搭建通过 cloudflare 代理的 sing-box 教程

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

通过以下 Referral 链接购买 DigitalOcean 主机，你将可以帮助 V2EX 持续发展

这是一个创建于 646 天前的主题，其中的信息可能已经有所发展或是发生改变。

1 安装 nginx

yum install epel-release -y
yum install nginx -y
yum install nginx-mod-stream -y

2. 配置 nginx

2.1 新建目录
```
mkdir /etc/nginx/tcp.d
```

2.2 增加如下文件内容到 /etc/nginx/tcp.d/stream.conf

stream {
    map $ssl_preread_server_name $singbox {
            trojan.example.com trojan;
            ws.example.com trojan-websocket;
    }
    upstream trojan {
            server 127.0.0.1:52000;
    }
    upstream trojan-websocket {
            server 127.0.0.1:52001;
    }
    server {
            listen 443      reuseport;
            listen [::]:443 reuseport;
            proxy_pass      $singbox;
            ssl_preread     on;
            proxy_protocol  on;
    }
}

2.3 编辑 /etc/nginx/nginx.conf, 在文件末尾添加如下一行
```
include /etc/nginx/tcp.d/*.conf;
```

2.4 编辑回流配置 /etc/nginx/conf.d/fallback.conf

server {
    listen 80;
    server_name trojan.example.com;
    index index.html;
    root /data/app/web/hy;
}

2.5 运行 nginx
```
systemctl start nginx
```

3. 安装 go

wget https://go.dev/dl/go1.20.linux-amd64.tar.gz
tar xzf go1.20.linux-amd64.tar.gz
mv go /opt/
ln -s /opt/go/bin/go /usr/local/bin/go

如果没有 wget 命令, 使用 yum install wget 安装

4. 安装 sing-box

go install -v github.com/sagernet/sing-box/cmd/sing-box@lates
mv ~/go/bin/sing-box /opt/go/bin/
ln -s /opt/go/bin/sing-box /usr/local/bin/sing-box

5. 编辑配置文件 /etc/sing-box.conf

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "trojan",
      "tag": "trojan-in",
      "listen": "127.0.0.1",
      "listen_port": 52001,
      "tcp_fast_open": true,
      "udp_fragment": true,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_timeout": 300,
      "proxy_protocol": true,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "whatever",
          "password": "YOUPASSWORD"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "trojan.example.com",
        "alpn": [
          "http/1.1"
        ],
        "min_version": "1.2",
        "max_version": "1.3",
        "certificate_path": "/etc/certs/cert.pem",
        "key_path": "/etc/certs/key.pem"
      },
      "transport": {
        "type": "ws",
        "path": "/wss",
        "max_early_data": 0,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

6. ssl 证书

6.1 新建证书目录
```
mkdir /etc/certs
```
6.2 去 cloudflare 上生成证书, 分别命名为 cert.pem 和 key.pem, 然后上传到 /etc/certs/目录下

7. 启动

mkdir -p /data/logs
nohup sing-box run -c /etc/sing-box.conf > /data/logs/sing.log 2>&1 &

1 条回复 • 2023-02-27 06:16:47 +08:00

jtsang

2023-02-27 06:16:47 +08:00

这里 Cloudflare 只是提供了证书吧？