JollyRoger JollyRoger
Sing-box一把梭 | Naive Reality Hysteria2 抗封锁协议搭建
手搓搭建

Sing-box一把梭 | Naive Reality Hysteria2 抗封锁协议搭建

Sing-box

标签:
手机查看

#Youtube

https://youtu.be/vGrzRFCFyoE

#安装必要组件

apt install -y curl sudo

#安装sing-box

bash <(curl -fsSL https://sing-box.app/deb-install.sh)

#卸载sing-box

systemctl disable --now sing-box && rm -f /usr/local/bin/sing-box /root/sing-box_config.json /etc/systemd/system/sing-box.service

#重启并查看服务状态

systemctl restart sing-box && systemctl status sing-box

#启用sing-box服务(视频中可能漏掉了这一步,如果上一步出错了,就操作下这一步)

systemctl enable sing-box

#配置文件路径
/etc/sing-box/config.json

#安装acme

apt install socat cron -y && curl https://get.acme.sh | sh && ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh && ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh

#切换CA

acme.sh --set-default-ca --server letsencrypt

#申请证书

acme.sh --issue -d re.5677788.xyz -d na.5677788.xyz -d hy.5677788.xyz --standalone

#安装证书

acme.sh --install-cert -d re.5677788.xyz --ecc \
--key-file       /etc/ssl/private/private.key  \
--fullchain-file /etc/ssl/private/fullchain.cer

#naive配置文件

{
    "inbounds": [
        {
            "type": "naive",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "username": "",
                    "password": ""
                }
            ],
            "tls": {
                "enabled": true,
                "certificate_path": "/etc/ssl/private/fullchain.cer",
                "key_path": "/etc/ssl/private/private.key"
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

 

#naive core下载地址
https://github.com/klzgrad/naiveproxy/releases

#naive核心保存目录
\your-path-to-v2rayN\bin\naiveproxy

#naive-v2rayN配置文件

{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://user:[email protected]"
}

#reality配置文件

{
    "inbounds": [
        {
            "type": "vless",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "uuid": "", // 执行 sing-box generate uuid 生成
                    "flow": "xtls-rprx-vision"
                }
            ],
            "tls": {
                "enabled": true,
                "server_name": "", // 不支持 * 通配符
                "reality": {
                    "enabled": true,
                    "handshake": {
                        "server": "", // 要求网站支持 TLS 1.3、X25519 与 H2,域名非跳转用
                        "server_port": 443
                    },
                    "private_key": "", // 执行 sing-box generate reality-keypair 生成
                    "short_id": [ // 0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 sing-box generate rand 8 --hex 生成
                        ""
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

#reality (偷自己)配置文件

{
    "inbounds": [
        {
            "type": "vless",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "uuid": "", // 执行 sing-box generate uuid 生成
                    "flow": "xtls-rprx-vision"
                }
            ],
            "tls": {
                "enabled": true,
                "server_name": "yourdomain.com", // 与 Nginx 配置中的 server_name 一致
                "reality": {
                    "enabled": true,
                    "handshake": {
                        "server": "127.0.0.1",
                        "server_port": 8001
                    },
                    "private_key": "", // 执行 sing-box generate reality-keypair 生成
                    "short_id": [ // 0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 sing-box generate rand 8 --hex 生成
                        ""
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

 

#安装nginx
apt install -y nginx

#重启nginx
systemctl daemon-reload && systemctl enable nginx.service

#nginx配置文件路径
/etc/nginx/

#nginx配置文件

user root;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
    access_log /var/log/nginx/access.log main;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ""      close;
    }

    map $proxy_protocol_addr $proxy_forwarded_elem {
        ~^[0-9.]+$        "for=$proxy_protocol_addr";
        ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
        default           "for=unknown";
    }

    map $http_forwarded $proxy_add_forwarded {
        "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
        default "$proxy_forwarded_elem";
    }

    server {
        listen 80;
        listen [::]:80;
        return 301 https://$host$request_uri;
    }

    server {
        listen                     127.0.0.1:8001 ssl http2;

        set_real_ip_from           127.0.0.1;
        real_ip_header             proxy_protocol;

# 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔
        server_name                yourdomain.com;

        ssl_certificate            /etc/ssl/private/fullchain.cer;
        ssl_certificate_key        /etc/ssl/private/private.key;

        ssl_protocols              TLSv1.2 TLSv1.3;
        ssl_ciphers                TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
        ssl_prefer_server_ciphers  on;

        ssl_stapling               on;
        ssl_stapling_verify        on;
        resolver                   1.1.1.1 valid=60s;
        resolver_timeout           2s;

# 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成
        location / {
            sub_filter                            $proxy_host $host;
            sub_filter_once                       off;

            set $website                          www.lovelive-anime.jp;
            proxy_pass                            https://$website;
            resolver                              1.1.1.1;

            proxy_set_header Host                 $proxy_host;

            proxy_http_version                    1.1;
            proxy_cache_bypass                    $http_upgrade;

            proxy_ssl_server_name                 on;

            proxy_set_header Upgrade              $http_upgrade;
            proxy_set_header Connection           $connection_upgrade;
            proxy_set_header X-Real-IP            $proxy_protocol_addr;
            proxy_set_header Forwarded            $proxy_add_forwarded;
            proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto    $scheme;
            proxy_set_header X-Forwarded-Host     $host;
            proxy_set_header X-Forwarded-Port     $server_port;

            proxy_connect_timeout                 60s;
            proxy_send_timeout                    60s;
            proxy_read_timeout                    60s;
        }
    }
}

#检查nginx配置文件
nginx -t

#重启并查看nginx状态
systemctl restart nginx && systemctl status nginx

#hysteria2配置文件

{
    "inbounds": [
        {
            "type": "hysteria2",
            "listen": "::",
            "listen_port": 443,
            "up_mbps": 100,
            "down_mbps": 20,
            "users": [
                {
                    "password": ""
                }
            ],
            "tls": {
                "enabled": true,
                "alpn": [
                    "h3"
                ],
                "certificate_path": "/etc/ssl/private/fullchain.cer",
                "key_path": "/etc/ssl/private/private.key"
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

#其他sing-box服务管理
启用 systemctl enable sing-box
禁用 systemctl disable sing-box
启动 systemctl start sing-box
停止 systemctl stop sing-box
重启 systemctl restart sing-box
状态 systemctl status sing-box
强行停止 systemctl kill sing-box
重新启动 sudo systemctl restart sing-box
查看日志 journalctl -u sing-box –output cat -e
实时日志 journalctl -u sing-box –output cat -f

相关导航

手搓Reality 偷自己 | Caddy管理证书 最强抗封锁协议之一
手搓Reality 偷自己 | Caddy管理证书 最强抗封锁协议之一

Reality + Caddy
手搓Reality 不被偷跑流量 | 官方模板 Xray 最强抗封锁协议之一 无证书
手搓Reality 不被偷跑流量 | 官方模板 Xray 最强抗封锁协议之一 无证书

Reality
CDN
CDN

守护节点
XHTTP | Xray新传输 防封锁
XHTTP | Xray新传输 防封锁

Xray防封锁
Reality (无证书)
Reality (无证书)

无域名搭建
XHTTP手搓 第二部 | 简化版 无需证书 上下行分离 IPV4 IPV6 CDN
XHTTP手搓 第二部 | 简化版 无需证书 上下行分离 IPV4 IPV6 CDN

Reality + Xhttp

暂无评论

暂无评论...
Copyright © 2025 JollyRoger