必备:一台Linux服务器,推荐Debian,下面为使用Debian演示

1、安装sing-box

bash <(curl -fsSL https://sing-box.app/deb-install.sh)

对于大陆服务器,需要替换镜像源下载

deb-install.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

#!/bin/bash

set -e -o pipefail

ARCH_RAW=$(uname -m)
case "${ARCH_RAW}" in
    'x86_64')    ARCH='amd64';;
    'x86' | 'i686' | 'i386')     ARCH='386';;
    'aarch64' | 'arm64') ARCH='arm64';;
    'armv7l')   ARCH='armv7';;
    's390x')    ARCH='s390x';;
    *)          echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;;
esac

VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \
    | grep tag_name \
    | cut -d ":" -f2 \
    | sed 's/\"//g;s/\,//g;s/\ //g;s/v//')

curl -Lo sing-box.deb "https://mirror.ghproxy.com/https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.deb"
sudo dpkg -i sing-box.deb
rm sing-box.deb

2、编写配置文件

这里使用了sing-box-subscribe 更新订阅,更新配置文件

clone到本地 pip install -r requirements.txt

  • 新增自定义配置文件模版,用官方的跳过此步

新建 config_template-c模版

cd config_template & nano config_template-c

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344

{
  "dns": {
    "servers": [
      {
        "tag": "dns_proxy",
        "address": "https://cloudflare-dns.com/dns-query",
        "address_resolver": "dns_resolver",
        "strategy": "ipv4_only",
        "client_subnet": "1.0.1.0" ////替换为自己附近的IP,不建议自己的IP
      },
      {
        "tag": "dns_direct",
        "address": "https://doh.pub/dns-query",
        "address_resolver": "dns_resolver",
        "strategy": "ipv4_only",
        "detour": "🎯 全球直连"
      },
      {
        "tag": "dns_block",
        "address": "rcode://name_error"
      },
      {
        "tag": "dns_resolver",
        "address": "119.29.29.29",
        "strategy": "ipv4_only",
        "detour": "🎯 全球直连"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "dns_resolver"
      },
      {
        "query_type": "HTTPS",
        "server": "dns_block"
      },
      {
        "clash_mode": "direct",
        "server": "dns_direct"
      },
      {
        "clash_mode": "global",
        "server": "dns_proxy"
      },
      {
        "rule_set": "cnsite",
        "server": "dns_direct"
      },
      {
        "rule_set": [
          "YouTube",
          "OpenAI",
          "TikTok",
          "Google",
          "geoip-telegram",
          "geosite-telegram",
          "geoip-twitter",
          "geosite-proxy"
        ],
        "server": "dns_proxy"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          {
            "rule_set": "geosite-geolocation-!cn",
            "invert": true
          },
          {
            "rule_set": "geoip-cn"
          }
        ],
        "server": "dns_proxy",
        "client_subnet": "1.0.1.0" //替换为自己附近的IP,不建议自己的IP
      }
    ],
    "final": "dns_direct"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "mtu": 9000,
      "gso": true,
      "auto_route": true,
      "stack": "system",
      "sniff": true,
      "sniff_override_destination": false
    }
  ],
  "outbounds": [
    {
      "type": "selector",
      "tag": "🚀 节点选择",
      "outbounds": [
        "auto",
        "🎯 全球直连",
        "{all}"
      ],
      "default": "🎯 全球直连"
    },
    {
      "type": "selector",
      "tag": "🐟 漏网之鱼",
      "outbounds": [
        "🎯 全球直连",
        "🚀 节点选择"
      ],
      "default": "🎯 全球直连"
    },
    {
      "type": "selector",
      "tag": "🛑 广告拦截",
      "outbounds": [
        "block"
      ],
      "default": "block"
    },
    {
      "tag": "auto",
      "type": "urltest",
      "outbounds": [
        "{all}"
      ],
      "filter": [
        {
          "action": "exclude",
          "keywords": [
            "网站|地址|剩余|过期|时间|有效"
          ]
        }
      ],
      "url": "http://www.gstatic.com/generate_204",
      "interval": "10m",
      "tolerance": 50
    },
    {
      "type": "direct",
      "tag": "🎯 全球直连"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "clash_mode": "direct",
        "outbound": "🎯 全球直连"
      },
      {
        "clash_mode": "global",
        "outbound": "🚀 节点选择"
      },
      {
        "protocol": "quic",
        "outbound": "block"
      },
      {
        "rule_set": "geosite-category-ads-all",
        "outbound": "🛑 广告拦截"
      },
      {
        "rule_set": [
          "Bilibili",
          "MicroSoft",
          "Apple",
          "cnsite",
          "geoip-cn"
        ],
        "outbound": "🎯 全球直连"
      },
      {
        "rule_set": [
          "YouTube",
          "OpenAI",
          "TikTok",
          "Google",
          "geoip-telegram",
          "geosite-telegram",
          "geoip-twitter",
          "geosite-proxy"
        ],
        "outbound": "🚀 节点选择"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          {
            "rule_set": "geosite-geolocation-!cn"
          },
          {
            "rule_set": "geoip-cn",
            "invert": true
          }
        ],
        "outbound": "🚀 节点选择"
      },
      {
        "ip_is_private": true,
        "outbound": "🎯 全球直连"
      }
    ],
    "rule_set": [
      {
        "tag": "geosite-category-ads-all",
        "type": "remote",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/category-ads-all.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "cnsite",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/cn.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "geosite-telegram",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/telegram.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "geoip-telegram",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geoip/telegram.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "geosite-proxy",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo-lite/geosite/proxy.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "YouTube",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/youtube.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "TikTok",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/tiktok.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "Bilibili",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/bilibili.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "OpenAI",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/openai.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "MicroSoft",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/microsoft.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "Google",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geoip/google.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "Apple",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/apple.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "geoip-cn",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geoip/cn.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "geosite-geolocation-!cn",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geosite/geolocation-!cn.srs",
        "download_detour": "🎯 全球直连"
      },
      {
        "type": "remote",
        "tag": "geoip-twitter",
        "format": "binary",
        "url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/raw/sing/geo/geoip/twitter.srs",
        "download_detour": "🎯 全球直连"
      }
    ],
    "final": "🐟 漏网之鱼",
    "find_process": true,
    "auto_detect_interface": true
  },
  "log": {
    "level": "warn",
    "timestamp": true
  },
  "experimental": {
    "clash_api": {
      "external_controller": ":9090",
      "external_ui": "ui",
      "secret": "",
      "external_ui_download_url": "https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip",
      "external_ui_download_detour": "🎯 全球直连",
      "default_mode": "rule"
    },
    "cache_file": {
      "enabled": true
    }
  }
}
  • 编辑 providers.jsonurl 替换为自己的订阅链接,其他不用动
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

{
    "subscribes":[
        {
            "url": "替换为自己的订阅链接🔗",
            "tag": "airport1_tag", //You can keep the default without modification
            "enabled": true, //Enable conversion of this link
            "emoji": 1, //Add flag emoji
            "subgroup": "",
            "prefix": "", //Do not add node name prefix
            "ex-node-name": "网站|流量|过期", //Filter nodes containing keywords
            "User-Agent":"clashmeta" //Set browser UA
        },
        {
            "url": "https://5gtocdocao.com/api/v1/client/subscribe?token=xx",
            "tag": "airport2_tag", //You can keep the default without modification
            "enabled": false, //Disable conversion of this link
            "emoji": 0, //Do not add flag emoji
            "subgroup": "named", //Name the subscription link
            "prefix": "❤️node_name prefix - ", //Add node name prefix
            "User-Agent":"clashmeta" //Set browser UA
        }
    ],
    "auto_set_outbounds_dns":{
        "proxy": "",
        "direct": ""
    },
    "save_config_path": "./config.json",
    "auto_backup": false,
    "exclude_protocol": "ssr", //Not parsing ssr nodes!!!
    "config_template": "", //Customize the correct web page json configuration template link
    "Only-nodes": false //Output the complete sing-box configuration
}

python main.py 选择模版后自动生成 config.json

config.json复制到/etc/sing-box

 systemctl restart sing-box 不出意外,启动成功,访问ip:9090打开web UI

 journalctl -u sing-box --output cat -f 查看日志,排查错误

3、自动更新订阅

新建autoupdate.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

#!/bin/bash
SubscribeDir=/opt/sing-box-subscribe
SingBoxDir=/etc/sing-box

echo "update subscribe"
cd $SubscribeDir
#如果启用python venv环境,取消注释
# source venv/bin/activate
# 根据模版序号自行修改
python3 main.py --template_index=0

if [ $? -eq 0 ]; then
    echo "update subscribe successfully. To update config.json"
    cp $SubscribeDir/config.json $SingBoxDir/config.json
else
    echo "update config.json failed. Exiting."
    exit 1
fi

if [ $? -eq 0 ]; then
    echo "update config.json successfully. To restart sing-box"
    systemctl restart sing-box
else
    echo "restart sing-box failed. Exiting."
    exit 1
fi

chmod +x autoupdate.sh

crontab -e添加定时任务

33 3 * * * /to/path/autoupdate.sh

本机如果成功上网后,接下来就是当网关,让其他设备可以访问,不需要此部分可以不看

4、设置网关,使其他机器访问

  1. 本机IP设为静态地址

  2. 主路由DHCP服务设置网关指向该设备IP,dns设置为公共dns,119.29.29.29

  3. 主路由重启,开始愉快上网吧

具体可参考这篇

5、可能用到的命令

Operation Command
Enable sudo systemctl enable sing-box
Disable sudo systemctl disable sing-box
Start sudo systemctl start sing-box
Stop sudo systemctl stop sing-box
Kill sudo systemctl kill sing-box
Restart sudo systemctl restart sing-box
Logs sudo journalctl -u sing-box --output cat -e
New Logs sudo journalctl -u sing-box --output cat -f

参考

sing-box 基础教程:sing-box 的配置方法和使用教程

Package Manager - sing-box

sing-box-subscribe/instructions/README.md at main · Toperlock/sing-box-subscribe · GitHub

【瑞士军刀】放弃fakeip,拥抱realip,最强网络代理工具sing-box新手指南,从此不知DNS泄漏/DNS污染为何物,软路由插件homeproxy,奈飞DNS解锁、sniff流量嗅探覆写解析 - YouTube

GitHub - MetaCubeX/meta-rules-dat at meta