V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
通过以下 Referral 链接购买 DigitalOcean 主机,你将可以帮助 V2EX 持续发展
DigitalOcean - SSD Cloud Servers
BigGodMan
V2EX  ›  VPS

搭建通过 cloudflare 代理的 sing-box 教程

  •  
  •   BigGodMan · 2023-02-08 11:08:36 +08:00 · 4238 次点击
    这是一个创建于 679 天前的主题,其中的信息可能已经有所发展或是发生改变。

    1 安装 nginx

    yum install epel-release -y
    yum install nginx -y
    yum install nginx-mod-stream -y
    

    2. 配置 nginx

    • 2.1 新建目录

      mkdir /etc/nginx/tcp.d
      
    • 2.2 增加如下文件内容到 /etc/nginx/tcp.d/stream.conf

      stream {
          map $ssl_preread_server_name $singbox {
                  trojan.example.com trojan;
                  ws.example.com trojan-websocket;
          }
          upstream trojan {
                  server 127.0.0.1:52000;
          }
          upstream trojan-websocket {
                  server 127.0.0.1:52001;
          }
          server {
                  listen 443      reuseport;
                  listen [::]:443 reuseport;
                  proxy_pass      $singbox;
                  ssl_preread     on;
                  proxy_protocol  on;
          }
      }
      
    • 2.3 编辑 /etc/nginx/nginx.conf, 在文件末尾添加如下一行

      include /etc/nginx/tcp.d/*.conf;
      
    • 2.4 编辑回流配置 /etc/nginx/conf.d/fallback.conf

      server {
          listen 80;
          server_name trojan.example.com;
          index index.html;
          root /data/app/web/hy;
      }
      
    • 2.5 运行 nginx

      systemctl start nginx
      

    3. 安装 go

    wget https://go.dev/dl/go1.20.linux-amd64.tar.gz
    tar xzf go1.20.linux-amd64.tar.gz
    mv go /opt/
    ln -s /opt/go/bin/go /usr/local/bin/go
    
    如果没有 wget 命令, 使用 yum install wget 安装
    

    4. 安装 sing-box

    go install -v github.com/sagernet/sing-box/cmd/sing-box@lates
    mv ~/go/bin/sing-box /opt/go/bin/
    ln -s /opt/go/bin/sing-box /usr/local/bin/sing-box
    

    5. 编辑配置文件 /etc/sing-box.conf

    {
      "log": {
        "level": "info"
      },
      "inbounds": [
        {
          "type": "trojan",
          "tag": "trojan-in",
          "listen": "127.0.0.1",
          "listen_port": 52001,
          "tcp_fast_open": true,
          "udp_fragment": true,
          "sniff": true,
          "sniff_override_destination": false,
          "udp_timeout": 300,
          "proxy_protocol": true,
          "proxy_protocol_accept_no_header": false,
          "users": [
            {
              "name": "whatever",
              "password": "YOUPASSWORD"
            }
          ],
          "tls": {
            "enabled": true,
            "server_name": "trojan.example.com",
            "alpn": [
              "http/1.1"
            ],
            "min_version": "1.2",
            "max_version": "1.3",
            "certificate_path": "/etc/certs/cert.pem",
            "key_path": "/etc/certs/key.pem"
          },
          "transport": {
            "type": "ws",
            "path": "/wss",
            "max_early_data": 0,
            "early_data_header_name": "Sec-WebSocket-Protocol"
          }
        }
      ],
      "outbounds": [
        {
          "type": "direct",
          "tag": "direct"
        }
      ]
    }
    

    6. ssl 证书

    • 6.1 新建证书目录

      mkdir /etc/certs
      
    • 6.2 去 cloudflare 上生成证书, 分别命名为 cert.pem 和 key.pem, 然后上传到 /etc/certs/目录下 cf

    7. 启动

    mkdir -p /data/logs
    nohup sing-box run -c /etc/sing-box.conf > /data/logs/sing.log 2>&1 &
    
    1 条回复    2023-02-27 06:16:47 +08:00
    jtsang
        1
    jtsang  
       2023-02-27 06:16:47 +08:00
    这里 Cloudflare 只是提供了证书吧?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3150 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 13:19 · PVG 21:19 · LAX 05:19 · JFK 08:19
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.