sing-box是一个当下流行的快速、可定制和通用的代理平台,可用于创建网络代理服务器、客户端和透明代理。支持当下主流的代理协议,而且对于新协议新特性的支持也非常快。sing-box的配置使用config.json文件,里面的参数较多,同时sing-box也在不断优化和升级,参数在不断调整变化,不少新手配置起来多少还是有点障碍,一些机场主的配置也存在不少问题甚至是错误的。本文把sing-box的配置进行抽丝剥茧,详细讲解包括客户端和服务器端的配置。由于内容比较枯燥和相对专业,并非适合所有人阅读和自行配置。
哪些人适合:
- 具备一定计算机软件、网络基础的。至少要会编辑json格式文件
- 打算自己配置客户端(和|或)服务器端的
- 想详细了解软件运行配置的
哪些人不适合:
- 想开盖即食的,比如直接使用机场订阅,不喜欢自己配置折腾的
- 无探索尝试精神的
- 无开源精神,以此牟利的。
客户端config配置
下面以客户端的config.json为例进行讲解(sing-box v1.10.x),配置全文如下(client config.json / Клиент config.json):
config.json
{
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://dns.google",
"address_resolver": "alidns",
"detour": "site"
},
{
"tag": "alidns",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"rule_set": "geosite-category-ads-all",
"server": "block"
},
{
"rule_set": [
"geosite-gfw"
],
"server": "google"
}
],
"final": "alidns",
"disable_cache": true,
"strategy": "prefer_ipv4"
},
"inbounds": [
{
"type": "tun",
"address": [
"172.20.0.1/30"
],
"auto_route": true,
"sniff": true
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "hysteria2",
"tag": "site",
"server": "site.abc.com",
"server_port": 16060,
"password": "yourpassWD",
"tls": {
"enabled": true
}
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"rule_set": [
"geoip-cn"
],
"outbound": "direct"
},
{
"rule_set": [
"geosite-gfw"
],
"outbound": "site"
},
{
"rule_set": "geosite-category-ads-all",
"outbound": "block"
}
],
"rule_set": [
{
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
"download_detour": "site"
},
{
"tag": "geosite-gfw",
"type": "remote",
"format": "binary",
"url": "https://github.com/MetaCubeX/meta-rules-dat/raw/refs/heads/sing/geo/geosite/gfw.srs",
"download_detour": "site"
},
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads-all.srs",
"download_detour": "site"
}
],
"final": "direct",
"auto_detect_interface": true
},
}
config.json主要包括7部分:
{
"log": {},
"dns": {},
"endpoints": [],
"inbounds": [],
"outbounds": [],
"route": {},
"experimental": {}
}这7部分见名知意,log为日志,dns为域名解析,endpoints可以先不管它,inbounds为入站,outbounds为出站,route为数据路由,experimental是一些实验性内容,其实就是其他设置。
其中最核心的就是inbounds,outbounds,route,只要这3部分就可以实现基本功能运行,但是dns解析会有问题,有可能造成“dns泄露”,达不到最优效果。所以要实现基本功能最好是包含dns。我重点讲解这4个部分。
dns
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://dns.google",
"address_resolver": "alidns",
"detour": "site"
},
{
"tag": "alidns",
"address": "223.5.5.5",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"rule_set": "geosite-category-ads-all",
"server": "block"
},
{
"rule_set": [
"geosite-gfw"
],
"server": "google"
}
],
"final": "alidns",
"disable_cache": true,
"strategy": "prefer_ipv4"
},dns这里包含了3部分,定义dns服务器,dns的规则以及一些其他参数。其中servers里定义了3个服务器,分别是google,alidns和block(默认)。每一个的解释如下:
{
"tag": "google", #dns服务器的名字,用于其他地方调用这个服务器
"address": "tls://dns.google", #服务器的地址,这里采用的是tls协议
"address_resolver": "alidns", #由于服务器地址里设置的是域名而非IP地址,所以对于这个域名也需要进行解析,这里指定用什么服务器进行解析,这里指定的是alidns
"detour": "site" #dns解析请求通过哪个出站节点出去,这里指定从site出站节点
}, {
"tag": "alidns", #dns服务器名字。google dns服务器名字的解析就是调用的这个
"address": "223.5.5.5", #服务器的地址
"detour": "direct" #dns解析请求通过哪个出站节点出去,这里指定直接出去,不走任何VPN节点
},rules定义了进行dns解析的规则,满足什么条件用什么dns进行解析。
"rules": [
{
"rule_set": "geosite-category-ads-all", #指定规则geosite-category-ads-all(广告网站)
"server": "block" #指定满足规则的域名用什么dns服务器进行解析,这里指定用block解析,也就是屏蔽
},
{
"rule_set": [ #指定这条规则使用的是规则集
"geosite-gfw" #规则集geosite-gfw,即gfw屏蔽的域名
],
"server": "google" #指定满足规则的域名用什么dns服务器进行解析,这里指定用google来解析
}
],最后是dns这部分的一些其他设置:
"final": "alidns", #指定默认用什么dns服务器进行解析,也就是没有匹配到任何dns规则的域名用什么服务器解析,这里设定的是alidns
"disable_cache": true, #是否缓存dns解析记录,根据需要自行设置
"strategy": "prefer_ipv4" #域名解析策略,指定域名解析是IPv4优先(prefer_ipv4),IPv6优先(prefer_ipv6),只解析IPv4(ipv4_only),只解析IPv6(ipv4_only)inbounds
"inbounds": [
{
"type": "tun", #定义入站类型,这里定义的是tun
"address": [ #定义tun端口的ip地址及掩码
"172.20.0.1/30"
],
"auto_route": true, #定义是否自动添加路由,tun模式推荐设置true,sing-box自动帮你添加路由,除非很熟悉路由及添加方式否则推荐设置true
"sniff": true #定义是否嗅探流量,选择true。
}
],inbounds定义了sing-box可以接收的数据入站的类型,这里只定义了tun模式,还可以定于多种方式,具体可参考sing-box网站。这里的客户端例子之所以选择tun是因为配置相对简单,实现也比较容易,不会再配置nftables/iptables,而且tun模式在客户端也是实现客户端流量获取最全的方法。客户端还有TProxy,Redirect,不过还是推荐tun。
outbounds
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "hysteria2",
"tag": "site",
"server": "site.abc.com",
"server_port": 16060,
"password": "yourpassWD",
"tls": {
"enabled": true
}
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],outbounds定义了sing-box发出流量的类型,可以采用哪些协议发出流量。这个例子里outbounds定义了hysteria2、direct(直接转发流量)、block(阻断流量)、dns(处理dns流量)。后3个都比较简单,是默认的一些出站,也就是定义类型(type)及名字(tag),hysteria2解释如下:
{
"type": "hysteria2", #定义类型是hysteria2
"tag": "site", #定义这个出站的名字,会被其他地方调用
"server": "site.abc.com", #这个出站的服务器地址
"server_port": 16060, #服务器端口
"password": "yourpassWD", #密码
"tls": { #tls配置
"enabled": true #启用tls
}
},不同的出入站具体的参数不尽相同,具体可以参考sing-box网站各个协议的详细说明。
route
route是负责路由的,决定什么类型的流量怎么处理,从哪个outbound出去,以及一些规则集。route包含3部分:规则(rules),规则集(rule-set),一些其他参数。
"rules": [
{
"protocol": "dns", #指定协议,这里指定的是dns协议
"outbound": "dns-out" #满足协议的流量从dns-out出去
},
{
"rule_set": [ #指定规则集
"geoip-cn" #指定geoip-cn,即cn的ip地址集合
],
"outbound": "direct" #满足条件的流量从direct出去,即直接转发
},
{
"rule_set": [ #指定规则集
"geosite-gfw" #指定geosite-gfw,即gfw屏蔽的网站
],
"outbound": "site" #满足条件的流量从sitet出去,即通过outbounds的site节点转发
},
{
"rule_set": "geosite-category-ads-all", #指定规则集合,这里是广告网站
"outbound": "block" #满足条件的流量从block转发,即阻止
}
], "rule_set": [ #定义规则集合
{
"tag": "geoip-cn", #规则集合的名字,便于其他地方调用
"type": "remote", #获取方式,从远端获取
"format": "binary", #格式为二进制文件
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs", #规则集合的url
"download_detour": "site" #从哪个节点获取规则文件,这里是从site节点
},
{
"tag": "geosite-gfw",
"type": "remote",
"format": "binary",
"url": "https://github.com/MetaCubeX/meta-rules-dat/raw/refs/heads/sing/geo/geosite/gfw.srs",
"download_detour": "site"
},
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads-all.srs",
"download_detour": "site"
}
],其他部分的说明:
"final": "direct", #规则都不匹配时流量最后的转发节点,这里是直接转发
"auto_detect_interface": true #自动侦测端口,当入站使用tun模式时为避免出现环路需要设置成true服务器端config配置
服务器端的配置相对客户端还更加简单,config.json配置文件如下(server config.json / Сервер config.json):
{
"log": { #log部分可以不要,但作为服务器推荐还是保留日志
"disabled": false,
"level": "error",
"output": "./log",
"timestamp": true
},
"inbounds": [ #server的inbounds是为客户端提供服务的,接收客户端发送过来的数据
{
"type": "hysteria2", #协议类型为hysteria2
"tag": "hy2-in", #这个入站的名字
"listen": "::", #侦听地址
"listen_port": 16060, #侦听端口
"users": [ #用户密码
{
"password": "yourpassWD"
}
],
"tls": { #tls配置
"enabled": true,
"alpn": [
"h3"
],
"certificate_path": "../cert/cert.pem", #证书
"key_path": "../cert/private.key"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
],
"route": {
"rules": [
{
"ip_is_private": true, #私网地址block
"outbound": "block"
},
{
"rule_set": [
"geoip-cn", #目的IP为CN
"geosite-category-ads-all" #目的网站为广告网站
],
"outbound": "block" #阻塞
}
],
"rule_set": [ #规则集
{
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
"download_detour": "direct"
},
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads-all.srs",
"download_detour": "direct"
}
],
"final": "direct" #未匹配的规则默认以direct转发流量
}
}
sing-box支持的协议比较多,大家可以根据需要自行在inbounds和outbounds添加,注意服务器端和客户端协议的对应关系。使用上述config.json就可以完成服务器端和客户端sing-box的配置,辅助性质的参数可参照sing-box网站说明并结合需要自行添加。
看视频的时候可明白了。自己写就完犊子了。。。
可以给一份v1.11.0+ 的客户端配置文件吗?
其实,主要是自己根据需要改的时候就完犊子了。。。
博主:是否要添加ip转发?
sudo nano /etc/sysctl.conf
# 取消注释或添加
net.ipv4.ip_forward=1
不需要添加
请问是否需要添加IP转发设置?
看了视频照搓,singbox运行不起来
看看日志,或者前台方式运行,能实时看到运行log。注意命令要和版本匹配,1.11, 1.12命令变化的地方还是比较多。这篇文章是以1.10来写的。
你在视频里讲得好详细,从视频过来先收藏了
{
“log”: {
“disabled”: false,
“level”: “info”,
“timestamp”: true
},
“experimental”: {
“cache_file”: {
“enabled”: true,
“path”: “/var/cache/sing-box/cache.db”,
“store_fakeip”: true
}
},
“dns”: {
“servers”: [
{
“tag”: “dns223-1”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc1”
},
{
“tag”: “dns223-2”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc2”
},
{
“tag”: “dns223-3”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc3”
},
{
“tag”: “dns223-4”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc4”
},
{
“tag”: “dns223-5”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc5”
},
{
“tag”: “dns223-6”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc6”
},
{
“tag”: “dns223-7”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc7”
},
{
“tag”: “dns223-8”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc8”
},
{
“tag”: “dns223-9”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “1-pc9”
},
{
“tag”: “dns223-10”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc1”
},
{
“tag”: “dns223-11”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc2”
},
{
“tag”: “dns223-12”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc3”
},
{
“tag”: “dns223-13”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc4”
},
{
“tag”: “dns223-14”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc5”
},
{
“tag”: “dns223-15”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc6”
},
{
“tag”: “dns223-16”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc7”
},
{
“tag”: “dns223-17”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc8”
},
{
“tag”: “dns223-18”,
“type”: “tcp”,
“server”: “223.5.5.5”,
“detour”: “2-pc9”
},
{
“tag”: “zhi-lian”,
“type”: “udp”,
“server”: “223.5.5.5”
}
],
“final”: “zhi-lian”,
“strategy”: “ipv4_only”
},
“outbounds”: [
{
“type”: “socks”,
“tag”: “1-pc1”,
“server”: “16.52.97.224”,
“server_port”: 1011,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc2”,
“server”: “19.29.176.122”,
“server_port”: 1012,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc3”,
“server”: “43.18.254.70”,
“server_port”: 1013,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc4”,
“server”: “193.12.62.125”,
“server_port”: 1014,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc5”,
“server”: “43.18.168.237”,
“server_port”: 1015,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc6”,
“server”: “175.18.215.221”,
“server_port”: 1016,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc7”,
“server”: “43.18.138.66”,
“server_port”: 1017,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc8”,
“server”: “15.178.66.59”,
“server_port”: 1018,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “1-pc9”,
“server”: “15.178.13.166”,
“server_port”: 1019,
“username”: “wang”,
“password”: “wxh5201314”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc1”,
“server”: “182.24.7.119”,
“server_port”: 9104,
“username”: “aeMT78605934”,
“password”: “5678”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc2”,
“server”: “16.60.12.79”,
“server_port”: 9136,
“username”: “hmoqW1605979”,
“password”: “0178”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc3”,
“server”: “171.21.2.207”,
“server_port”: 9105,
“username”: “bdlHJ8605947”,
“password”: “1256”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc4”,
“server”: “106.63.10.16”,
“server_port”: 9103,
“username”: “aksHP9605918”,
“password”: “0256”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc5”,
“server”: “113.250.186.19”,
“server_port”: 9106,
“username”: “gowzS3605945”,
“password”: “1367”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc6”,
“server”: “114.107.39.191”,
“server_port”: 9136,
“username”: “bckJTX605968”,
“password”: “0268”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc7”,
“server”: “14.96.99.140”,
“server_port”: 9141,
“username”: “iptIQT605901”,
“password”: “2349”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc8”,
“server”: “12.40.96.109”,
“server_port”: 9118,
“username”: “jCGP78605923”,
“password”: “0138”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“type”: “socks”,
“tag”: “2-pc9”,
“server”: “13.56.253.83”,
“server_port”: 9101,
“username”: “goHIMX605949”,
“password”: “1347”,
“domain_resolver”: {
“server”: “zhi-lian”,
“strategy”: “ipv4_only”
}
},
{
“tag”: “zhilian”,
“type”: “direct”
}
],
“inbounds”: [
{
“tag”: “tun-in”,
“type”: “tun”,
“address”: [
“172.19.0.1/30”,
“fdfe:dcba:9876::1/126”
],
“mtu”: 9000,
“auto_route”: true,
“auto_redirect”: true,
“strict_route”: true
}
],
“route”: {
“rules”: [
{
“action”: “sniff”,
“sniffer”: [
“http”,
“tls”,
“quic”,
“dns”
]
},
{
“type”: “logical”,
“mode”: “or”,
“rules”: [
{
“port”: 53
},
{
“protocol”: “dns”
}
],
“action”: “hijack-dns”
},
{
“source_ip_cidr”: [
“172.16.1.0/24”
],
“outbound”: “1-pc1”
},
{
“source_ip_cidr”: [
“172.16.2.0/24”
],
“outbound”: “1-pc2”
},
{
“source_ip_cidr”: [
“172.16.3.0/24”
],
“outbound”: “1-pc3”
},
{
“source_ip_cidr”: [
“172.16.4.0/24”
],
“outbound”: “1-pc4”
},
{
“source_ip_cidr”: [
“172.16.5.0/24”
],
“outbound”: “1-pc5”
},
{
“source_ip_cidr”: [
“172.16.6.0/24”
],
“outbound”: “1-pc6”
},
{
“source_ip_cidr”: [
“172.16.7.0/24”
],
“outbound”: “1-pc7”
},
{
“source_ip_cidr”: [
“172.16.8.0/24”
],
“outbound”: “1-pc8”
},
{
“source_ip_cidr”: [
“172.16.9.0/24”
],
“outbound”: “1-pc9”
},
{
“source_ip_cidr”: [
“172.16.10.0/24”
],
“outbound”: “2-pc1”
},
{
“source_ip_cidr”: [
“172.16.11.0/24”
],
“outbound”: “2-pc2”
},
{
“source_ip_cidr”: [
“172.16.12.0/24”
],
“outbound”: “2-pc3”
},
{
“source_ip_cidr”: [
“172.16.13.0/24”
],
“outbound”: “2-pc4”
},
{
“source_ip_cidr”: [
“172.16.14.0/24”
],
“outbound”: “2-pc5”
},
{
“source_ip_cidr”: [
“172.16.15.0/24”
],
“outbound”: “2-pc6”
},
{
“source_ip_cidr”: [
“172.16.16.0/24”
],
“outbound”: “2-pc7”
},
{
“source_ip_cidr”: [
“172.16.17.0/24”
],
“outbound”: “2-pc8”
},
{
“source_ip_cidr”: [
“172.16.18.0/24”
],
“outbound”: “2-pc9”
}
],
“final”: “zhilian”,
“auto_detect_interface”: true,
“default_domain_resolver”: {
“server”: “zhi-lian”
}
}
}
哥 请您帮忙看看我手搓的配置文件有哪些优化或者错误的地方呀? 我的用途是自己的游戏工作室需要分流单机单IP,DNS也各自走各自的线路,不要出现互联的情况,socks5线路出问题了不要走别的socks5线路也不要回归到本地来直接断网,我现在的配置可以运行起来了分流也成功了 就怕自己懂得不是很多配置里面有一些我不知道的点造成了IP互联的状况,我的情况是要非常严格的禁止IP互相串连的,socks线路出问题了就直接断网 感谢哥的批阅及指点