- Published on
vps上使用sing-box
- Authors
- Name
- JiGu
- @crypto20x
买了阿里99一年的vps,想在上面进行开发工作,需要访问github。由于众所周知的原因直接访问不了的,那么通过sing-box开启tun模式就可以访问github了。
下面是配置:
{
"dns": {
"independent_cache": true,
"rules": [
{
"domain": [],
"domain_keyword": [
"bing"
],
"domain_regex": [],
"domain_suffix": [
"bing.com"
],
"geosite": [],
"server": "dns-remote"
},
{
"domain": [
],
"domain_keyword": [
],
"domain_regex": [],
"domain_suffix": [
],
"geosite": [
"cn"
],
"server": "dns-direct"
}
],
"servers": [
{
"address": "https://8.8.8.8/dns-query",
"address_resolver": "dns-local",
"detour": "proxy",
"strategy": "",
"tag": "dns-remote"
},
{
"address": "114.114.114.114", // <---- 这里必须设置
"address_resolver": "dns-local",
"detour": "direct",
"strategy": "",
"tag": "dns-direct"
},
{
"address": "local",
"detour": "direct",
"tag": "dns-local"
}
]
},
"inbounds": [
{
"type": "tun",
"interface_name": "tun123",
"inet4_address": "172.19.0.1/28",
"mtu": 9000,
"auto_route": true,
"strict_route": false,
"stack": "system",
"endpoint_independent_nat": false,
"sniff": true
}
],
"log": {
"level": "error"
},
"outbounds": [
{
"alter_id": 0,
"domain_strategy": "",
"security": "auto",
"server": "xxx.com",
"server_port": 443,
"tag": "proxy_us",
"tls": {
"enabled": true
},
"transport": {
"headers": {
"Host": "xxx.com"
},
"path": "/xxx123xxxx",
"type": "ws"
},
"type": "vmess",
"uuid": "6xxxxx-xxx-xxxxxx"
},
{
"alter_id": 0,
"domain_strategy": "",
"security": "auto",
"server": "xxx.xxx.xxx.xxx",
"server_port": 123,
"tag": "proxy",
"transport": {
"type": "ws"
},
"type": "vmess",
"uuid": "xxx-xxx-xxxx-xxx"
},
{
"tag": "direct",
"type": "direct"
},
{
"tag": "bypass",
"type": "direct"
},
{
"tag": "block",
"type": "block"
}
,
{
"tag": "dns-out",
"type": "dns"
}
],
"route": {
"final": "proxy",
"auto_detect_interface": true,
"rules": [
{
"outbound": "dns-out",
"protocol": "dns"
},
{
"geoip": [],
"ip_cidr": [
"192.168.123.0/24"
],
"outbound": "proxy_home"
},
{
"geoip": [
"cn",
"private"
],
"ip_cidr": [],
"outbound": "direct"
},
{
"domain": [],
"domain_keyword": [],
"domain_regex": [],
"domain_suffix": [
"appcenter.ms",
"app-measurement.com",
"firebase.io",
"crashlytics.com",
"google-analytics.com"
],
"geosite": [
"category-ads-all"
],
"outbound": "block"
},
{
"domain": [],
"domain_keyword": [
"bing"
],
"domain_regex": [],
"domain_suffix": [
"bing.com"
],
"geosite": [],
"outbound": "proxy_us"
},
{
"domain": [
"23.test",
"24.test",
"31.test"
],
"domain_keyword": [
"wsl2host",
"ip.top",
"speech.platform.bing.com"
],
"domain_regex": [],
"domain_suffix": [
],
"geosite": [
"cn"
],
"outbound": "bypass"
},
{
"network": "udp",
"outbound": "block",
"port": [
135,
137,
138,
139,
5353
]
},
{
"ip_cidr": [
"224.0.0.0/3",
"ff00::/8"
],
"outbound": "block"
},
{
"outbound": "block",
"source_ip_cidr": [
"224.0.0.0/3",
"ff00::/8"
]
}
,
{
"port": 53,
"process_name": [
"sing-box.exe",
"sing-box"
],
"outbound": "dns-out"
},
{
"process_name": [
"sing-box.exe",
"sing-box",
"RustDesk.exe"
],
"outbound": "direct"
}
]
}
}
上面的配置有多个出站设置,可以在rule里配置,域名,ip,走不同的出口。在dns-direct那,一定要显性设置直连的dns服务器,例如:114.114.114.114
后面发现这样设置有一个问题,在运行apt update的时候会无法解析域名,我的vps是阿里云,会访问 mirrors.cloud.aliyuncs.com 这个url,然而这个url解析的ip是内网地址,导致无法解析。 需将那一项设置为dhcp://auto即可正常,局域网,国内都解析正常。 github issue
docker的服务无法从外网访问
在tun配置处,添加 "exclude_interface": "docker0",绕过docker的网桥,如果是docker-compose部署,会自动生成一个br-xxxx随机字符的网卡,自行添加即可。
process_name进程名匹配不生效
将process_name的匹配项放到rules数组的最前面,规则是从数组0开始匹配,匹配到就转发。dns-out应放在最后匹配。