chika0801 / sing-box-examples Goto Github PK

example https proxy with cert and key
connected in client with sni

https://sing-box.sagernet.org/configuration/outbound/http/
https://sing-box.sagernet.org/configuration/shared/tls/#outbound

https://sing-box.sagernet.org/configuration/inbound/http/
https://sing-box.sagernet.org/configuration/shared/tls/#inbound

.\sing run -c
INFO[0000] router: updated default interface 以太网 5, index 38
INFO[0000] inbound/socks[socks-in]: tcp server started at [::1]:

有多个以太网
已经调高以太网 5的跃迁点
但仍自动试别5

大佬可以写一个grpc的example么，我根据您之前的ws+nginx改了一下无法成功啊…水平菜了菜了……

Hi! Thanks for the examples.
As the title says, In TUIC server config, how can I only listen on ipv6? with "listen": "::",, I can still connect to server with my ipv4 too and I want the server only be accessible via ipv6.

例如我在vps 127.0.0.1设了doh DNS服务，client配置的dns是8.8.8.8。到服务端到底用的是127还是8.8？
dns使用下面的方式符合singbox内部逻辑么
这么问的原因：，，我不需要sing实现的解析器（，主要是之前就用了dnsproxy在127.0.0.1起了一个dns解析器。我只想让sing转发所有dns请求（。（多起一个解析器，浪费性能嘛）

{
  "type": "dns",
  "tag": "dns-out"
}
改成
{
  "type": "dns",
  "tag": "direct-out-dns",

  "override_address": "127.0.0.1",
  "override_port": 53,
  "proxy_protocol": 0,

  ... // Dial Fields
}

之前客户端用clash、clash meta，服务端用sing，不知道dns这块 会不会 不兼容。

另，caddy分流  

    "layer4": {
        "servers": {
            "sni": {
                "listen": [
                    ":443"
                ],
                "routes": [
                    {
                        "match": [
                            {
                                "tls": {
                                    "sni": [
                                        "your domain of naive"
                                    ]
                                }
                            }
                        ],
                        "handle": [
                            {
                                "handler": "proxy",
                                "upstreams": [
                                    {
                                        "dial": [
                                            "127.0.0.1:1111443"
                                        ]
                                    }
                                ]
                            }
                        ]
                    },
                    {
                        "match": [
                            {
                                "tls": {
                                    "sni": [
                                        "www.lovelive-anime.jp"
                                    ]
                                }
                            }
                        ],
                        "handle": [
                            {
                                "handler": "proxy",
                                "upstreams": [
                                    {
                                        "dial": [
                                            "127.0.0.1:2222443"//your servers of shadowTLS
                                        ]
                                    }
                                ]
                            }
                        ]
                    }
                ]
            }
        }
    },

大佬您好,我用的是shadow-tls协议,outbounds部分替换了您配置文件中velss部分,结果无法访问,会观察到日志ERROR[0031] dns:exchange failed for gmscompliance-pa.googleapis.com.IN A:context canceled这样的报错,配置文件如下,能否帮忙看看
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns_proxy",
"address": "tcp://1.1.1.1",
"address_resolver": "dns_direct",
"strategy": "ipv4_only", // 若服务端准备好了IPv6，可改为 prefer_ipv6
"detour": "shadowtls-out"
},
{
"tag": "dns_direct",
"address": "https://223.5.5.5/dns-query",
"strategy": "ipv4_only", // 若客户端准备好了IPv6，可改为 prefer_ipv6
"detour": "direct"
},
{
"tag": "dns_block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": [
"category-ads-all"
],
"server": "dns_block",
"disable_cache": true
},
{
"geosite": [
"category-games@cn"
],
"server": "dns_direct"
},
{
"geosite": [
"geolocation-!cn"
],
"server": "dns_proxy"
},
{
"geosite": [
"cn",
"private"
],
"server": "dns_direct"
}
]
},
"route": {
"geoip": {
"download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db"
},
"geosite": {
"download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"geosite": [
"category-ads-all"
],
"outbound": "block"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": [
"category-games@cn"
]
},
{
"geoip": [
"cn"
]
}
],
"outbound": "direct"
},
{
"geosite": [
"geolocation-!cn"
],
"outbound": "shadowtls-out"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": [
"cn"
]
},
{
"geoip": [
"cn"
]
}
],
"outbound": "direct"
},
{
"geosite": [
"private"
],
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun0",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"mtu": 9000,
"auto_route": true,
"strict_route": true,
"endpoint_independent_nat": false,
"stack": "gvisor",
"sniff": true,
"sniff_override_destination": false
}
],
"outbounds": [
{
"type": "shadowsocks",
"method": "chacha20-ietf-poly1305",
"password": "pawwsd",
"detour": "shadowtls-out",
"multiplex": {
"enabled": true,
"max_connections": 4,
"min_streams": 4
}
},
{
"type": "shadowtls",
"tag": "shadowtls-out",
"server": "199.199.199.199",
"server_port": 443,
"version": 3,
"password": "pawwsd",
"tls": {
"enabled": true,
"server_name": "aws.amazon.com",
"utls": {
"enabled": false,
"fingerprint": "chrome"
}
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
]
}

As title. Can you provide instructions on how to install and configure an example for vless ws

如果您能考虑这一请求，将不胜感激

将sing-box加入path 或 在脚本内写上sing-box的完整路径

C:\Path\to\sing-box.exe run -c "Z:\path\to\sing-box\config.json" #无需在前面加上start /min

打开开始菜单，运行 Windows工具 内的 任务计划程序 或 使用直接使用搜索功能打开 任务计划程序 。
可选导入，或者自己创建一个基本任务

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>1970-01-01T00:00:00.0000000</Date>
    <Author>KOINU</Author>
    <URI>\Sing-box Tun</URI>
  </RegistrationInfo>
  <Triggers>
    <BootTrigger>
      <Enabled>true</Enabled>
    </BootTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-21-987654321-1234567890-987654321-1001</UserId>  <!--换成自己的UserId，或者可以不管，这个是ChatGPT生成的-->
      <LogonType>S4U</LogonType>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>false</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>Z:\path\to\your\run.bat</Command> <!--换成自己的脚本位置，或者直接把上面的脚本放在这里-->
    </Exec>
  </Actions>
</Task>

之后应该就可以让sing-box在后台无窗口运行了

你好，大佬，

只能这些一个也不选，时断时好。
不何为何？
服务器的JSON配置参见您的样本，只改了密码+端口。
盼赐教！
感谢！

之前用的pre分支内核都可以正常套，不知道为什么更新了正式版内核后warp就失效了

I need help with a DNS resolution problem in sing-box (VLESS-XTLS-uTLS-REALITY). It relies on client-side DNS resolution, causing issues with accessing blocked sites due to DNS pollution. I've been using "Simple DnsCrypt" as a workaround, but I want to configure sing-box for server-side DNS resolution. Can you guide me on this?

https://github.com/chika0801/sing-box-examples/tree/main/Shadowsocks

在大佬教程中，端口指定为16384，密码为chika，如果想修改，该如何操作？

谢谢大佬！

使用Linux作为旁路由网关，请给个Tun + Fake IP的示例，非常感谢！

This is my configuration
{
"log": {
"level": "info",
"timestamp": true
},
"inbounds": [
{
"type": "tuic",
"listen": "test.ley.vn",
"listen_port": 443,
"users": [
{
"uuid": "2a1f8889-cd2b-4d7f-863e-b151eabdabc7",
"password": "88b0d030-9b09-4f4b-be9f-7bd8f3a42390"
}
],
"congestion_control": "bbr",
"tls": {
"enabled": true,
"alpn": [
"h3"
],
"certificate_path": "/root/fullchain.cer",
"key_path": "/root/Private.key"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
]
}

{
"log": {
"disabled": true
},
"dns": {
"servers": [
{
"tag": "dns_proxy",
"address": "76.76.2.42",
"address_resolver": "dns_direct",
"strategy": "ipv4_only",
"detour": "proxy"
},
{
"tag": "dns_direct",
"address": "local",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "dns_direct"
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"mtu": 9000,
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": true,
"stack": "gvisor",
"sniff": true
}
],
"outbounds": [
{
"type": "tuic",
"tag": "proxy",
"server": "test.ley.vn",
"server_port": 443,
"uuid": "2a1f8889-cd2b-4d7f-863e-b151eabdabc7",
"password": "88b0d030-9b09-4f4b-be9f-7bd8f3a42390",
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "dl.kgvn.garenanow.com",
"alpn": "h3"
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"network": "udp",
"port": [
443,
80
],
"outbound": "block"
}
],
"auto_detect_interface": true
},
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:9090",
"external_ui": "../files/yacd",
"cache_file": "../cache/clash.db"
}
}
}

add VLESS-gRPC-uTLS-REALITY client. i try to setup client transport grpc without servicename and won't work!

下载systemctl配置显示404了

请问tun模式里面的路由规则为什么要阻断443端口的udp流量

看tun的示例文件是否有这个问题，看到开启了自动路由没有开启严格路由

            "tag": "dns_proxy",
            "address": "https://1.1.1.1/dns-query",
            "address_resolver": "dns_direct",
            "strategy": "ipv4_only", // 若服务端准备好了IPv6，可改为 prefer_ipv6
            "detour": "proxy"

安卓客户端reality、vision连接没问题。tuic和hysteria连不上，显示dns_proxy loopback，将1.1.1.1改为自建dns服务器才连的上。
感觉dns_proxy没走代理，请问什么问题。

DNS rules 中有outbound这个配项，我感觉是用来指定某个outbound的Server Address解析时所用的DNS。也就是说：如果某个outbound的服务器地址不是IP的话，将先去DNS Rules匹配一下，得到DNS Server后再进行DNS解析。

以这个为例子，any 放在了最后

如果前面Geosite中出现了代理服务器的域名地址：

那么就会走dns_proxy，也就是回到代理服务器，再来一次DNS请求，造成死循环。

所以我提个不成熟的小建议：将 any 始终放在首项（当然指定某些tag走直连也是可行的）

Hello, and thanks for your great examples. I recently tried to divert traffic to sing-box based on SNI but was unsuccessful, however the same thing works with xray without problem. I wanted to know your opinion on this.
SNI diversion works with other protocols in sing-box such as naive or trojan, but not reality.
I am also using reality with my own domain.
The reason for this is I have other services on the vps and i need nginx to listen on 443.

Here are configs

Nginx

user nobody nogroup;
worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

events {
    worker_connections 1024;
}

stream {
    map $ssl_preread_server_name $backend_name {
        xx.mydomain.com  vless;
        mydomain.com  http2;
        www.mydomain.com  http2;
    }
    upstream vless {
        server 127.0.0.1:10000;
    }
    upstream http2 {
        server 127.0.0.1:20000;
    }
    server {
        listen 443;
        listen [::]:443;
        ssl_preread on;
        proxy_pass $backend_name;
        proxy_protocol on;
    }
}

http {
    include mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;

    keepalive_timeout 65;

    server {
        listen 80;
        listen [::]:80;
        return 301 https://$host$request_uri;
    }

    server {
        listen 127.0.0.1:20000 ssl proxy_protocol;
	http2 on;
        set_real_ip_from 127.0.0.1;
        real_ip_header proxy_protocol;

        ssl_certificate ../fullchain.cer;
        ssl_certificate_key ../mydomain.com.key;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
        ssl_ecdh_curve secp521r1:secp384r1:secp256r1:x25519;

        location / {
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_pass http://127.0.0.1:30000; #some_backend
        }
    }

xray: This config works

{
  "log": {
    "loglevel": "warning",
    "error": "/var/log/xray/error.log",
    "access": "/var/log/xray/access.log"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 10000,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "532f45bd-7229-425e-8831-97a463eba428",
            "flow": "xtls-rprx-vision"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "dest": 20000,
          "xver": 2,
          "serverNames": [
            "xx.mydomain.com"
          ],
          "privateKey": "...",
          "shortIds": [
            "123456789"
          ]
        },
        "tcpSettings": {
          "acceptProxyProtocol": true
        }
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
],
"outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "blocked",
      "protocol": "blackhole",
      "settings": {}
    }
  ]
}

sing-box: does not work

{
  "log": {
    "level": "info"
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "vless-in",
      "listen": "::",
      "listen_port": 10000,
      "proxy_protocol": true,
      "sniff": true,
      "sniff_override_destination": true,
      "users": [
        {
          "uuid": "532f45bd-7229-425e-8831-97a463eba428",
          "flow": "xtls-rprx-vision"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "xx.mydomain.com",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "127.0.0.1",
            "server_port": 20000
          },
          "private_key": "...",
          "short_id": [
            "123456789"
          ]
        }
      }
    }
],
"outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ]
}

sing-box Logs

ERROR[0043] [3919413922 1ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0046] [709892396 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0048] [2314159538 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0049] [2780479593 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0049] [962535195 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0050] [3203139053 1ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0050] [1510738249 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection
ERROR[0052] [2292211462 0ms] inbound/vless[vless-in]: process connection from IP_Address: REALITY: processed invalid connection

你好，感谢分享sing-box的各种配置。我有个问题请教一下：
tun模式下naive的客户端该用哪种协议？用“http”？
可以这样配置吗？

"outbounds": [
{
"type": "http",
"tag": "http-out",
"server": "sample.com",
"server_port": 443,
"username": "user",
"password": "passwd",
"path": "",
"headers": {},
"tls": {}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],

用大佬的tun客户端配置，有些域名dns解析有问题导致无法连接上，我想这个域名走系统dns解析，所以我在dns服务器部分新增一个系统解析的服务器，然后规则加上这个域名，大佬帮忙看下对不对，谢谢！

{
"dns": {
"server": [
{
"tag": "dns_local",
"address": "local",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"domain_suffix": [
"域名.com"
]
}
"server": "dns_local"
]
}
}

SagerNet/sing-box#152
就跟我在⬆️这个issue里说的一样的问题，不知道您遇到了么？
感恩大佬

Hello,

I use this config in xray to manage DNS.

{
  "dns": {
    "tag": "dns",
    "hosts": {
      "dns.cloudflare.com": [
        "104.16.132.229",
        "104.16.133.229",
        "1.1.1.1",
        "1.0.0.1"
      ],
      "domain:youtube.com": [
        "google.com"
      ]
    },
    "servers": [
      "https://dns.cloudflare.com/dns-query",
      "https://cloudflare-dns.com/dns-query"
    ]
  }
}

The important part is I resolve some of domains myself by providing IPs or mapping 2 domains to each other which have same IPs.

I wonder how can I achieve this in sing-box?

老哥
一直在用您的example十分不错感恩！
想请教一下如何实现ipv4/v6的分流呢，您这里没有开讨论只好斗胆发issue了，如果您觉得…不太合适的话我就关了
实在是没查到，sing的example有点少，wiki页面也没扒明白……
不论您是否有空回答都十分感谢！

sing-box给人以搭积木的感觉,但是怎样将不同代理协议,以不同端口的方式并存,对我来说有难度.
特别恳请大佬设计一下多代理同时共存的示例.
谢谢.

Why can it only be started once...and then it cannot be started again?
Windows 10
sing-box 1.4.6

按sing-box-examples/VLESS-XTLS-uTLS-REALITY
/sing-box_for_iOS_config_client.json 这里的配置修改 uuid 和其他相关信息后丢进去sing-box ios版。一直出错:
(packet-tunnel) error: start service: open geoip database: invalid argument

Here is my configuration, help me
{
"log": {
"level": "trace",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns_Ley",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "Ley"
},
{
"tag": "dns_direct",
"address": "https://dns.alidns.com/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "direct"
},
{
"tag": "dns_block",
"address": "rcode://success"
},
{
"tag": "dns_resolver",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"domain": "time.apple.com",
"server": "dns_resolver"
},
{
"geosite": "category-ads-all",
"server": "dns_block",
"disable_cache": true
},
{
"geosite": "geolocation-!cn",
"server": "dns_Ley"
},
{
"geosite": [
"cn",
"private"
],
"server": "dns_direct"
},
{
"outbound": "any",
"server": "dns_resolver"
}
]
},
"ntp": {
"enabled": true,
"interval": "30m0s",
"server": "time.apple.com",
"server_port": 123,
"detour": "direct"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"mtu": 1400,
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true,
"strict_route": true,
"include_package": [
"com.google.android.gms",
"com.google.android.gsf",
"com.android.vending",
"com.android.chrome",
"org.telegram.messenger"
],
"stack": "gvisor",
"sniff": true,
"sniff_override_destination": true
}
],
"outbounds": [
{
"type": "selector",
"tag": "Ley",
"outbounds": [
"LeyVN:80",
"LeySG:80",
"LeyVN:443",
"LeySG:443"
],
"default": "LeySG:443"
},
{
"type": "vless",
"tag": "LeyVN:80",
"server": "cloud.ley.vn",
"server_port": 80,
"uuid": "....",
"transport": {
"type": "http",
"path": "/Ley.VN",
"method": "GET",
"headers": {
"Host": "dl.kgvn.garenanow.com"
}
}
},
{
"type": "vless",
"tag": "LeySG:80",
"server": "cloud1.ley.vn",
"server_port": 80,
"uuid": "....",
"transport": {
"type": "http",
"path": "/Ley.VN",
"method": "GET",
"headers": {
"Host": "dl.kgvn.garenanow.com"
}
}
},
{
"type": "trojan",
"tag": "LeyVN:443",
"server": "cloud.ley.vn",
"server_port": 443,
"password": "....4",
"tls": {
"enabled": true,
"server_name": "dl.kgvn.garenanow.com",
"insecure": true
}
},
{
"type": "trojan",
"tag": "LeySG:443",
"server": "cloud1.ley.vn",
"server_port": 443,
"password": "....."
"tls": {
"enabled": true,
"server_name": "dl.kgvn.garenanow.com",
"insecure": true
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db"
},
"geosite": {
"download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db"
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"protocol": "quic",
"outbound": "block"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": "geolocation-!cn"
},
{
"geoip": "cn",
"invert": true
}
],
"outbound": "Ley"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"geosite": "cn"
},
{
"geoip": "cn"
}
],
"outbound": "direct"
},
{
"geosite": "private",
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
}
}

i'm using tun mode
Can you give me an example configuration?
I want to configure LAN.

如果是的话我个人认为将 dns_direct 兜底换为：服务器域名单独加入DNS规则的 dns_direct ，使用 dns_proxy 兜底会更好点，防止DNS泄露的问题。

            {
                "geosite": [
                    "cn",
                    "private"
                ],
                "domain": [  //1*
                    "server.domain"
                ],
                "server": "dns_direct"
            },
            {
                "outbound": [
                    "any"
                ],
                "server": "dns_proxy"
            }

1* The default rule uses the following matching logic

服务器用的是caddy配置的naive，客户端怎么用singbox配置？

大佬,能不能还跟以前的xray配置一样，在示例中把dns跟跟出入站规则啥的加上,最近受您的影响,也转到sing-box了,用的hy协议+vless.可惜弄不好这个DNS跟出入站规则方面,从xray开始一直以来都是抄的您的配置哈哈哈,太菜了我, 另外用sing-box使用hy跟vless协议,不用nginx反代吗,看您这都没有,哈哈哈,麻烦您了.

{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 10808,
"remote_addr": "example.com",
"remote_port": 17386,
"password": [
"XXXXXX"
],
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
}
}

***您好，我试着改写客户端这样的CONFIG.JSON
在DEEPIN LINUX系统下 运行TROJAN客户端，显示找不到证书。
不知 "cert": "", 此处如何填写？
要从VPS上 下载证书到本地吗？

盼赐教。
感谢！！！

客户端为WIN7 64位�[31mFATAL�[0m[0005] start service: initialize inbound/tun[tun-in]: listen tcp4
172.19.0.1:0: bind: The requested address is not valid in its context.

***无法自行解决啊！

Hi

Where are the xray-core examples ?

I want the sample files for Reality-steal-yourself. server.json and nginx.conf.

sing-box 1.4.0-beta.1

sudo pm2 start ./sing-box -n sing-box -- run -c sing-box.json
sudo pm2 save
sudo pm2 startup

在inbond添加：domain strategy 好像性能好一点？从拖动yt播放条看。

please add sing-box to vmess+ws+tsl+cdn server config file.
i use NAT ipv6 vps install sing-box,
i think use vmess+ws+tsl and cloudflare CDN,
but not find all config file.
please give an example of a config file

获取的应该是免费账号吧？好像是有限速~
我想替换成电报群找到的收费key怎么操作

安装教程 hy已经运行在两个小鸡上了，但是安卓的clash一直连不上，试着写了几个 都不行

https://github.com/chika0801/sing-box-examples/blob/main/Shadowsocks/config_server.json