欢迎光临
我们一直在努力

sing-box中转方式(端口转发、二级代理、链式代理)

最近买了点DMM的片,想着随便搞个梯子就能看了吧,然后就买了台某日本VPS,结果发现这台VPS的IP不太行,能访问DMM但解不了DMM TV,播放的时候弹个这个玩意出来:

我也是醉了,不过好在这台VPS的线路很不错,所以我后面又特地花钱买了台落地鸡,这个落地鸡它真的名副其实,真就只能拿来落地,电信NTT日常BOOM。。然后我现在搭梯子清一色全部用的sing-box(以下简称sb),中转的方法是很多,工具也很多,但是想着我还真没有用过sb来中转,我就想折腾一下了,就有了下面的记录。。

我研究了一会儿,发现sb可以用多种方式来达到中转或者说解锁的目的,我分别记录一下。

首先在两台VPS上面安装sb,我两台VPS都是Debian12,直接用官方的这个一键脚本就可以安装了:

bash <(curl -fsSL https://sing-box.app/deb-install.sh)

更多安装方式:https://sing-box.sagernet.org/installation/package-manager/

假设VPS1是中转鸡,VPS2是落地鸡。先在落地鸡上搭建一个节点:

nano /etc/sing-box/config.json

我的配置如下:

{
  "log": {
    "level": "info"
  },
  "dns": {
    "servers": [
      {
        "address": "tls://8.8.8.8",
        "strategy": "ipv4_only"
      }
    ]
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "vless-in",
      "listen": "0.0.0.0",
      "listen_port": 443,
      "sniff": true,
      "users": [
        {
          "name": "imlala",
          "uuid": "87599169-0bc7-4fae-b730-f6d109db4614", // sing-box generate uuid
          "flow": "xtls-rprx-vision"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "www.python.org",
            "server_port": 443
          },
          "private_key": "SKvL0iVINPOi5EtxRzx2qG4Nyy00CC0iPqqyPWut214", // sing-box generate reality-keypair
          "short_id": [
            "64d7038842bbc9cc" // sing-box generate rand --hex 8
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ]
  }
}

启动:

systemctl enable --now sing-box

端口转发就是所有流量都经过落地鸡,如果落地鸡的流量足够用,这种方式简单粗暴。

在中转鸡上编辑sb的配置文件:

nano /etc/sing-box/config.json

写入如下配置:

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "direct",
      "tag": "direct-in",
      "listen": "0.0.0.0",
      "listen_port": 61000,
      "override_address": "落地鸡的公网IP",
      "override_port": 443
    }
  ]
}

启动:

systemctl enable --now sing-box

客户端配置:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://dns.google",
        "address_resolver": "resolver",
        "strategy": "ipv4_only",
        "detour": "fwd"
      },
      {
        "tag": "tencent",
        "address": "tls://dot.pub",
        "address_resolver": "resolver",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "resolver",
        "address": "223.5.5.5",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "deniend",
        "address": "rcode://refused"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "tencent"
      },
      {
        "rule_set": "geosite-geolocation-cn",
        "server": "tencent"
      }
    ],
    "final": "google"
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "tun0",
      "inet4_address": "172.16.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "mixed",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "fwd",
      "server": "中转鸡的公网IP",
      "server_port": 61000,
      "uuid": "87599169-0bc7-4fae-b730-f6d109db4614",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
         },
        "reality": {
          "enabled": true,
          "public_key": "guBvyGCyqglGWWQ1bQ5vXXy78YlshWb0aYX6-uAwEDk",
          "short_id": "64d7038842bbc9cc"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "rule_set": [
          "geoip-cn",
          "geosite-geolocation-cn"
        ],
        "outbound": "direct"
      }
    ],
    "rule_set": [
      {
        "type": "remote",
        "tag": "geoip-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
        "download_detour": "fwd",
        "update_interval": "7d"
      },
      {
        "type": "remote",
        "tag": "geosite-geolocation-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
        "download_detour": "fwd",
        "update_interval": "7d"
      }
    ],
    "final": "fwd",
    "auto_detect_interface": true
  }
}

这种方式其实就相当于是按规则进行分流,适用于落地鸡流量不够用的情况,或者你想精确控制流量的走向。

大概的步骤是:在中转鸡上搭一个节点,同时写好分流规则,客户端连接中转鸡的节点,只有命中规则的流量走落地鸡,其余的都走中转鸡。

在中转鸡上编辑sb的配置文件:

nano /etc/sing-box/config.json

写入如下配置:

{
  "log": {
    "level": "info"
  },
  "dns": {
    "servers": [
      {
        "address": "tls://8.8.8.8",
        "strategy": "ipv4_only"
      }
    ]
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "vless-in",
      "listen": "0.0.0.0",
      "listen_port": 443,
      "sniff": true,
      "users": [
        {
          "name": "imlala",
          "uuid": "f6bb53c9-7afe-46a0-9fff-d770d2aec0f2",
          "flow": "xtls-rprx-vision"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "www.python.org",
            "server_port": 443
          },
          "private_key": "OLXR9twjmwlhwyiiNwne9ghFJ0YyXHP4xYGUfo0wWUA",
          "short_id": [
            "00b9f5bf53744433"
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    },
    {
      "type": "vless",
      "tag": "unlock-out",
      "server": "落地鸡的公网IP",
      "server_port": 443,
      "uuid": "87599169-0bc7-4fae-b730-f6d109db4614",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
         },
        "reality": {
          "enabled": true,
          "public_key": "guBvyGCyqglGWWQ1bQ5vXXy78YlshWb0aYX6-uAwEDk",
          "short_id": "64d7038842bbc9cc"
        }
      }
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "rule_set": [
          "geosite-dmm",
          "geosite-dmm-porn",
          "geosite-abema",
          "geosite-reddit"
        ],
        "outbound": "unlock-out"
      }
    ],
    "rule_set": [
      {
        "type": "remote",
        "tag": "geosite-dmm",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-dmm.srs",
        "download_detour": "direct",
        "update_interval": "7d"
      },
      {
        "type": "remote",
        "tag": "geosite-dmm-porn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-dmm-porn.srs",
        "download_detour": "direct",
        "update_interval": "7d"
      },
      {
        "type": "remote",
        "tag": "geosite-abema",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-abema.srs",
        "download_detour": "direct",
        "update_interval": "7d"
      },
      {
        "type": "remote",
        "tag": "geosite-reddit",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-reddit.srs",
        "download_detour": "direct",
        "update_interval": "7d"
      }
    ]
  }
}

启动:

systemctl enable --now sing-box

客户端配置:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://dns.google",
        "address_resolver": "resolver",
        "strategy": "ipv4_only",
        "detour": "fwd"
      },
      {
        "tag": "tencent",
        "address": "tls://dot.pub",
        "address_resolver": "resolver",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "resolver",
        "address": "223.5.5.5",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "deniend",
        "address": "rcode://refused"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "tencent"
      },
      {
        "rule_set": "geosite-geolocation-cn",
        "server": "tencent"
      }
    ],
    "final": "google"
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "tun0",
      "inet4_address": "172.16.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "mixed",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "fwd",
      "server": "中转鸡的公网IP",
      "server_port": 443,
      "uuid": "f6bb53c9-7afe-46a0-9fff-d770d2aec0f2",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
         },
        "reality": {
          "enabled": true,
          "public_key": "yD6TNRviqs_P3h6S7U12ObAGBd9NLgxY7rXfHP4g10U",
          "short_id": "00b9f5bf53744433"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "rule_set": [
          "geoip-cn",
          "geosite-geolocation-cn"
        ],
        "outbound": "direct"
      }
    ],
    "rule_set": [
      {
        "type": "remote",
        "tag": "geoip-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
        "download_detour": "fwd",
        "update_interval": "7d"
      },
      {
        "type": "remote",
        "tag": "geosite-geolocation-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
        "download_detour": "fwd",
        "update_interval": "7d"
      }
    ],
    "final": "fwd",
    "auto_detect_interface": true
  }
}

像端口转发、二级代理都需要在服务端进行配置,如果你没有这台服务器的控制权,自然就无法使用上述两种方式进行中转。

而链式代理不需要对服务端的配置进行修改,所以非常适合那些没有服务器访问权限的用户使用,比如你买了一个机场,但是机场肯定只会给你节点连接信息,不会把节点服务器的SSH登录信息也给你,但现在通过链式代理,你可以把自建的节点与机场的节点进行整合,这样就可以实现用机场来中转你的自建节点,反之亦然。

另外链式代理配置起来也相当简单,在sb中主要依靠detour这个字段。前提条件是中转鸡与落地鸡都同时搭建了一个节点。节点的配置可以参考本文上述的内容。

客户端配置:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://dns.google",
        "address_resolver": "resolver",
        "strategy": "ipv4_only",
        "detour": "select"
      },
      {
        "tag": "tencent",
        "address": "tls://dot.pub",
        "address_resolver": "resolver",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "resolver",
        "address": "223.5.5.5",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "deniend",
        "address": "rcode://refused"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "tencent"
      },
      {
        "clash_mode": "direct",
        "server": "tencent"
      },
      {
        "clash_mode": "global",
        "server": "google"
      },
      {
        "rule_set": "geosite-geolocation-cn",
        "server": "tencent"
      }
    ],
    "final": "google"
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "tun0",
      "inet4_address": "172.16.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "mixed",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "selector",
      "tag": "select",
      "outbounds": [
        "korean",
        "us",
        "fwd",
        "unlock",
        "auto"
      ],
      "default": "us",
      "interrupt_exist_connections": true
    },
    {
      "type": "hysteria2",
      "tag": "korean",
      "server": "hidden",
      "server_port": 8080,
      "up_mbps": 30,
      "down_mbps": 300,
      "password": "hidden",
      "tls": {
        "enabled": true,
        "server_name": "hidden"
      }
    },
    {
      "type": "vless",
      "tag": "us",
      "server": "hidden",
      "server_port": 443,
      "uuid": "hidden",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
         },
        "reality": {
          "enabled": true,
          "public_key": "hidden",
          "short_id": "hidden"
        }
      }
    },
    {
      "type": "vless",
      "tag": "fwd",
      "server": "中转鸡的公网IP",
      "server_port": 443,
      "uuid": "f6bb53c9-7afe-46a0-9fff-d770d2aec0f2",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
         },
        "reality": {
          "enabled": true,
          "public_key": "yD6TNRviqs_P3h6S7U12ObAGBd9NLgxY7rXfHP4g10U",
          "short_id": "00b9f5bf53744433"
        }
      }
    },
    {
      "type": "vless",
      "tag": "unlock",
      "server": "落地鸡的公网IP",
      "server_port": 443,
      "uuid": "87599169-0bc7-4fae-b730-f6d109db4614",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.python.org",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
         },
        "reality": {
          "enabled": true,
          "public_key": "guBvyGCyqglGWWQ1bQ5vXXy78YlshWb0aYX6-uAwEDk",
          "short_id": "64d7038842bbc9cc"
        }
      },
      "detour": "fwd"
    },
    {
      "type": "urltest",
      "tag": "auto",
      "outbounds": [
        "korean",
        "us",
        "fwd",
        "unlock"
      ],
      "url": "https://www.gstatic.com/generate_204",
      "interval": "10m",
      "interrupt_exist_connections": true
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "clash_mode": "direct",
        "outbound": "direct"
      },
      {
        "clash_mode": "global",
        "outbound": "select"
      },
      {
        "rule_set": [
          "geoip-cn",
          "geosite-geolocation-cn"
        ],
        "outbound": "direct"
      }
    ],
    "rule_set": [
      {
        "type": "remote",
        "tag": "geoip-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
        "download_detour": "select",
        "update_interval": "7d"
      },
      {
        "type": "remote",
        "tag": "geosite-geolocation-cn",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
        "download_detour": "select",
        "update_interval": "7d"
      }
    ],
    "final": "select",
    "auto_detect_interface": true
  },
  "experimental": {
    "cache_file": {
      "enabled": true
    },
    "clash_api": {
      "external_controller": "127.0.0.1:9090",
      "external_ui": "ui",
      "external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip",
      "external_ui_download_detour": "select",
      "default_mode": "rule"
    }
  }
}

在上面的这个配置中,tag为fwd的是中转鸡,tag为unlock的是落地鸡,我在tag为unlock的落地鸡配置了一个detour,指定上游出站为fwd。这样配置之后,在yacd的webui上选择tag为unlock的节点即可。

另外提一嘴,如果只是单纯的想解锁某些东西,还有一个DNS分流,也可以使用sb来实现。这里先不介绍了。。。

我只能说有点让我上头的是,今天我又测了下这个中转鸡,它竟然又能解DMM TV了,它真的,我哭死,我折腾了半天就是为了让它能够解锁,结果它现在自己能解了!

赞(0)
未经允许不得转载:拆东墙 » sing-box中转方式(端口转发、二级代理、链式代理)

评论 抢沙发

登录

找回密码

注册