dichgrem/my-singbox-example
1
0
Fork 0
mirror of https://github.com/Dichgrem/singbox-example.git synced 2025-07-30 00:39:31 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dichgrem:3dc0030a8745fcff4c8113c891fae5436744adf8
Branches Tags
dichgrem:main
...
compare: dichgrem:0866fc06470873b42301a6769e1fb8247465889f
Branches Tags
dichgrem:main

7 Commits
3dc0030a87 ... 0866fc0647

Author SHA1 Message Date
dichgrem
0866fc0647 update:domain 2025-07-19 13:42:07 +08:00
dichgrem
9e6053e987 update:folder 2025-07-19 11:41:29 +08:00
dichgrem
14ca45f223 fix:remove 2025-07-19 11:22:08 +08:00
dichgrem
d2125fc06c update:check_update 2025-07-19 11:22:08 +08:00
dichgrem
d6f174867b fix:singbox 2025-07-19 11:22:08 +08:00
Dich
7f037c150a update:singbox.sh 2025-07-19 11:22:08 +08:00
dichgrem
5d49d6ccb0 init:start 2025-07-19 11:21:40 +08:00
17 changed files with 3137 additions and 2 deletions
Expand all files Collapse all files

14
README.md
View File

@ -1,2 +1,12 @@
# singbox-example
singbox example config
## singbox-example
Sing-box 是一个现代、高性能、功能强大的跨平台代理核心,支持多种代理协议和复杂的网络配置.
本仓库主要包括singbox示例配置以及快速,智能的部署脚本,可以一键部署以下协议并给出标准链接,具体实现见手动安装部分.
- 手动安装:见 [Hysteria2](https://github.com/Dichgrem/singbox-example/blob/main/hysteria2.md) / [Reality](https://github.com/Dichgrem/singbox-example/blob/main/singbox.md)
- 全自动安装Reality:
``wget https://raw.githubusercontent.com/Dichgrem/singbox-example/refs/heads/main/script/singbox.sh``,随后``bash ./singbox.sh``
- 全自动安装Hysteria2:
``wget https://raw.githubusercontent.com/Dichgrem/singbox-example/refs/heads/main/script/hysteria2.sh``,随后``bash ./hysteria2.sh``
- VPS一键更换密钥登录:``wget https://raw.githubusercontent.com/Dichgrem/singbox-example/refs/heads/main/script/ssh-key.sh``,随后``bash ./ssh-key.sh``

108
config/client/example-node/single-node-core.yaml Normal file
View File

@ -0,0 +1,108 @@
{
"dns":
{
"independent_cache": true,
"rules":
[
{ "outbound": "any", "server": "dns-direct" },
{ "query_type": [32, 33], "server": "dns-block" },
{ "domain_suffix": ".lan", "server": "dns-block" },
],
"servers":
[
{
"address": "https://8.8.8.8/dns-query",
"address_resolver": "dns-local",
"detour": "proxy",
"strategy": "",
"tag": "dns-remote",
},
{
"address": "local",
"address_resolver": "dns-local",
"detour": "direct",
"strategy": "",
"tag": "dns-direct",
},
{ "address": "rcode://success", "tag": "dns-block" },
{ "address": "local", "detour": "direct", "tag": "dns-local" },
],
},
"inbounds":
[
{
"domain_strategy": "",
"listen": "127.0.0.1",
"listen_port": 2080,
"sniff": true,
"sniff_override_destination": false,
"tag": "mixed-in",
"type": "mixed",
},
],
"log": { "level": "info" },
"outbounds":
[
{
"domain_strategy": "",
"flow": "xtls-rprx-vision",
"packet_encoding": "",
"server": "服务器IP",
"server_port": 443,
"tag": "proxy",
"tls":
{
"enabled": true,
"reality":
{
"enabled": true,
"public_key": "singbox生成公钥",
"short_id": "singbox生成ID",
},
"server_name": "yahoo.com",
"utls": { "enabled": true, "fingerprint": "chrome" },
},
"type": "vless",
"uuid": "singbox生成UUID",
},
{ "tag": "direct", "type": "direct" },
{ "tag": "bypass", "type": "direct" },
{ "tag": "block", "type": "block" },
{ "tag": "dns-out", "type": "dns" },
],
"route":
{
"final": "proxy",
"rules":
[
{ "outbound": "dns-out", "protocol": "dns" },
{
"domain": [],
"domain_keyword": [],
"domain_regex": [],
"domain_suffix": ["appcenter.ms", "firebase.io", "crashlytics.com"],
"geosite": ["category-ads-all"],
"outbound": "block",
},
{
"domain": [],
"domain_keyword": [],
"domain_regex": [],
"domain_suffix": [],
"geosite": ["cn"],
"outbound": "bypass",
},
{ "geoip": ["cn", "private"], "ip_cidr": [], "outbound": "bypass" },
{
"network": "udp",
"outbound": "block",
"port": [135, 137, 138, 139, 5353],
},
{ "ip_cidr": ["224.0.0.0/3", "ff00::/8"], "outbound": "block" },
{
"outbound": "block",
"source_ip_cidr": ["224.0.0.0/3", "ff00::/8"],
},
],
},
}

24
config/client/example-node/single-node.yaml Normal file
View File

@ -0,0 +1,24 @@
[
{
"tag": "Jp-100G",
"type": "vless",
"server": "服务器IP",
"server_port": 443,
"uuid": "singbox生成UUID",
"tls":
{
"enabled": true,
"server_name": "icloud.com",
"insecure": false,
"reality":
{
"enabled": true,
"public_key": "singbox生成公钥",
"short_id": "singbox生成ID",
},
"utls": { "enabled": true, "fingerprint": "chrome" },
},
"flow": "xtls-rprx-vision",
},
]

62
config/client/example-rule/dns-rule-leak.yaml Normal file
View File

@ -0,0 +1,62 @@
{
"dns":
{
"servers":
[
{ "tag": "google", "address": "tls://8.8.8.8" },
{
"tag": "local",
"address": "https://223.5.5.5/dns-query",
"detour": "direct",
},
],
"rules":
[
{ "outbound": "any", "server": "local" },
{ "clash_mode": "Direct", "server": "local" },
{ "clash_mode": "Global", "server": "google" },
{ "rule_set": "geosite-geolocation-cn", "server": "local" },
{ "clash_mode": "Default", "server": "google" },
{
"type": "logical",
"mode": "and",
"rules":
[
{ "rule_set": "geosite-geolocation-!cn", "invert": true },
{ "rule_set": "geoip-cn" },
],
"server": "local",
},
],
},
"route":
{
"rule_set":
[
{
"type": "remote",
"tag": "geosite-geolocation-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
},
{
"type": "remote",
"tag": "geosite-geolocation-!cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs",
},
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
},
],
},
"experimental":
{
"cache_file": { "enabled": true, "store_rdrc": true },
"clash_api": { "default_mode": "Enhanced" },
},
}

61
config/client/example-rule/dns-rule.yaml Normal file
View File

@ -0,0 +1,61 @@
{
"dns":
{
"servers":
[
{ "tag": "google", "address": "tls://8.8.8.8" },
{
"tag": "local",
"address": "https://223.5.5.5/dns-query",
"detour": "direct",
},
],
"rules": [
{ "outbound": "any", "server": "local" },
{ "clash_mode": "Direct", "server": "local" },
{ "clash_mode": "Global", "server": "google" },
{ "rule_set": "geosite-geolocation-cn", "server": "local" },
{
"type": "logical",
"mode": "and",
"rules":
[
{ "rule_set": "geosite-geolocation-!cn", "invert": true },
{ "rule_set": "geoip-cn" },
],
"server": "google",
"client_subnet": "114.114.114.114/24", #Any China client IP address
},
],
},
"route":
{
"rule_set":
[
{
"type": "remote",
"tag": "geosite-geolocation-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
},
{
"type": "remote",
"tag": "geosite-geolocation-!cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs",
},
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
},
],
},
"experimental":
{
"cache_file": { "enabled": true, "store_rdrc": true },
"clash_api": { "default_mode": "Enhanced" },
},
}

48
config/client/example-rule/fakeip.yaml Normal file
View File

@ -0,0 +1,48 @@
{
"dns":
{
"servers":
[
{ "tag": "google", "address": "tls://8.8.8.8" },
{ "tag": "local", "address": "223.5.5.5", "detour": "direct" },
{ "tag": "remote", "address": "fakeip" },
],
"rules":
[
{ "outbound": "any", "server": "local" },
{ "query_type": ["A", "AAAA"], "server": "remote" },
],
"fakeip":
{
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18",
},
"independent_cache": true,
},
"inbounds":
[
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true,
"strict_route": true,
},
],
"outbounds": [
# ...
{ "type": "direct", "tag": "direct" },
{ "type": "dns", "tag": "dns-out" },
],
"route":
{
"rules":
[
{ "protocol": "dns", "outbound": "dns-out" },
{ "geoip": ["private"], "outbound": "direct" },
],
"auto_detect_interface": true,
},
} #

53
config/client/example-rule/route-rule.yaml Normal file
View File

@ -0,0 +1,53 @@
{
"outbounds":
[
{ "type": "direct", "tag": "direct" },
{ "type": "block", "tag": "block" },
],
"route":
{
"rules":
[
{
"type": "logical",
"mode": "or",
"rules": [{ "protocol": "dns" }, { "port": 53 }],
"outbound": "dns",
},
{ "ip_is_private": true, "outbound": "direct" },
{ "clash_mode": "Direct", "outbound": "direct" },
{ "clash_mode": "Global", "outbound": "default" },
{
"type": "logical",
"mode": "or",
"rules":
[
{ "port": 853 },
{ "network": "udp", "port": 443 },
{ "protocol": "stun" },
],
"outbound": "block",
},
{
"rule_set": ["geoip-cn", "geosite-geolocation-cn"],
"outbound": "direct",
},
],
"rule_set":
[
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
},
{
"type": "remote",
"tag": "geosite-geolocation-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs",
},
],
},
}

36
config/client/example-rule/tun-ipv4+ipv6.yaml Normal file
View File

@ -0,0 +1,36 @@
{
"dns":
{
"servers":
[
{ "tag": "google", "address": "tls://8.8.8.8" },
{ "tag": "local", "address": "223.5.5.5", "detour": "direct" },
],
"rules": [{ "outbound": "any", "server": "local" }],
},
"inbounds":
[
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true,
"strict_route": false,
},
],
"outbounds": [
# // ...
{ "type": "direct", "tag": "direct" },
{ "type": "dns", "tag": "dns-out" },
],
"route":
{
"rules":
[
{ "protocol": "dns", "outbound": "dns-out" },
{ "geoip": ["private"], "outbound": "direct" },
],
"auto_detect_interface": true,
},
} #

36
config/client/example-rule/tun-ipv4only.yaml Normal file
View File

@ -0,0 +1,36 @@
{
"dns":
{
"servers":
[
{ "tag": "google", "address": "tls://8.8.8.8" },
{ "tag": "local", "address": "223.5.5.5", "detour": "direct" },
],
"rules": [{ "outbound": "any", "server": "local" }],
"strategy": "ipv4_only",
},
"inbounds":
[
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": false,
},
],
"outbounds": [
#// ...
{ "type": "direct", "tag": "direct" },
{ "type": "dns", "tag": "dns-out" },
],
"route":
{
"rules":
[
{ "protocol": "dns", "outbound": "dns-out" },
{ "geoip": ["private"], "outbound": "direct" },
],
"auto_detect_interface": true,
},
}

1580
config/client/full-config/shellcrash.json Normal file
View File

File diff suppressed because it is too large Load Diff

54
config/server/reality_domain.md Normal file
View File

@ -0,0 +1,54 @@
# Apple
gateway.icloud.com
itunes.apple.com
swdist.apple.com
swcdn.apple.com grcp不可用
updates.cdn-apple.com grcp不可用
mensura.cdn-apple.com
osxapps.itunes.apple.com grcp不可用
aod.itunes.apple.com,
# mozilla
download-installer.cdn.mozilla.net
addons.mozilla.org
# CDN
s0.awsstatic.com
d1.awsstatic.com
cdn-dynmedia-1.microsoft.com
# amazon
images-na.ssl-images-amazon.com
m.media-amazon.com
# google
dl.google.com
www.google-analytics.com
# 其他
player.live-video.net grcp不可用
one-piece.com
lol.secure.dyn.riotcdn.net
www.lovelive-anime.jp
www.swift.com
academy.nvidia.com
www.cisco.com
www.samsung.com
www.amd.com
software.download.prss.microsoft.com grcp不可用
# 技术网站
www.python.org
vuejs-jp.org
vuejs.org
zh-hk.vuejs.org
react.dev
www.java.com
www.oracle.com
www.mysql.com
www.mongodb.com
redis.io
# dns
cname.vercel-dns.com
vercel-dns.com

37
config/server/vless+reality.yaml Normal file
View File

@ -0,0 +1,37 @@
{
"log": { "level": "info" },
"dns": { "servers": [{ "address": "tls://8.8.8.8" }] },
"inbounds":
[
{
"type": "vless",
"tag": "VLESSReality",
"listen": "::",
"listen_port": 443,
"users":
[
{
"name": "AK-JP-100G",
"uuid": "singbox生成",
"flow": "xtls-rprx-vision",
},
],
"tls":
{
"enabled": true,
"server_name": "s0.awsstatic.com",
"reality":
{
"enabled": true,
"handshake":
{ "server": "s0.awsstatic.com", "server_port": 443 },
"private_key": "singbox生成",
"short_id": ["singbox生成"],
},
},
},
],
"outbounds": [{ "type": "direct" }, { "type": "dns", "tag": "dns-out" }],
"route": { "rules": [{ "protocol": "dns", "outbound": "dns-out" }] },
}

500
script/hysteria2.sh Normal file
View File

@ -0,0 +1,500 @@
#!/bin/bash
# Hysteria 2 自动安装配置脚本
# 支持安装、卸载和重新配置
set -e
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 默认配置
DEFAULT_PORT=443
DEFAULT_MASQUERADE_URL="https://cn.bing.com/"
CONFIG_FILE="/etc/hysteria/config.yaml"
SERVICE_NAME="hysteria-server"
# 打印彩色消息
print_message() {
local color=$1
local message=$2
echo -e "${color}${message}${NC}"
}
# 检查是否为root用户
check_root() {
if [[ $EUID -ne 0 ]]; then
print_message $RED "错误: 此脚本需要root权限运行"
print_message $YELLOW "请使用: sudo $0"
exit 1
fi
}
# 检查系统要求
check_system() {
if ! command -v curl &>/dev/null; then
print_message $YELLOW "正在安装 curl..."
apt update && apt install -y curl
fi
if ! command -v openssl &>/dev/null; then
print_message $YELLOW "正在安装 openssl..."
apt update && apt install -y openssl
fi
}
# 生成随机密码
generate_password() {
openssl rand -base64 16 | tr -d "=+/" | cut -c1-16
}
# 安装 Hysteria 2
install_hysteria() {
print_message $BLUE "开始安装 Hysteria 2..."
# 下载并执行官方安装脚本
if bash <(curl -fsSL https://get.hy2.sh/); then
print_message $GREEN "Hysteria 2 安装成功"
else
print_message $RED "Hysteria 2 安装失败"
exit 1
fi
# 设置开机自启
systemctl enable hysteria-server.service
print_message $GREEN "已设置 Hysteria 2 开机自启"
}
# 生成自签名证书
generate_self_signed_cert() {
print_message $BLUE "正在生成自签名证书..."
# 创建配置目录
mkdir -p /etc/hysteria
# 生成自签名证书
openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) \
-keyout /etc/hysteria/server.key \
-out /etc/hysteria/server.crt \
-subj "/CN=bing.com" \
-days 3650
# 设置文件权限
chown hysteria:hysteria /etc/hysteria/server.key /etc/hysteria/server.crt 2>/dev/null || {
print_message $YELLOW "警告: 无法设置证书文件权限稍后将切换到root运行模式"
NEED_ROOT_MODE=true
}
print_message $GREEN "自签名证书生成完成"
}
# 创建配置文件
create_config() {
local password=$1
local port=$2
local masquerade_url=$3
print_message $BLUE "正在创建配置文件..."
cat >$CONFIG_FILE <<EOF
listen: :${port}
# 使用自签证书
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: ${password}
resolver:
type: udp
tcp:
addr: 8.8.8.8:53
timeout: 4s
udp:
addr: 8.8.4.4:53
timeout: 4s
tls:
addr: 1.1.1.1:853
timeout: 10s
sni: cloudflare-dns.com
insecure: false
https:
addr: 1.1.1.1:443
timeout: 10s
sni: cloudflare-dns.com
insecure: false
masquerade:
type: proxy
proxy:
url: ${masquerade_url}
rewriteHost: true
EOF
print_message $GREEN "配置文件创建完成"
}
# 修复权限问题
fix_permissions() {
if [[ "$NEED_ROOT_MODE" == "true" ]]; then
print_message $YELLOW "正在修复权限问题切换到root运行模式..."
sed -i '/User=/d' /etc/systemd/system/hysteria-server.service 2>/dev/null || true
sed -i '/User=/d' /etc/systemd/system/hysteria-server@.service 2>/dev/null || true
systemctl daemon-reload
print_message $GREEN "权限问题已修复"
fi
}
# 配置防火墙
configure_firewall() {
if command -v ufw &>/dev/null; then
print_message $BLUE "正在配置UFW防火墙..."
# 检查防火墙状态
local ufw_status=$(ufw status | head -1)
if [[ $ufw_status == *"inactive"* ]]; then
print_message $YELLOW "UFW防火墙未启用跳过防火墙配置"
return
fi
# 开放端口
ufw allow http >/dev/null 2>&1
ufw allow https >/dev/null 2>&1
ufw allow $1 >/dev/null 2>&1
print_message $GREEN "防火墙配置完成"
else
print_message $YELLOW "未检测到UFW防火墙跳过防火墙配置"
fi
}
# 性能优化
optimize_performance() {
print_message $BLUE "正在进行性能优化..."
# 设置网络缓冲区
sysctl -w net.core.rmem_max=16777216 >/dev/null
sysctl -w net.core.wmem_max=16777216 >/dev/null
# 写入系统配置文件持久化
cat >>/etc/sysctl.conf <<EOF
# Hysteria 2 性能优化
net.core.rmem_max=16777216
net.core.wmem_max=16777216
EOF
print_message $GREEN "性能优化完成"
}
# 启动服务
start_service() {
print_message $BLUE "正在启动 Hysteria 2 服务..."
systemctl start hysteria-server.service
sleep 2
if systemctl is-active --quiet hysteria-server.service; then
print_message $GREEN "Hysteria 2 服务启动成功"
else
print_message $RED "Hysteria 2 服务启动失败"
print_message $YELLOW "查看服务状态: systemctl status hysteria-server.service"
print_message $YELLOW "查看日志: journalctl -u hysteria-server.service -f"
return 1
fi
}
# URL编码函数
url_encode() {
local string="$1"
# 尝试使用Python进行URL编码
if command -v python3 &>/dev/null; then
python3 -c "import urllib.parse; print(urllib.parse.quote('$string'))" 2>/dev/null
elif command -v python &>/dev/null; then
python -c "import urllib; print urllib.quote('$string')" 2>/dev/null
else
# 如果没有Python进行简单的字符替换
echo "$string" | sed 's/ /%20/g; s/!/%21/g; s/"/%22/g; s/#/%23/g; s/\$/%24/g; s/&/%26/g; s/'\''/%27/g; s/(/%28/g; s/)/%29/g; s/\*/%2A/g; s/+/%2B/g; s/,/%2C/g; s/-/%2D/g; s/\./%2E/g; s/\//%2F/g; s/:/%3A/g; s/;/%3B/g; s/</%3C/g; s/=/%3D/g; s/>/%3E/g; s/?/%3F/g; s/@/%40/g; s/\[/%5B/g; s/\\/%5C/g; s/\]/%5D/g; s/\^/%5E/g; s/_/%5F/g; s/`/%60/g; s/{/%7B/g; s/|/%7C/g; s/}/%7D/g; s/~/%7E/g'
fi
}
# 显示连接信息
show_connection_info() {
local password=$1
local port=$2
local server_ip=$(curl -s ifconfig.me 2>/dev/null || curl -s ipinfo.io/ip 2>/dev/null || echo "YOUR_SERVER_IP")
# 生成节点名称URL编码
local node_name="Hysteria2-${server_ip}"
local encoded_node_name=$(url_encode "$node_name")
# 生成 Hysteria2 标准链接
local hysteria2_url="hysteria2://${password}@${server_ip}:${port}?insecure=1#${encoded_node_name}"
print_message $GREEN "=============================================="
print_message $GREEN "Hysteria 2 安装配置完成!"
print_message $GREEN "=============================================="
echo
print_message $BLUE "服务器信息:"
echo " 服务器地址: $server_ip"
echo " 端口: $port"
echo " 密码: $password"
echo " 协议: hysteria2"
echo " TLS: 自签名证书"
echo
print_message $BLUE "标准连接链接:"
print_message $GREEN "$hysteria2_url"
echo
print_message $BLUE "客户端配置示例:"
echo " server: $server_ip:$port"
echo " auth: $password"
echo " tls:"
echo " insecure: true"
echo
print_message $YELLOW "重要提示:"
echo " - 请妥善保存上述连接信息"
echo " - 客户端需要设置 insecure: true因为使用自签名证书"
echo " - 配置文件位置: $CONFIG_FILE"
echo " - 复制标准连接链接可直接导入支持的客户端"
print_message $GREEN "=============================================="
}
# 卸载 Hysteria 2
uninstall_hysteria() {
print_message $YELLOW "正在卸载 Hysteria 2..."
# 停止服务
systemctl stop hysteria-server.service 2>/dev/null || true
systemctl disable hysteria-server.service 2>/dev/null || true
# 删除服务文件
rm -f /etc/systemd/system/hysteria-server.service
rm -f /etc/systemd/system/hysteria-server@.service
systemctl daemon-reload
# 删除二进制文件
rm -f /usr/local/bin/hysteria
# 删除配置目录
rm -rf /etc/hysteria
# 删除用户
userdel hysteria 2>/dev/null || true
print_message $GREEN "Hysteria 2 卸载完成"
}
# 检查安装状态
check_installation() {
if command -v hysteria &>/dev/null && systemctl list-unit-files | grep -q hysteria-server; then
return 0
else
return 1
fi
}
# 主菜单
show_menu() {
clear
print_message $BLUE "=============================================="
print_message $BLUE " Dich's Hysteria 2 管理脚本"
print_message $BLUE "=============================================="
echo
if check_installation; then
echo "1. 重新配置 Hysteria 2"
echo "2. 重启 Hysteria 2 服务"
echo "3. 查看服务状态"
echo "4. 查看配置信息"
echo "5. 卸载 Hysteria 2"
echo "0. 退出"
else
echo "1. 安装 Hysteria 2"
echo "0. 退出"
fi
echo
}
# 获取用户输入
get_user_input() {
# 获取密码
while true; do
read -p "请输入认证密码 (留空使用随机密码): " user_password
if [[ -z "$user_password" ]]; then
PASSWORD=$(generate_password)
print_message $GREEN "已生成随机密码: $PASSWORD"
break
elif [[ ${#user_password} -ge 6 ]]; then
PASSWORD="$user_password"
break
else
print_message $RED "密码长度至少6位请重新输入"
fi
done
# 获取端口
while true; do
read -p "请输入监听端口 (默认443): " user_port
if [[ -z "$user_port" ]]; then
PORT=$DEFAULT_PORT
break
elif [[ "$user_port" =~ ^[0-9]+$ ]] && [ "$user_port" -ge 1 ] && [ "$user_port" -le 65535 ]; then
PORT="$user_port"
break
else
print_message $RED "请输入有效的端口号 (1-65535)"
fi
done
# 获取伪装网址
read -p "请输入伪装网址 (默认: $DEFAULT_MASQUERADE_URL): " user_masquerade
if [[ -z "$user_masquerade" ]]; then
MASQUERADE_URL="$DEFAULT_MASQUERADE_URL"
else
MASQUERADE_URL="$user_masquerade"
fi
}
# 完整安装流程
install_process() {
print_message $BLUE "开始 Hysteria 2 安装流程..."
get_user_input
check_system
install_hysteria
generate_self_signed_cert
create_config "$PASSWORD" "$PORT" "$MASQUERADE_URL"
fix_permissions
configure_firewall "$PORT"
optimize_performance
if start_service; then
show_connection_info "$PASSWORD" "$PORT"
else
print_message $RED "安装过程中出现错误,请检查日志"
exit 1
fi
}
# 重新配置流程
reconfigure_process() {
print_message $BLUE "开始重新配置 Hysteria 2..."
get_user_input
systemctl stop hysteria-server.service
create_config "$PASSWORD" "$PORT" "$MASQUERADE_URL"
configure_firewall "$PORT"
if start_service; then
show_connection_info "$PASSWORD" "$PORT"
else
print_message $RED "重新配置过程中出现错误,请检查日志"
exit 1
fi
}
# 查看当前配置
show_current_config() {
if [[ -f "$CONFIG_FILE" ]]; then
print_message $BLUE "当前配置文件内容:"
print_message $GREEN "=============================================="
cat "$CONFIG_FILE"
print_message $GREEN "=============================================="
else
print_message $RED "配置文件不存在"
fi
}
# 主程序
main() {
check_root
while true; do
show_menu
read -p "请选择操作 [0-5]: " choice
case $choice in
1)
if check_installation; then
reconfigure_process
else
install_process
fi
read -p "按回车键继续..."
;;
2)
if check_installation; then
print_message $BLUE "正在重启 Hysteria 2 服务..."
systemctl restart hysteria-server.service
sleep 2
if systemctl is-active --quiet hysteria-server.service; then
print_message $GREEN "服务重启成功"
else
print_message $RED "服务重启失败"
fi
read -p "按回车键继续..."
else
print_message $RED "Hysteria 2 未安装"
read -p "按回车键继续..."
fi
;;
3)
if check_installation; then
print_message $BLUE "Hysteria 2 服务状态:"
systemctl status hysteria-server.service
read -p "按回车键继续..."
else
print_message $RED "Hysteria 2 未安装"
read -p "按回车键继续..."
fi
;;
4)
if check_installation; then
show_current_config
read -p "按回车键继续..."
else
print_message $RED "Hysteria 2 未安装"
read -p "按回车键继续..."
fi
;;
5)
if check_installation; then
read -p "确定要卸载 Hysteria 2 吗?[y/N]: " confirm
if [[ "$confirm" == "y" || "$confirm" == "Y" ]]; then
uninstall_hysteria
else
print_message $YELLOW "已取消卸载"
fi
read -p "按回车键继续..."
else
print_message $RED "Hysteria 2 未安装"
read -p "按回车键继续..."
fi
;;
0)
print_message $GREEN "退出程序"
exit 0
;;
*)
print_message $RED "无效选择,请重新输入"
read -p "按回车键继续..."
;;
esac
done
}
# 运行主程序
main "$@"

236
script/singbox.sh Normal file
View File

@ -0,0 +1,236 @@
#!/usr/bin/env bash
# install_singbox.sh
set -euo pipefail
# 颜色定义
RED=$'\033[31m'
GREEN=$'\033[32m'
YELLOW=$'\033[33m'
BLUE=$'\033[34m'
CYAN=$'\033[36m'
BOLD=$'\033[1m'
NC=$'\033[0m'
# 权限检查
if [[ $EUID -ne 0 ]]; then
printf "${RED}错误:请以 root 用户或使用 sudo 运行此脚本${NC}\n" >&2
exit 1
fi
CONFIG_DIR=/etc/singbox
STATE_FILE="$CONFIG_DIR/state.env"
BIN_NAME=sing-box
# 检查本地与远程版本,并提示
check_update() {
if command -v curl &>/dev/null && command -v grep &>/dev/null; then
LOCAL_VER=$($BIN_NAME version 2>/dev/null | head -n1 | awk '{print $NF}') || LOCAL_VER="未安装"
LATEST_VER=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest |
grep '"tag_name"' | head -n1 | cut -d '"' -f4 | sed 's/^v//') || LATEST_VER="未知"
if [[ "$LOCAL_VER" != "$LATEST_VER" ]]; then
printf "${YELLOW}检测到新版本:${LATEST_VER},当前版本:${LOCAL_VER}。请选择 6) 升级 Sing-box 二进制。${NC}\n"
fi
fi
}
# 升级/安装 Sing-box 二进制
update_singbox() {
printf "${CYAN}===== 升级/安装 Sing-box 二进制 =====${NC}\n"
if command -v apt-get &>/dev/null; then
bash <(curl -fsSL https://sing-box.app/deb-install.sh)
elif command -v dnf &>/dev/null || command -v yum &>/dev/null; then
bash <(curl -fsSL https://sing-box.app/rpm-install.sh)
elif command -v pacman &>/dev/null; then
bash <(curl -fsSL https://sing-box.app/arch-install.sh)
else
printf "${RED}无法识别发行版,请手动升级 Sing-box 二进制${NC}\n" >&2
return 1
fi
hash -r
NEW_VER=$($BIN_NAME version | head -n1 | awk '{print $NF}')
printf "${GREEN}Sing-box 已升级到版本:%s${NC}\n" "$NEW_VER"
printf "${CYAN}重启服务...${NC}\n"
if systemctl restart sing-box.service; then
printf "${GREEN}服务已重启。${NC}\n"
else
printf "${YELLOW}服务重启失败,请手动检查。${NC}\n"
fi
}
# 安装 Sing-box 并生成配置
install_singbox() {
printf "${CYAN}===== 安装 Sing-box 并生成配置 =====${NC}\n"
printf "${YELLOW}请输入用户名称 (name 字段,例如 AK-JP-100G)${NC}"
read -r NAME
[[ -z "$NAME" ]] && {
printf "${RED}名称不能为空,退出。${NC}\n" >&2
exit 1
}
printf "${YELLOW}请输入 SNI 域名 (默认: s0.awsstatic.com)${NC}"
read -r SNI
SNI=${SNI:-s0.awsstatic.com}
update_singbox
hash -r
BIN_PATH=$(command -v $BIN_NAME || true)
[[ -z "$BIN_PATH" ]] && {
printf "${RED}未找到 $BIN_NAME,可执行文件路径异常,请检查安装${NC}\n" >&2
exit 1
}
VERSION=$($BIN_PATH version | head -n1 | awk '{print $NF}')
printf "${GREEN}已安装/更新 sing-box 版本:%s${NC}\n" "$VERSION"
UUID=$($BIN_PATH generate uuid)
KEY_OUTPUT=$($BIN_PATH generate reality-keypair)
PRIVATE_KEY=$(echo "$KEY_OUTPUT" | awk -F': ' '/PrivateKey/ {print $2}')
PUB_KEY=$(echo "$KEY_OUTPUT" | awk -F': ' '/PublicKey/ {print $2}')
SHORT_ID=$(openssl rand -hex 8)
FP="chrome"
SERVER_IP=$(curl -s https://ifconfig.me)
PORT=443
SPX="/"
mkdir -p "$CONFIG_DIR"
cat >"$CONFIG_DIR/config.json" <<EOF
{
"log": {"level": "info"},
"dns": {"servers": [{"address": "tls://8.8.8.8"}]},
"inbounds": [{
"type": "vless",
"tag": "VLESSReality",
"listen": "::",
"listen_port": 443,
"users": [{"name":"$NAME","uuid":"$UUID","flow":"xtls-rprx-vision"}],
"tls": {"enabled":true,"server_name":"$SNI","reality":{
"enabled":true,
"handshake": {"server":"$SNI","server_port":443},
"private_key":"$PRIVATE_KEY",
"short_id":["$SHORT_ID"]
}}
}],
"outbounds": [{"type":"direct"},{"type":"dns","tag":"dns-out"}],
"route": {"rules": [{"protocol":"dns","outbound":"dns-out"}]}
}
EOF
cat >"$STATE_FILE" <<EOF
NAME="$NAME"
SNI="$SNI"
UUID="$UUID"
PUB_KEY="$PUB_KEY"
SHORT_ID="$SHORT_ID"
FP="$FP"
SERVER_IP="$SERVER_IP"
PORT="$PORT"
SPX="$SPX"
EOF
systemctl enable sing-box.service
systemctl restart sing-box.service
printf "${GREEN}安装并启动完成。${NC}\n"
}
# 更换 SNI 域名
change_sni() {
printf "${CYAN}===== 更换 SNI 域名 =====${NC}\n"
[[ -f "$CONFIG_DIR/config.json" ]] || {
printf "${RED}配置文件不存在,请先安装。${NC}\n"
return
}
printf "${YELLOW}请输入新的 SNI 域名 (当前: $(
source "$STATE_FILE"
echo "$SNI"
))${NC}"
read -r NEW_SNI
[[ -z "$NEW_SNI" ]] && {
printf "${RED}SNI 域名不能为空,取消更换。${NC}\n"
return
}
# 替换 config.json 中的 SNI 字段
sed -i "s/\"server_name\":\s*\"[^\"]*\"/\"server_name\": \"$NEW_SNI\"/" "$CONFIG_DIR/config.json"
sed -i "s/\"server\":\s*\"[^\"]*\"/\"server\": \"$NEW_SNI\"/" "$CONFIG_DIR/config.json"
# 替换 state.env 中的 SNI
sed -i "s/^SNI=.*/SNI=\"$NEW_SNI\"/" "$STATE_FILE"
systemctl restart sing-box.service &&
printf "${GREEN}SNI 已更换为 $NEW_SNI,服务已重启。${NC}\n" ||
printf "${RED}服务重启失败,请手动检查。${NC}\n"
}
# 查看服务状态
status_singbox() {
printf "${CYAN}===== Sing-box 服务状态 =====${NC}\n"
if systemctl status sing-box.service &>/dev/null; then
systemctl status sing-box.service --no-pager
else
printf "${YELLOW}服务未安装。${NC}\n"
fi
}
# 显示 VLESS Reality 链接
show_link() {
printf "${CYAN}===== 您的 VLESS Reality 链接 =====${NC}\n"
[[ -f "$STATE_FILE" ]] || {
printf "${RED}未找到状态文件,请先安装。${NC}\n"
return
}
source "$STATE_FILE"
LINK="vless://${UUID}@${SERVER_IP}:${PORT}?security=reality&sni=${SNI}&fp=${FP}&pbk=${PUB_KEY}&sid=${SHORT_ID}&spx=${SPX}&type=tcp&flow=xtls-rprx-vision&encryption=none#${NAME}"
printf "${GREEN}%s${NC}\n\n" "$LINK"
}
# 卸载 Sing-box
uninstall_singbox() {
printf "${CYAN}===== 卸载 Sing-box =====${NC}\n"
systemctl stop sing-box.service 2>/dev/null || true
systemctl disable sing-box.service 2>/dev/null || true
rm -rf "$CONFIG_DIR"
if command -v apt-get &>/dev/null; then
apt-get remove -y sing-box
elif command -v yum &>/dev/null; then
yum remove -y sing-box
elif command -v pacman &>/dev/null; then
pacman -Rss --noconfirm sing-box
fi
printf "${GREEN}卸载完成。${NC}\n"
}
# 重新安装
reinstall_singbox() {
uninstall_singbox
install_singbox
}
# 菜单主循环
check_update
while true; do
printf "${BOLD}${BLUE}请选择操作:${NC}\n"
printf " ${YELLOW}1)${NC} 安装 Sing-box 并生成配置\n"
printf " ${YELLOW}2)${NC} 查看服务状态\n"
printf " ${YELLOW}3)${NC} 显示 VLESS Reality 链接\n"
printf " ${YELLOW}4)${NC} 卸载 Sing-box\n"
printf " ${YELLOW}5)${NC} 重新安装 Sing-box\n"
printf " ${YELLOW}6)${NC} 升级 Sing-box 二进制\n"
printf " ${YELLOW}7)${NC} 更换 SNI 域名\n"
printf " ${YELLOW}8)${NC} 退出\n"
printf "${BOLD}输入数字 [1-8]: ${NC}"
read -r choice
case "$choice" in
1) install_singbox ;;
2) status_singbox ;;
3) show_link ;;
4) uninstall_singbox ;;
5) reinstall_singbox ;;
6) update_singbox ;;
7) change_sni ;;
8)
printf "${GREEN}退出。${NC}\n"
exit 0
;;
*) printf "${RED}无效选项,请重试。${NC}\n" ;;
esac
echo
done

86
script/ssh-key.sh Normal file
View File

@ -0,0 +1,86 @@
#!/bin/bash
# SSH密钥自动配置脚本
# 该脚本会生成SSH密钥对将公钥写入服务器并配置SSH仅允许root用户通过密钥登录
# 设置颜色输出
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color
# 检查是否为root用户
if [ "$(id -u)" != "0" ]; then
echo -e "${RED}此脚本必须以root身份运行${NC}"
exit 1
fi
# 创建必要的目录
echo -e "${YELLOW}创建必要的目录...${NC}"
mkdir -p /root/.ssh
chmod 700 /root/.ssh
# 生成SSH密钥对
echo -e "${YELLOW}生成SSH密钥对...${NC}"
KEY_FILE="/root/.ssh/id_rsa"
if [ -f "$KEY_FILE" ]; then
echo -e "${YELLOW}密钥文件 $KEY_FILE 已存在${NC}"
read -p "是否要重新生成密钥对? (y/n): " REGENERATE
if [ "$REGENERATE" == "y" ]; then
echo -e "${YELLOW}重新生成密钥对...${NC}"
KEY_FILE="/root/.ssh/id_rsa_new"
else
echo -e "${YELLOW}使用现有的密钥文件${NC}"
fi
fi
# 生成密钥对
ssh-keygen -t rsa -b 4096 -f "$KEY_FILE" -N "" -q
# 将公钥添加到授权文件
echo -e "${YELLOW}将公钥添加到授权文件...${NC}"
cat "${KEY_FILE}.pub" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
# 配置SSH服务器
echo -e "${YELLOW}配置SSH服务器...${NC}"
CONFIG_FILE="/etc/ssh/sshd_config"
CONFIG_BACKUP="${CONFIG_FILE}.bak"
# 备份原始配置
cp "$CONFIG_FILE" "$CONFIG_BACKUP"
echo -e "${GREEN}SSH配置已备份到 $CONFIG_BACKUP${NC}"
# 修改SSH配置
sed -i 's/#\?PasswordAuthentication yes/PasswordAuthentication no/g' "$CONFIG_FILE"
sed -i 's/#\?PubkeyAuthentication no/PubkeyAuthentication yes/g' "$CONFIG_FILE"
sed -i 's/#\?PermitRootLogin.*/PermitRootLogin prohibit-password/g' "$CONFIG_FILE"
# 确保PubkeyAuthentication设置为yes
if ! grep -q "PubkeyAuthentication yes" "$CONFIG_FILE"; then
echo "PubkeyAuthentication yes" >> "$CONFIG_FILE"
fi
# 重启SSH服务
echo -e "${YELLOW}重启SSH服务...${NC}"
systemctl restart sshd
# 验证配置
echo -e "${YELLOW}验证SSH配置...${NC}"
VALIDATION=$(grep -E 'PasswordAuthentication|PubkeyAuthentication|PermitRootLogin' "$CONFIG_FILE")
echo -e "${GREEN}SSH配置验证结果:${NC}"
echo "$VALIDATION"
# 输出密钥信息
echo -e "${GREEN}密钥生成成功!${NC}"
echo -e "${YELLOW}私钥位置: $KEY_FILE${NC}"
echo -e "${YELLOW}公钥位置: ${KEY_FILE}.pub${NC}"
echo -e "${YELLOW}私钥内容:${NC}"
cat "$KEY_FILE"
echo -e "${GREEN}==================================================${NC}"
echo -e "${GREEN}配置完成! 系统现在仅允许root用户通过密钥登录。${NC}"
echo -e "${GREEN}请将你的私钥内容保存到任一SSH客户端以备后续登录使用。${NC}"
echo -e "${GREEN}建议在新终端中测试密钥登录,确保配置正确。${NC}"
echo -e "${RED}警告: 不要关闭当前会话,直到确认可以通过密钥登录!${NC}"
echo -e "${GREEN}==================================================${NC}"

150
tutorial/hysteria2.md Normal file
View File

@ -0,0 +1,150 @@
## 安装
- 执行下面的一键安装脚本(官方)安装 Hysteria 2
```
bash <(curl -fsSL https://get.hy2.sh/)
```
- 当提示 What's next? 执行下面的命令先将 Hysteria 设置为开机自启.
```
systemctl enable hysteria-server.service
```
## 服务端配置
- 修改服务端配置文件
```
nano /etc/hysteria/config.yaml
```
将配置文件中的内容全部删除,填入以下配置。根据自己的需要选择使用 CA 证书,还是使用自签证书,将对应的注释取消即可.
```
listen: :443 #默认端口443可以修改为其他端口
#使用CA证书
#acme:
# domains:
# - your.domain.net #已经解析到服务器的域名
# email: your@email.com #你的邮箱
#使用自签证书
#tls:
# cert: /etc/hysteria/server.crt
# key: /etc/hysteria/server.key
auth:
type: password
password: 123456 #认证密码,使用一个强密码进行替换
resolver:
type: udp
tcp:
addr: 8.8.8.8:53
timeout: 4s
udp:
addr: 8.8.4.4:53
timeout: 4s
tls:
addr: 1.1.1.1:853
timeout: 10s
sni: cloudflare-dns.com
insecure: false
https:
addr: 1.1.1.1:443
timeout: 10s
sni: cloudflare-dns.com
insecure: false
masquerade:
type: proxy
proxy:
url: https://cn.bing.com/ #伪装网址
rewriteHost: true
```
伪装网址推荐使用个人网盘的网址,个人网盘比较符合单节点大流量的特征,可以通过谷歌搜索 intext:登录 cloudreve 来查找别人搭建好的网盘网址.
- 可以使用以下命令生成自签证书
```
openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout /etc/hysteria/server.key -out /etc/hysteria/server.crt -subj "/CN=bing.com" -days 3650 && sudo chown hysteria /etc/hysteria/server.key && sudo chown hysteria /etc/hysteria/server.crt
```
- 启动 Hysteria
```
systemctl start hysteria-server.service
```
- 查看 Hysteria 启动状态
```
systemctl status hysteria-server.service
```
- 重新启动 Hysteria
```
systemctl restart hysteria-server.service
```
如果显示:``{"error": "invalid config: tls: open /etc/hysteria/server.crt: permission denied"}`` 或者 ``failed to load server conf`` 的错误,则说明 Hysteria 没有访问证书文件的权限,需要执行下面的命令将 Hysteria 切换到 root 用户运行
```
sed -i '/User=/d' /etc/systemd/system/hysteria-server.service
sed -i '/User=/d' /etc/systemd/system/hysteria-server@.service
systemctl daemon-reload
systemctl restart hysteria-server.service
```
## UFW 防火墙
- 查看防火墙状态
```
ufw status
```
- 开放 80 和 443 端口
```
ufw allow http && ufw allow https
```
## 性能优化
- 将发送、接收的两个缓冲区都设置为 16 MB
```
sysctl -w net.core.rmem_max=16777216
sysctl -w net.core.wmem_max=16777216
```
## 实际配置
```
listen: :443 #默认端口443可以修改为其他端口
#使用CA证书
#acme:
# domains:
# - your.domain.net #已经解析到服务器的域名
# email: your@email.com #你的邮箱
#使用自签证书
tls:
cert: /etc/hysteria/server.crt
key: /etc/hysteria/server.key
auth:
type: password
password: fwp9uy4f0912uhf #认证密码,使用一个强密码进行替换
resolver:
type: udp
tcp:
addr: 8.8.8.8:53
timeout: 4s
udp:
addr: 8.8.4.4:53
timeout: 4s
tls:
addr: 1.1.1.1:853
timeout: 10s
sni: cloudflare-dns.com
insecure: false
https:
addr: 1.1.1.1:443
timeout: 10s
sni: cloudflare-dns.com
insecure: false
masquerade:
type: proxy
proxy:
url: https://cn.bing.com/ #伪装网址
rewriteHost: true
```

54
tutorial/singbox.md Normal file
View File

@ -0,0 +1,54 @@
> 手动安装方法:
### 安装singbox内核
```
Debian
bash <(curl -fsSL https://sing-box.app/deb-install.sh)
Redhat
bash <(curl -fsSL https://sing-box.app/rpm-install.sh)
Archlinux
bash <(curl -fsSL https://sing-box.app/arch-install.sh)
```
默认的配置文件在路径 ``/etc/sing-box/config.json ``下,运行文件在``/usr/local/etc/sing-box/config.json`` 下。
### 生成配置文件
- UUID生成:``sing-box generate uuid``
- PrivateKey和PublicKey生成:``sing-box generate reality-keypair``
- ShortID生成:``sing-box generate rand --hex 8``
- server字段:参考本仓库server目录中的``reality_domain``
随后``nano /etc/sing-box/config.json``依照本仓库server目录中的配置模板填写。
### 运行服务
- 启动服务
```
sudo systemctl start sing-box
```
- 停止服务
```
sudo systemctl stop sing-box
```
- 开机自启
```
sudo systemctl enable sing-box
```
- 查询运行状态
```
sudo systemctl status sing-box
```
### 导出配置
标准链接示例(更改所有<>)
```
vless://<UUID>@<IP>:<端口>?security=reality&sni=<域名>&fp=<utls浏览器指纹>&pbk=<公钥>&sid=<你的ShortID>&spx=/&type=tcp&flow=xtls-rprx-vision&encryption=none#<随意填写名称>
```
- 编写完成后即可导入一个客户端,开始使用!
- 如果你想使用原生singbox客户端,参考[这里](singbox-example/client/example-node/single-node-core.yaml),即单节点配置.