
nameserver-policy:
"geosite:cn":
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
nameserver:
- https://dns.google/dns-query
- https://dns.cloudflare.com/dns-query
- https://doh.opendns.com/dns-query
- https://doh.dns.sb/dns-query
fallback:
- 114.114.114.114
- 223.5.5.5
proxies:
- name: hysteria
type: hysteria
server: xxx.yy #域名
port: 443 #端口
auth_str: Gs8WhH5b #验证密钥
obfs: AbQaT8Za7q #混淆密码
alpn:
- h3
protocol: udp
up: '500' #上行速度
down: '500' #下行速度
#sni: server.com
#skip-cert-verify: false
recv_window_conn: 15728640
recv_window: 67108864
#ca: "./my.ca"
#ca_str: "xyz"
disable_mtu_discovery: false
proxy-groups:
- name: PROXY
type: select
proxies:
- hysteria
rule-providers:
reject:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
path: ./ruleset/reject.yaml
interval: 86400
icloud:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
path: ./ruleset/icloud.yaml
interval: 86400
apple:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
path: ./ruleset/apple.yaml
interval: 86400
proxy:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
path: ./ruleset/proxy.yaml
interval: 86400
direct:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
path: ./ruleset/direct.yaml
interval: 86400
private:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
path: ./ruleset/private.yaml
interval: 86400
gfw:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
path: ./ruleset/gfw.yaml
interval: 86400
greatfire:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt"
path: ./ruleset/greatfire.yaml
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
path: ./ruleset/tld-not-cn.yaml
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
path: ./ruleset/telegramcidr.yaml
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
path: ./ruleset/cncidr.yaml
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
path: ./ruleset/lancidr.yaml
interval: 86400
applications:
type: http
behavior: classical
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
path: ./ruleset/applications.yaml
interval: 86400
rules:
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- DOMAIN-SUFFIX,services.googleapis.cn,DIRECT
- DOMAIN-SUFFIX,xn--ngstr-lra8j.com,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,PROXY
本文链接:
/archives/1680845770396
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
Ray!
喜欢就支持一下吧
