前言
你的软路由到底是用来做旁路由还是主路由?如果是旁路由的话,只用科学上网不妨试试Linux旁路由网关
docker镜像构建
原本是64位的处理器,可惜之前装的32位操作系统,所以只能从Dockerfile自己构建喽
- 拉源码
git clone https://github.com/SagerNet/sing-box.git- 构建镜像
docker build --no-cache -t laningya/sing-box:v1 .docker-compose.yml文件
version: "3.3"
services:
sing-box:
image: laningya/sing-box:v1
container_name: sing-box
restart: always
network_mode: "host"
volumes:
- ./conf:/etc/sing-box/
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- ALL
command: -D /var/lib/sing-box -C /etc/sing-box/ run要开启tun模式,devices和cap_add字段非常重要
一个不错的sing-box配置模板
{
"dns": {
"servers": [
{
"tag": "dns_proxy",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "select"
},
{
"tag": "dns_direct",
"address": "h3://dns.alidns.com/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "direct"
},
{
"tag": "dns_block",
"address": "rcode://refused"
},
{
"tag": "dns_resolver",
"address": "223.5.5.5",
"strategy": "ipv4_only",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "dns_resolver"
},
{
"clash_mode": "direct",
"server": "dns_direct"
},
{
"clash_mode": "global",
"server": "dns_proxy"
},
{
"process_name": [
"TencentMeeting",
"NemoDesktop",
"ToDesk",
"ToDesk_Service",
"WeChat",
"Tailscale",
"wireguard-go",
"Tunnelblick",
"softwareupdated",
"kubectl"
],
"server": "dns_direct"
},
{
"domain_suffix": [
"icloudnative.io",
"fuckcloudnative.io",
"sealos.io",
"cdn.jsdelivr.net"
],
"server": "dns_direct"
},
{
"process_name": [
"DropboxMacUpdate",
"Dropbox"
],
"server": "dns_proxy"
},
{
"package_name": [
"com.google.android.youtube",
"com.android.vending",
"org.telegram.messenger",
"org.telegram.plus"
],
"server": "dns_proxy"
},
{
"rule_set": "geosite-geolocation-!cn",
"server": "dns_proxy"
},
{
"rule_set": "Global",
"server": "dns_proxy"
},
{
"rule_set": [
"YouTube",
"Telegram",
"Netflix",
"geoip-google",
"geoip-telegram",
"geoip-twitter",
"geoip-netflix"
],
"server": "dns_proxy"
}
],
"final": "dns_direct"
},
"ntp": {
"enabled": true,
"server": "time.apple.com",
"server_port": 123,
"interval": "30m0s",
"detour": "direct"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "198.18.0.1/16",
"auto_route": true,
"exclude_package": [
"cmb.pb",
"cn.gov.pbc.dcep",
"com.MobileTicket",
"com.adguard.android",
"com.ainemo.dragoon",
"com.alibaba.android.rimet",
"com.alicloud.databox",
"com.amazing.cloudisk.tv",
"com.autonavi.minimap",
"com.bilibili.app.in",
"com.bishua666.luxxx1",
"com.cainiao.wireless",
"com.chebada",
"com.chinamworld.main",
"com.cmbchina.ccd.pluto.cmbActivity",
"com.coolapk.market",
"com.ctrip.ct",
"com.dianping.v1",
"com.douban.frodo",
"com.eg.android.AlipayGphone",
"com.farplace.qingzhuo",
"com.hanweb.android.zhejiang.activity",
"com.leoao.fitness",
"com.lucinhu.bili_you",
"com.mikrotik.android.tikapp",
"com.moji.mjweather",
"com.motorola.cn.calendar",
"com.motorola.cn.lrhealth",
"com.netease.cloudmusic",
"com.sankuai.meituan",
"com.sina.weibo",
"com.smartisan.notes",
"com.sohu.inputmethod.sogou.moto",
"com.sonelli.juicessh",
"com.ss.android.article.news",
"com.ss.android.lark",
"com.ss.android.ugc.aweme",
"com.tailscale.ipn",
"com.taobao.idlefish",
"com.taobao.taobao",
"com.tencent.mm",
"com.tencent.mp",
"com.tencent.soter.soterserver",
"com.tencent.wemeet.app",
"com.tencent.weread",
"com.tencent.wework",
"com.ttxapps.wifiadb",
"com.unionpay",
"com.unnoo.quan",
"com.wireguard.android",
"com.xingin.xhs",
"com.xunmeng.pinduoduo",
"com.zui.zhealthy",
"ctrip.android.view",
"io.kubenav.kubenav",
"org.geekbang.geekTime",
"tv.danmaku.bili"
],
"stack": "mixed",
"sniff": true
},
{
"type": "socks",
"tag": "socks-in",
"listen": "::",
"listen_port": 5353
}
],
"outbounds": [
{
"type": "selector",
"tag": "select",
"outbounds": [
"trojan-out"
],
"default": "trojan-out"
},
{
"type": "selector",
"tag": "openai",
"outbounds": [
"trojan-out"
],
"default": "trojan-out"
},
{
"type": "selector",
"tag": "tiktok",
"outbounds": [
"trojan-out"
],
"default": "trojan-out"
},
{
"type": "trojan",
"tag": "trojan-out",
"server": "199.180.115.155",
"server_port": 9443,
"password": "5iFHKMrn9Ez//VKh6zChTA==",
"tls": {
"enabled": true,
"server_name": "ss.icloudnative.io",
"insecure": true,
"utls": {
"fingerprint": "chrome"
}
},
"multiplex": {
"protocol": "h2mux",
"max_connections": 4,
"min_streams": 4
},
"transport": {
"type": "grpc",
"service_name": "TunService"
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"clash_mode": "direct",
"outbound": "direct"
},
{
"clash_mode": "global",
"outbound": "select"
},
{
"domain_suffix": [
"icloudnative.io",
"fuckcloudnative.io",
"sealos.io",
"cdn.jsdelivr.net"
],
"outbound": "direct"
},
{
"process_name": [
"TencentMeeting",
"NemoDesktop",
"ToDesk",
"ToDesk_Service",
"WeChat",
"OpenLens",
"Tailscale",
"wireguard-go",
"Tunnelblick",
"softwareupdated",
"kubectl"
],
"outbound": "direct"
},
{
"protocol": "quic",
"outbound": "block"
},
{
"inbound": "socks-in",
"outbound": "select"
},
{
"rule_set": [
"WeChat",
"Bilibili"
],
"outbound": "direct"
},
{
"rule_set": "OpenAI",
"outbound": "openai"
},
{
"domain_suffix": [
"openai.com",
"oaistatic.com",
"oaiusercontent.com"
],
"outbound": "openai"
},
{
"package_name": "com.openai.chatgpt",
"outbound": "openai"
},
{
"rule_set": "TikTok",
"outbound": "tiktok"
},
{
"package_name": "com.zhiliaoapp.musically",
"outbound": "tiktok"
},
{
"domain_suffix": [
"depay.one",
"orbstack.dev"
],
"outbound": "select"
},
{
"process_name": [
"DropboxMacUpdate",
"Dropbox"
],
"outbound": "select"
},
{
"package_name": [
"com.google.android.youtube",
"com.android.vending",
"org.telegram.messenger",
"org.telegram.plus",
"com.google.android.googlequicksearchbox",
"app.rvx.android.youtube",
"com.mudvod.video",
"com.fox2code.mmm",
"com.twitter.android"
],
"outbound": "select"
},
{
"domain": "accounts.google.com",
"domain_suffix": [
"sourceforge.net",
"fhjasokiwq.com"
],
"outbound": "select"
},
{
"domain_suffix": "cloud.sealos.io",
"outbound": "direct"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"rule_set": "geosite-geolocation-!cn"
},
{
"rule_set": "geoip-cn",
"invert": true
}
],
"outbound": "select"
},
{
"rule_set": "Global",
"outbound": "select"
},
{
"rule_set": "geoip-cn",
"outbound": "direct"
},
{
"ip_is_private": true,
"outbound": "direct"
},
{
"rule_set": [
"YouTube",
"Telegram",
"Netflix",
"geoip-google",
"geoip-telegram",
"geoip-twitter",
"geoip-netflix"
],
"outbound": "select"
}
],
"rule_set": [
{
"type": "remote",
"tag": "geosite-geolocation-!cn",
"format": "binary",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-cn",
"format": "binary",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-cn.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-google",
"format": "binary",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-google.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-telegram",
"format": "binary",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-telegram.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-twitter",
"format": "binary",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-twitter.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "geoip-netflix",
"format": "binary",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/CHIZI-0618/v2ray-rules-dat/release/singbox_ip_rule_set/geoip-netflix.srs",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Global",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Global.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "YouTube",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/YouTube.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "OpenAI",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/OpenAI.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "TikTok",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/TikTok.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Telegram",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Telegram.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Netflix",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Netflix.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "WeChat",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/WeChat.json",
"download_detour": "direct"
},
{
"type": "remote",
"tag": "Bilibili",
"format": "source",
"url": "https://mirror.ghproxy.com/https://raw.githubusercontent.com/yangchuansheng/sing-box-geosite/main/rule/Bilibili.json",
"download_detour": "direct"
}
],
"final": "direct",
"find_process": true,
"auto_detect_interface": true
},
"experimental": {
"cache_file": {
"enabled": true
},
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui": "metacubexd",
"external_ui_download_url": "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip",
"external_ui_download_detour": "select",
"default_mode": "rule"
}
}
}
开启内核转发并关闭防火墙
echo 1 > /proc/sys/net/ipv4/ip_forward
ufw disable