1、准备一台服务器并解析域名

  • 放行端口或者禁用防火墙:
ufw disable

2、申请证书

  • 安装依赖包
apt update -y&&apt install -y curl&&apt install -y socat
  • 安装证书申请程序
curl https://get.acme.sh | sh -s email=my@example.com
  • 申请证书
~/.acme.sh/acme.sh --issue -d 你的域名 --standalone

3、安装Sing-box

  • 下载Sing-box源文件
wget https://github.com/SagerNet/sing-box/releases/download/v1.6.2/sing-box-1.6.2-linux-amd64.tar.gz
  • 解压下载好的文件
tar -zxvf sing-box-1.6.2-linux-amd64.tar.gz

4、创建并设置配置文件

  • 进入Sing-box文件夹
cd /root/sing-box-1.6.2-linux-amd64
  • 分别创建一个名为ech.config和ech.key的文件
    • 生成ech公钥和私钥,
      • 把公钥复制粘贴到ech.config文件中
      • 把私钥复制粘贴到ech.key文件中
  • 在Sing-box文件夹下创建一个名为server.json的文件
  • 生成ech公钥和私钥
./sing-box generate ech-keypair www.bing.com --pq-signature-schemes-enabled 
  • 把以下代码粘贴进去
{
  "log": {
    "disabled": false,
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cf",
        "address": "https://1.1.1.1/dns-query",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": [
          "category-ads-all"
        ],
        "server": "block",
        "disable_cache": true
      }
    ],
    "final": "cf",
    "strategy": "",
    "disable_cache": false,
    "disable_expire": false
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "vless-in",
      "listen": "::",
      "listen_port": 443,
      "tcp_fast_open": false,
      "tcp_multi_path": false,
      "udp_fragment": false,
      "sniff": false,
      "sniff_override_destination": false,
      "sniff_timeout": "300ms",
      "domain_strategy": "prefer_ipv4",
      "udp_timeout": 300,
      "proxy_protocol": false,
      "proxy_protocol_accept_no_header": false,
      "users": [
        {
          "name": "naiyou",
          "uuid": "你的UUID",
          "flow": ""
        }
      ],
      "tls": {
        "enabled": true, 
        "server_name": "你的域名",
        "certificate_path": "你的证书文件路径",
        "key_path": "你的密钥文件路径",
        "ech": {
          "enabled": true,
          "pq_signature_schemes_enabled": true,
          "dynamic_record_sizing_disabled": false,
          "key_path": "你的ECH KEYS文件路径"
        }
      },
      "transport": {
        "type": "ws",
        "path": "你的PATH路径",
        "headers": {},
        "max_early_data": 0,
        "early_data_header_name": ""
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "geoip": {
      "path": "geoip.db",
      "download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
      "download_detour": "direct"
    },
    "geosite": {
      "path": "geosite.db",
      "download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
      "download_detour": "direct"
    },
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": [
          "category-ads-all"
        ],
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true,
    "final": "direct"
  },
  "experimental": {}
}
  • 设置Sing-box后台运行
nohup ./sing-box run -c server.json &

5、客户端配置

  • 创建一个名为client.json的文件
  • 把下面的配置文件粘贴到client.json文件中
{
  "dns": {
    "servers": [
      {
        "tag": "alidns",
        "address": "https://223.5.5.5/dns-query",
        "address_strategy": "prefer_ipv4",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "cf",
        "address": "https://1.1.1.1/dns-query",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": [
          "cn"
        ],
        "domain_suffix": [
          ".cn"
        ],
        "server": "alidns",
        "disable_cache": false
      },
      {
        "geosite": [
          "category-ads-all"
        ],
        "server": "block",
        "disable_cache": true
      }
    ],
    "final": "cf",
    "strategy": "",
    "disable_cache": false,
    "disable_expire": false
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 5353,
      "tcp_fast_open": false,
      "tcp_multi_path": false,
      "udp_fragment": false,
      "sniff": true,
      "sniff_override_destination": false,
      "sniff_timeout": "300ms",
      "domain_strategy": "prefer_ipv4",
      "udp_timeout": 300,
      "proxy_protocol": false,
      "proxy_protocol_accept_no_header": false,
      "set_system_proxy": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "proxy",
      "server": "你的域名",
      "server_port": 443,
      "uuid": "你的UUID",
      "flow": "",
      "tls": {
        "enabled": true,
        "ech": {
          "enabled": true,
          "pq_signature_schemes_enabled": true,
          "dynamic_record_sizing_disabled": false,
          "config": "你的ech.config文件内容"
        }
      },
      "packet_encoding": "",
      "transport": {
        "type": "ws",
        "path": "你服务端配置的PATH路径",
        "headers": {},
        "max_early_data": 0,
        "early_data_header_name": ""
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "geoip": {
      "path": "geoip.db",
      "download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
      "download_detour": "direct"
    },
    "geosite": {
      "path": "geosite.db",
      "download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
      "download_detour": "direct"
    },
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": [
          "cn",
          "private"
        ],
        "geoip": [
          "cn",
          "private"
        ],
        "domain_suffix": [
          ".cn"
        ],
        "outbound": "direct"
      },
      {
        "geosite": [
          "category-ads-all"
        ],
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true,
    "final": "proxy"
  },
  "experimental": {}
}
  • 将ech.config文件中的每一行都打印出来
awk 'NF {printf "%s\\n",$0}' ech.config
  • 下载Sing-box客户端,并把sing-box.exe放入到此目录下\zz_v2rayN-With-Core-SelfContained\zz_v2rayN-With-Core-SelfContained\bin\sing_box

发表评论

您的电子邮箱地址不会被公开。 必填项已用 * 标注

滚动至顶部