mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-16 04:32:21 +08:00
documentation: Bump version & Refactor docs
This commit is contained in:
parent
253976d6c0
commit
e8c4c942c0
10
Makefile
10
Makefile
|
@ -14,7 +14,7 @@ MAIN_PARAMS = $(PARAMS) -tags $(TAGS)
|
|||
MAIN = ./cmd/sing-box
|
||||
PREFIX ?= $(shell go env GOPATH)
|
||||
|
||||
.PHONY: test release
|
||||
.PHONY: test release docs
|
||||
|
||||
build:
|
||||
go build $(MAIN_PARAMS) $(MAIN)
|
||||
|
@ -182,6 +182,14 @@ lib_install:
|
|||
go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230915142329-c6740b6d2950
|
||||
go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230915142329-c6740b6d2950
|
||||
|
||||
docs:
|
||||
mkdocs serve
|
||||
|
||||
publish_docs:
|
||||
mkdocs gh-deploy -m "Update" --force --ignore-version --no-history
|
||||
|
||||
docs_install:
|
||||
pip install --force-reinstall mkdocs-material=="9.*" mkdocs-static-i18n=="1.2.*"
|
||||
clean:
|
||||
rm -rf bin dist sing-box
|
||||
rm -f $(shell go env GOPATH)/sing-box
|
||||
|
|
|
@ -1,27 +1,86 @@
|
|||
---
|
||||
icon: material/alert-decagram
|
||||
---
|
||||
|
||||
# ChangeLog
|
||||
|
||||
#### 1.7.0-rc.3
|
||||
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.6.7
|
||||
|
||||
* macOS: Add button for uninstall SystemExtension in the standalone graphical client
|
||||
* Fix missing UDP user context on TUIC/Hysteria2 inbounds
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-rc.2
|
||||
|
||||
* Fix missing UDP user context on TUIC/Hysteria2 inbounds
|
||||
* macOS: Add button for uninstall SystemExtension in the standalone graphical client
|
||||
|
||||
#### 1.6.6
|
||||
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-rc.1
|
||||
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-beta.5
|
||||
|
||||
* Update gVisor to 20231113.0
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-beta.4
|
||||
|
||||
* Add `wifi_ssid` and `wifi_bssid` route and DNS rules **1**
|
||||
* Fixes and improvements
|
||||
|
||||
**1**:
|
||||
|
||||
Only supported in graphical clients on Android and iOS.
|
||||
|
||||
#### 1.7.0-beta.3
|
||||
|
||||
* Fix zero TTL was incorrectly reset
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.6.5
|
||||
|
||||
* Fix crash if TUIC inbound authentication failed
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-beta.2
|
||||
|
||||
* Fix crash if TUIC inbound authentication failed
|
||||
* Update quic-go to v0.40.0
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.6.4
|
||||
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-beta.1
|
||||
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.6.3
|
||||
|
||||
* iOS/Android: Fix profile auto update
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-alpha.11
|
||||
|
||||
* iOS/Android: Fix profile auto update
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-alpha.10
|
||||
|
||||
* Fix tcp-brutal not working with TLS
|
||||
* Fix Android client not closing in some cases
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.6.2
|
||||
|
||||
* Fixes and improvements
|
||||
|
@ -31,6 +90,34 @@
|
|||
* Our [Android client](/installation/clients/sfa) is now available in the Google Play Store ▶️
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-alpha.6
|
||||
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.7.0-alpha.4
|
||||
|
||||
* Migrate multiplex and UoT server to inbound **1**
|
||||
* Add TCP Brutal support for multiplex **2**
|
||||
|
||||
**1**:
|
||||
|
||||
Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.
|
||||
|
||||
**2**
|
||||
|
||||
Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see [TCP Brutal](/configuration/shared/tcp-brutal) for details.
|
||||
|
||||
#### 1.7.0-alpha.3
|
||||
|
||||
* Add [HTTPUpgrade V2Ray transport](/configuration/shared/v2ray-transport#HTTPUpgrade) support **1**
|
||||
* Fixes and improvements
|
||||
|
||||
**1**:
|
||||
|
||||
Introduced in V2Ray 5.10.0.
|
||||
|
||||
The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.
|
||||
|
||||
#### 1.6.0
|
||||
|
||||
* Fixes and improvements
|
||||
|
@ -55,6 +142,23 @@ This update is intended to address the multi-send defects of the old implementat
|
|||
Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
|
||||
the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
||||
|
||||
#### 1.7.0-alpha.2
|
||||
|
||||
* Fix bugs introduced in 1.7.0-alpha.1
|
||||
|
||||
#### 1.7.0-alpha.1
|
||||
|
||||
* Add [exclude route support](/configuration/inbound/tun) for TUN inbound
|
||||
* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen) **1**
|
||||
* Fixes and improvements
|
||||
|
||||
**1**:
|
||||
|
||||
If enabled, for UDP proxy requests addressed to a domain,
|
||||
the original packet address will be sent in the response instead of the mapped domain.
|
||||
|
||||
This option is used for compatibility with clients that
|
||||
do not support receiving UDP packets with domain addresses, such as Surge.
|
||||
|
||||
#### 1.5.5
|
||||
|
||||
|
@ -116,6 +220,24 @@ the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
|||
* Update golang.org/x/net to v0.17.0
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.6.0-beta.3
|
||||
|
||||
* Update the legacy Hysteria protocol **1**
|
||||
* Fixes and improvements
|
||||
|
||||
**1**
|
||||
|
||||
Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
|
||||
the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
||||
|
||||
#### 1.6.0-beta.2
|
||||
|
||||
* Add TLS self sign key pair generate command
|
||||
* Update brutal congestion control for Hysteria2
|
||||
* Fix Clash cache crash on arm32 devices
|
||||
* Update golang.org/x/net to v0.17.0
|
||||
* Fixes and improvements
|
||||
|
||||
#### 1.5.3
|
||||
|
||||
* Fix compatibility with Android 14
|
||||
|
|
64
docs/clients/android/features.md
Normal file
64
docs/clients/android/features.md
Normal file
|
@ -0,0 +1,64 @@
|
|||
# :material-decagram: Features
|
||||
|
||||
#### UI options
|
||||
|
||||
* Display realtime network speed in the notification
|
||||
|
||||
#### Service
|
||||
|
||||
SFA allows you to run sing-box through ForegroundService or VpnService (when TUN is required).
|
||||
|
||||
#### TUN
|
||||
|
||||
SFA provides an unprivileged TUN implementation through Android VpnService.
|
||||
|
||||
| TUN inbound option | Available | Note |
|
||||
|-------------------------------|------------------|--------------------|
|
||||
| `interface_name` | :material-close: | Managed by Android |
|
||||
| `inet4_address` | :material-check: | / |
|
||||
| `inet6_address` | :material-check: | / |
|
||||
| `mtu` | :material-check: | / |
|
||||
| `auto_route` | :material-check: | / |
|
||||
| `strict_route` | :material-close: | Not implemented |
|
||||
| `inet4_route_address` | :material-check: | / |
|
||||
| `inet6_route_address` | :material-check: | / |
|
||||
| `inet4_route_exclude_address` | :material-check: | / |
|
||||
| `inet6_route_exclude_address` | :material-check: | / |
|
||||
| `endpoint_independent_nat` | :material-check: | / |
|
||||
| `stack` | :material-check: | / |
|
||||
| `include_interface` | :material-close: | No permission |
|
||||
| `exclude_interface` | :material-close: | No permission |
|
||||
| `include_uid` | :material-close: | No permission |
|
||||
| `exclude_uid` | :material-close: | No permission |
|
||||
| `include_android_user` | :material-close: | No permission |
|
||||
| `include_package` | :material-check: | / |
|
||||
| `exclude_package` | :material-check: | / |
|
||||
| `platform` | :material-check: | / |
|
||||
|
||||
| Route/DNS rule option | Available | Note |
|
||||
|-----------------------|------------------|-----------------------------------|
|
||||
| `process_name` | :material-close: | No permission |
|
||||
| `process_path` | :material-close: | No permission |
|
||||
| `package_name` | :material-check: | / |
|
||||
| `user` | :material-close: | Use `package_name` instead |
|
||||
| `user_id` | :material-close: | Use `package_name` instead |
|
||||
| `wifi_ssid` | :material-check: | Fine location permission required |
|
||||
| `wifi_bssid` | :material-check: | Fine location permission required |
|
||||
|
||||
### Override
|
||||
|
||||
Overrides profile configuration items with platform-specific values.
|
||||
|
||||
#### Per-app proxy
|
||||
|
||||
SFA allows you to select a list of Android apps that require proxying or bypassing in the graphical interface to
|
||||
override the `include_package` and `exclude_package` configuration items.
|
||||
|
||||
In particular, the selector also provides the “China apps” scanning feature, providing Chinese users with an excellent
|
||||
experience to bypass apps that do not require a proxy. Specifically, by scanning China application or SDK
|
||||
characteristics through dex class path and other means, there will be almost no missed reports.
|
||||
|
||||
### Chore
|
||||
|
||||
* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
|
||||
* Crash logs is located in `$working_directory/stderr.log`
|
22
docs/clients/android/index.md
Normal file
22
docs/clients/android/index.md
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
icon: material/android
|
||||
---
|
||||
|
||||
# sing-box for Android
|
||||
|
||||
SFA allows users to manage and run local or remote sing-box configuration files, and provides
|
||||
platform-specific function implementation, such as TUN transparent proxy implementation.
|
||||
|
||||
## :material-graph: Requirements
|
||||
|
||||
* Android 5.0+
|
||||
|
||||
## :material-download: Download
|
||||
|
||||
* [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
|
||||
* [Play Store (Beta)](https://play.google.com/apps/testing/io.nekohasekai.sfa)
|
||||
* [GitHub Releases](https://github.com/SagerNet/sing-box/releases)
|
||||
|
||||
## :material-source-repository: Source code
|
||||
|
||||
* [GitHub](https://github.com/SagerNet/sing-box-for-android)
|
52
docs/clients/apple/features.md
Normal file
52
docs/clients/apple/features.md
Normal file
|
@ -0,0 +1,52 @@
|
|||
# :material-decagram: Features
|
||||
|
||||
#### UI options
|
||||
|
||||
* Always On
|
||||
* Include All Networks (Proxy traffic for LAN and cellular services)
|
||||
* (Apple tvOS) Import profile from iPhone/iPad
|
||||
|
||||
#### Service
|
||||
|
||||
SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application Extension or System Extension.
|
||||
|
||||
#### TUN
|
||||
|
||||
SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension.
|
||||
|
||||
| TUN inbound option | Available | Note |
|
||||
|-------------------------------|-----------|-------------------|
|
||||
| `interface_name` | ✖️ | Managed by Darwin |
|
||||
| `inet4_address` | ✔️ | / |
|
||||
| `inet6_address` | ✔️ | / |
|
||||
| `mtu` | ✔️ | / |
|
||||
| `auto_route` | ✔️ | / |
|
||||
| `strict_route` | ✖️ | Not implemented |
|
||||
| `inet4_route_address` | ✔️ | / |
|
||||
| `inet6_route_address` | ✔️ | / |
|
||||
| `inet4_route_exclude_address` | ✔️ | / |
|
||||
| `inet6_route_exclude_address` | ✔️ | / |
|
||||
| `endpoint_independent_nat` | ✔️ | / |
|
||||
| `stack` | ✔️ | / |
|
||||
| `include_interface` | ✖️ | Not implemented |
|
||||
| `exclude_interface` | ✖️ | Not implemented |
|
||||
| `include_uid` | ✖️ | Not implemented |
|
||||
| `exclude_uid` | ✖️ | Not implemented |
|
||||
| `include_android_user` | ✖️ | Not implemented |
|
||||
| `include_package` | ✖️ | Not implemented |
|
||||
| `exclude_package` | ✖️ | Not implemented |
|
||||
| `platform` | ✔️ | / |
|
||||
|
||||
| Route/DNS rule option | Available | Note |
|
||||
|-----------------------|------------------|-----------------------|
|
||||
| `process_name` | :material-close: | No permission |
|
||||
| `process_path` | :material-close: | No permission |
|
||||
| `package_name` | :material-close: | / |
|
||||
| `user` | :material-close: | No permission |
|
||||
| `user_id` | :material-close: | No permission |
|
||||
| `wifi_ssid` | :material-alert: | Only supported on iOS |
|
||||
| `wifi_bssid` | :material-alert: | Only supported on iOS |
|
||||
|
||||
### Chore
|
||||
|
||||
* Crash logs is located in `Settings` -> `View Service Log`
|
32
docs/clients/apple/index.md
Normal file
32
docs/clients/apple/index.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
icon: material/apple
|
||||
---
|
||||
|
||||
# sing-box for Apple platforms
|
||||
|
||||
SFI/SFM/SFT allows users to manage and run local or remote sing-box configuration files, and provides
|
||||
platform-specific function implementation, such as TUN transparent proxy implementation.
|
||||
|
||||
## :material-graph: Requirements
|
||||
|
||||
* iOS 15.0+ / macOS 13.0+ / Apple tvOS 17.0+
|
||||
* An Apple account outside of mainland China
|
||||
|
||||
## :material-download: Download
|
||||
|
||||
* [App Store](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight (Beta)](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
## :material-file-download: Download (macOS standalone version)
|
||||
|
||||
* [Homebrew Cask](https://formulae.brew.sh/cask/sfm)
|
||||
|
||||
```bash
|
||||
brew install sfm
|
||||
```
|
||||
|
||||
* [GitHub Releases](https://github.com/SagerNet/sing-box/releases)
|
||||
|
||||
## :material-source-repository: Source code
|
||||
|
||||
* [GitHub](https://github.com/SagerNet/sing-box-for-apple)
|
63
docs/clients/general.md
Normal file
63
docs/clients/general.md
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
icon: material/pencil-ruler
|
||||
---
|
||||
|
||||
# General
|
||||
|
||||
Describes and explains the functions implemented uniformly by sing-box graphical clients.
|
||||
|
||||
### Profile
|
||||
|
||||
Profile describes a sing-box configuration file and its state.
|
||||
|
||||
#### Local
|
||||
|
||||
* Local Profile represents a local sing-box configuration with minimal state
|
||||
* The graphical client must provide an editor to modify configuration content
|
||||
|
||||
#### iCloud (on iOS and macOS)
|
||||
|
||||
* iCloud Profile represents a remote sing-box configuration with iCloud as the update source
|
||||
* The configuration file is stored in the sing-box folder under iCloud
|
||||
* The graphical client must provide an editor to modify configuration content
|
||||
|
||||
#### Remote
|
||||
|
||||
* Remote Profile represents a remote sing-box configuration with a URL as the update source.
|
||||
* The graphical client should provide a configuration content viewer
|
||||
* The graphical client must implement automatic profile update (default interval is 60 minutes) and HTTP Basic
|
||||
authorization.
|
||||
|
||||
At the same time, the graphical client must provide support for importing remote profiles
|
||||
through a specific URL Scheme. The URL is defined as follows:
|
||||
|
||||
```
|
||||
sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName
|
||||
```
|
||||
|
||||
### Dashboard
|
||||
|
||||
While the sing-box service is running, the graphical client should provide a Dashboard interface to manage the service.
|
||||
|
||||
#### Status
|
||||
|
||||
Dashboard should display status information such as memory, connection, and traffic.
|
||||
|
||||
#### Mode
|
||||
|
||||
Dashboard should provide a Mode selector for switching when the configuration uses at least two `clash_mode` values.
|
||||
|
||||
#### Groups
|
||||
|
||||
When the configuration includes group outbounds (specifically, Selector or URLTest),
|
||||
the dashboard should provide a Group selector for status display or switching.
|
||||
|
||||
### Chore
|
||||
|
||||
#### Core
|
||||
|
||||
Graphical clients should provide a Core region:
|
||||
|
||||
* Display the current sing-box version
|
||||
* Provides a button to clean the working directory
|
||||
* Provides a memory limiter switch
|
13
docs/clients/index.md
Normal file
13
docs/clients/index.md
Normal file
|
@ -0,0 +1,13 @@
|
|||
# :material-cellphone-link: Graphical Clients
|
||||
|
||||
Maintained by Project S to provide a unified experience and platform-specific functionality.
|
||||
|
||||
| Platform | Client |
|
||||
|---------------------------------------|-----------------------------------------|
|
||||
| :material-android: Android | [sing-box for Android](./android) |
|
||||
| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
|
||||
| :material-laptop: Desktop | Working in progress |
|
||||
|
||||
Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core
|
||||
motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN
|
||||
client features, the code is usually of poor quality and contains ads.
|
12
docs/clients/index.zh.md
Normal file
12
docs/clients/index.zh.md
Normal file
|
@ -0,0 +1,12 @@
|
|||
# :material-cellphone-link: 图形界面客户端
|
||||
|
||||
由 Project S 维护,提供统一的体验与平台特定的功能。
|
||||
|
||||
| 平台 | 客户端 |
|
||||
|---------------------------------------|-----------------------------------------|
|
||||
| :material-android: Android | [sing-box for Android](./android) |
|
||||
| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
|
||||
| :material-laptop: Desktop | 施工中 |
|
||||
|
||||
此处没有列出一些声称使用或以 sing-box 为卖点的第三方项目。此类项目维护者的动机是获得更多用户,即使它们提供友好的商业
|
||||
VPN 客户端功能, 但代码质量很差且包含广告。
|
8
docs/clients/privacy.md
Normal file
8
docs/clients/privacy.md
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
icon: material/security
|
||||
---
|
||||
|
||||
# Privacy policy
|
||||
|
||||
sing-box and official graphics clients do not collect or share personal data,
|
||||
and the data generated by the software is always on your device.
|
|
@ -79,6 +79,12 @@
|
|||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"wifi_ssid": [
|
||||
"My WIFI"
|
||||
],
|
||||
"wifi_bssid": [
|
||||
"00:00:00:00:00:00"
|
||||
],
|
||||
"invert": false,
|
||||
"outbound": [
|
||||
"direct"
|
||||
|
@ -188,7 +194,7 @@ Match port range.
|
|||
|
||||
#### process_name
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows, and macOS.
|
||||
|
||||
|
@ -196,7 +202,7 @@ Match process name.
|
|||
|
||||
#### process_path
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows, and macOS.
|
||||
|
||||
|
@ -208,7 +214,7 @@ Match android package name.
|
|||
|
||||
#### user
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
@ -216,7 +222,7 @@ Match user name.
|
|||
|
||||
#### user_id
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
@ -226,6 +232,24 @@ Match user id.
|
|||
|
||||
Match Clash mode.
|
||||
|
||||
#### wifi_ssid
|
||||
|
||||
<!-- md:version 1.7.0-beta.4 -->
|
||||
|
||||
!!! quote ""
|
||||
|
||||
Only supported in graphical clients on Android and iOS.
|
||||
|
||||
Match WiFi SSID.
|
||||
|
||||
#### wifi_bssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
Only supported in graphical clients on Android and iOS.
|
||||
|
||||
Match WiFi BSSID.
|
||||
|
||||
#### invert
|
||||
|
||||
Invert match result.
|
||||
|
|
|
@ -78,6 +78,12 @@
|
|||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"wifi_ssid": [
|
||||
"My WIFI"
|
||||
],
|
||||
"wifi_bssid": [
|
||||
"00:00:00:00:00:00"
|
||||
],
|
||||
"invert": false,
|
||||
"outbound": [
|
||||
"direct"
|
||||
|
@ -185,7 +191,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
|
|||
|
||||
#### process_name
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS.
|
||||
|
||||
|
@ -193,7 +199,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
|
|||
|
||||
#### process_path
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS.
|
||||
|
||||
|
@ -205,7 +211,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
|
|||
|
||||
#### user
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux。
|
||||
|
||||
|
@ -213,7 +219,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
|
|||
|
||||
#### user_id
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux。
|
||||
|
||||
|
@ -223,6 +229,22 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
|
|||
|
||||
匹配 Clash 模式。
|
||||
|
||||
#### wifi_ssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
仅在 Android 与 iOS 的图形客户端中支持。
|
||||
|
||||
匹配 WiFi SSID。
|
||||
|
||||
#### wifi_bssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
仅在 Android 与 iOS 的图形客户端中支持。
|
||||
|
||||
匹配 WiFi BSSID。
|
||||
|
||||
#### invert
|
||||
|
||||
反选匹配结果。
|
||||
|
|
|
@ -49,7 +49,7 @@ The address of the dns server.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC and HTTP3 transport is not included by default, see [Installation](/#installation).
|
||||
QUIC and HTTP3 transport is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! info ""
|
||||
|
||||
|
@ -57,7 +57,7 @@ The address of the dns server.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
DHCP transport is not included by default, see [Installation](/#installation).
|
||||
DHCP transport is not included by default, see [Installation](./#installation).
|
||||
|
||||
| RCode | Description |
|
||||
|-------------------|-----------------------|
|
||||
|
|
|
@ -44,9 +44,9 @@
|
|||
|
||||
### Clash API Fields
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Clash API is not included by default, see [Installation](/#installation).
|
||||
Clash API is not included by default, see [Installation](./#installation).
|
||||
|
||||
#### external_controller
|
||||
|
||||
|
@ -110,9 +110,9 @@ If not empty, `store_selected` will use a separate store keyed by it.
|
|||
|
||||
### V2Ray API Fields
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
V2Ray API is not included by default, see [Installation](/#installation).
|
||||
V2Ray API is not included by default, see [Installation](./#installation).
|
||||
|
||||
#### listen
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
### Clash API 字段
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
默认安装不包含 Clash API,参阅 [安装](/zh/#_2)。
|
||||
|
||||
|
@ -108,7 +108,7 @@ Clash 中的默认模式,默认使用 `Rule`。
|
|||
|
||||
### V2Ray API 字段
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
默认安装不包含 V2Ray API,参阅 [安装](/zh/#_2)。
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ No authentication required if empty.
|
|||
|
||||
#### set_system_proxy
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Android, Windows, and macOS.
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ HTTP 用户
|
|||
|
||||
#### set_system_proxy
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Android、Windows 和 macOS。
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC, which is required by hysteria is not included by default, see [Installation](/#installation).
|
||||
QUIC, which is required by hysteria is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Listen Fields
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
{
|
||||
"type": "hysteria2",
|
||||
"tag": "hy2-in",
|
||||
|
||||
... // Listen Fields
|
||||
...
|
||||
// Listen Fields
|
||||
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
|
@ -28,7 +28,14 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation).
|
||||
QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! warning "Difference from official Hysteria2"
|
||||
|
||||
The official program supports an authentication method called **userpass**,
|
||||
which essentially uses a combination of `<username>:<password>` as the actual password,
|
||||
while sing-box does not provide this alias.
|
||||
To use sing-box with the official program, you need to fill in that combination as the actual password.
|
||||
|
||||
### Listen Fields
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
{
|
||||
"type": "hysteria2",
|
||||
"tag": "hy2-in",
|
||||
|
||||
... // 监听字段
|
||||
...
|
||||
// 监听字段
|
||||
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
|
@ -30,6 +30,12 @@
|
|||
|
||||
默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。
|
||||
|
||||
!!! warning "与官方 Hysteria2 的区别"
|
||||
|
||||
官方程序支持一种名为 **userpass** 的验证方式,
|
||||
本质上上是将用户名与密码的组合 `<username>:<password>` 作为实际上的密码,而 sing-box 不提供此别名。
|
||||
要将 sing-box 与官方程序一起使用, 您需要填写该组合作为实际密码。
|
||||
|
||||
### 监听字段
|
||||
|
||||
参阅 [监听字段](/zh/configuration/shared/listen/)。
|
||||
|
|
|
@ -33,7 +33,7 @@ No authentication required if empty.
|
|||
|
||||
#### set_system_proxy
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Android, Windows, and macOS.
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ SOCKS 和 HTTP 用户
|
|||
|
||||
#### set_system_proxy
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Android、Windows 和 macOS。
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
HTTP3 transport is not included by default, see [Installation](/#installation).
|
||||
HTTP3 transport is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Listen Fields
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux and macOS.
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux 和 macOS。
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux。
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
|
|||
|
||||
#### fallback
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature.
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
|
|||
|
||||
#### fallback
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
没有证据表明 GFW 基于 HTTP 响应检测并阻止 Trojan 服务器,并且在服务器上打开标准 http/s 端口是一个更大的特征。
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC, which is required by TUIC is not included by default, see [Installation](/#installation).
|
||||
QUIC, which is required by TUIC is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Listen Fields
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows and macOS.
|
||||
|
||||
|
@ -102,7 +102,7 @@ The maximum transmission unit.
|
|||
|
||||
Set the default route to the Tun.
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface`
|
||||
|
||||
|
@ -171,11 +171,11 @@ TCP/IP stack.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
gVisor and LWIP stacks is not included by default, see [Installation](/#installation).
|
||||
gVisor and LWIP stacks is not included by default, see [Installation](./#installation).
|
||||
|
||||
#### include_interface
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Interface rules are only supported on Linux and require auto_route.
|
||||
|
||||
|
@ -191,7 +191,7 @@ Conflict with `include_interface`.
|
|||
|
||||
#### include_uid
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
UID rules are only supported on Linux and require auto_route.
|
||||
|
||||
|
@ -211,7 +211,7 @@ Exclude users in route, but in range.
|
|||
|
||||
#### include_android_user
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Android user and package rules are only supported on Android and require auto_route.
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS。
|
||||
|
||||
|
@ -102,7 +102,7 @@ tun 接口的 IPv6 前缀。
|
|||
|
||||
设置到 Tun 的默认路由。
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
为避免流量环回,请设置 `route.auto_detect_interface` 或 `route.default_interface` 或 `outbound.bind_interface`。
|
||||
|
||||
|
@ -171,7 +171,7 @@ TCP/IP 栈。
|
|||
|
||||
#### include_interface
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
接口规则仅在 Linux 下被支持,并且需要 `auto_route`。
|
||||
|
||||
|
@ -187,7 +187,7 @@ TCP/IP 栈。
|
|||
|
||||
#### include_uid
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
UID 规则仅在 Linux 下被支持,并且需要 `auto_route`。
|
||||
|
||||
|
@ -207,7 +207,7 @@ TCP/IP 栈。
|
|||
|
||||
#### include_android_user
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Android 用户和应用规则仅在 Android 下被支持,并且需要 `auto_route`。
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC, which is required by hysteria is not included by default, see [Installation](/#installation).
|
||||
QUIC, which is required by hysteria is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Fields
|
||||
|
||||
|
|
|
@ -24,7 +24,15 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation).
|
||||
QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! warning "Difference from official Hysteria2"
|
||||
|
||||
The official Hysteria2 supports an authentication method called **userpass**,
|
||||
which essentially uses a combination of `<username>:<password>` as the actual password,
|
||||
while sing-box does not provide this alias.
|
||||
If you are planning to use sing-box with the official program,
|
||||
please note that you will need to fill the combination as the password.
|
||||
|
||||
### Fields
|
||||
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
|
||||
默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。
|
||||
|
||||
!!! warning "与官方 Hysteria2 的区别"
|
||||
|
||||
官方程序支持一种名为 **userpass** 的验证方式,
|
||||
本质上上是将用户名与密码的组合 `<username>:<password>` 作为实际上的密码,而 sing-box 不提供此别名。
|
||||
要将 sing-box 与官方程序一起使用, 您需要填写该组合作为实际密码。
|
||||
|
||||
### 字段
|
||||
|
||||
#### server
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
}
|
||||
```
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
The selector can only be controlled through the [Clash API](/configuration/experimental#clash-api-fields) currently.
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
}
|
||||
```
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
选择器目前只能通过 [Clash API](/zh/configuration/experimental#clash-api) 来控制。
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
ShadowsocksR is not included by default, see [Installation](/#installation).
|
||||
ShadowsocksR is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Fields
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
!!! info ""
|
||||
|
||||
Embedded tor is not included by default, see [Installation](/#installation).
|
||||
Embedded tor is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Fields
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC, which is required by TUIC is not included by default, see [Installation](/#installation).
|
||||
QUIC, which is required by TUIC is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Fields
|
||||
|
||||
|
|
|
@ -38,11 +38,11 @@
|
|||
|
||||
!!! warning ""
|
||||
|
||||
WireGuard is not included by default, see [Installation](/#installation).
|
||||
WireGuard is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! warning ""
|
||||
|
||||
gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation).
|
||||
gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](./#installation).
|
||||
|
||||
### Fields
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ Default outbound tag. the first outbound will be used if empty.
|
|||
|
||||
#### auto_detect_interface
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows and macOS.
|
||||
|
||||
|
@ -41,7 +41,7 @@ Takes no effect if `outbound.bind_interface` is set.
|
|||
|
||||
#### override_android_vpn
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Android.
|
||||
|
||||
|
@ -49,7 +49,7 @@ Accept Android VPN as upstream NIC when `auto_detect_interface` enabled.
|
|||
|
||||
#### default_interface
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows and macOS.
|
||||
|
||||
|
@ -59,7 +59,7 @@ Takes no effect if `auto_detect_interface` is set.
|
|||
|
||||
#### default_mark
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
#### auto_detect_interface
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS。
|
||||
|
||||
|
@ -42,7 +42,7 @@
|
|||
|
||||
#### override_android_vpn
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Android。
|
||||
|
||||
|
@ -50,7 +50,7 @@
|
|||
|
||||
#### default_interface
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS。
|
||||
|
||||
|
@ -60,7 +60,7 @@
|
|||
|
||||
#### default_mark
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux。
|
||||
|
||||
|
|
|
@ -83,6 +83,12 @@
|
|||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"wifi_ssid": [
|
||||
"My WIFI"
|
||||
],
|
||||
"wifi_bssid": [
|
||||
"00:00:00:00:00:00"
|
||||
],
|
||||
"invert": false,
|
||||
"outbound": "direct"
|
||||
},
|
||||
|
@ -190,7 +196,7 @@ Match port range.
|
|||
|
||||
#### process_name
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows, and macOS.
|
||||
|
||||
|
@ -198,7 +204,7 @@ Match process name.
|
|||
|
||||
#### process_path
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux, Windows, and macOS.
|
||||
|
||||
|
@ -210,7 +216,7 @@ Match android package name.
|
|||
|
||||
#### user
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
@ -218,7 +224,7 @@ Match user name.
|
|||
|
||||
#### user_id
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
@ -228,6 +234,22 @@ Match user id.
|
|||
|
||||
Match Clash mode.
|
||||
|
||||
#### wifi_ssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
Only supported in graphical clients on Android and iOS.
|
||||
|
||||
Match WiFi SSID.
|
||||
|
||||
#### wifi_bssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
Only supported in graphical clients on Android and iOS.
|
||||
|
||||
Match WiFi BSSID.
|
||||
|
||||
#### invert
|
||||
|
||||
Invert match result.
|
||||
|
|
|
@ -81,6 +81,12 @@
|
|||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"wifi_ssid": [
|
||||
"My WIFI"
|
||||
],
|
||||
"wifi_bssid": [
|
||||
"00:00:00:00:00:00"
|
||||
],
|
||||
"invert": false,
|
||||
"outbound": "direct"
|
||||
},
|
||||
|
@ -188,7 +194,7 @@
|
|||
|
||||
#### process_name
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS。
|
||||
|
||||
|
@ -196,7 +202,7 @@
|
|||
|
||||
#### process_path
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux、Windows 和 macOS.
|
||||
|
||||
|
@ -208,7 +214,7 @@
|
|||
|
||||
#### user
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux.
|
||||
|
||||
|
@ -216,7 +222,7 @@
|
|||
|
||||
#### user_id
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux.
|
||||
|
||||
|
@ -226,6 +232,22 @@
|
|||
|
||||
匹配 Clash 模式。
|
||||
|
||||
#### wifi_ssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
仅在 Android 与 iOS 的图形客户端中支持。
|
||||
|
||||
匹配 WiFi SSID。
|
||||
|
||||
#### wifi_bssid
|
||||
|
||||
!!! quote ""
|
||||
|
||||
仅在 Android 与 iOS 的图形客户端中支持。
|
||||
|
||||
匹配 WiFi BSSID。
|
||||
|
||||
#### invert
|
||||
|
||||
反选匹配结果。
|
||||
|
|
|
@ -41,7 +41,7 @@ The IPv6 address to bind to.
|
|||
|
||||
#### routing_mark
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
Only supported on Linux.
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
#### routing_mark
|
||||
|
||||
!!! error ""
|
||||
!!! quote ""
|
||||
|
||||
仅支持 Linux。
|
||||
|
||||
|
|
|
@ -201,7 +201,7 @@ The path to the server private key, in PEM format.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
uTLS is not included by default, see [Installation](/#installation).
|
||||
uTLS is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! note ""
|
||||
|
||||
|
@ -228,7 +228,7 @@ Chrome fingerprint will be used if empty.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
ECH is not included by default, see [Installation](/#installation).
|
||||
ECH is not included by default, see [Installation](./#installation).
|
||||
|
||||
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
|
||||
message.
|
||||
|
@ -280,7 +280,7 @@ If empty, load from DNS will be attempted.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
ACME is not included by default, see [Installation](/#installation).
|
||||
ACME is not included by default, see [Installation](./#installation).
|
||||
|
||||
#### domain
|
||||
|
||||
|
@ -359,11 +359,11 @@ See [DNS01 Challenge Fields](/configuration/shared/dns01_challenge) for details.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
reality server is not included by default, see [Installation](/#installation).
|
||||
reality server is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! warning ""
|
||||
|
||||
uTLS, which is required by reality client is not included by default, see [Installation](/#installation).
|
||||
uTLS, which is required by reality client is not included by default, see [Installation](./#installation).
|
||||
|
||||
#### handshake
|
||||
|
||||
|
|
|
@ -131,7 +131,7 @@ It needs to be consistent with the server.
|
|||
|
||||
!!! warning ""
|
||||
|
||||
QUIC is not included by default, see [Installation](/#installation).
|
||||
QUIC is not included by default, see [Installation](./#installation).
|
||||
|
||||
!!! warning "Difference from v2ray-core"
|
||||
|
||||
|
@ -142,7 +142,7 @@ It needs to be consistent with the server.
|
|||
|
||||
!!! note ""
|
||||
|
||||
standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](/#installation).
|
||||
standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](./#installation).
|
||||
|
||||
```json
|
||||
{
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
# Development environment
|
||||
|
||||
#### For the documentation
|
||||
|
||||
##### Setup
|
||||
|
||||
You need to configure python3 and pip first.
|
||||
|
||||
```shell
|
||||
pip install mkdocs-material mkdocs-static-i18n
|
||||
```
|
||||
|
||||
##### Run the site locally
|
||||
|
||||
```shell
|
||||
mkdocs serve
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```shell
|
||||
python3 -m mkdocs serve
|
||||
```
|
||||
|
||||
#### For the project
|
||||
|
||||
By default you have the latest Go installed (currently 1.19), and added `GOPATH/bin` to the PATH environment variable.
|
||||
|
||||
##### Setup
|
||||
|
||||
```shell
|
||||
make fmt_insalll
|
||||
make lint_install
|
||||
```
|
||||
|
||||
This installs the formatting and lint tools, which can be used via `make fmt` and `make lint`.
|
||||
|
||||
For ProtoBuffer changes, you also need `make proto_install` and `make proto`.
|
||||
|
||||
##### Build binary to the project directory
|
||||
|
||||
```shell
|
||||
make
|
||||
```
|
||||
|
||||
##### Install binary to GOPATH/bin
|
||||
|
||||
```shell
|
||||
make install
|
||||
```
|
|
@ -1,17 +0,0 @@
|
|||
# Contributing to sing-box
|
||||
|
||||
An introduction to contributing to the sing-box project.
|
||||
|
||||
The sing-box project welcomes, and depends, on contributions from developers and users in the open source community.
|
||||
Contributions can be made in a number of ways, a few examples are:
|
||||
|
||||
* Code patches via pull requests
|
||||
* Documentation improvements
|
||||
* Bug reports and patch reviews
|
||||
|
||||
### Reporting an Issue?
|
||||
|
||||
Please follow
|
||||
the [issue template](https://github.com/SagerNet/sing-box/issues/new?assignees=&labels=&template=bug_report.yml) to
|
||||
submit bugs. Always include **FULL** log content, especially if you don't understand the code that generates it.
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
The sing-box uses the following projects which also need to be maintained:
|
||||
|
||||
#### sing
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/sing)
|
||||
|
||||
As a base tool library, there are no dependencies other than `golang.org/x/sys`.
|
||||
|
||||
#### sing-dns
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/sing-dns)
|
||||
|
||||
Handles DNS lookups and caching.
|
||||
|
||||
#### sing-tun
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/sing-tun)
|
||||
|
||||
Handle Tun traffic forwarding, configure routing, monitor network and routing.
|
||||
|
||||
This library needs to periodically update its dependency gVisor (according to tags), including checking for changes to
|
||||
the used parts of the code and updating its usage. If you are involved in maintenance, you also need to check that if it
|
||||
works or contains memory leaks.
|
||||
|
||||
#### sing-shadowsocks
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/sing-shadowsocks)
|
||||
|
||||
Provides Shadowsocks client and server
|
||||
|
||||
#### sing-vmess
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/sing-vmess)
|
||||
|
||||
Provides VMess client and server
|
||||
|
||||
#### netlink
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/netlink)
|
||||
|
||||
Fork of `vishvananda/netlink`, with some rule fixes.
|
||||
|
||||
The library needs to be updated with the upstream.
|
||||
|
||||
#### quic-go
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/quic-go)
|
||||
|
||||
Fork of `lucas-clemente/quic-go` and `HyNetwork/quic-go`, contains quic flow control and other fixes used by Hysteria.
|
||||
|
||||
Since the author of Hysteria does not follow the upstream updates in time, and the provided fork needs to use replace,
|
||||
we need to do this.
|
||||
|
||||
The library needs to be updated with the upstream.
|
||||
|
||||
#### smux
|
||||
|
||||
Link: [GitHub repository](https://github.com/SagerNet/smux)
|
||||
|
||||
Fork of `xtaci/smux`
|
||||
|
||||
Modify the code to support the writev it uses internally and unify the buffer pool, which prevents it from allocating
|
||||
64k buffers for per connection and improves performance.
|
||||
|
||||
Upstream doesn't seem to be updated anymore, maybe a replacement is needed.
|
||||
|
||||
Note: while yamux is still actively maintained and better known, it seems to be less performant.
|
|
@ -1,5 +1,11 @@
|
|||
---
|
||||
icon: material/delete-alert
|
||||
---
|
||||
|
||||
# Deprecated Feature List
|
||||
|
||||
### 1.6.0
|
||||
|
||||
The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
|
||||
|
||||
#### ShadowsocksR
|
||||
|
|
17
docs/deprecated.zh.md
Normal file
17
docs/deprecated.zh.md
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
icon: material/delete-alert
|
||||
---
|
||||
|
||||
# 废弃功能列表
|
||||
|
||||
### 1.6.0
|
||||
|
||||
下列功能已在 1.5.0 中标记为已弃用,并在 1.6.0 中完全删除。
|
||||
|
||||
#### ShadowsocksR
|
||||
|
||||
ShadowsocksR 支持从未默认启用,自从常用的黑产代理销售面板停止使用该协议,继续维护它是没有意义的。
|
||||
|
||||
#### Proxy Protocol
|
||||
|
||||
Proxy Protocol 支持由 Pull Request 添加,存在问题且仅由 HTTP 多路复用器(如 nginx)的后端使用,具有侵入性,对于代理目的毫无意义。
|
|
@ -1,52 +0,0 @@
|
|||
```json
|
||||
{
|
||||
"dns": {
|
||||
"rules": [
|
||||
{
|
||||
"domain": [
|
||||
"clash.razord.top",
|
||||
"yacd.haishan.me"
|
||||
],
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"clash_mode": "direct",
|
||||
"server": "local"
|
||||
}
|
||||
]
|
||||
},
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "selector",
|
||||
"tag": "default",
|
||||
"outbounds": [
|
||||
"proxy-a",
|
||||
"proxy-b"
|
||||
]
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"clash_mode": "direct",
|
||||
"outbound": "direct"
|
||||
},
|
||||
{
|
||||
"domain": [
|
||||
"clash.razord.top",
|
||||
"yacd.haishan.me"
|
||||
],
|
||||
"outbound": "direct"
|
||||
}
|
||||
],
|
||||
"final": "default"
|
||||
},
|
||||
"experimental": {
|
||||
"clash_api": {
|
||||
"external_controller": "127.0.0.1:9090",
|
||||
"store_selected": true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
```
|
|
@ -1,65 +0,0 @@
|
|||
#### Sniff Mode
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"sniff": true // required
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
#### Port Mode
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"sniff": true // not required
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"port": 53,
|
||||
"outbound": "dns-out"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
|
@ -1,65 +0,0 @@
|
|||
#### 探测模式
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"sniff": true // 必须
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
#### 端口模式
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"sniff": true // 非必须
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"port": 53,
|
||||
"outbound": "dns-out"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
|
@ -1,106 +0,0 @@
|
|||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
},
|
||||
{
|
||||
"tag": "remote",
|
||||
"address": "fakeip"
|
||||
},
|
||||
{
|
||||
"tag": "block",
|
||||
"address": "rcode://success"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"geosite": "category-ads-all",
|
||||
"server": "block",
|
||||
"disable_cache": true
|
||||
},
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"geosite": "cn",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"query_type": [
|
||||
"A",
|
||||
"AAAA"
|
||||
],
|
||||
"server": "remote"
|
||||
}
|
||||
],
|
||||
"fakeip": {
|
||||
"enabled": true,
|
||||
"inet4_range": "198.18.0.0/15",
|
||||
"inet6_range": "fc00::/18"
|
||||
},
|
||||
"independent_cache": true,
|
||||
"strategy": "ipv4_only"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"sniff": true,
|
||||
"domain_strategy": "ipv4_only" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"tag": "proxy",
|
||||
"server": "mydomain.com",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
},
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "block",
|
||||
"tag": "block"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
},
|
||||
{
|
||||
"geosite": "cn",
|
||||
"geoip": [
|
||||
"private",
|
||||
"cn"
|
||||
],
|
||||
"outbound": "direct"
|
||||
},
|
||||
{
|
||||
"geosite": "category-ads-all",
|
||||
"outbound": "block"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
|
@ -1,106 +0,0 @@
|
|||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
},
|
||||
{
|
||||
"tag": "remote",
|
||||
"address": "fakeip"
|
||||
},
|
||||
{
|
||||
"tag": "block",
|
||||
"address": "rcode://success"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"geosite": "category-ads-all",
|
||||
"server": "block",
|
||||
"disable_cache": true
|
||||
},
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"geosite": "cn",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"query_type": [
|
||||
"A",
|
||||
"AAAA"
|
||||
],
|
||||
"server": "remote"
|
||||
}
|
||||
],
|
||||
"fakeip": {
|
||||
"enabled": true,
|
||||
"inet4_range": "198.18.0.0/15",
|
||||
"inet6_range": "fc00::/18"
|
||||
},
|
||||
"independent_cache": true,
|
||||
"strategy": "ipv4_only"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"sniff": true,
|
||||
"domain_strategy": "ipv4_only" // 如果您想在远程解析域,删除此行 (如果服务器程序不为 sing-box,可能由于错误的行为导致 UDP 无法使用)。
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"tag": "proxy",
|
||||
"server": "mydomain.com",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
},
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "block",
|
||||
"tag": "block"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
},
|
||||
{
|
||||
"geosite": "cn",
|
||||
"geoip": [
|
||||
"private",
|
||||
"cn"
|
||||
],
|
||||
"outbound": "direct"
|
||||
},
|
||||
{
|
||||
"geosite": "category-ads-all",
|
||||
"outbound": "block"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
|
@ -1,11 +0,0 @@
|
|||
# Examples
|
||||
|
||||
Configuration examples for sing-box.
|
||||
|
||||
* [Linux Server Installation](./linux-server-installation)
|
||||
* [Tun](./tun)
|
||||
* [DNS Hijack](./dns-hijack.md)
|
||||
* [Shadowsocks](./shadowsocks)
|
||||
* [ShadowTLS](./shadowtls)
|
||||
* [Clash API](./clash-api)
|
||||
* [FakeIP](./fakeip)
|
|
@ -1,11 +0,0 @@
|
|||
# 示例
|
||||
|
||||
sing-box 的配置示例。
|
||||
|
||||
* [Linux 服务器安装](./linux-server-installation)
|
||||
* [Tun](./tun)
|
||||
* [DNS 劫持](./dns-hijack.md)
|
||||
* [Shadowsocks](./shadowsocks)
|
||||
* [ShadowTLS](./shadowtls)
|
||||
* [Clash API](./clash-api)
|
||||
* [FakeIP](./fakeip)
|
|
@ -1,38 +0,0 @@
|
|||
#### Requirements
|
||||
|
||||
* Linux & Systemd
|
||||
* Git
|
||||
* C compiler environment
|
||||
|
||||
#### Install
|
||||
|
||||
```shell
|
||||
git clone -b main https://github.com/SagerNet/sing-box
|
||||
cd sing-box
|
||||
./release/local/install_go.sh # skip if you have golang already installed
|
||||
./release/local/install.sh
|
||||
```
|
||||
|
||||
Edit configuration file in `/usr/local/etc/sing-box/config.json`
|
||||
|
||||
```shell
|
||||
./release/local/enable.sh
|
||||
```
|
||||
|
||||
#### Update
|
||||
|
||||
```shell
|
||||
./release/local/update.sh
|
||||
```
|
||||
|
||||
#### Other commands
|
||||
|
||||
| Operation | Command |
|
||||
|-----------|-----------------------------------------------|
|
||||
| Start | `sudo systemctl start sing-box` |
|
||||
| Stop | `sudo systemctl stop sing-box` |
|
||||
| Kill | `sudo systemctl kill sing-box` |
|
||||
| Restart | `sudo systemctl restart sing-box` |
|
||||
| Logs | `sudo journalctl -u sing-box --output cat -e` |
|
||||
| New Logs | `sudo journalctl -u sing-box --output cat -f` |
|
||||
| Uninstall | `./release/local/uninstall.sh` |
|
|
@ -1,38 +0,0 @@
|
|||
#### 依赖
|
||||
|
||||
* Linux & Systemd
|
||||
* Git
|
||||
* C 编译器环境
|
||||
|
||||
#### 安装
|
||||
|
||||
```shell
|
||||
git clone -b main https://github.com/SagerNet/sing-box
|
||||
cd sing-box
|
||||
./release/local/install_go.sh # 如果已安装 golang 则跳过
|
||||
./release/local/install.sh
|
||||
```
|
||||
|
||||
编辑配置文件 `/usr/local/etc/sing-box/config.json`
|
||||
|
||||
```shell
|
||||
./release/local/enable.sh
|
||||
```
|
||||
|
||||
#### 更新
|
||||
|
||||
```shell
|
||||
./release/local/update.sh
|
||||
```
|
||||
|
||||
#### 其他命令
|
||||
|
||||
| 操作 | 命令 |
|
||||
|------|-----------------------------------------------|
|
||||
| 启动 | `sudo systemctl start sing-box` |
|
||||
| 停止 | `sudo systemctl stop sing-box` |
|
||||
| 强制停止 | `sudo systemctl kill sing-box` |
|
||||
| 重启 | `sudo systemctl restart sing-box` |
|
||||
| 查看日志 | `sudo journalctl -u sing-box --output cat -e` |
|
||||
| 实时日志 | `sudo journalctl -u sing-box --output cat -f` |
|
||||
| 卸载 | `./release/local/uninstall.sh` |
|
|
@ -1,163 +0,0 @@
|
|||
# Shadowsocks
|
||||
|
||||
!!! warning ""
|
||||
|
||||
For censorship bypass usage in China, we recommend using UDP over TCP and disabling UDP on the server.
|
||||
|
||||
## Single User
|
||||
|
||||
#### Server
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"network": "tcp",
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
#### Client
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "mixed",
|
||||
"listen": "::",
|
||||
"listen_port": 2080
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||
"udp_over_tcp": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Multiple Users
|
||||
|
||||
#### Server
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"password": "BXYxVUXJ9NgF7c7KPLQjkg=="
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
#### Client
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "mixed",
|
||||
"listen": "::",
|
||||
"listen_port": 2080
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg=="
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Relay
|
||||
|
||||
#### Server
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
#### Relay
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"listen": "::",
|
||||
"listen_port": 8081,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "BXYxVUXJ9NgF7c7KPLQjkg==",
|
||||
"destinations": [
|
||||
{
|
||||
"name": "my_server",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
#### Client
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "mixed",
|
||||
"listen": "::",
|
||||
"listen_port": 2080
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8081,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg=="
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
```
|
|
@ -1,70 +0,0 @@
|
|||
#### Server
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowtls",
|
||||
"listen": "::",
|
||||
"listen_port": 4443,
|
||||
"version": 3,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
}
|
||||
],
|
||||
"handshake": {
|
||||
"server": "google.com",
|
||||
"server_port": 443
|
||||
},
|
||||
"detour": "shadowsocks-in"
|
||||
},
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"tag": "shadowsocks-in",
|
||||
"listen": "127.0.0.1",
|
||||
"network": "tcp",
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
#### Client
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||
"detour": "shadowtls-out",
|
||||
"multiplex": {
|
||||
"enabled": true,
|
||||
"max_connections": 4,
|
||||
"min_streams": 4
|
||||
}
|
||||
// or "udp_over_tcp": true
|
||||
},
|
||||
{
|
||||
"type": "shadowtls",
|
||||
"tag": "shadowtls-out",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 4443,
|
||||
"version": 3,
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "google.com",
|
||||
"utls": {
|
||||
"enabled": true,
|
||||
"fingerprint": "chrome"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
|
@ -1,89 +0,0 @@
|
|||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
},
|
||||
{
|
||||
"tag": "block",
|
||||
"address": "rcode://success"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"geosite": "category-ads-all",
|
||||
"server": "block",
|
||||
"disable_cache": true
|
||||
},
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"geosite": "cn",
|
||||
"server": "local"
|
||||
}
|
||||
],
|
||||
"strategy": "ipv4_only"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"strict_route": false,
|
||||
"sniff": true
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"tag": "proxy",
|
||||
"server": "mydomain.com",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||
},
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "block",
|
||||
"tag": "block"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
},
|
||||
{
|
||||
"geosite": "cn",
|
||||
"geoip": [
|
||||
"private",
|
||||
"cn"
|
||||
],
|
||||
"outbound": "direct"
|
||||
},
|
||||
{
|
||||
"geosite": "category-ads-all",
|
||||
"outbound": "block"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
|
@ -1,19 +0,0 @@
|
|||
# FakeIP
|
||||
|
||||
FakeIP refers to a type of behavior in a program that simultaneously hijacks both DNS and connection requests. It
|
||||
responds to DNS requests with virtual results and restores mapping when accepting connections.
|
||||
|
||||
#### Advantage
|
||||
|
||||
*
|
||||
|
||||
#### Limitation
|
||||
|
||||
* Its mechanism breaks applications that depend on returning correct remote addresses.
|
||||
* Only A and AAAA (IP) requests are supported, which may break applications that rely on other requests.
|
||||
|
||||
#### Recommendation
|
||||
|
||||
* Enable `dns.independent_cache` unless you always resolve FakeIP domains remotely.
|
||||
* If using tun, make sure FakeIP ranges is included in the tun's routes.
|
||||
* Enable `experimental.clash_api.store_fakeip` to persist FakeIP records, or use `dns.rules.rewrite_ttl` to avoid losing records after program restart in DNS cached environments.
|
|
@ -1,18 +0,0 @@
|
|||
# FakeIP
|
||||
|
||||
FakeIP 是指同时劫持 DNS 和连接请求的程序中的一种行为。它通过虚拟结果响应 DNS 请求,在接受连接时恢复映射。
|
||||
|
||||
#### 优点
|
||||
|
||||
*
|
||||
|
||||
#### 限制
|
||||
|
||||
* 它的机制会破坏依赖于返回正确远程地址的应用程序。
|
||||
* 仅支持 A 和 AAAA(IP)请求,这可能会破坏依赖于其他请求的应用程序。
|
||||
|
||||
#### 建议
|
||||
|
||||
* 启用 `dns.independent_cache` 除非您始终远程解析 FakeIP 域。
|
||||
* 如果使用 tun,请确保 tun 路由中包含 FakeIP 地址范围。
|
||||
* 启用 `experimental.clash_api.store_fakeip` 以持久化 FakeIP 记录,或者使用 `dns.rules.rewrite_ttl` 避免程序重启后在 DNS 被缓存的环境中丢失记录。
|
|
@ -1,58 +0,0 @@
|
|||
# Frequently Asked Questions (FAQ)
|
||||
|
||||
## Design
|
||||
|
||||
#### Why does sing-box not have feature X?
|
||||
|
||||
Every program contains novel features and omits someone's favorite feature. sing-box is designed with an eye to the
|
||||
needs of performance, lightweight, usability, modularity, and code quality. Your favorite feature may be missing because
|
||||
it doesn't fit, because it compromises performance or design clarity, or because it's a bad idea.
|
||||
|
||||
If it bothers you that sing-box is missing feature X, please forgive us and investigate the features that sing-box does
|
||||
have. You might find that they compensate in interesting ways for the lack of X.
|
||||
|
||||
#### Naive outbound
|
||||
|
||||
NaïveProxy's main function is chromium's network stack, and it makes no sense to implement only its transport protocol.
|
||||
|
||||
#### Protocol combinations
|
||||
|
||||
The "underlying transport" in v2ray-core is actually a combination of a number of proprietary protocols and uses the
|
||||
names of their upstream protocols, resulting in a great deal of Linguistic corruption.
|
||||
|
||||
For example, Trojan with v2ray's proprietary gRPC protocol, called Trojan gRPC by the v2ray community, is not actually a
|
||||
protocol and has no role outside of abusing CDNs.
|
||||
|
||||
## Tun
|
||||
|
||||
#### What is tun?
|
||||
|
||||
tun is a virtual network device in unix systems, and in windows there is wintun developed by WireGuard as an
|
||||
alternative. The tun module of sing-box includes traffic processing, automatic routing, and network device listening,
|
||||
and is mainly used as a transparent proxy.
|
||||
|
||||
#### How is it different from system proxy?
|
||||
|
||||
System proxy usually only supports TCP and is not accepted by all applications, but tun can handle all traffic.
|
||||
|
||||
#### How is it different from traditional transparent proxy?
|
||||
|
||||
They are usually only supported under Linux and require manipulation of firewalls like iptables, while tun only modifies
|
||||
the routing table.
|
||||
|
||||
The tproxy UDP is considered to have poor performance due to the need to create a new connection every write back in
|
||||
v2ray and clash, but it is optimized in sing-box so you can still use it if needed.
|
||||
|
||||
#### How does it handle DNS?
|
||||
|
||||
In traditional transparent proxies, it is usually necessary to manually hijack port 53 to the DNS proxy server, while
|
||||
tun is more flexible.
|
||||
|
||||
sing-box's `auto_route` will hijack all DNS requests except on [macOS and Android](./known-issues#dns).
|
||||
|
||||
You need to manually configure how to handle tun hijacked DNS traffic, see [Hijack DNS](/examples/dns-hijack).
|
||||
|
||||
#### Why I can't use it with other local proxies (e.g. via socks)?
|
||||
|
||||
Tun will hijack all traffic, including other proxy applications. In order to make tun work with other applications, you
|
||||
need to create an inbound to proxy traffic from other applications or make them bypass the route.
|
|
@ -1,50 +0,0 @@
|
|||
# 常见问题
|
||||
|
||||
## 设计
|
||||
|
||||
#### 为什么 sing-box 没有功能 X?
|
||||
|
||||
每个程序都包含新颖的功能并省略了某人最喜欢的功能。 sing-box 的设计着眼于高性能、轻量、可用性、模块化和代码质量的需求。
|
||||
您最喜欢的功能可能会丢失,因为它不适合,因为它会影响性能或设计清晰度,或者因为它是一个坏主意。
|
||||
|
||||
如果 sing-box 缺少功能 X 让您感到困扰,请原谅我们并调查 sing-box 确实有的功能。 您可能会发现它们以有趣的方式弥补了 X 的缺失。
|
||||
|
||||
#### Naive 出站
|
||||
|
||||
NaïveProxy 的主要功能是 chromium 的网络栈,仅实现它的传输协议是舍本逐末的。
|
||||
|
||||
#### 协议组合
|
||||
|
||||
v2ray-core 中的 "底层传输协议" 实际上是一些专有协议的组合,并使用其上游协议的名称,造成了大量的语言腐败。
|
||||
|
||||
例如,v2ray 社区将 v2ray 专有的 gRPC 协议称为 Trojan gRPC,其实并不是一个 协议,在滥用 CDN 之外没有任何作用。
|
||||
|
||||
## Tun
|
||||
|
||||
#### 什么是 tun?
|
||||
|
||||
tun 是 unix 系统中的虚拟网络设备,在 windows 中有 WireGuard 开发的 wintun 作为替代。
|
||||
sing-box 的 tun 模块包括流量处理、自动路由和网络设备监听,并主要用作透明代理。
|
||||
|
||||
#### 它与系统代理有什么不同?
|
||||
|
||||
系统代理通常只支持 TCP,且不被所有应用程序接受,但 tun 可以处理所有流量。
|
||||
|
||||
#### 它与传统的透明代理有什么不同?
|
||||
|
||||
它们通常仅支持 Linux,并且需要操作防火墙像 iptables,而 tun 仅修改路由表。
|
||||
|
||||
tproxy UDP 被认为性能很差,因为在 v2ray 和 clash 中每次回写都需要创建一个新连接,但 sing-box 进行了优化,因此您仍然可以在需要时使用它。
|
||||
|
||||
#### 它如何处理 DNS?
|
||||
|
||||
在传统的透明代理中,通常需要手动劫持 53 端口到 DNS 代理服务器,而 tun 更灵活。
|
||||
|
||||
sing-box 的 `auto_route` 将劫持所有 DNS 请求,除了 [特殊情况](./known-issues#dns)。
|
||||
|
||||
您需要手动配置以处理 tun 劫持的 DNS 流量,请参阅 [DNS劫持](/zh/examples/dns-hijack)。
|
||||
|
||||
#### 为什么我不能将它与其他本地代理一起使用(例如通过 socks)?
|
||||
|
||||
tun 将劫持所有流量,包括其他代理应用程序。
|
||||
为了使 tun 与其他应用程序一起工作,您需要创建入站以代理来自其他程序的流量或让它们绕过路由。
|
|
@ -1,20 +0,0 @@
|
|||
#### DNS
|
||||
|
||||
##### on macOS
|
||||
|
||||
`auto-route` cannot automatically hijack DNS requests sent to the LAN, so it's need to manually set DNS to servers on
|
||||
the public internet.
|
||||
|
||||
##### on Android
|
||||
|
||||
`auto-route` cannot automatically hijack DNS requests when Android's `Private DNS` enabled or `strict_route` disabled.
|
||||
|
||||
#### System proxy
|
||||
|
||||
##### on Linux
|
||||
|
||||
Usually only browsers and GNOME applications accept GNOME proxy settings.
|
||||
|
||||
##### on Android
|
||||
|
||||
With the system proxy enabled, some applications will error out (usually from China).
|
|
@ -1,19 +0,0 @@
|
|||
#### DNS
|
||||
|
||||
##### macOS
|
||||
|
||||
`auto-route` 无法自动劫持发往局域网的 DNS 请求,需要手动设置位于公网的 DNS 服务器。
|
||||
|
||||
##### Android
|
||||
|
||||
`auto-route` 无法自动劫持 DNS 请求如果 `私人 DNS` 开启或 `strict_route` 禁用。
|
||||
|
||||
#### 系统代理
|
||||
|
||||
##### Linux
|
||||
|
||||
通常只有浏览器和 GNOME 应用程序接受 GNOME 代理设置。
|
||||
|
||||
##### Android
|
||||
|
||||
启用系统代理后,某些应用程序会出错(通常来自中国)。
|
121
docs/features.md
121
docs/features.md
|
@ -1,121 +0,0 @@
|
|||
#### Server
|
||||
|
||||
| Feature | v2ray-core | clash |
|
||||
|------------------------------------------------------------|------------|-------|
|
||||
| Direct inbound | ✔ | X |
|
||||
| SOCKS4a inbound | ✔ | X |
|
||||
| Mixed (http/socks) inbound | X | ✔ |
|
||||
| Shadowsocks AEAD 2022 single-user/multi-user/relay inbound | X | X |
|
||||
| VMess/Trojan inbound | ✔ | X |
|
||||
| Naive/Hysteria inbound | X | X |
|
||||
| Resolve incoming domain names using custom policy | X | X |
|
||||
| Set system proxy on Windows/Linux/macOS/Android | X | X |
|
||||
| TLS certificate auto reload | X | X |
|
||||
| TLS ACME certificate issuer | X | X |
|
||||
|
||||
#### Client
|
||||
|
||||
| Feature | v2ray-core | clash |
|
||||
|--------------------------------------------------------|------------------------------------|----------|
|
||||
| Set upstream client (proxy chain) | TCP only, and has poor performance | TCP only |
|
||||
| Bind to network interface | Linux only | ✔ |
|
||||
| Custom dns strategy for resolving server address | X | X |
|
||||
| Fast fallback (RFC 6555) support for connect to server | X | X |
|
||||
| SOCKS4/4a outbound | added by me | X |
|
||||
| Shadowsocks AEAD 2022 outbound | X | X |
|
||||
| Shadowsocks UDP over TCP | X | X |
|
||||
| Multiplex (smux/yamux) | mux.cool | X |
|
||||
| Tor/WireGuard/Hysteria outbound | X | X |
|
||||
| Selector outbound and Clash API | X | ✔ |
|
||||
|
||||
#### Sniffing
|
||||
|
||||
| Protocol | v2ray-core | clash-premium |
|
||||
|------------------|-------------|---------------|
|
||||
| HTTP Host | ✔ | X |
|
||||
| QUIC ClientHello | added by me | added by me |
|
||||
| STUN | X | X |
|
||||
|
||||
| Feature | v2ray-core | clash-premium |
|
||||
|-----------------------------------------|---------------------------|---------------|
|
||||
| For routing only | added by me | X |
|
||||
| No performance impact (like TCP splice) | no general splice support | X |
|
||||
| Set separately for each server | ✔ | X |
|
||||
|
||||
#### Routing
|
||||
|
||||
| Feature | v2ray-core | clash-premium |
|
||||
|----------------------------|------------|---------------|
|
||||
| Auto detect interface | X | tun only |
|
||||
| Set default interface name | X | tun only |
|
||||
| Set default firewall mark | X | X |
|
||||
|
||||
#### Routing Rule
|
||||
|
||||
| Rule | v2ray-core | clash |
|
||||
|----------------------|----------------------------|-------|
|
||||
| Inbound | ✔ | X |
|
||||
| IP Version | X | X |
|
||||
| User from inbound | vmess and shadowsocks only | X |
|
||||
| Sniffed protocol | ✔ | X |
|
||||
| GeoSite | ✔ | X |
|
||||
| Process name | X | ✔ |
|
||||
| Android package name | X | X |
|
||||
| Linux user/user id | X | X |
|
||||
| Invert rule | X | X |
|
||||
| Logical rule | X | X |
|
||||
|
||||
#### DNS
|
||||
|
||||
| Feature | v2ray-core | clash |
|
||||
|------------------------------------|-------------|-------|
|
||||
| DNS proxy | A/AAAA only | ✔ |
|
||||
| DNS cache | A/AAAA only | X |
|
||||
| DNS routing | X | X |
|
||||
| DNS Over QUIC | ✔ | X |
|
||||
| DNS Over HTTP3 | X | X |
|
||||
| Fake dns response with custom code | X | X |
|
||||
|
||||
#### Tun
|
||||
|
||||
| Feature | clash-premium |
|
||||
|-------------------------------------------|---------------|
|
||||
| Full IPv6 support | X |
|
||||
| Auto route on Linux/Windows/macOS/Android | ✔ |
|
||||
| Embed windows driver | X |
|
||||
| Custom address/mtu | X |
|
||||
| Limit uid (Linux) in routing | X |
|
||||
| Limit android user in routing | X |
|
||||
| Limit android package in routing | X |
|
||||
|
||||
#### Memory usage
|
||||
|
||||
| GeoSite code | sing-box | v2ray-core |
|
||||
|-------------------|----------|------------|
|
||||
| cn | 17.8M | 140.3M |
|
||||
| cn (Loyalsoldier) | 74.3M | 246.7M |
|
||||
|
||||
#### Benchmark
|
||||
|
||||
##### Shadowsocks
|
||||
|
||||
| / | none | aes-128-gcm | 2022-blake3-aes-128-gcm |
|
||||
|------------------------------------|:---------:|:-----------:|:-----------------------:|
|
||||
| v2ray-core (5.0.7) | 13.0 Gbps | 5.02 Gbps | / |
|
||||
| shadowsocks-rust (v1.15.0-alpha.5) | 10.7 Gbps | / | 9.36 Gbps |
|
||||
| sing-box | 29.0 Gbps | / | 11.8 Gbps |
|
||||
|
||||
##### VMess
|
||||
|
||||
| / | TCP | HTTP | H2 TLS | WebSocket TLS | gRPC TLS |
|
||||
|--------------------|:---------:|:---------:|:---------:|:-------------:|:---------:|
|
||||
| v2ray-core (5.1.0) | 7.86 GBps | 2.86 Gbps | 1.83 Gbps | 2.36 Gbps | 2.43 Gbps |
|
||||
| sing-box | 7.96 Gbps | 8.09 Gbps | 6.11 Gbps | 8.02 Gbps | 6.35 Gbps |
|
||||
|
||||
#### License
|
||||
|
||||
| / | License |
|
||||
|------------|-----------------------------------|
|
||||
| sing-box | GPLv3 or later (Full open-source) |
|
||||
| v2ray-core | MIT (Full open-source) |
|
||||
| clash | GPLv3 |
|
|
@ -2,7 +2,7 @@
|
|||
description: Welcome to the wiki page for the sing-box project.
|
||||
---
|
||||
|
||||
# Home
|
||||
# :material-home: Home
|
||||
|
||||
Welcome to the wiki page for the sing-box project.
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
description: 欢迎来到该 sing-box 项目的文档页。
|
||||
---
|
||||
|
||||
# 开始
|
||||
# :material-home: 开始
|
||||
|
||||
欢迎来到该 sing-box 项目的文档页。
|
||||
|
||||
|
|
63
docs/installation/build-from-source.md
Normal file
63
docs/installation/build-from-source.md
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
icon: material/file-code
|
||||
---
|
||||
|
||||
# Build from source
|
||||
|
||||
## :material-graph: Requirements
|
||||
|
||||
Before sing-box 1.4.0:
|
||||
|
||||
* Go 1.18.5 - 1.20.x
|
||||
|
||||
Since sing-box 1.4.0:
|
||||
|
||||
* Go 1.18.5 - ~
|
||||
* Go 1.20.0 - ~ if `with_quic` tag enabled
|
||||
|
||||
You can download and install Go from: https://go.dev/doc/install, latest version is recommended.
|
||||
|
||||
## :material-fast-forward: Simple Build
|
||||
|
||||
```bash
|
||||
make
|
||||
```
|
||||
|
||||
Or build and install binary to `GOBIN`:
|
||||
|
||||
```bash
|
||||
make install
|
||||
```
|
||||
|
||||
## :material-cog: Custom Build
|
||||
|
||||
```bash
|
||||
TAGS="tag_a tag_b" make
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```bash
|
||||
go build -tags "tag_a tag_b" ./cmd/sing-box
|
||||
```
|
||||
|
||||
## :material-folder-settings: Build Tags
|
||||
|
||||
| Build Tag | Enabled by default | Description |
|
||||
|------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `with_quic` | ✔ | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). |
|
||||
| `with_grpc` | ✖️ | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). |
|
||||
| `with_dhcp` | ✔ | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). |
|
||||
| `with_wireguard` | ✔ | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). |
|
||||
| `with_ech` | ✔ | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). |
|
||||
| `with_utls` | ✔ | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). |
|
||||
| `with_reality_server` | ✔ | Build with reality TLS server support, see [TLS](/configuration/shared/tls). |
|
||||
| `with_acme` | ✔ | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). |
|
||||
| `with_clash_api` | ✔ | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). |
|
||||
| `with_v2ray_api` | ✖️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). |
|
||||
| `with_gvisor` | ✔ | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). |
|
||||
| `with_embedded_tor` (CGO required) | ✖️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). |
|
||||
| `with_lwip` (CGO required) | ✖️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). |
|
||||
|
||||
|
||||
It is not recommended to change the default build tag list unless you really know what you are adding.
|
|
@ -1,23 +0,0 @@
|
|||
# SFA
|
||||
|
||||
Experimental Android client for sing-box.
|
||||
|
||||
#### Requirements
|
||||
|
||||
* Android 5.0+
|
||||
|
||||
#### Download
|
||||
|
||||
* [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
|
||||
* [Github Releases](https://github.com/SagerNet/sing-box/releases)
|
||||
|
||||
#### Note
|
||||
|
||||
* User Agent in remote profile request is `SFA/$version ($version_code; sing-box $sing_box_version)`
|
||||
* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
|
||||
* Crash logs is located in `$working_directory/stderr.log`
|
||||
|
||||
#### Privacy policy
|
||||
|
||||
* SFA did not collect or share personal data.
|
||||
* The data generated by the software is always on your device.
|
|
@ -1,23 +0,0 @@
|
|||
# SFA
|
||||
|
||||
实验性的 Android sing-box 客户端。
|
||||
|
||||
#### 要求
|
||||
|
||||
* Android 5.0+
|
||||
|
||||
#### 下载
|
||||
|
||||
* [AppCenter](https://install.appcenter.ms/users/nekohasekai/apps/sfa/distribution_groups/publictest)
|
||||
* [Github Releases](https://github.com/SagerNet/sing-box/releases)
|
||||
|
||||
#### 注意事项
|
||||
|
||||
* 远程配置文件请求中的 User Agent 为 `SFA/$version ($version_code; sing-box $sing_box_version)`
|
||||
* 工作目录位于 `/sdcard/Android/data/io.nekohasekai.sfa/files` (外部文件目录)
|
||||
* 崩溃日志位于 `$working_directory/stderr.log`
|
||||
|
||||
#### 隐私政策
|
||||
|
||||
* SFA 不收集或共享个人数据。
|
||||
* 软件生成的数据始终在您的设备上。
|
|
@ -1,23 +0,0 @@
|
|||
# SFI
|
||||
|
||||
Experimental iOS client for sing-box.
|
||||
|
||||
#### Requirements
|
||||
|
||||
* iOS 15.0+
|
||||
* An Apple account outside of mainland China
|
||||
|
||||
#### Download
|
||||
|
||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
#### Note
|
||||
|
||||
* User Agent in remote profile request is `SFI/$version ($version_code; sing-box $sing_box_version)`
|
||||
* Crash logs is located in `Settings` -> `View Service Log`
|
||||
|
||||
#### Privacy policy
|
||||
|
||||
* SFI did not collect or share personal data.
|
||||
* The data generated by the software is always on your device.
|
|
@ -1,23 +0,0 @@
|
|||
# SFI
|
||||
|
||||
实验性的 iOS sing-box 客户端。
|
||||
|
||||
#### 要求
|
||||
|
||||
* iOS 15.0+
|
||||
* 一个非中国大陆地区的 Apple 账号
|
||||
|
||||
#### 下载
|
||||
|
||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
#### 注意事项
|
||||
|
||||
* 远程配置文件请求中的 User Agent 为 `SFI/$version ($version_code; sing-box $sing_box_version)`
|
||||
* 崩溃日志位于 `Settings` -> `View Service Log`
|
||||
|
||||
#### 隐私政策
|
||||
|
||||
* SFI 不收集或共享个人数据。
|
||||
* 软件生成的数据始终在您的设备上。
|
|
@ -1,29 +0,0 @@
|
|||
# SFM
|
||||
|
||||
Experimental macOS client for sing-box.
|
||||
|
||||
#### Requirements
|
||||
|
||||
* macOS 13.0+
|
||||
* An Apple account outside of mainland China (App Store Version)
|
||||
|
||||
#### Download (App Store Version)
|
||||
|
||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
#### Download (Independent Version)
|
||||
|
||||
* [GitHub Release](https://github.com/SagerNet/sing-box/releases/latest)
|
||||
* Homebrew (Cask): `brew install sfm`
|
||||
* Homebrew (Tap): `brew tap sagernet/sing-box && brew install sagernet/sing-box/sfm`
|
||||
|
||||
#### Note
|
||||
|
||||
* User Agent in remote profile request is `SFM/$version ($version_code; sing-box $sing_box_version)`
|
||||
* Crash logs is located in `Settings` -> `View Service Log`
|
||||
|
||||
#### Privacy policy
|
||||
|
||||
* SFM did not collect or share personal data.
|
||||
* The data generated by the software is always on your device.
|
|
@ -1,29 +0,0 @@
|
|||
# SFM
|
||||
|
||||
实验性的 macOS sing-box 客户端。
|
||||
|
||||
#### 要求
|
||||
|
||||
* macOS 13.0+
|
||||
* 一个非中国大陆地区的 Apple 账号 (商店版本)
|
||||
|
||||
#### 下载 (商店版本)
|
||||
|
||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
#### 下载 (独立版本)
|
||||
|
||||
* [GitHub Release](https://github.com/SagerNet/sing-box/releases/latest)
|
||||
* Homebrew (Cask): `brew install sfm`
|
||||
* Homebrew (Tap): `brew tap sagernet/sing-box && brew install sagernet/sing-box/sfm`
|
||||
|
||||
#### 注意事项
|
||||
|
||||
* 远程配置文件请求中的 User Agent 为 `SFM/$version ($version_code; sing-box $sing_box_version)`
|
||||
* 崩溃日志位于 `Settings` -> `View Service Log`
|
||||
|
||||
#### 隐私政策
|
||||
|
||||
* SFM 不收集或共享个人数据。
|
||||
* 软件生成的数据始终在您的设备上。
|
|
@ -1,30 +0,0 @@
|
|||
# SFT
|
||||
|
||||
Experimental Apple tvOS client for sing-box.
|
||||
|
||||
#### Requirements
|
||||
|
||||
* tvOS 17.0+
|
||||
|
||||
#### Download
|
||||
|
||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
#### Features
|
||||
|
||||
Full functionality, except for:
|
||||
|
||||
* Only remote configuration files can be created manually
|
||||
* You need to update SFI to the latest version to import profiles from iPhone/iPad
|
||||
* No iCloud profile support
|
||||
|
||||
#### Note
|
||||
|
||||
* User Agent in remote profile request is `SFT/$version ($version_code; sing-box $sing_box_version)`
|
||||
* Crash logs is located in `Settings` -> `View Service Log`
|
||||
|
||||
#### Privacy policy
|
||||
|
||||
* SFT did not collect or share personal data.
|
||||
* The data generated by the software is always on your device.
|
|
@ -1,31 +0,0 @@
|
|||
# SFI
|
||||
|
||||
实验性的 Apple tvOS sing-box 客户端。
|
||||
|
||||
#### 要求
|
||||
|
||||
* tvOS 17.0+
|
||||
* 一个非中国大陆地区的 Apple 账号
|
||||
|
||||
#### 下载
|
||||
|
||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
||||
* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
|
||||
|
||||
#### 特性
|
||||
|
||||
完整的功能,除了:
|
||||
|
||||
* 只能手动创建远程配置文件
|
||||
* 您需要将 SFI 更新到最新版本才能从 iPhone/iPad 导入配置文件
|
||||
* 没有 iCloud 配置文件支持
|
||||
|
||||
#### 注意事项
|
||||
|
||||
* 远程配置文件请求中的 User Agent 为 `SFT/$version ($version_code; sing-box $sing_box_version)`
|
||||
* 崩溃日志位于 `Settings` -> `View Service Log`
|
||||
|
||||
#### 隐私政策
|
||||
|
||||
* SFT 不收集或共享个人数据。
|
||||
* 软件生成的数据始终在您的设备上。
|
|
@ -1,25 +0,0 @@
|
|||
# Specification
|
||||
|
||||
## Profile
|
||||
|
||||
Profile defines a sing-box configuration with metadata in a GUI client.
|
||||
|
||||
## Profile Types
|
||||
|
||||
### Local
|
||||
|
||||
Create a empty configuration or import from a local file.
|
||||
|
||||
### iCloud (on Apple platforms)
|
||||
|
||||
Create a new configuration or use an existing configuration on iCloud.
|
||||
|
||||
### Remote
|
||||
|
||||
Use a remote URL as the configuration source, with HTTP basic authentication and automatic update support.
|
||||
|
||||
#### URL specification
|
||||
|
||||
```
|
||||
sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName
|
||||
```
|
31
docs/installation/docker.md
Normal file
31
docs/installation/docker.md
Normal file
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
icon: material/docker
|
||||
---
|
||||
|
||||
# Docker
|
||||
|
||||
## :material-console: Command
|
||||
|
||||
```bash
|
||||
docker run -d \
|
||||
-v /etc/sing-box:/etc/sing-box/ \
|
||||
--name=sing-box \
|
||||
--restart=always \
|
||||
ghcr.io/sagernet/sing-box \
|
||||
-D /var/lib/sing-box \
|
||||
-C /etc/sing-box/ run
|
||||
```
|
||||
|
||||
## :material-box-shadow: Compose
|
||||
|
||||
```yaml
|
||||
version: "3.8"
|
||||
services:
|
||||
sing-box:
|
||||
image: ghcr.io/sagernet/sing-box
|
||||
container_name: sing-box
|
||||
restart: always
|
||||
volumes:
|
||||
- /etc/sing-box:/etc/sing-box/
|
||||
command: -D /var/lib/sing-box -C /etc/sing-box/ run
|
||||
```
|
|
@ -1,50 +0,0 @@
|
|||
# Install from source
|
||||
|
||||
## Requirements
|
||||
|
||||
Before sing-box 1.4.0:
|
||||
|
||||
* Go 1.18.5 - 1.20.x
|
||||
|
||||
Since sing-box 1.4.0:
|
||||
|
||||
* Go 1.18.5 - ~
|
||||
* Go 1.20.0 - ~ if `with_quic` tag enabled
|
||||
|
||||
## Installation
|
||||
|
||||
```bash
|
||||
go install -v github.com/sagernet/sing-box/cmd/sing-box@latest
|
||||
```
|
||||
|
||||
Install with options:
|
||||
|
||||
```bash
|
||||
go install -v -tags with_quic,with_wireguard github.com/sagernet/sing-box/cmd/sing-box@latest
|
||||
```
|
||||
|
||||
| Build Tag | Description |
|
||||
|------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `with_quic` | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). |
|
||||
| `with_grpc` | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). |
|
||||
| `with_dhcp` | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). |
|
||||
| `with_wireguard` | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). |
|
||||
| `with_shadowsocksr` | Build with ShadowsocksR support, see [ShadowsocksR outbound](/configuration/outbound/shadowsocksr). |
|
||||
| `with_ech` | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). |
|
||||
| `with_utls` | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). |
|
||||
| `with_reality_server` | Build with reality TLS server support, see [TLS](/configuration/shared/tls). |
|
||||
| `with_acme` | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). |
|
||||
| `with_clash_api` | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). |
|
||||
| `with_v2ray_api` | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). |
|
||||
| `with_gvisor` | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). |
|
||||
| `with_embedded_tor` (CGO required) | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). |
|
||||
| `with_lwip` (CGO required) | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). |
|
||||
|
||||
The binary is built under $GOPATH/bin
|
||||
|
||||
```bash
|
||||
sing-box version
|
||||
```
|
||||
|
||||
It is also recommended to use systemd to manage sing-box service,
|
||||
see [Linux server installation example](/examples/linux-server-installation).
|
|
@ -1,39 +0,0 @@
|
|||
# 从源代码安装
|
||||
|
||||
sing-box 需要 Golang **1.18.5** 或更高版本。
|
||||
|
||||
```bash
|
||||
go install -v github.com/sagernet/sing-box/cmd/sing-box@latest
|
||||
```
|
||||
|
||||
自定义安装:
|
||||
|
||||
```bash
|
||||
go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@latest
|
||||
```
|
||||
|
||||
| 构建标志 | 描述 |
|
||||
|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `with_quic` | 启用 QUIC 支持,参阅 [QUIC 和 HTTP3 DNS 传输层](/configuration/dns/server),[Naive 入站](/configuration/inbound/naive),[Hysteria 入站](/configuration/inbound/hysteria),[Hysteria 出站](/configuration/outbound/hysteria) 和 [V2Ray 传输层#QUIC](/configuration/shared/v2ray-transport#quic)。 |
|
||||
| `with_grpc` | 启用标准 gRPC 支持,参阅 [V2Ray 传输层#gRPC](/configuration/shared/v2ray-transport#grpc)。 |
|
||||
| `with_dhcp` | 启用 DHCP 支持,参阅 [DHCP DNS 传输层](/configuration/dns/server)。 |
|
||||
| `with_wireguard` | 启用 WireGuard 支持,参阅 [WireGuard 出站](/configuration/outbound/wireguard)。 |
|
||||
| `with_shadowsocksr` | 启用 ShadowsocksR 支持,参阅 [ShadowsocksR 出站](/configuration/outbound/shadowsocksr)。 |
|
||||
| `with_ech` | 启用 TLS ECH 扩展支持,参阅 [TLS](/configuration/shared/tls#ech)。 |
|
||||
| `with_utls` | 启用 [uTLS](https://github.com/refraction-networking/utls) 支持,参阅 [TLS](/configuration/shared/tls#utls)。 |
|
||||
| `with_reality_server` | 启用 reality TLS 服务器支持,参阅 [TLS](/configuration/shared/tls)。 |
|
||||
| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](/configuration/shared/tls)。 |
|
||||
| `with_clash_api` | 启用 Clash API 支持,参阅 [实验性](/configuration/experimental#clash-api-fields)。 |
|
||||
| `with_v2ray_api` | 启用 V2Ray API 支持,参阅 [实验性](/configuration/experimental#v2ray-api-fields)。 |
|
||||
| `with_gvisor` | 启用 gVisor 支持,参阅 [Tun 入站](/configuration/inbound/tun#stack) 和 [WireGuard 出站](/configuration/outbound/wireguard#system_interface)。 |
|
||||
| `with_embedded_tor` (需要 CGO) | 启用 嵌入式 Tor 支持,参阅 [Tor 出站](/configuration/outbound/tor)。 |
|
||||
| `with_lwip` (需要 CGO) | 启用 LWIP Tun 栈支持,参阅 [Tun 入站](/configuration/inbound/tun#stack)。 |
|
||||
|
||||
二进制文件将被构建在 `$GOPATH/bin` 下。
|
||||
|
||||
```bash
|
||||
sing-box version
|
||||
```
|
||||
|
||||
同时推荐使用 systemd 来管理 sing-box 服务器实例。
|
||||
参阅 [Linux 服务器安装示例](/examples/linux-server-installation)。
|
90
docs/installation/package-manager.md
Normal file
90
docs/installation/package-manager.md
Normal file
|
@ -0,0 +1,90 @@
|
|||
---
|
||||
icon: material/package
|
||||
---
|
||||
|
||||
# Package Manager
|
||||
|
||||
## :material-download-box: Manual Installation
|
||||
|
||||
=== ":material-debian: Debian / DEB"
|
||||
|
||||
```bash
|
||||
bash <(curl -fsSL https://sing-box.app/deb-install.sh)
|
||||
```
|
||||
|
||||
=== ":material-redhat: Redhat / RPM"
|
||||
|
||||
```bash
|
||||
bash <(curl -fsSL https://sing-box.app/rpm-install.sh)
|
||||
```
|
||||
|
||||
=== ":simple-archlinux: Archlinux / PKG"
|
||||
|
||||
```bash
|
||||
bash <(curl -fsSL https://sing-box.app/arch-install.sh)
|
||||
```
|
||||
|
||||
## :material-book-lock-open: Managed Installation
|
||||
|
||||
=== ":material-linux: Linux"
|
||||
|
||||
| Type | Platform | Link | Command | Actively maintained |
|
||||
|----------|--------------------|---------------------|------------------------------|---------------------|
|
||||
| AUR | (Linux) Arch Linux | [sing-box][aur] ᴬᵁᴿ | `? -S sing-box` | :material-check: |
|
||||
| nixpkgs | (Linux) NixOS | [sing-box][nixpkgs] | `nix-env -iA nixos.sing-box` | :material-check: |
|
||||
| Homebrew | macOS / Linux | [sing-box][brew] | `brew install sing-box` | :material-check: |
|
||||
| Alpine | (Linux) Alpine | [sing-box][alpine] | `apk add sing-box` | :material-alert: |
|
||||
|
||||
=== ":material-apple: macOS"
|
||||
|
||||
| Type | Platform | Link | Command | Actively maintained |
|
||||
|----------|---------------|------------------|-------------------------|---------------------|
|
||||
| Homebrew | macOS / Linux | [sing-box][brew] | `brew install sing-box` | :material-check: |
|
||||
|
||||
=== ":material-microsoft-windows: Windows"
|
||||
|
||||
| Type | Platform | Link | Command | Actively maintained |
|
||||
|------------|--------------------|---------------------|------------------------------|---------------------|
|
||||
| Scoop | Windows | [sing-box][scoop] | `scoop install sing-box` | :material-check: |
|
||||
| Chocolatey | Windows | [sing-box][choco] | `choco install sing-box` | :material-check: |
|
||||
| winget | Windows | [sing-box][winget] | `winget install sing-box` | :material-alert: |
|
||||
|
||||
=== ":material-android: Android"
|
||||
|
||||
| Type | Platform | Link | Command | Actively maintained |
|
||||
|------------|--------------------|---------------------|------------------------------|---------------------|
|
||||
| Termux | Android | [sing-box][termux] | `pkg add sing-box` | :material-check: |
|
||||
|
||||
## :material-book-multiple: Service Management
|
||||
|
||||
For Linux systems with [systemd][systemd], usually the installation already includes a sing-box service,
|
||||
you can manage the service using the following command:
|
||||
|
||||
| Operation | Command |
|
||||
|-----------|-----------------------------------------------|
|
||||
| Enable | `sudo systemctl enable sing-box` |
|
||||
| Disable | `sudo systemctl disable sing-box` |
|
||||
| Start | `sudo systemctl start sing-box` |
|
||||
| Stop | `sudo systemctl stop sing-box` |
|
||||
| Kill | `sudo systemctl kill sing-box` |
|
||||
| Restart | `sudo systemctl restart sing-box` |
|
||||
| Logs | `sudo journalctl -u sing-box --output cat -e` |
|
||||
| New Logs | `sudo journalctl -u sing-box --output cat -f` |
|
||||
|
||||
[alpine]: https://pkgs.alpinelinux.org/packages?name=sing-box
|
||||
|
||||
[aur]: https://aur.archlinux.org/packages/sing-box
|
||||
|
||||
[nixpkgs]: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/networking/sing-box/default.nix
|
||||
|
||||
[termux]: https://github.com/termux/termux-packages/tree/master/packages/sing-box
|
||||
|
||||
[brew]: https://formulae.brew.sh/formula/sing-box
|
||||
|
||||
[choco]: https://chocolatey.org/packages/sing-box
|
||||
|
||||
[scoop]: https://github.com/ScoopInstaller/Main/blob/master/bucket/sing-box.json
|
||||
|
||||
[winget]: https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/SagerNet/sing-box
|
||||
|
||||
[systemd]: https://systemd.io/
|
|
@ -1,7 +0,0 @@
|
|||
# Android
|
||||
|
||||
## Termux
|
||||
|
||||
```shell
|
||||
pkg add sing-box
|
||||
```
|
|
@ -1,14 +0,0 @@
|
|||
# macOS
|
||||
|
||||
## Homebrew (core)
|
||||
|
||||
```shell
|
||||
brew install sing-box
|
||||
```
|
||||
|
||||
## Homebrew (Tap)
|
||||
|
||||
```shell
|
||||
brew tap sagernet/sing-box
|
||||
brew install sagernet/sing-box/sing-box
|
||||
```
|
|
@ -1,13 +0,0 @@
|
|||
# Windows
|
||||
|
||||
## Chocolatey
|
||||
|
||||
```shell
|
||||
choco install sing-box
|
||||
```
|
||||
|
||||
## winget
|
||||
|
||||
```shell
|
||||
winget install sing-box
|
||||
```
|
22
docs/installation/scripts/arch-install.sh
Normal file
22
docs/installation/scripts/arch-install.sh
Normal file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e -o pipefail
|
||||
|
||||
ARCH_RAW=$(uname -m)
|
||||
case "${ARCH_RAW}" in
|
||||
'x86_64') ARCH='amd64';;
|
||||
'x86' | 'i686' | 'i386') ARCH='386';;
|
||||
'aarch64' | 'arm64') ARCH='arm64';;
|
||||
'armv7l') ARCH='armv7';;
|
||||
's390x') ARCH='s390x';;
|
||||
*) echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;;
|
||||
esac
|
||||
|
||||
VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \
|
||||
| grep tag_name \
|
||||
| cut -d ":" -f2 \
|
||||
| sed 's/\"//g;s/\,//g;s/\ //g;s/v//')
|
||||
|
||||
curl -Lo sing-box.pkg.tar.zst "https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.pkg.tar.zst"
|
||||
sudo pacman -U sing-box.pkg.tar.zst
|
||||
rm sing-box.pkg.tar.zst
|
23
docs/installation/scripts/deb-install.sh
Normal file
23
docs/installation/scripts/deb-install.sh
Normal file
|
@ -0,0 +1,23 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e -o pipefail
|
||||
|
||||
ARCH_RAW=$(uname -m)
|
||||
case "${ARCH_RAW}" in
|
||||
'x86_64') ARCH='amd64';;
|
||||
'x86' | 'i686' | 'i386') ARCH='386';;
|
||||
'aarch64' | 'arm64') ARCH='arm64';;
|
||||
'armv7l') ARCH='armv7';;
|
||||
's390x') ARCH='s390x';;
|
||||
*) echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;;
|
||||
esac
|
||||
|
||||
VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \
|
||||
| grep tag_name \
|
||||
| cut -d ":" -f2 \
|
||||
| sed 's/\"//g;s/\,//g;s/\ //g;s/v//')
|
||||
|
||||
curl -Lo sing-box.deb "https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.deb"
|
||||
sudo dpkg -i sing-box.deb
|
||||
rm sing-box.deb
|
||||
|
22
docs/installation/scripts/rpm-install.sh
Normal file
22
docs/installation/scripts/rpm-install.sh
Normal file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e -o pipefail
|
||||
|
||||
ARCH_RAW=$(uname -m)
|
||||
case "${ARCH_RAW}" in
|
||||
'x86_64') ARCH='amd64';;
|
||||
'x86' | 'i686' | 'i386') ARCH='386';;
|
||||
'aarch64' | 'arm64') ARCH='arm64';;
|
||||
'armv7l') ARCH='armv7';;
|
||||
's390x') ARCH='s390x';;
|
||||
*) echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;;
|
||||
esac
|
||||
|
||||
VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \
|
||||
| grep tag_name \
|
||||
| cut -d ":" -f2 \
|
||||
| sed 's/\"//g;s/\,//g;s/\ //g;s/v//')
|
||||
|
||||
curl -Lo sing-box.rpm "https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.rpm"
|
||||
sudo rpm -i sing-box.rpm
|
||||
rm sing-box.rpm
|
211
docs/manual/proxy-protocol/hysteria2.md
Normal file
211
docs/manual/proxy-protocol/hysteria2.md
Normal file
|
@ -0,0 +1,211 @@
|
|||
---
|
||||
icon: material/lightning-bolt
|
||||
---
|
||||
|
||||
# Hysteria 2
|
||||
|
||||
The most popular Chinese-made simple protocol based on QUIC, the selling point is Brutal,
|
||||
a congestion control algorithm that can resist packet loss by manually specifying the required rate by the user.
|
||||
|
||||
!!! warning
|
||||
|
||||
Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.
|
||||
|
||||
| Specification | Binary Characteristics | Active Detect Hiddenness |
|
||||
|---------------------------------------------------------------------------|------------------------|--------------------------|
|
||||
| [hysteria.network](https://v2.hysteria.network/docs/developers/Protocol/) | :material-alert: | :material-check: |
|
||||
|
||||
## :material-text-box-check: Password Generator
|
||||
|
||||
| Generate Password | Action |
|
||||
|----------------------------|-----------------------------------------------------------------|
|
||||
| <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
|
||||
|
||||
<script>
|
||||
function generate() {
|
||||
const array = new Uint8Array(16);
|
||||
window.crypto.getRandomValues(array);
|
||||
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
|
||||
}
|
||||
generate();
|
||||
</script>
|
||||
|
||||
## :material-alert: Difference from official Hysteria
|
||||
|
||||
The official program supports an authentication method called **userpass**,
|
||||
which essentially uses a combination of `<username>:<password>` as the actual password,
|
||||
while sing-box does not provide this alias.
|
||||
To use sing-box with the official program, you need to fill in that combination as the actual password.
|
||||
|
||||
## :material-server: Server Example
|
||||
|
||||
!!! info ""
|
||||
|
||||
Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your server.
|
||||
|
||||
=== ":material-harddisk: With local certificate"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "hysteria2",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"password": "<password>"
|
||||
}
|
||||
],
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"key_path": "/path/to/key.pem",
|
||||
"certificate_path": "/path/to/certificate.pem"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-auto-fix: With ACME"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "hysteria2",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"password": "<password>"
|
||||
}
|
||||
],
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"acme": {
|
||||
"domain": "example.org",
|
||||
"email": "admin@example.org"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-cloud: With ACME and Cloudflare API"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "hysteria2",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"password": "<password>"
|
||||
}
|
||||
],
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"acme": {
|
||||
"domain": "example.org",
|
||||
"email": "admin@example.org",
|
||||
"dns01_challenge": {
|
||||
"provider": "cloudflare",
|
||||
"api_token": "my_token"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## :material-cellphone-link: Client Example
|
||||
|
||||
!!! info ""
|
||||
|
||||
Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your client.
|
||||
|
||||
=== ":material-web-check: With valid certificate"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "hysteria2",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
"password": "<password>",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-check: With self-sign certificate"
|
||||
|
||||
!!! info "Tip"
|
||||
|
||||
Use `sing-box merge` command to merge configuration and certificate into one file.
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "hysteria2",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
"password": "<password>",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"certificate_path": "/path/to/certificate.pem"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-alert: Ignore certificate verification"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "hysteria2",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"up_mbps": 100,
|
||||
"down_mbps": 100,
|
||||
"password": "<password>",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"insecure": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
126
docs/manual/proxy-protocol/shadowsocks.md
Normal file
126
docs/manual/proxy-protocol/shadowsocks.md
Normal file
|
@ -0,0 +1,126 @@
|
|||
---
|
||||
icon: material/send
|
||||
---
|
||||
|
||||
# Shadowsocks
|
||||
|
||||
As the most well-known Chinese-made proxy protocol,
|
||||
Shadowsocks exists in multiple versions,
|
||||
but only AEAD 2022 ciphers TCP with multiplexing is recommended.
|
||||
|
||||
| Ciphers | Specification | Cryptographic Security | Binary Characteristics | Active Detect Hiddenness |
|
||||
|----------------|------------------------------------------------------------|------------------------|------------------------|--------------------------|
|
||||
| Stream Ciphers | [shadowsocks.org](https://shadowsocks.org/doc/stream.html) | :material-alert: | :material-alert: | :material-alert: |
|
||||
| AEAD | [shadowsocks.org](https://shadowsocks.org/doc/aead.html) | :material-check: | :material-alert: | :material-alert: |
|
||||
| AEAD 2022 | [shadowsocks.org](https://shadowsocks.org/doc/sip022.html) | :material-check: | :material-check: | :material-help: |
|
||||
|
||||
## :material-text-box-check: Password Generator
|
||||
|
||||
| For `2022-blake3-aes-128-gcm` cipher | For other ciphers | Action |
|
||||
|--------------------------------------|-------------------------------|-----------------------------------------------------------------|
|
||||
| <code id="password_16"><code> | <code id="password_32"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
|
||||
|
||||
<script>
|
||||
function generatePassword(element, length) {
|
||||
const array = new Uint8Array(length);
|
||||
window.crypto.getRandomValues(array);
|
||||
document.getElementById(element).textContent = btoa(String.fromCharCode.apply(null, array));
|
||||
}
|
||||
function generate() {
|
||||
generatePassword("password_16", 16);
|
||||
generatePassword("password_32", 32);
|
||||
}
|
||||
generate();
|
||||
</script>
|
||||
|
||||
## :material-server: Server Example
|
||||
|
||||
!!! info ""
|
||||
|
||||
Password of cipher `2022-blake3-aes-128-gcm` can be generated by command `sing-box generate rand 16 --base64`
|
||||
|
||||
=== ":material-account: Single-user"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"network": "tcp",
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "<password>",
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-account-multiple: Multi-user"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"network": "tcp",
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "<server_password>",
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"password": "<user_password>"
|
||||
}
|
||||
],
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## :material-cellphone-link: Client Example
|
||||
|
||||
=== ":material-account: Single-user"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "<pasword>",
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-account-multiple: Multi-user"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "shadowsocks",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"method": "2022-blake3-aes-128-gcm",
|
||||
"password": "<server_pasword>:<user_password>",
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
214
docs/manual/proxy-protocol/trojan.md
Normal file
214
docs/manual/proxy-protocol/trojan.md
Normal file
|
@ -0,0 +1,214 @@
|
|||
---
|
||||
icon: material/horse
|
||||
---
|
||||
|
||||
# Trojan
|
||||
|
||||
As the most commonly used TLS proxy made in China, Trojan can be used in various combinations,
|
||||
but only the combination of uTLS and multiplexing is recommended.
|
||||
|
||||
| Protocol and implementation combination | Specification | Binary Characteristics | Active Detect Hiddenness |
|
||||
|-----------------------------------------|----------------------------------------------------------------------|------------------------|--------------------------|
|
||||
| Origin / trojan-gfw | [trojan-gfw.github.io](https://trojan-gfw.github.io/trojan/protocol) | :material-check: | :material-check: |
|
||||
| Basic Go implementation | / | :material-alert: | :material-check: |
|
||||
| with privates transport by V2Ray | No formal definition | :material-alert: | :material-alert: |
|
||||
| with uTLS enabled | No formal definition | :material-help: | :material-check: |
|
||||
|
||||
## :material-text-box-check: Password Generator
|
||||
|
||||
| Generate Password | Action |
|
||||
|----------------------------|-----------------------------------------------------------------|
|
||||
| <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
|
||||
|
||||
<script>
|
||||
function generate() {
|
||||
const array = new Uint8Array(16);
|
||||
window.crypto.getRandomValues(array);
|
||||
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
|
||||
}
|
||||
generate();
|
||||
</script>
|
||||
|
||||
## :material-server: Server Example
|
||||
|
||||
=== ":material-harddisk: With local certificate"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "trojan",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"users": [
|
||||
{
|
||||
"name": "example",
|
||||
"password": "password"
|
||||
}
|
||||
],
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"key_path": "/path/to/key.pem",
|
||||
"certificate_path": "/path/to/certificate.pem"
|
||||
},
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-auto-fix: With ACME"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "trojan",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"users": [
|
||||
{
|
||||
"name": "example",
|
||||
"password": "password"
|
||||
}
|
||||
],
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"acme": {
|
||||
"domain": "example.org",
|
||||
"email": "admin@example.org"
|
||||
}
|
||||
},
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-cloud: With ACME and Cloudflare API"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "trojan",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"users": [
|
||||
{
|
||||
"name": "example",
|
||||
"password": "password"
|
||||
}
|
||||
],
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"acme": {
|
||||
"domain": "example.org",
|
||||
"email": "admin@example.org",
|
||||
"dns01_challenge": {
|
||||
"provider": "cloudflare",
|
||||
"api_token": "my_token"
|
||||
}
|
||||
}
|
||||
},
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## :material-cellphone-link: Client Example
|
||||
|
||||
=== ":material-web-check: With valid certificate"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "trojan",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"password": "password",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"utls": {
|
||||
"enabled": true,
|
||||
"fingerprint": "firefox"
|
||||
}
|
||||
},
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-check: With self-sign certificate"
|
||||
|
||||
!!! info "Tip"
|
||||
|
||||
Use `sing-box merge` command to merge configuration and certificate into one file.
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "trojan",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"password": "password",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"certificate_path": "/path/to/certificate.pem",
|
||||
"utls": {
|
||||
"enabled": true,
|
||||
"fingerprint": "firefox"
|
||||
}
|
||||
},
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-alert: Ignore certificate verification"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "trojan",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"password": "password",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"insecure": true,
|
||||
"utls": {
|
||||
"enabled": true,
|
||||
"fingerprint": "firefox"
|
||||
}
|
||||
},
|
||||
"multiplex": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
208
docs/manual/proxy-protocol/tuic.md
Normal file
208
docs/manual/proxy-protocol/tuic.md
Normal file
|
@ -0,0 +1,208 @@
|
|||
---
|
||||
icon: material/alpha-t-box
|
||||
---
|
||||
|
||||
# TUIC
|
||||
|
||||
A recently popular Chinese-made simple protocol based on QUIC, the selling point is the BBR congestion control algorithm.
|
||||
|
||||
!!! warning
|
||||
|
||||
Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.
|
||||
|
||||
| Specification | Binary Characteristics | Active Detect Hiddenness |
|
||||
|-----------------------------------------------------------|------------------------|--------------------------|
|
||||
| [GitHub](https://github.com/EAimTY/tuic/blob/dev/SPEC.md) | :material-alert: | :material-check: |
|
||||
|
||||
## Password Generator
|
||||
|
||||
| Generated UUID | Generated Password | Action |
|
||||
|------------------------|----------------------------|-----------------------------------------------------------------|
|
||||
| <code id="uuid"><code> | <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
|
||||
|
||||
<script>
|
||||
function generateUUID() {
|
||||
const uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
|
||||
let r = Math.random() * 16 | 0,
|
||||
v = c === 'x' ? r : (r & 0x3 | 0x8);
|
||||
return v.toString(16);
|
||||
});
|
||||
document.getElementById("uuid").textContent = uuid;
|
||||
}
|
||||
function generatePassword() {
|
||||
const array = new Uint8Array(16);
|
||||
window.crypto.getRandomValues(array);
|
||||
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
|
||||
}
|
||||
function generate() {
|
||||
generateUUID();
|
||||
generatePassword();
|
||||
}
|
||||
generate();
|
||||
</script>
|
||||
|
||||
## :material-server: Server Example
|
||||
|
||||
=== ":material-harddisk: With local certificate"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tuic",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"uuid": "<uuid>",
|
||||
"password": "<password>"
|
||||
}
|
||||
],
|
||||
"congestion_control": "bbr",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"key_path": "/path/to/key.pem",
|
||||
"certificate_path": "/path/to/certificate.pem"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-auto-fix: With ACME"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tuic",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"uuid": "<uuid>",
|
||||
"password": "<password>"
|
||||
}
|
||||
],
|
||||
"congestion_control": "bbr",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"acme": {
|
||||
"domain": "example.org",
|
||||
"email": "admin@example.org"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-cloud: With ACME and Cloudflare API"
|
||||
|
||||
```json
|
||||
{
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tuic",
|
||||
"listen": "::",
|
||||
"listen_port": 8080,
|
||||
"users": [
|
||||
{
|
||||
"name": "sekai",
|
||||
"uuid": "<uuid>",
|
||||
"password": "<password>"
|
||||
}
|
||||
],
|
||||
"congestion_control": "bbr",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"acme": {
|
||||
"domain": "example.org",
|
||||
"email": "admin@example.org",
|
||||
"dns01_challenge": {
|
||||
"provider": "cloudflare",
|
||||
"api_token": "my_token"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## :material-cellphone-link: Client Example
|
||||
|
||||
=== ":material-web-check: With valid certificate"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "tuic",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"uuid": "<uuid>",
|
||||
"password": "<password>",
|
||||
"congestion_control": "bbr",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-check: With self-sign certificate"
|
||||
|
||||
!!! info "Tip"
|
||||
|
||||
Use `sing-box merge` command to merge configuration and certificate into one file.
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "tuic",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"uuid": "<uuid>",
|
||||
"password": "<password>",
|
||||
"congestion_control": "bbr",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"certificate_path": "/path/to/certificate.pem"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-alert: Ignore certificate verification"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "tuic",
|
||||
"server": "127.0.0.1",
|
||||
"server_port": 8080,
|
||||
"uuid": "<uuid>",
|
||||
"password": "<password>",
|
||||
"congestion_control": "bbr",
|
||||
"tls": {
|
||||
"enabled": true,
|
||||
"server_name": "example.org",
|
||||
"insecure": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
425
docs/manual/proxy/client.md
Normal file
425
docs/manual/proxy/client.md
Normal file
|
@ -0,0 +1,425 @@
|
|||
---
|
||||
icon: material/cellphone-link
|
||||
---
|
||||
|
||||
# Client
|
||||
|
||||
### :material-ray-start: Introduction
|
||||
|
||||
For a long time, the modern usage and principles of proxy clients
|
||||
for graphical operating systems have not been clearly described.
|
||||
However, we can categorize them into three types:
|
||||
system proxy, firewall redirection, and virtual interface.
|
||||
|
||||
### :material-web-refresh: System Proxy
|
||||
|
||||
Almost all graphical environments support system-level proxies,
|
||||
which are essentially ordinary HTTP proxies that only support TCP.
|
||||
|
||||
| Operating System / Desktop Environment | System Proxy | Application Support |
|
||||
|:---------------------------------------------|:-------------------------------------|:--------------------|
|
||||
| Windows | :material-check: | :material-check: |
|
||||
| macOS | :material-check: | :material-check: |
|
||||
| GNOME/KDE | :material-check: | :material-check: |
|
||||
| Android | ROOT or adb (permission) is required | :material-check: |
|
||||
| Android/iOS (with sing-box graphical client) | via `tun.platform.http_proxy` | :material-check: |
|
||||
|
||||
As one of the most well-known proxy methods, it has many shortcomings:
|
||||
many TCP clients that are not based on HTTP do not check and use the system proxy.
|
||||
Moreover, UDP and ICMP traffics bypass the proxy.
|
||||
|
||||
```mermaid
|
||||
flowchart LR
|
||||
dns[DNS query] -- Is HTTP request? --> proxy[HTTP proxy]
|
||||
dns --> leak[Leak]
|
||||
tcp[TCP connection] -- Is HTTP request? --> proxy
|
||||
tcp -- Check and use HTTP CONNECT? --> proxy
|
||||
tcp --> leak
|
||||
udp[UDP packet] --> leak
|
||||
```
|
||||
|
||||
### :material-wall-fire: Firewall Redirection
|
||||
|
||||
This type of usage typically relies on the firewall or hook interface provided by the operating system,
|
||||
such as Windows’ WFP, Linux’s redirect, TProxy and eBPF, and macOS’s pf.
|
||||
Although it is intrusive and cumbersome to configure,
|
||||
it remains popular within the community of amateur proxy open source projects like V2Ray,
|
||||
due to the low technical requirements it imposes on the software.
|
||||
|
||||
### :material-expansion-card: Virtual Interface
|
||||
|
||||
All L2/L3 proxies (seriously defined VPNs, such as OpenVPN, WireGuard) are based on virtual network interfaces,
|
||||
which is also the only way for all L4 proxies to work as VPNs on mobile platforms like Android, iOS.
|
||||
|
||||
The sing-box inherits and develops clash-premium’s TUN inbound (L3 to L4 conversion)
|
||||
as the most reasonable method for performing transparent proxying.
|
||||
|
||||
```mermaid
|
||||
flowchart TB
|
||||
packet[IP Packet]
|
||||
packet --> windows[Windows / macOS]
|
||||
packet --> linux[Linux]
|
||||
tun[TUN interface]
|
||||
windows -. route .-> tun
|
||||
linux -. iproute2 route/rule .-> tun
|
||||
tun --> gvisor[gVisor TUN stack]
|
||||
tun --> system[system TUN stack]
|
||||
assemble([L3 to L4 assemble])
|
||||
gvisor --> assemble
|
||||
system --> assemble
|
||||
assemble --> conn[TCP and UDP connections]
|
||||
conn --> router[sing-box Router]
|
||||
router --> direct[Direct outbound]
|
||||
router --> proxy[Proxy outbounds]
|
||||
router -- DNS hijack --> dns_out[DNS outbound]
|
||||
dns_out --> dns_router[DNS router]
|
||||
dns_router --> router
|
||||
direct --> adi([auto detect interface])
|
||||
proxy --> adi
|
||||
adi --> default[Default network interface in the system]
|
||||
default --> destination[Destination server]
|
||||
default --> proxy_server[Proxy server]
|
||||
proxy_server --> destination
|
||||
```
|
||||
|
||||
## :material-cellphone-link: Examples
|
||||
|
||||
### Basic TUN usage for Chinese users
|
||||
|
||||
=== ":material-numeric-4-box: IPv4 only"
|
||||
|
||||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
}
|
||||
],
|
||||
"strategy": "ipv4_only"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"auto_route": true,
|
||||
"strict_route": false
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
// ...
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
},
|
||||
{
|
||||
"geoip": [
|
||||
"private"
|
||||
],
|
||||
"outbound": "direct"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-numeric-6-box: IPv4 & IPv6"
|
||||
|
||||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
}
|
||||
]
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"inet6_address": "fdfe:dcba:9876::1/126",
|
||||
"auto_route": true,
|
||||
"strict_route": false
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
// ...
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
},
|
||||
{
|
||||
"geoip": [
|
||||
"private"
|
||||
],
|
||||
"outbound": "direct"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-domain-switch: FakeIP"
|
||||
|
||||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
},
|
||||
{
|
||||
"tag": "remote",
|
||||
"address": "fakeip"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"query_type": [
|
||||
"A",
|
||||
"AAAA"
|
||||
],
|
||||
"server": "remote"
|
||||
}
|
||||
],
|
||||
"fakeip": {
|
||||
"enabled": true,
|
||||
"inet4_range": "198.18.0.0/15",
|
||||
"inet6_range": "fc00::/18"
|
||||
},
|
||||
"independent_cache": true
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"inet4_address": "172.19.0.1/30",
|
||||
"inet6_address": "fdfe:dcba:9876::1/126",
|
||||
"auto_route": true,
|
||||
"strict_route": true
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
// ...
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "dns",
|
||||
"tag": "dns-out"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns",
|
||||
"outbound": "dns-out"
|
||||
},
|
||||
{
|
||||
"geoip": [
|
||||
"private"
|
||||
],
|
||||
"outbound": "direct"
|
||||
}
|
||||
],
|
||||
"auto_detect_interface": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Traffic bypass usage for Chinese users
|
||||
|
||||
=== ":material-dns: DNS rules"
|
||||
|
||||
!!! info
|
||||
|
||||
DNS rules are optional if FakeIP is used.
|
||||
|
||||
```json
|
||||
{
|
||||
"dns": {
|
||||
"servers": [
|
||||
{
|
||||
"tag": "google",
|
||||
"address": "tls://8.8.8.8"
|
||||
},
|
||||
{
|
||||
"tag": "local",
|
||||
"address": "223.5.5.5",
|
||||
"detour": "direct"
|
||||
}
|
||||
],
|
||||
"rules": [
|
||||
{
|
||||
"outbound": "any",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"clash_mode": "Direct",
|
||||
"server": "local"
|
||||
},
|
||||
{
|
||||
"clash_mode": "Global",
|
||||
"server": "google"
|
||||
},
|
||||
{
|
||||
"type": "logical",
|
||||
"mode": "and",
|
||||
"rules": [
|
||||
{
|
||||
"geosite": "geolocation-!cn",
|
||||
"invert": true
|
||||
},
|
||||
{
|
||||
"geosite": [
|
||||
"cn",
|
||||
"category-companies@cn"
|
||||
],
|
||||
}
|
||||
],
|
||||
"server": "local"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
=== ":material-router-network: Route rules"
|
||||
|
||||
```json
|
||||
{
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "block",
|
||||
"tag": "block"
|
||||
}
|
||||
],
|
||||
"route": {
|
||||
"rules": [
|
||||
{
|
||||
"type": "logical",
|
||||
"mode": "or",
|
||||
"rules": [
|
||||
{
|
||||
"protocol": "dns"
|
||||
},
|
||||
{
|
||||
"port": 53
|
||||
}
|
||||
],
|
||||
"outbound": "dns"
|
||||
},
|
||||
{
|
||||
"geoip": "private",
|
||||
"outbound": "direct"
|
||||
},
|
||||
{
|
||||
"clash_mode": "Direct",
|
||||
"outbound": "direct"
|
||||
},
|
||||
{
|
||||
"clash_mode": "Global",
|
||||
"outbound": "default"
|
||||
},
|
||||
{
|
||||
"type": "logical",
|
||||
"mode": "or",
|
||||
"rules": [
|
||||
{
|
||||
"port": 853
|
||||
},
|
||||
{
|
||||
"network": "udp",
|
||||
"port": 443
|
||||
},
|
||||
{
|
||||
"protocol": "stun"
|
||||
}
|
||||
],
|
||||
"outbound": "block"
|
||||
},
|
||||
{
|
||||
"type": "logical",
|
||||
"mode": "and",
|
||||
"rules": [
|
||||
{
|
||||
"geosite": "geolocation-!cn",
|
||||
"invert": true
|
||||
},
|
||||
{
|
||||
"geosite": [
|
||||
"cn",
|
||||
"category-companies@cn"
|
||||
],
|
||||
"geoip": "cn"
|
||||
}
|
||||
],
|
||||
"outbound": "direct"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user