Categories: Sing-box

GFW最怕的翻墙工具sing-box,搭建多用户共用的小机场-sing-box进阶教程

前言

随着SagerNet作者持续“发烧”升级Sing-box,它的功能变得更强大,性能更加稳定。官方教程配置更新存在滞后,导致低版本程序无法套用现有的官方json配置。从v1.1.6版本为断点,1.1.6版本的,version最大只支持到2,而小于1.1.6的版本,默认version只支持1。即使自行修改配置version=3,程序也会报错无法运行。所以,如果你正在学习Sing-box官方配置,请一定要使用它最新版本程序。本期分享新版核心配置通信流程,展示多用户配置设置和sing-box全局配置代码示例,及各项疑难解答,算是sing-box进阶教程,如果你是新手,请先看“Sing-box新手教程

sing-box配置原理及多用户共有配置示例

sing-box配置通信流程

通信按照以下两步骤执行:
1.先获取TLS握手:
{浏览器} <–(socks/tun)–> {Sing-box 客户端 inbound <-> Sing-box 客户端 outbound} <–(shadowtls)–> {Sing-box 服务器 inbound <–(验证用户密码)–> Sing-box 服务器} <–(handshake)–> {www.bing.com}
2.获取握手后,识别流量走代理:
{浏览器} <–(socks/tun)–> {Sing-box 客户端 inbound <-> Sing-box 客户端 outbound} <–(shadowsocks)–> {Sing-box 服务器 inbound <–(验证ss密码)–> Sing-box 服务器} <–(Freedom)–> {目标网站}

多用户共有配置示例

本文默认你有vps,并且已搭建升级好sing-box服务端,如果首次搭建sing-box服务端,请复制以下一键脚本安装。 

wget -N --no-check-certificate https://raw.githubusercontent.com/lanhebe/singbox-shadowtls/main/mps_Sing-box.sh && chmod +x mps_Sing-box.sh && bash mps_Sing-box.sh

以下用的是sing-box-1.2-beta10做的两人共用配置测试,如需增设用户数量,详见users突亮代码行依次增加。

如复制以下代码实验,请使用sing-box-1.2-beta10以上的高版本,否则启动会报错,无法运行。

用户sekai,hebe共用服务端配置示例

{
  "inbounds": [
    {
      "type": "shadowtls",
      "listen": "::",
      "listen_port": 443,
      "version": 3,
      "users": [
        {
          "name": "sekai",
          "password": "ypGGDagcyFKCf5TYJyH0fw=="
        },
        {
          "name": "hebe",
          "password": "1pGGDagcyFKCa8TYYyH0fw=="
        }
      ],
      "handshake": {
        "server": "www.ebay.com",
        "server_port": 443
      },
      "detour": "shadowsocks-in"
    },
    {
      "type": "shadowsocks",
      "tag": "shadowsocks-in",
      "listen": "127.0.0.1",
      "network": "tcp",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ=="
    }
  ]
}

sekai用户的http-sock客户端配置

{
  "inbounds": [
    {
      "type": "mixed",
      "listen_port": 1080,
      "sniff": true,
      "set_system_proxy": true
    }
  ],
  "outbounds": [
   {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "更改成自己IP",
      "server_port": 443,
      "version": 3,
      "password": "ypGGDagcyFKCf5TYJyH0fw==",
      "tls": {
        "enabled": true,
        "server_name": "www.ebay.com"
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }

    ]
  }
}

sekai用户的http-sock客户端全局配置示例

{
  "inbounds": [
    {
      "type": "mixed",
      "listen_port": 1080,
      "sniff": true,
      "set_system_proxy": true
    }
  ],
  "outbounds": [
   {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "更改成自己IP",
      "server_port": 443,
      "version": 3,
      "password": "ypGGDagcyFKCf5TYJyH0fw==",
      "tls": {
        "enabled": true,
        "server_name": "www.ebay.com"
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

sekai用户的Tun客户端配置示例

{
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "更改成自己IP",
      "server_port": 443,
      "password": "ypGGDagcyFKCf5TYJyH0fw==",
       "version": 3,
      "tls": {
        "enabled": true,
        "server_name": "www.ebay.com"
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
}

hebe用户的http-sock客户端配置示例

{
  "inbounds": [
    {
      "type": "mixed",
      "listen_port": 1080,
      "sniff": true,
      "set_system_proxy": true
    }
  ],
  "outbounds": [
   {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "更改成自己IP",
      "server_port": 443,
      "version": 3,
      "password": "1pGGDagcyFKCa8TYYyH0fw==",
      "tls": {
        "enabled": true,
        "server_name": "www.ebay.com"
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ],
  "route": {
    "rules": [
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }

    ]
  }
}

hebe用户的Tun客户端配置

{
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "更改成自己IP",
      "server_port": 443,
      "password": "1pGGDagcyFKCa8TYYyH0fw==",
       "version": 3,
      "tls": {
        "enabled": true,
        "server_name": "www.ebay.com"
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
}

hebe用户的Tun客户端全局配置示例

{
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "PAJdSIxI6tZdR0UqMtBaLQ==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "更改成自己IP",
      "server_port": 443,
      "password": "1pGGDagcyFKCa8TYYyH0fw==",
       "version": 3,
      "tls": {
        "enabled": true,
        "server_name": "www.ebay.com"
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
}

以下图示是全局代理检测IP的结果页面:

Sing-box图形客户端使用:

Sing-box图形客户端使用教程详见此处,此处略。

常见错误解决办法:

  1. bad timestamp: received

    原因:客户端系统时间不正确;解决办法:纠正客户端系统时间为正确北京时间即可。

  2. client hello verify failed: hmac mismatch

    原因:password错误或没有设置;解决办法:检查两端密码是否设置一致,或一方增加密码设置。

  3. 客户端启动sing-box,自动退出。
    原因:json配置与程序版本冲突;/json配置有误;解决办法:两端更新到最新版本再执行。

  4. 原因:设置的TLS握手服务器拒绝请求或设置域名不存在。解决办法:更改两端tls 有效server_name
  5. CS两端增加version:3配置参数,无法成功启动。
    原因:程序版本与配置不兼容。解决办法: v2.v3必须使用大于等于1.2-beta10版本以上Sing-box程序
如果你对sing-box搭建视频感兴趣,欢迎点击链接跳转观看!

如果本文对你非常有用!不妨点赞并转发,感谢支持!

Little yu

Leave a Comment
Share
Published by
Little yu
Tags: ShadowrocketShadowTLSsing-box
8月 ago

Recent Posts

一键脚本轻松搭建hysteria2,榨干宽带,2024主流翻墙技术,全平台客户端支持

前言 我曾在2022年分享过早…

3月 ago

分享sing-box的ShadowTLS协议应用超详细保姆教程,打破Shadowsocks被墙僵局

前言 sing-box可能是2…

1年 ago

如何在安卓苹果手机端应用Hysteria科学上网加速协议

前言 前期给大家分享了Hyst…

2年 ago

另类网络加速协议hysteria最简搭建教程:拯救弱鸡vps垃圾线路

前言 之前我曾分享过比BBR …

2年 ago

分享小火箭获取爬虫网站几千个免费节点的导入方法

前言 自从爬虫网站项目发布几期…

2年 ago

个性化增加区域限制访问功能的非域名爬虫网站(升级版)

前言 之前创建一键脚本安装专门…

2年 ago