#Youtube
https://youtu.be/vGrzRFCFyoE
#安装必要组件
apt install -y curl sudo
#安装sing-box
bash <(curl -fsSL https://sing-box.app/deb-install.sh)
#卸载sing-box
systemctl disable --now sing-box && rm -f /usr/local/bin/sing-box /root/sing-box_config.json /etc/systemd/system/sing-box.service
#重启并查看服务状态
systemctl restart sing-box && systemctl status sing-box
#启用sing-box服务(视频中可能漏掉了这一步,如果上一步出错了,就操作下这一步)
systemctl enable sing-box
#配置文件路径
/etc/sing-box/config.json
#安装acme
apt install socat cron -y && curl https://get.acme.sh | sh && ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh && ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
#切换CA
acme.sh --set-default-ca --server letsencrypt
#申请证书
acme.sh --issue -d re.5677788.xyz -d na.5677788.xyz -d hy.5677788.xyz --standalone
#安装证书
acme.sh --install-cert -d re.5677788.xyz --ecc \ --key-file /etc/ssl/private/private.key \ --fullchain-file /etc/ssl/private/fullchain.cer
#naive配置文件
{
"inbounds": [
{
"type": "naive",
"listen": "::",
"listen_port": 443,
"users": [
{
"username": "",
"password": ""
}
],
"tls": {
"enabled": true,
"certificate_path": "/etc/ssl/private/fullchain.cer",
"key_path": "/etc/ssl/private/private.key"
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
#naive core下载地址
https://github.com/klzgrad/naiveproxy/releases
#naive核心保存目录
\your-path-to-v2rayN\bin\naiveproxy
#naive-v2rayN配置文件
{
"listen": "socks://127.0.0.1:1080",
"proxy": "https://user:[email protected]"
}
#reality配置文件
{
"inbounds": [
{
"type": "vless",
"listen": "::",
"listen_port": 443,
"users": [
{
"uuid": "", // 执行 sing-box generate uuid 生成
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "", // 不支持 * 通配符
"reality": {
"enabled": true,
"handshake": {
"server": "", // 要求网站支持 TLS 1.3、X25519 与 H2,域名非跳转用
"server_port": 443
},
"private_key": "", // 执行 sing-box generate reality-keypair 生成
"short_id": [ // 0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 sing-box generate rand 8 --hex 生成
""
]
}
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
#reality (偷自己)配置文件
{
"inbounds": [
{
"type": "vless",
"listen": "::",
"listen_port": 443,
"users": [
{
"uuid": "", // 执行 sing-box generate uuid 生成
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "yourdomain.com", // 与 Nginx 配置中的 server_name 一致
"reality": {
"enabled": true,
"handshake": {
"server": "127.0.0.1",
"server_port": 8001
},
"private_key": "", // 执行 sing-box generate reality-keypair 生成
"short_id": [ // 0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 sing-box generate rand 8 --hex 生成
""
]
}
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
#安装nginx
apt install -y nginx
#重启nginx
systemctl daemon-reload && systemctl enable nginx.service
#nginx配置文件路径
/etc/nginx/
#nginx配置文件
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
map $proxy_protocol_addr $proxy_forwarded_elem {
~^[0-9.]+$ "for=$proxy_protocol_addr";
~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
default "for=unknown";
}
map $http_forwarded $proxy_add_forwarded {
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
default "$proxy_forwarded_elem";
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:8001 ssl http2;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
# 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔
server_name yourdomain.com;
ssl_certificate /etc/ssl/private/fullchain.cer;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 valid=60s;
resolver_timeout 2s;
# 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成
location / {
sub_filter $proxy_host $host;
sub_filter_once off;
set $website www.lovelive-anime.jp;
proxy_pass https://$website;
resolver 1.1.1.1;
proxy_set_header Host $proxy_host;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}
#检查nginx配置文件
nginx -t
#重启并查看nginx状态
systemctl restart nginx && systemctl status nginx
#hysteria2配置文件
{
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 443,
"up_mbps": 100,
"down_mbps": 20,
"users": [
{
"password": ""
}
],
"tls": {
"enabled": true,
"alpn": [
"h3"
],
"certificate_path": "/etc/ssl/private/fullchain.cer",
"key_path": "/etc/ssl/private/private.key"
}
}
],
"outbounds": [
{
"type": "direct"
}
]
}
#其他sing-box服务管理
启用 systemctl enable sing-box
禁用 systemctl disable sing-box
启动 systemctl start sing-box
停止 systemctl stop sing-box
重启 systemctl restart sing-box
状态 systemctl status sing-box
强行停止 systemctl kill sing-box
重新启动 sudo systemctl restart sing-box
查看日志 journalctl -u sing-box –output cat -e
实时日志 journalctl -u sing-box –output cat -f
相关导航
暂无评论...