chika0801 / sing-box-examples Goto Github PK
View Code? Open in Web Editor NEWsing-box 配置示例
Home Page: https://github.com/SagerNet/sing-box
sing-box 配置示例
Home Page: https://github.com/SagerNet/sing-box
Hi! Thanks for the examples.
As the title says, In TUIC server config, how can I only listen on ipv6? with "listen": "::",
, I can still connect to server with my ipv4 too and I want the server only be accessible via ipv6.
用大佬的tun客户端配置,有些域名dns解析有问题导致无法连接上,我想这个域名走系统dns解析,所以我在dns服务器部分新增一个系统解析的服务器,然后规则加上这个域名,大佬帮忙看下对不对,谢谢!
{
"dns": {
"server": [
{
"tag": "dns_local",
"address": "local",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"domain_suffix": [
"域名.com"
]
}
"server": "dns_local"
]
}
}
Hi
Where are the xray-core examples ?
I want the sample files for Reality-steal-yourself. server.json
and nginx.conf
.
sing-box-examples/Tun/config_client_windows.json
Lines 34 to 52 in a1bc778
dns_direct
假设没有命中 geosite:geolocation-!cn
的话会不会造成DNS泄露?dns_direct
兜底应该是为了避免在 outbound.server
为域名时造成的DNS回环吧?
如果是的话我个人认为将 dns_direct
兜底换为:服务器域名单独加入DNS规则的 dns_direct
,使用 dns_proxy
兜底会更好点,防止DNS泄露的问题。
{
"geosite": [
"cn",
"private"
],
"domain": [ //1*
"server.domain"
],
"server": "dns_direct"
},
{
"outbound": [
"any"
],
"server": "dns_proxy"
}
如果您能考虑这一请求,将不胜感激
i'm using tun mode
Can you give me an example configuration?
I want to configure LAN.
sing-box 1.4.0-beta.1
大佬,能不能还跟以前的xray配置一样,在示例中把dns跟跟出入站规则啥的加上,最近受您的影响,也转到sing-box了,用的hy协议+vless.可惜弄不好这个DNS跟出入站规则方面,从xray开始一直以来都是抄的您的配置哈哈哈,太菜了我, 另外用sing-box使用hy跟vless协议,不用nginx反代吗,看您这都没有,哈哈哈,麻烦您了.
在大佬教程中,端口指定为16384,密码为chika,如果想修改,该如何操作?
谢谢大佬!
This is my configuration
{
"log": {
"level": "info",
"timestamp": true
},
"inbounds": [
{
"type": "tuic",
"listen": "test.ley.vn",
"listen_port": 443,
"users": [
{
"uuid": "2a1f8889-cd2b-4d7f-863e-b151eabdabc7",
"password": "88b0d030-9b09-4f4b-be9f-7bd8f3a42390"
}
],
"congestion_control": "bbr",
"tls": {
"enabled": true,
"alpn": [
"h3"
],
"certificate_path": "/root/fullchain.cer",
"key_path": "/root/Private.key"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
]
}
{
"log": {
"disabled": true
},
"dns": {
"servers": [
{
"tag": "dns_proxy",
"address": "76.76.2.42",
"address_resolver": "dns_direct",
"strategy": "ipv4_only",
"detour": "proxy"
},
{
"tag": "dns_direct",
"address": "local",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "dns_direct"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"mtu": 9000,
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": true,
"stack": "gvisor",
"sniff": true
}
],
"outbounds": [
{
"type": "tuic",
"tag": "proxy",
"server": "test.ley.vn",
"server_port": 443,
"uuid": "2a1f8889-cd2b-4d7f-863e-b151eabdabc7",
"password": "88b0d030-9b09-4f4b-be9f-7bd8f3a42390",
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "dl.kgvn.garenanow.com",
"alpn": "h3"
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"network": "udp",
"port": [
443,
80
],
"outbound": "block"
}
],
"auto_detect_interface": true
},
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:9090",
"external_ui": "../files/yacd",
"cache_file": "../cache/clash.db"
}
}
}
I need help with a DNS resolution problem in sing-box (VLESS-XTLS-uTLS-REALITY). It relies on client-side DNS resolution, causing issues with accessing blocked sites due to DNS pollution. I've been using "Simple DnsCrypt" as a workaround, but I want to configure sing-box for server-side DNS resolution. Can you guide me on this?
请问tun模式里面的路由规则为什么要阻断443端口的udp流量
Hello, and thanks for your great examples. I recently tried to divert traffic to sing-box based on SNI but was unsuccessful, however the same thing works with xray without problem. I wanted to know your opinion on this.
SNI diversion works with other protocols in sing-box such as naive or trojan, but not reality.
I am also using reality with my own domain.
The reason for this is I have other services on the vps and i need nginx to listen on 443.
Here are configs
Nginx
user nobody nogroup;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
stream {
map $ssl_preread_server_name $backend_name {
xx.mydomain.com vless;
mydomain.com http2;
www.mydomain.com http2;
}
upstream vless {
server 127.0.0.1:10000;
}
upstream http2 {
server 127.0.0.1:20000;
}
server {
listen 443;
listen [::]:443;
ssl_preread on;
proxy_pass $backend_name;
proxy_protocol on;
}
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:20000 ssl proxy_protocol;
http2 on;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
ssl_certificate ../fullchain.cer;
ssl_certificate_key ../mydomain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
ssl_ecdh_curve secp521r1:secp384r1:secp256r1:x25519;
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:30000; #some_backend
}
}
xray: This config works
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10000,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "532f45bd-7229-425e-8831-97a463eba428",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": 20000,
"xver": 2,
"serverNames": [
"xx.mydomain.com"
],
"privateKey": "...",
"shortIds": [
"123456789"
]
},
"tcpSettings": {
"acceptProxyProtocol": true
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
]
}
sing-box: does not work
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "vless",
"tag": "vless-in",
"listen": "::",
"listen_port": 10000,
"proxy_protocol": true,
"sniff": true,
"sniff_override_destination": true,
"users": [
{
"uuid": "532f45bd-7229-425e-8831-97a463eba428",
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "xx.mydomain.com",
"reality": {
"enabled": true,
"handshake": {
"server": "127.0.0.1",
"server_port": 20000
},
"private_key": "...",
"short_id": [
"123456789"
]
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
]
}
sing-box Logs
ERROR[0043] [3919413922 1ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0046] [709892396 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0048] [2314159538 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0049] [2780479593 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0049] [962535195 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0050] [3203139053 1ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0050] [1510738249 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0052] [2292211462 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
As title. Can you provide instructions on how to install and configure an example for vless ws
.\sing run -c
INFO[0000] router: updated default interface 以太网 5, index 38
INFO[0000] inbound/socks[socks-in]: tcp server started at [::1]:
有多个以太网
已经调高以太网 5的跃迁点
但仍自动试别5
add VLESS-gRPC-uTLS-REALITY client. i try to setup client transport grpc without servicename and won't work!
大佬您好,我用的是shadow-tls协议,outbounds部分替换了您配置文件中velss部分,结果无法访问,会观察到日志ERROR[0031] dns:exchange failed for gmscompliance-pa.googleapis.com.IN A:context canceled这样的报错,配置文件如下,能否帮忙看看
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns_proxy",
"address": "tcp://1.1.1.1",
"address_resolver": "dns_direct",
"strategy": "ipv4_only", // 若服务端准备好了IPv6,可改为 prefer_ipv6
"detour": "shadowtls-out"
},
{
"tag": "dns_direct",
"address": "https://223.5.5.5/dns-query",
"strategy": "ipv4_only", // 若客户端准备好了IPv6,可改为 prefer_ipv6
"detour": "direct"
},
{
"tag": "dns_block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": [
"category-ads-all"
],
"server": "dns_block",
"disable_cache": true
},
{
"geosite": [
"category-games@cn"
],
"server": "dns_direct"
},
{
"geosite": [
"geolocation-!cn"
],
"server": "dns_proxy"
},
{
"geosite": [
"cn",
"private"
],
"server": "dns_direct"
}
]
},
"route": {
"geoip": {
"download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db"
},
"geosite": {
"download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": [
"category-ads-all"
],
"outbound": "block"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": [
"category-games@cn"
]
},
{
"geoip": [
"cn"
]
}
],
"outbound": "direct"
},
{
"geosite": [
"geolocation-!cn"
],
"outbound": "shadowtls-out"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": [
"cn"
]
},
{
"geoip": [
"cn"
]
}
],
"outbound": "direct"
},
{
"geosite": [
"private"
],
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun0",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"mtu": 9000,
"auto_route": true,
"strict_route": true,
"endpoint_independent_nat": false,
"stack": "gvisor",
"sniff": true,
"sniff_override_destination": false
}
],
"outbounds": [
{
"type": "shadowsocks",
"method": "chacha20-ietf-poly1305",
"password": "pawwsd",
"detour": "shadowtls-out",
"multiplex": {
"enabled": true,
"max_connections": 4,
"min_streams": 4
}
},
{
"type": "shadowtls",
"tag": "shadowtls-out",
"server": "199.199.199.199",
"server_port": 443,
"version": 3,
"password": "pawwsd",
"tls": {
"enabled": true,
"server_name": "aws.amazon.com",
"utls": {
"enabled": false,
"fingerprint": "chrome"
}
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
]
}
{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 10808,
"remote_addr": "example.com",
"remote_port": 17386,
"password": [
"XXXXXX"
],
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
}
}
***您好,我试着改写客户端这样的CONFIG.JSON
在DEEPIN LINUX系统下 运行TROJAN客户端,显示找不到证书。
不知 "cert": "", 此处如何填写?
要从VPS上 下载证书到本地吗?
盼赐教。
感谢!!!
"tag": "dns_proxy",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "dns_direct",
"strategy": "ipv4_only", // 若服务端准备好了IPv6,可改为 prefer_ipv6
"detour": "proxy"
安卓客户端reality、vision连接没问题。tuic和hysteria连不上,显示dns_proxy loopback,将1.1.1.1改为自建dns服务器才连的上。
感觉dns_proxy没走代理,请问什么问题。
老哥
一直在用您的example十分不错感恩!
想请教一下如何实现ipv4/v6的分流呢,您这里没有开讨论只好斗胆发issue了,如果您觉得…不太合适的话我就关了
实在是没查到,sing的example有点少,wiki页面也没扒明白……
不论您是否有空回答都十分感谢!
sing-box给人以搭积木的感觉,但是怎样将不同代理协议,以不同端口的方式并存,对我来说有难度.
特别恳请大佬设计一下多代理同时共存的示例.
谢谢.
SagerNet/sing-box#152
就跟我在⬆️这个issue里说的一样的问题,不知道您遇到了么?
感恩大佬
安装教程 hy已经运行在两个小鸡上了,但是安卓的clash一直连不上,试着写了几个 都不行
please add sing-box to vmess+ws+tsl+cdn server config file.
i use NAT ipv6 vps install sing-box,
i think use vmess+ws+tsl and cloudflare CDN,
but not find all config file.
please give an example of a config file
Hello,
I use this config in xray to manage DNS.
{
"dns": {
"tag": "dns",
"hosts": {
"dns.cloudflare.com": [
"104.16.132.229",
"104.16.133.229",
"1.1.1.1",
"1.0.0.1"
],
"domain:youtube.com": [
"google.com"
]
},
"servers": [
"https://dns.cloudflare.com/dns-query",
"https://cloudflare-dns.com/dns-query"
]
}
}
The important part is I resolve some of domains myself by providing IPs or mapping 2 domains to each other which have same IPs.
I wonder how can I achieve this in sing-box?
Here is my configuration, help me
{
"log": {
"level": "trace",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns_Ley",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "Ley"
},
{
"tag": "dns_direct",
"address": "https://dns.alidns.com/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "direct"
},
{
"tag": "dns_block",
"address": "rcode://success"
},
{
"tag": "dns_resolver",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"domain": "time.apple.com",
"server": "dns_resolver"
},
{
"geosite": "category-ads-all",
"server": "dns_block",
"disable_cache": true
},
{
"geosite": "geolocation-!cn",
"server": "dns_Ley"
},
{
"geosite": [
"cn",
"private"
],
"server": "dns_direct"
},
{
"outbound": "any",
"server": "dns_resolver"
}
]
},
"ntp": {
"enabled": true,
"interval": "30m0s",
"server": "time.apple.com",
"server_port": 123,
"detour": "direct"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"mtu": 1400,
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true,
"strict_route": true,
"include_package": [
"com.google.android.gms",
"com.google.android.gsf",
"com.android.vending",
"com.android.chrome",
"org.telegram.messenger"
],
"stack": "gvisor",
"sniff": true,
"sniff_override_destination": true
}
],
"outbounds": [
{
"type": "selector",
"tag": "Ley",
"outbounds": [
"LeyVN:80",
"LeySG:80",
"LeyVN:443",
"LeySG:443"
],
"default": "LeySG:443"
},
{
"type": "vless",
"tag": "LeyVN:80",
"server": "cloud.ley.vn",
"server_port": 80,
"uuid": "....",
"transport": {
"type": "http",
"path": "/Ley.VN",
"method": "GET",
"headers": {
"Host": "dl.kgvn.garenanow.com"
}
}
},
{
"type": "vless",
"tag": "LeySG:80",
"server": "cloud1.ley.vn",
"server_port": 80,
"uuid": "....",
"transport": {
"type": "http",
"path": "/Ley.VN",
"method": "GET",
"headers": {
"Host": "dl.kgvn.garenanow.com"
}
}
},
{
"type": "trojan",
"tag": "LeyVN:443",
"server": "cloud.ley.vn",
"server_port": 443,
"password": "....4",
"tls": {
"enabled": true,
"server_name": "dl.kgvn.garenanow.com",
"insecure": true
}
},
{
"type": "trojan",
"tag": "LeySG:443",
"server": "cloud1.ley.vn",
"server_port": 443,
"password": "....."
"tls": {
"enabled": true,
"server_name": "dl.kgvn.garenanow.com",
"insecure": true
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db"
},
"geosite": {
"download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"protocol": "quic",
"outbound": "block"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": "geolocation-!cn"
},
{
"geoip": "cn",
"invert": true
}
],
"outbound": "Ley"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": "cn"
},
{
"geoip": "cn"
}
],
"outbound": "direct"
},
{
"geosite": "private",
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
}
}
获取的应该是免费账号吧?好像是有限速~
我想替换成电报群找到的收费key怎么操作
之前用的pre分支内核都可以正常套,不知道为什么更新了正式版内核后warp就失效了
在inbond添加:domain strategy 好像性能好一点?从拖动yt播放条看。
例如我在vps 127.0.0.1设了doh DNS服务,client配置的dns是8.8.8.8。到服务端到底用的是127还是8.8?
dns使用下面的方式符合singbox内部逻辑么
这么问的原因:,,我不需要sing实现的解析器(,主要是之前就用了dnsproxy在127.0.0.1起了一个dns解析器。我只想让sing转发所有dns请求(。(多起一个解析器,浪费性能嘛)
{
"type": "dns",
"tag": "dns-out"
}
改成
{
"type": "dns",
"tag": "direct-out-dns",
"override_address": "127.0.0.1",
"override_port": 53,
"proxy_protocol": 0,
... // Dial Fields
}
之前客户端用clash、clash meta,服务端用sing,不知道dns这块 会不会 不兼容。
另,caddy分流
"layer4": {
"servers": {
"sni": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"tls": {
"sni": [
"your domain of naive"
]
}
}
],
"handle": [
{
"handler": "proxy",
"upstreams": [
{
"dial": [
"127.0.0.1:1111443"
]
}
]
}
]
},
{
"match": [
{
"tls": {
"sni": [
"www.lovelive-anime.jp"
]
}
}
],
"handle": [
{
"handler": "proxy",
"upstreams": [
{
"dial": [
"127.0.0.1:2222443"//your servers of shadowTLS
]
}
]
}
]
}
]
}
}
},
Why can it only be started once...and then it cannot be started again?
Windows 10
sing-box 1.4.6
sudo pm2 start ./sing-box -n sing-box -- run -c sing-box.json
sudo pm2 save
sudo pm2 startup
大佬可以写一个grpc的example么,我根据您之前的ws+nginx改了一下无法成功啊…水平菜了菜了……
下载systemctl配置显示404了
使用Linux作为旁路由网关,请给个Tun + Fake IP的示例,非常感谢!
example https proxy with cert and key
connected in client with sni
https://sing-box.sagernet.org/configuration/outbound/http/
https://sing-box.sagernet.org/configuration/shared/tls/#outbound
https://sing-box.sagernet.org/configuration/inbound/http/
https://sing-box.sagernet.org/configuration/shared/tls/#inbound
你好,感谢分享sing-box的各种配置。我有个问题请教一下:
tun模式下naive的客户端该用哪种协议?用“http”?
可以这样配置吗?
"outbounds": [
{
"type": "http",
"tag": "http-out",
"server": "sample.com",
"server_port": 443,
"username": "user",
"password": "passwd",
"path": "",
"headers": {},
"tls": {}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
DNS rules 中有outbound
这个配项,我感觉是用来指定某个outbound
的Server Address解析时所用的DNS
。也就是说:如果某个outbound的服务器地址不是IP的话,将先去DNS Rules匹配一下,得到DNS Server后再进行DNS解析。
以这个为例子,any 放在了最后
sing-box-examples/Tun/config_client_windows.json
Lines 60 to 62 in 5ec2b9e
如果前面Geosite中出现了代理服务器的域名地址:
sing-box-examples/Tun/config_client_windows.json
Lines 47 to 50 in 5ec2b9e
那么就会走dns_proxy
,也就是回到代理服务器,再来一次DNS请求,造成死循环。
所以我提个不成熟的小建议:将 any 始终放在首项(当然指定某些tag走直连也是可行的)
将sing-box加入path 或 在脚本内写上sing-box的完整路径
C:\Path\to\sing-box.exe run -c "Z:\path\to\sing-box\config.json" #无需在前面加上start /min
打开开始菜单,运行 Windows工具
内的 任务计划程序
或 使用直接使用搜索功能打开 任务计划程序
。
可选导入,或者自己创建一个基本任务
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>1970-01-01T00:00:00.0000000</Date>
<Author>KOINU</Author>
<URI>\Sing-box Tun</URI>
</RegistrationInfo>
<Triggers>
<BootTrigger>
<Enabled>true</Enabled>
</BootTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-21-987654321-1234567890-987654321-1001</UserId> <!--换成自己的UserId,或者可以不管,这个是ChatGPT生成的-->
<LogonType>S4U</LogonType>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>false</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>Z:\path\to\your\run.bat</Command> <!--换成自己的脚本位置,或者直接把上面的脚本放在这里-->
</Exec>
</Actions>
</Task>
把这个xml文件保存,在 任务计划程序
中导入,导入成功之后会看见多了 Sing-box Tun
,右键运行
先随便创建一个基本计划,假设这里你把计划命名为了 sing-box Tun
,右键它点击属性
不管用户是否登入都要运行
,勾选 不存储密码。只有访问计算机资源的权限
,勾选 使用最高权限运行
。开始任务
的下拉栏内选择 启动时
。设置
内 如果任务运行时间超过以下时间,停止任务
保存,然后运行
之后应该就可以让sing-box在后台无窗口运行了
客户端为WIN7 64位�[31mFATAL�[0m[0005] start service: initialize inbound/tun[tun-in]: listen tcp4
172.19.0.1:0: bind: The requested address is not valid in its context.
***无法自行解决啊!
服务器用的是caddy配置的naive,客户端怎么用singbox配置?
按sing-box-examples/VLESS-XTLS-uTLS-REALITY
/sing-box_for_iOS_config_client.json 这里的配置修改 uuid 和其他相关信息后丢进去sing-box ios版。一直出错:
(packet-tunnel) error: start service: open geoip database: invalid argument
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.