背景
clash系列的各种奇奇怪怪的分流&faker ip问题。拥抱singbox的real ip。
目前使用下来还是很流畅的,尤其是强大的路由规则。tun模式下基本也能满足我的需求
singbox入门最难的可能是配置文件的生成了。我主要在linux下使用,win下是用生成的统一一份配置文件直接丢到hiddify中就可以正常使用。
这里只介绍一种配置文件生成的方法,其它的部署搭建类请自行翻阅文档,也尝试了其它的配置文件生成方法,个人觉得这种最好用。
整体思路:使用sub-store抽取node list,再使用sing-box-subscribe项目生成sing-box配置文件
实践
sub-store
node推荐使用nvm管理
cd /data/gfwNet/substore/sub-store
# 后端
curl -fsSL https://github.com/sub-store-org/Sub-Store/releases/latest/download/sub-store.bundle.js -o sub-store.bundle.js
# 前端
curl -fsSL https://github.com/sub-store-org/Sub-Store-Front-End/releases/latest/download/dist.zip -o dist.zip
unzip dist.zip && mv dist frontend && rm dist.zip
# service
cat /lib/systemd/system/sub-store.service
[Unit]
Description=Sub-Store
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
LimitNOFILE=32767
Type=simple
Environment="SUB_STORE_FRONTEND_BACKEND_PATH=/K82t0ARgSfvQosz" # 注意这里的key
Environment="SUB_STORE_BACKEND_CRON=0 0 * * *"
Environment="SUB_STORE_FRONTEND_PATH=/data/gfwNet/substore/sub-store/frontend"
Environment="SUB_STORE_FRONTEND_HOST=0.0.0.0"
Environment="SUB_STORE_FRONTEND_PORT=3001"
Environment="SUB_STORE_DATA_BASE_PATH=/data/gfwNet/substore/sub-store"
Environment="SUB_STORE_BACKEND_API_HOST=127.0.0.1"
Environment="SUB_STORE_BACKEND_API_PORT=3000"
ExecStart=/root/.nvm/versions/node/v20.18.1/bin/node /data/gfwNet/substore/sub-store/sub-store.bundle.js
User=root
Group=root
Restart=on-failure
RestartSec=5s
ExecStartPre=/bin/sh -c ulimit -n 51200
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
启动服务后,只需要将各个订阅连接文件放入其中,添加一条组合订阅,抽取其中的node list即可。
sing-box-subscribe
git clone --branch v2.8.0 --single-branch https://github.com/Toperlock/sing-box-subscribe.git
# 本地使用conda的python3.8环境
pip3 install -r requirements.txt
# 修改tools.py捕捉异常
# with warnings.catch_warnings("ignore", category=CryptographyDeprecationWarning):
# import paramiko
with warnings.catch_warnings():
warnings.simplefilter("ignore", category=CryptographyDeprecationWarning)
import paramiko
# 启动脚本
python main.py
1、config_template_groups_rule_set_tun 2、config_template_groups_rule_set_tun_dns 3、config_template_groups_rule_set_tun_fakeip 4、config_template_no_groups_tun_VN 5、sb-config-1.11
输入序号,载入对应config模板(直接回车默认选第一个配置模板):2
选择: config_template_groups_rule_set_tun_dns.json
处理: http://192.168.1.38:3001/K82txxQosz/download/collection/all?target=ClashMeta
已删除文件,并重新保存:./config.json
定制&优化过后的sing-box配置文件(!)
注意的点:JSON格式配置文件不支持注释
配置项参考singbox document
启动singbox
使用singbox的tun模式dns解析需要停止ubuntu上systemd-resolved.service否则会53端口冲突
systemctl restart sing-box.service && sleep 2;systemctl status sing-box.service
# 查看有无报错
journalctl -xeu sing-box
# tun网卡信息
root@un-master03:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 86:36:6e:4e:43:83 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.67/16 brd 192.168.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::8436:6eff:fe4e:4383/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
82: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 172.19.0.1/30 brd 172.19.0.3 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::ee87:dc16:8d3e:c40a/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
tun模式分流
ubuntu下使用nftable的ruleset来使得geoip&geosite绕过singbox直接由物理网卡处理。
reference
部署sub-store参考
https://surge.tel/08/2930/
sing-box中文文档
https://sing-box.sagernet.org/zh/configuration/
dns泄露网址检测
https://ipleak.net/
