sing-box搭建ShadowTLS v3节点

2023年7月6日 | 分类: 翻墙相关 | 标签: , ,

以debian12为例:

下载最新版sing-box

curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest | grep "browser_download_url.*amd64.deb" | grep linux | cut -d'"' -f4 | wget -i -

安装sing-box

dpkg -i *amd64.deb

生成密码

sing-box generate rand --base64 16

修改配置

nano /etc/sing-box/config.json

复制一下配置

{
	"log": {
		"disabled": true
	},
	"dns": {
		"servers": [
			{
				"address": "tls://8.8.8.8"
			}
		]
	},
	"inbounds": [
		{
			"type": "shadowtls",
			"listen": "::",
			"listen_port": 服务器端口,
			"version": 3,
			"users": [
				{
					"name": "sekai",
					"password": "shadowtls的密码"
				}
			],
			"handshake": {
				"server": "伪装握手网址",
				"server_port": 443
			},
      "strict_mode": true,
			"detour": "shadowsocks-in"
		},
		{
			"type": "shadowsocks",
			"tag": "shadowsocks-in",
			"listen": "127.0.0.1",
			"network": "tcp",
			"method": "2022-blake3-aes-128-gcm",
			"password": "ss的密码"
		}
	],
	"outbounds": [
		{
			"type": "direct"
		},
		{
			"type": "dns",
			"tag": "dns-out"
		}
	],
	"route": {
		"rules": [
			{
				"protocol": "dns",
				"outbound": "dns-out"
			}
		]
	}
}

(ss和tls的密码可以生成不同密码,伪装网址需要支持 TLS1.3可以参考官方推荐https://github.com/ihciah/shadow-tls/wiki/V3-Protocol)

重启服务

systemctl restart sing-box

设置客户端使用

可以使用shadowsocks客户端+shadowtls插件的的方式 安卓ss+tls 、微软ss + tls 、苹果 Shadowrocket

也可以使用sing-box各平台客户端 nekorayNekoBoxSFI

还可以使用Clash.Meta各平台客户端 https://clash-meta.wiki/client/

最后贴一下sing-box客户端配置

{
  "dns": {
    "rules": [],
    "servers": [
      {
        "address": "tls://1.1.1.1",
        "tag": "dns-remote",
        "detour": "ss",
        "strategy": "ipv4_only"
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "interface_name": "ipv4-tun",
      "inet4_address": "172.19.0.1/28",
      "mtu": 1500,
      "stack": "gvisor",
      "endpoint_independent_nat": true,
      "auto_route": true,
      "strict_route": true,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "ss",
      "method": "2022-blake3-aes-128-gcm",
      "password": "ss的密码",
      "detour": "shadowtls-out",
      "udp_over_tcp": {
        "enabled": true,
        "version": 2
      }
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "服务器地址",
      "server_port": 服务器端口,
      "version": 3,
      "password": ""shadowtls的密码",
      "tls": {
        "enabled": true,
        "server_name": "伪装握手网址",
        "utls": {
          "enabled": true,
          "fingerprint": "firefox"
        }
      }
    },
    {
      "tag": "dns-out",
      "type": "dns"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "final": "ss",
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ]
  }
}
发表评论
目前还没有任何评论.