{"config":{"lang":["en","zh"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":"

Welcome to the wiki page for the sing-box project.

The universal proxy platform.

"},{"location":"#license","title":"License","text":"
Copyright (C) 2022 by nekohasekai <contact-sagernet@sekai.icu>\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program. If not, see <http://www.gnu.org/licenses/>.\n\nIn addition, no derivative work may use the name or imply association\nwith this application without prior consent.\n
"},{"location":"changelog/","title":"Change Log","text":""},{"location":"changelog/#1110-beta4","title":"1.11.0-beta.4","text":"

1:

See Hysteria2.

"},{"location":"changelog/#1103","title":"1.10.3","text":""},{"location":"changelog/#1110-alpha25","title":"1.11.0-alpha.25","text":""},{"location":"changelog/#1110-alpha22","title":"1.11.0-alpha.22","text":"

1:

See Rule Action.

"},{"location":"changelog/#1110-alpha20","title":"1.11.0-alpha.20","text":"

1:

For WireGuard outbound and endpoint, GSO will be automatically enabled when available, see WireGuard Outbound.

For TUN, GSO has been removed, see Deprecated.

"},{"location":"changelog/#1110-alpha19","title":"1.11.0-alpha.19","text":"

1:

The new WireGuard endpoint combines inbound and outbound capabilities, and the old outbound will be removed in sing-box 1.13.0.

See Endpoint, WireGuard Endpoint and Migrate WireGuard outbound fields to route options.

"},{"location":"changelog/#1102","title":"1.10.2","text":""},{"location":"changelog/#1110-alpha18","title":"1.11.0-alpha.18","text":""},{"location":"changelog/#1110-alpha16","title":"1.11.0-alpha.16","text":"

1:

See DNS.

2:

See Rule Action and Migrate destination override fields to route options.

"},{"location":"changelog/#1110-alpha15","title":"1.11.0-alpha.15","text":"

1:

New options allow you to configure the network strategy flexibly.

See Dial Fields, Rule Action and Route.

"},{"location":"changelog/#1110-alpha14","title":"1.11.0-alpha.14","text":"

1:

Similar to Surge's strategy.

New options allow you to connect using multiple network interfaces, prefer or only use one type of interface, and configure a timeout to fallback to other interfaces.

See Dial Fields, Rule Action and Route.

"},{"location":"changelog/#1110-alpha13","title":"1.11.0-alpha.13","text":""},{"location":"changelog/#1110-alpha12","title":"1.11.0-alpha.12","text":"

1:

Route options in DNS route actions will no longer be considered deprecated, see DNS Route Action.

Also, now udp_disable_domain_unmapping and udp_connect can also be configured in route action, see Route Action.

2:

When using in graphical clients, new routing rule items allow you to match on network type (WIFI, cellular, etc.), whether the network is expensive, and whether Low Data Mode is enabled.

See Route Rule, DNS Route Rule and Headless Rule.

"},{"location":"changelog/#1110-alpha9","title":"1.11.0-alpha.9","text":"

1:

When gvisor tun stack is enabled, even if the request passes routing, if the outbound connection establishment fails, the connection still does not need to be established and a TCP RST is replied.

"},{"location":"changelog/#1110-alpha7","title":"1.11.0-alpha.7","text":"

1:

New rule actions replace legacy inbound fields and special outbound fields, and can be used for pre-matching 2.

See Rule, Rule Action, DNS Rule and DNS Rule Action.

For migration, see Migrate legacy special outbounds to rule actions, Migrate legacy inbound fields to rule actions and Migrate legacy DNS route options to rule actions.

2:

Similar to Surge's pre-matching.

Specifically, new rule actions allow you to reject connections with TCP RST (for TCP connections) and ICMP port unreachable (for UDP packets) before connection established to improve tun's compatibility.

See Rule Action.

"},{"location":"changelog/#1110-alpha6","title":"1.11.0-alpha.6","text":""},{"location":"changelog/#1110-alpha2","title":"1.11.0-alpha.2","text":""},{"location":"changelog/#1110-alpha1","title":"1.11.0-alpha.1","text":""},{"location":"changelog/#1101","title":"1.10.1","text":""},{"location":"changelog/#1100","title":"1.10.0","text":"

Important changes since 1.9:

1:

The new auto-redirect feature allows TUN to automatically configure connection redirection to improve proxy performance.

When auto-redirect is enabled, new route address set options will allow you to automatically configure destination IP CIDR rules from a specified rule set to the firewall.

Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).

See TUN.

2:

The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.

See AdGuard DNS Filter.

3:

See Migration.

4:

See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.

5:

Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.

6:

BitTorrent, DTLS, RDP, SSH sniffers are added.

Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).

7:

The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.

8:

With new access control options, not only can you allow Clash dashboards to access the Clash API on your local network, you can also manually limit the websites that can access the API instead of allowing everyone.

See Clash API.

9:

See DNS Rule.

10:

sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. mv).

This affects all path options that support reload, including tls.certificate_path, tls.key_path, tls.ech.key_path and rule_set.path.

11:

Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.

12:

See Source Format.

"},{"location":"changelog/#197","title":"1.9.7","text":""},{"location":"changelog/#1100-beta11","title":"1.10.0-beta.11","text":"

1:

Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.

"},{"location":"changelog/#1100-beta10","title":"1.10.0-beta.10","text":"

The macOS standalone versions of sing-box (>=1.9.5/<1.10.0-beta.11) now silently fail and require manual granting of the Full Disk Access permission to system extension to start, probably due to Apple's changed security policy. We will prompt users about this in feature versions.

"},{"location":"changelog/#196","title":"1.9.6","text":""},{"location":"changelog/#195","title":"1.9.5","text":"

1:

See Migration.

We are still working on getting all sing-box apps back on the App Store, which should be completed within a week (SFI on the App Store and others on TestFlight are already available).

"},{"location":"changelog/#1100-beta8","title":"1.10.0-beta.8","text":"

With the help of a netizen, we are in the process of getting sing-box apps back on the App Store, which should be completed within a month (TestFlight is already available).

"},{"location":"changelog/#1100-beta7","title":"1.10.0-beta.7","text":""},{"location":"changelog/#1100-beta6","title":"1.10.0-beta.6","text":""},{"location":"changelog/#1100-beta5","title":"1.10.0-beta.5","text":""},{"location":"changelog/#1100-beta3","title":"1.10.0-beta.3","text":""},{"location":"changelog/#1100-beta2","title":"1.10.0-beta.2","text":""},{"location":"changelog/#194","title":"1.9.4","text":"

Due to problems with our Apple developer account, sing-box apps on Apple platforms are temporarily unavailable for download or update. If your company or organization is willing to help us return to the App Store, please contact us.

"},{"location":"changelog/#1100-alpha29","title":"1.10.0-alpha.29","text":""},{"location":"changelog/#1100-alpha25","title":"1.10.0-alpha.25","text":"

1:

The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.

See AdGuard DNS Filter.

"},{"location":"changelog/#1100-alpha23","title":"1.10.0-alpha.23","text":"

1:

Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).

See Protocol Sniff and Route Rule.

"},{"location":"changelog/#1100-alpha22","title":"1.10.0-alpha.22","text":"

1:

See Source Format.

"},{"location":"changelog/#1100-alpha20","title":"1.10.0-alpha.20","text":""},{"location":"changelog/#1100-alpha19","title":"1.10.0-alpha.19","text":""},{"location":"changelog/#1100-alpha18","title":"1.10.0-alpha.18","text":"

1:

The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.

2:

sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. mv).

This affects all path options that support reload, including tls.certificate_path, tls.key_path, tls.ech.key_path and rule_set.path.

"},{"location":"changelog/#1100-alpha17","title":"1.10.0-alpha.17","text":"

1:

Something may be broken, please actively report problems with this version.

2:

rule_set_ipcidr_match_source route and DNS rule items are renamed to rule_set_ip_cidr_match_source and will be remove in sing-box 1.11.0.

3:

See DNS Rule.

"},{"location":"changelog/#1100-alpha16","title":"1.10.0-alpha.16","text":"

1:

See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.

"},{"location":"changelog/#1100-alpha13","title":"1.10.0-alpha.13","text":"

1:

See Migration.

2:

The new feature will allow you to configure the destination IP CIDR rules in the specified rule-sets to the firewall automatically.

Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).

See route_address_set and route_exclude_address_set.

"},{"location":"changelog/#1100-alpha12","title":"1.10.0-alpha.12","text":""},{"location":"changelog/#193","title":"1.9.3","text":""},{"location":"changelog/#1100-alpha10","title":"1.10.0-alpha.10","text":""},{"location":"changelog/#192","title":"1.9.2","text":""},{"location":"changelog/#1100-alpha8","title":"1.10.0-alpha.8","text":"

1:

Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.

"},{"location":"changelog/#191","title":"1.9.1","text":""},{"location":"changelog/#1100-alpha7","title":"1.10.0-alpha.7","text":""},{"location":"changelog/#1100-alpha5","title":"1.10.0-alpha.5","text":"

1:

nftables support and DNS hijacking has been added.

Tun inbounds with auto_route and auto_redirect now works as expected on routers without intervention.

"},{"location":"changelog/#1100-alpha4","title":"1.10.0-alpha.4","text":"

1:

Tun inbounds with auto_route and auto_redirect now works as expected on routers.

2:

Tun inbounds with auto_route and strict_route now works as expected on routers and servers, but the usages of exclude_interface need to be updated.

"},{"location":"changelog/#1100-alpha2","title":"1.10.0-alpha.2","text":"

1:

Linux support are added.

See Tun.

"},{"location":"changelog/#1100-alpha1","title":"1.10.0-alpha.1","text":"

1:

It allows you to use redirect inbound in the sing-box Android client and automatically configures IPv4 TCP redirection via su.

This may alleviate the symptoms of some OCD patients who think that redirect can effectively save power compared to the system HTTP Proxy.

See Redirect.

2:

See Protocol Sniff.

"},{"location":"changelog/#190","title":"1.9.0","text":"

Important changes since 1.8:

1:

See Migration.

2:

See Migration.

3:

The new DNS feature allows you to more precisely bypass Chinese websites via DNS leaks. Do not use plain local DNS if using this method.

See Address Filter Fields.

Client example updated.

4:

See DNS, DNS Server and DNS Rules.

Since this feature makes the scenario mentioned in alpha.1 no longer leak DNS requests, the Client example has been updated.

5:

The new feature allows you to cache the check results of Address filter DNS rule items until expiration.

6:

See TUN inbound.

7:

See DNS Rule.

8:

See TunnelVision.

"},{"location":"changelog/#190-rc22","title":"1.9.0-rc.22","text":""},{"location":"changelog/#190-rc20","title":"1.9.0-rc.20","text":""},{"location":"changelog/#1814","title":"1.8.14","text":""},{"location":"changelog/#190-rc18","title":"1.9.0-rc.18","text":""},{"location":"changelog/#190-rc16","title":"1.9.0-rc.16","text":"

1:

See TunnelVision.

"},{"location":"changelog/#190-rc15","title":"1.9.0-rc.15","text":""},{"location":"changelog/#1813","title":"1.8.13","text":""},{"location":"changelog/#190-rc14","title":"1.9.0-rc.14","text":""},{"location":"changelog/#190-rc13","title":"1.9.0-rc.13","text":""},{"location":"changelog/#1812","title":"1.8.12","text":"

1:

Including stable and beta versions, see https://sing-box.sagernet.org/installation/package-manager/

"},{"location":"changelog/#190-rc11","title":"1.9.0-rc.11","text":""},{"location":"changelog/#1811","title":"1.8.11","text":""},{"location":"changelog/#1810","title":"1.8.10","text":""},{"location":"changelog/#190-beta17","title":"1.9.0-beta.17","text":""},{"location":"changelog/#190-beta16","title":"1.9.0-beta.16","text":"

Our Testflight distribution has been temporarily blocked by Apple (possibly due to too many beta versions) and you cannot join the test, install or update the sing-box beta app right now. Please wait patiently for processing.

"},{"location":"changelog/#190-beta14","title":"1.9.0-beta.14","text":""},{"location":"changelog/#189","title":"1.8.9","text":""},{"location":"changelog/#188","title":"1.8.8","text":""},{"location":"changelog/#190-beta7","title":"1.9.0-beta.7","text":""},{"location":"changelog/#190-beta6","title":"1.9.0-beta.6","text":"

1:

Fixed an issue where address filter DNS rule was incorrectly rejected under certain circumstances. If you have enabled store_rdrc to save results, consider clearing the cache file.

"},{"location":"changelog/#187","title":"1.8.7","text":""},{"location":"changelog/#190-alpha15","title":"1.9.0-alpha.15","text":""},{"location":"changelog/#190-alpha14","title":"1.9.0-alpha.14","text":""},{"location":"changelog/#190-alpha13","title":"1.9.0-alpha.13","text":""},{"location":"changelog/#186","title":"1.8.6","text":""},{"location":"changelog/#190-alpha12","title":"1.9.0-alpha.12","text":""},{"location":"changelog/#190-alpha11","title":"1.9.0-alpha.11","text":"

1:

See DNS Rule.

"},{"location":"changelog/#190-alpha10","title":"1.9.0-alpha.10","text":"

1:

See TUN inbound.

"},{"location":"changelog/#190-alpha8","title":"1.9.0-alpha.8","text":"

1:

The new feature allows you to cache the check results of Address filter DNS rule items until expiration.

"},{"location":"changelog/#190-alpha7","title":"1.9.0-alpha.7","text":""},{"location":"changelog/#190-alpha6","title":"1.9.0-alpha.6","text":""},{"location":"changelog/#190-alpha3","title":"1.9.0-alpha.3","text":""},{"location":"changelog/#190-alpha2","title":"1.9.0-alpha.2","text":"

1:

See DNS, DNS Server and DNS Rules.

Since this feature makes the scenario mentioned in alpha.1 no longer leak DNS requests, the Client example has been updated.

"},{"location":"changelog/#190-alpha1","title":"1.9.0-alpha.1","text":"

1:

See Migration.

2:

See Migration.

3:

The new DNS feature allows you to more precisely bypass Chinese websites via DNS leaks. Do not use plain local DNS if using this method.

See Address Filter Fields.

Client example updated.

"},{"location":"changelog/#185","title":"1.8.5","text":""},{"location":"changelog/#184","title":"1.8.4","text":""},{"location":"changelog/#182","title":"1.8.2","text":""},{"location":"changelog/#181","title":"1.8.1","text":""},{"location":"changelog/#180","title":"1.8.0","text":"

Important changes since 1.7:

1:

See Cache File and Migration.

2:

rule-set is independent collections of rules that can be compiled into binaries to improve performance. Compared to legacy GeoIP and Geosite resources, it can include more types of rules, load faster, use less memory, and update automatically.

See Route#rule_set, Route Rule, DNS Rule, rule-set, Source Format and Headless Rule.

For GEO resources migration, see Migrate GeoIP to rule-sets and Migrate Geosite to rule-sets.

3:

New commands manage GeoIP, Geosite and rule-set resources, and help you migrate GEO resources to rule-sets.

4:

Logical rules in route rules, DNS rules, and the new headless rule now allow nesting of logical rules.

5:

The private GeoIP country never existed and was actually implemented inside V2Ray. Since GeoIP was deprecated, we made this rule independent, see Migration.

6:

JSON parse errors will now include the current key path. Only takes effect when compiled with Go 1.21+.

7:

All internal DNS queries now skip DNS rules with server type fakeip, and the default DNS server can no longer be fakeip.

This change is intended to break incorrect usage and essentially requires no action.

8:

See TUN inbound and WireGuard outbound.

9:

When URLTest is idle for a certain period of time, the scheduled delay test will be paused.

10:

Added some new fingerprints. Also, starting with this release, uTLS requires at least Go 1.20.

11:

Updated cloudflare-tls, gomobile, smux, tfo-go and wireguard-go to latest, quic-go to 0.40.1 and gvisor to 20231204.0

"},{"location":"changelog/#180-rc11","title":"1.8.0-rc.11","text":""},{"location":"changelog/#178","title":"1.7.8","text":""},{"location":"changelog/#180-rc10","title":"1.8.0-rc.10","text":""},{"location":"changelog/#177","title":"1.7.7","text":"

1:

See V2Ray transport.

"},{"location":"changelog/#180-rc7","title":"1.8.0-rc.7","text":""},{"location":"changelog/#180-rc3","title":"1.8.0-rc.3","text":"

1:

See V2Ray transport.

"},{"location":"changelog/#176","title":"1.7.6","text":""},{"location":"changelog/#180-rc1","title":"1.8.0-rc.1","text":""},{"location":"changelog/#180-beta9","title":"1.8.0-beta.9","text":""},{"location":"changelog/#175","title":"1.7.5","text":""},{"location":"changelog/#180-alpha17","title":"1.8.0-alpha.17","text":"

1:

See TUN inbound and WireGuard outbound.

2:

Added some new fingerprints. Also, starting with this release, uTLS requires at least Go 1.20.

3:

Updated cloudflare-tls, gomobile, smux, tfo-go and wireguard-go to latest, and gvisor to 20231204.0

This may break something, good luck!

"},{"location":"changelog/#174","title":"1.7.4","text":"

Due to the long waiting time, this version is no longer waiting for approval by the Apple App Store, so updates to Apple Platforms will be delayed.

"},{"location":"changelog/#180-alpha16","title":"1.8.0-alpha.16","text":""},{"location":"changelog/#180-alpha15","title":"1.8.0-alpha.15","text":"

1:

Designed to optimize memory usage of idle connections, may take effect on the following protocols:

Protocol TCP UDP HTTP proxy server / SOCKS5 Shadowsocks none/AEAD/AEAD2022 Trojan / TUIC/Hysteria/Hysteria2 Multiplex Plain TLS (Trojan/VLESS without extra sub-protocols) / Other protocols

At the same time, everything existing may be broken, please actively report problems with this version.

"},{"location":"changelog/#180-alpha13","title":"1.8.0-alpha.13","text":""},{"location":"changelog/#180-alpha10","title":"1.8.0-alpha.10","text":"

1:

When URLTest is idle for a certain period of time, the scheduled delay test will be paused.

"},{"location":"changelog/#172","title":"1.7.2","text":""},{"location":"changelog/#180-alpha8","title":"1.8.0-alpha.8","text":"

1:

JSON parse errors will now include the current key path. Only takes effect when compiled with Go 1.21+.

2:

All internal DNS queries now skip DNS rules with server type fakeip, and the default DNS server can no longer be fakeip.

This change is intended to break incorrect usage and essentially requires no action.

"},{"location":"changelog/#180-alpha7","title":"1.8.0-alpha.7","text":""},{"location":"changelog/#171","title":"1.7.1","text":""},{"location":"changelog/#180-alpha6","title":"1.8.0-alpha.6","text":"

1:

Now the rules in the rule_set rule item can be logically considered to be merged into the rule using rule-sets, rather than completely following the AND logic.

"},{"location":"changelog/#180-alpha5","title":"1.8.0-alpha.5","text":"

1:

The private GeoIP country never existed and was actually implemented inside V2Ray. Since GeoIP was deprecated, we made this rule independent, see Migration.

"},{"location":"changelog/#180-alpha1","title":"1.8.0-alpha.1","text":"

1:

See Cache File and Migration.

2:

rule-set is independent collections of rules that can be compiled into binaries to improve performance. Compared to legacy GeoIP and Geosite resources, it can include more types of rules, load faster, use less memory, and update automatically.

See Route#rule_set, Route Rule, DNS Rule, rule-set, Source Format and Headless Rule.

For GEO resources migration, see Migrate GeoIP to rule-sets and Migrate Geosite to rule-sets.

3:

New commands manage GeoIP, Geosite and rule-set resources, and help you migrate GEO resources to rule-sets.

4:

Logical rules in route rules, DNS rules, and the new headless rule now allow nesting of logical rules.

"},{"location":"changelog/#170","title":"1.7.0","text":"

Important changes since 1.6:

1:

If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.

This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.

2:

Introduced in V2Ray 5.10.0.

The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.

3:

Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.

4

Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see TCP Brutal for details.

5:

Only supported in graphical clients on Android and Apple platforms.

"},{"location":"changelog/#170-rc3","title":"1.7.0-rc.3","text":""},{"location":"changelog/#167","title":"1.6.7","text":""},{"location":"changelog/#170-rc2","title":"1.7.0-rc.2","text":""},{"location":"changelog/#166","title":"1.6.6","text":""},{"location":"changelog/#170-rc1","title":"1.7.0-rc.1","text":""},{"location":"changelog/#170-beta5","title":"1.7.0-beta.5","text":""},{"location":"changelog/#170-beta4","title":"1.7.0-beta.4","text":"

1:

Only supported in graphical clients on Android and Apple platforms.

"},{"location":"changelog/#170-beta3","title":"1.7.0-beta.3","text":""},{"location":"changelog/#165","title":"1.6.5","text":""},{"location":"changelog/#170-beta2","title":"1.7.0-beta.2","text":""},{"location":"changelog/#164","title":"1.6.4","text":""},{"location":"changelog/#170-beta1","title":"1.7.0-beta.1","text":""},{"location":"changelog/#163","title":"1.6.3","text":""},{"location":"changelog/#170-alpha11","title":"1.7.0-alpha.11","text":""},{"location":"changelog/#170-alpha10","title":"1.7.0-alpha.10","text":""},{"location":"changelog/#162","title":"1.6.2","text":""},{"location":"changelog/#161","title":"1.6.1","text":""},{"location":"changelog/#170-alpha6","title":"1.7.0-alpha.6","text":""},{"location":"changelog/#170-alpha4","title":"1.7.0-alpha.4","text":"

1:

Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.

2

Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see TCP Brutal for details.

"},{"location":"changelog/#170-alpha3","title":"1.7.0-alpha.3","text":"

1:

Introduced in V2Ray 5.10.0.

The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.

"},{"location":"changelog/#160","title":"1.6.0","text":"

Important changes since 1.5:

1:

None of the existing Golang BBR congestion control implementations have been reviewed or unit tested. This update is intended to address the multi-send defects of the old implementation and may introduce new issues.

2

Based on discussions with the original author, the brutal CC and QUIC protocol parameters of the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2

"},{"location":"changelog/#170-alpha2","title":"1.7.0-alpha.2","text":""},{"location":"changelog/#170-alpha1","title":"1.7.0-alpha.1","text":"

1:

If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.

This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.

"},{"location":"changelog/#155","title":"1.5.5","text":"

1:

When auto_route is enabled and strict_route is disabled, the device can now be reached from external IPv6 addresses.

2:

Built using Go 1.20, the last version that will run on Windows 7, 8, Server 2008, Server 2012 and macOS 10.13 High Sierra, 10.14 Mojave.

"},{"location":"changelog/#160-rc4","title":"1.6.0-rc.4","text":""},{"location":"changelog/#160-rc1","title":"1.6.0-rc.1","text":"

1:

Built using Go 1.20, the last version that will run on Windows 7, 8, Server 2008, Server 2012 and macOS 10.13 High Sierra, 10.14 Mojave.

"},{"location":"changelog/#160-beta4","title":"1.6.0-beta.4","text":"

1:

When auto_route is enabled and strict_route is disabled, the device can now be reached from external IPv6 addresses.

"},{"location":"changelog/#154","title":"1.5.4","text":""},{"location":"changelog/#160-beta3","title":"1.6.0-beta.3","text":"

1

Based on discussions with the original author, the brutal CC and QUIC protocol parameters of the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2

"},{"location":"changelog/#160-beta2","title":"1.6.0-beta.2","text":""},{"location":"changelog/#160-beta3_1","title":"1.6.0-beta.3","text":"

1

Based on discussions with the original author, the brutal CC and QUIC protocol parameters of the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2

"},{"location":"changelog/#160-beta2_1","title":"1.6.0-beta.2","text":""},{"location":"changelog/#153","title":"1.5.3","text":""},{"location":"changelog/#160-beta1","title":"1.6.0-beta.1","text":""},{"location":"changelog/#160-alpha5","title":"1.6.0-alpha.5","text":"

1:

None of the existing Golang BBR congestion control implementations have been reviewed or unit tested. This update is intended to fix a memory leak flaw in the new implementation introduced in 1.6.0-alpha.1 and may introduce new issues.

"},{"location":"changelog/#160-alpha4","title":"1.6.0-alpha.4","text":""},{"location":"changelog/#152","title":"1.5.2","text":""},{"location":"changelog/#160-alpha3","title":"1.6.0-alpha.3","text":""},{"location":"changelog/#160-alpha2","title":"1.6.0-alpha.2","text":""},{"location":"changelog/#151","title":"1.5.1","text":""},{"location":"changelog/#160-alpha1","title":"1.6.0-alpha.1","text":"

1:

None of the existing Golang BBR congestion control implementations have been reviewed or unit tested. This update is intended to address the multi-send defects of the old implementation and may introduce new issues.

"},{"location":"changelog/#150","title":"1.5.0","text":"

Important changes since 1.4:

1:

Command: sing-box generate ech-keypair <plain_server_name> [--pq-signature-schemes-enabled]

2:

All inbounds and outbounds are supported, including Naiveproxy, Hysteria[/2], TUIC and V2ray QUIC transport.

3:

See Hysteria2 inbound and Hysteria2 outbound

For protocol description, please refer to https://v2.hysteria.network

4:

Interrupt existing connections when the selected outbound has changed.

Only inbound connections are affected by this setting, internal connections will always be interrupted.

5:

Only Alibaba Cloud DNS and Cloudflare are supported, see ACME Fields and DNS01 Challenge Fields.

6:

This command also parses path resources that appear in the configuration file and replaces them with embedded configuration, such as TLS certificates or SSH private keys.

"},{"location":"changelog/#150-rc6","title":"1.5.0-rc.6","text":""},{"location":"changelog/#146","title":"1.4.6","text":""},{"location":"changelog/#150-rc5","title":"1.5.0-rc.5","text":"

Security Advisory

This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user authentication in an insecure environment are advised to update immediately.

\u6b64\u66f4\u65b0\u4fee\u590d\u4e86 sing-box SOCKS \u5165\u7ad9\u4e2d\u7684\u4e00\u4e2a\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002 \u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5236\u4f5c\u7279\u6b8a\u8bf7\u6c42\u6765\u7ed5\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u3002\u5efa\u8bae\u6240\u6709\u5c06\u4f7f\u7528\u7528\u6237\u8ba4\u8bc1\u7684 SOCKS \u670d\u52a1\u5668\u66b4\u9732\u5728\u4e0d\u5b89\u5168\u73af\u5883\u4e0b\u7684\u7528\u6237\u7acb\u66f4\u65b0\u3002

"},{"location":"changelog/#145","title":"1.4.5","text":"

Security Advisory

This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user authentication in an insecure environment are advised to update immediately.

\u6b64\u66f4\u65b0\u4fee\u590d\u4e86 sing-box SOCKS \u5165\u7ad9\u4e2d\u7684\u4e00\u4e2a\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002 \u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5236\u4f5c\u7279\u6b8a\u8bf7\u6c42\u6765\u7ed5\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u3002\u5efa\u8bae\u6240\u6709\u5c06\u4f7f\u7528\u7528\u6237\u8ba4\u8bc1\u7684 SOCKS \u670d\u52a1\u5668\u66b4\u9732\u5728\u4e0d\u5b89\u5168\u73af\u5883\u4e0b\u7684\u7528\u6237\u7acb\u66f4\u65b0\u3002

"},{"location":"changelog/#150-rc3","title":"1.5.0-rc.3","text":""},{"location":"changelog/#150-beta12","title":"1.5.0-beta.12","text":"

1:

This command also parses path resources that appear in the configuration file and replaces them with embedded configuration, such as TLS certificates or SSH private keys.

Merge configurations\n\nUsage:\n  sing-box merge [output] [flags]\n\nFlags:\n  -h, --help   help for merge\n\nGlobal Flags:\n  -c, --config stringArray             set configuration file path\n  -C, --config-directory stringArray   set configuration directory path\n  -D, --directory string               set working directory\n      --disable-color                  disable color output\n
"},{"location":"changelog/#150-beta11","title":"1.5.0-beta.11","text":"

1:

Only Alibaba Cloud DNS and Cloudflare are supported, see ACME Fields and DNS01 Challenge Fields.

"},{"location":"changelog/#150-beta10","title":"1.5.0-beta.10","text":"

1:

Interrupt existing connections when the selected outbound has changed.

Only inbound connections are affected by this setting, internal connections will always be interrupted.

"},{"location":"changelog/#143","title":"1.4.3","text":""},{"location":"changelog/#150-beta8","title":"1.5.0-beta.8","text":""},{"location":"changelog/#142","title":"1.4.2","text":""},{"location":"changelog/#150-beta6","title":"1.5.0-beta.6","text":""},{"location":"changelog/#150-beta3","title":"1.5.0-beta.3","text":"

1:

Added notes indicating compatibility issues with the official Hysteria2 server and client when using fastOpen=false or UDP MTU >= 1200.

"},{"location":"changelog/#150-beta2","title":"1.5.0-beta.2","text":"

1:

See Hysteria2 inbound and Hysteria2 outbound

For protocol description, please refer to https://v2.hysteria.network

"},{"location":"changelog/#150-beta1","title":"1.5.0-beta.1","text":"

1:

Command: sing-box generate ech-keypair <plain_server_name> [--pq-signature-schemes-enabled]

2:

All inbounds and outbounds are supported, including Naiveproxy, Hysteria, TUIC and V2ray QUIC transport.

"},{"location":"changelog/#141","title":"1.4.1","text":""},{"location":"changelog/#140","title":"1.4.0","text":"

Important changes since 1.3:

1:

See TUIC inbound and TUIC outbound

2:

This is the TUIC port of the UDP over TCP protocol, designed to provide a QUIC stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or another program compatible with the protocol as a server.

This mode has no positive effect in a proper UDP proxy scenario and should only be applied to relay streaming UDP traffic (basically QUIC streams).

3:

Requires sing-box to be compiled with Go 1.21.

"},{"location":"changelog/#140-rc3","title":"1.4.0-rc.3","text":""},{"location":"changelog/#140-rc2","title":"1.4.0-rc.2","text":""},{"location":"changelog/#140-rc1","title":"1.4.0-rc.1","text":""},{"location":"changelog/#140-beta6","title":"1.4.0-beta.6","text":"

1:

This is the TUIC port of the UDP over TCP protocol, designed to provide a QUIC stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or another program compatible with the protocol as a server.

This mode has no positive effect in a proper UDP proxy scenario and should only be applied to relay streaming UDP traffic (basically QUIC streams).

"},{"location":"changelog/#140-beta5","title":"1.4.0-beta.5","text":""},{"location":"changelog/#140-beta4","title":"1.4.0-beta.4","text":""},{"location":"changelog/#140-beta3","title":"1.4.0-beta.3","text":""},{"location":"changelog/#140-beta2","title":"1.4.0-beta.2","text":"

1:

Requires sing-box to be compiled with Go 1.21.

"},{"location":"changelog/#140-beta1","title":"1.4.0-beta.1","text":"

1:

See TUIC inbound and TUIC outbound

"},{"location":"changelog/#136","title":"1.3.6","text":""},{"location":"changelog/#135","title":"1.3.5","text":"

1:

Due to the requirement of tvOS 17, the app cannot be submitted to the App Store for the time being, and can only be downloaded through TestFlight.

"},{"location":"changelog/#134","title":"1.3.4","text":""},{"location":"changelog/#133","title":"1.3.3","text":""},{"location":"changelog/#131-rc1","title":"1.3.1-rc.1","text":""},{"location":"changelog/#131-beta3","title":"1.3.1-beta.3","text":"

1:

The old testflight link and app are no longer valid.

"},{"location":"changelog/#131-beta2","title":"1.3.1-beta.2","text":""},{"location":"changelog/#131-beta1","title":"1.3.1-beta.1","text":""},{"location":"changelog/#130","title":"1.3.0","text":"

Important changes since 1.2:

1:

See FAQ for more information.

2:

Added new h2mux multiplex protocol and padding multiplex option, see Multiplex.

"},{"location":"changelog/#13-rc2","title":"1.3-rc2","text":""},{"location":"changelog/#13-rc1","title":"1.3-rc1","text":""},{"location":"changelog/#13-beta14","title":"1.3-beta14","text":""},{"location":"changelog/#13-beta13","title":"1.3-beta13","text":"

1:

If the destination address of the connection is obtained from fakeip, dns rules with server type fakeip will be skipped.

"},{"location":"changelog/#13-beta12","title":"1.3-beta12","text":""},{"location":"changelog/#13-beta11","title":"1.3-beta11","text":""},{"location":"changelog/#13-beta10","title":"1.3-beta10","text":"

1:

2:

Improved performance and reduced memory usage.

"},{"location":"changelog/#13-beta9","title":"1.3-beta9","text":"

1:

Added new h2mux multiplex protocol and padding multiplex option, see Multiplex.

"},{"location":"changelog/#126","title":"1.2.6","text":""},{"location":"changelog/#13-beta8","title":"1.3-beta8","text":"

*1:

This is an incompatible update for XUDP in VLESS if vision flow is enabled.

"},{"location":"changelog/#13-beta7","title":"1.3-beta7","text":""},{"location":"changelog/#124","title":"1.2.4","text":""},{"location":"changelog/#13-beta6","title":"1.3-beta6","text":""},{"location":"changelog/#13-beta5","title":"1.3-beta5","text":""},{"location":"changelog/#13-beta4","title":"1.3-beta4","text":""},{"location":"changelog/#13-beta2","title":"1.3-beta2","text":""},{"location":"changelog/#13-beta1","title":"1.3-beta1","text":"

1:

It can currently be used to route connections directly to WireGuard or block connections at the IP layer.

2:

See FAQ for more information.

"},{"location":"changelog/#123","title":"1.2.3","text":""},{"location":"changelog/#122","title":"1.2.2","text":"

1:

Now you can use the any outbound rule to match server address queries instead of filling in all server domains to domain rule.

"},{"location":"changelog/#121","title":"1.2.1","text":""},{"location":"changelog/#120","title":"1.2.0","text":"

Important changes since 1.1:

"},{"location":"changelog/#12-rc1","title":"1.2-rc1","text":""},{"location":"changelog/#12-beta10","title":"1.2-beta10","text":"

1:

Now you can pass the parameter --config or -c multiple times, or use the new parameter --config-directory or -C to load all configuration files in a directory.

Loaded configuration files are sorted by name. If you want to control the merge order, add a numeric prefix to the file name.

"},{"location":"changelog/#117","title":"1.1.7","text":""},{"location":"changelog/#12-beta9","title":"1.2-beta9","text":""},{"location":"changelog/#12-beta8","title":"1.2-beta8","text":""},{"location":"changelog/#12-beta7","title":"1.2-beta7","text":""},{"location":"changelog/#12-beta6","title":"1.2-beta6","text":""},{"location":"changelog/#12-beta5","title":"1.2-beta5","text":""},{"location":"changelog/#116","title":"1.1.6","text":""},{"location":"changelog/#12-beta4","title":"1.2-beta4","text":""},{"location":"changelog/#12-beta3","title":"1.2-beta3","text":""},{"location":"changelog/#12-beta2","title":"1.2-beta2","text":""},{"location":"changelog/#12-beta1","title":"1.2-beta1","text":""},{"location":"changelog/#115","title":"1.1.5","text":""},{"location":"changelog/#114","title":"1.1.4","text":""},{"location":"changelog/#112","title":"1.1.2","text":""},{"location":"changelog/#111","title":"1.1.1","text":""},{"location":"changelog/#11","title":"1.1","text":"

Important changes since 1.0:

"},{"location":"changelog/#11-rc1","title":"1.1-rc1","text":""},{"location":"changelog/#11-beta18","title":"1.1-beta18","text":"

1:

The fallback_after option has been removed.

"},{"location":"changelog/#11-beta17","title":"1.1-beta17","text":"

1:

Added fallback_after option.

"},{"location":"changelog/#107","title":"1.0.7","text":""},{"location":"changelog/#11-beta16","title":"1.1-beta16","text":""},{"location":"changelog/#11-beta15","title":"1.1-beta15","text":""},{"location":"changelog/#11-beta14","title":"1.1-beta14","text":"

1:

The auth and auth_str fields have been replaced by the users field.

"},{"location":"changelog/#11-beta13","title":"1.1-beta13","text":""},{"location":"changelog/#11-beta12","title":"1.1-beta12","text":""},{"location":"changelog/#11-beta11","title":"1.1-beta11","text":""},{"location":"changelog/#11-beta10","title":"1.1-beta10","text":"

1:

The strict_route on windows is removed.

"},{"location":"changelog/#106","title":"1.0.6","text":""},{"location":"changelog/#11-beta9","title":"1.1-beta9","text":"

1:

2:

See ShadowTLS inbound and ShadowTLS outbound

"},{"location":"changelog/#11-beta8","title":"1.1-beta8","text":""},{"location":"changelog/#105","title":"1.0.5","text":""},{"location":"changelog/#11-beta7","title":"1.1-beta7","text":""},{"location":"changelog/#11-beta6","title":"1.1-beta6","text":""},{"location":"changelog/#11-beta5","title":"1.1-beta5","text":"

1:

The build tag no_gvisor is replaced by with_gvisor.

The default tun stack is changed to system.

"},{"location":"changelog/#104","title":"1.0.4","text":""},{"location":"changelog/#11-beta4","title":"1.1-beta4","text":""},{"location":"changelog/#103","title":"1.0.3","text":""},{"location":"changelog/#11-beta3","title":"1.1-beta3","text":""},{"location":"changelog/#11-beta2","title":"1.1-beta2","text":"

1:

Switching modes using the Clash API, and store-selected are now supported, see Experimental.

2:

ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message, see TLS#ECH.

uTLS is a fork of \"crypto/tls\", which provides ClientHello fingerprinting resistance, see TLS#uTLS.

"},{"location":"changelog/#102","title":"1.0.2","text":""},{"location":"changelog/#11-beta1","title":"1.1-beta1","text":"

1:

In previous versions, Android VPN would not work with tun enabled.

The usage of tun over VPN and VPN over tun is now supported, see Tun Inbound.

2:

In previous releases, WireGuard outbound support was backed by the lower performance gVisor virtual interface.

It achieves the same performance as wireguard-go by providing automatic system interface support.

3:

It does not depend on gVisor and has better performance in some cases.

It is less compatible and may not be available in some environments.

4:

Annotated json configuration files are now supported.

5:

UDP fragmentation is now blocked by default.

Including shadowsocks-libev, shadowsocks-rust and quic-go all disable segmentation by default.

See Dial Fields and Listen Fields.

"},{"location":"changelog/#101","title":"1.0.1","text":""},{"location":"changelog/#10","title":"1.0","text":""},{"location":"changelog/#10-rc1","title":"1.0-rc1","text":""},{"location":"changelog/#10-beta3","title":"1.0-beta3","text":""},{"location":"changelog/#10-beta2","title":"1.0-beta2","text":""},{"location":"changelog/#10-beta1","title":"1.0-beta1","text":""},{"location":"changelog/#20220826","title":"2022/08/26","text":""},{"location":"changelog/#20220825","title":"2022/08/25","text":""},{"location":"changelog/#20220824","title":"2022/08/24","text":""},{"location":"changelog/#20220823","title":"2022/08/23","text":""},{"location":"changelog/#20220822","title":"2022/08/22","text":""},{"location":"changelog/#20220821","title":"2022/08/21","text":""},{"location":"changelog/#20220820","title":"2022/08/20","text":""},{"location":"changelog/#20220819","title":"2022/08/19","text":""},{"location":"changelog/#20220818","title":"2022/08/18","text":""},{"location":"changelog/#20220817","title":"2022/08/17","text":""},{"location":"changelog/#20220816","title":"2022/08/16","text":""},{"location":"changelog/#20220815","title":"2022/08/15","text":""},{"location":"changelog/#20220813","title":"2022/08/13","text":""},{"location":"changelog/#20220812","title":"2022/08/12","text":""},{"location":"changelog/#20220811","title":"2022/08/11","text":""},{"location":"changelog/#20220810","title":"2022/08/10","text":""},{"location":"changelog/#20220809","title":"2022/08/09","text":"

No changelog before.

"},{"location":"deprecated/","title":"Deprecated Feature List","text":""},{"location":"deprecated/#1110","title":"1.11.0","text":""},{"location":"deprecated/#legacy-special-outbounds","title":"Legacy special outbounds","text":"

Legacy special outbounds (block / dns) are deprecated and can be replaced by rule actions, check Migration.

Old fields will be removed in sing-box 1.13.0.

"},{"location":"deprecated/#legacy-inbound-fields","title":"Legacy inbound fields","text":"

Legacy inbound fields \uff08inbound.<sniff/domain_strategy/...> are deprecated and can be replaced by rule actions, check Migration.

Old fields will be removed in sing-box 1.13.0.

"},{"location":"deprecated/#destination-override-fields-in-direct-outbound","title":"Destination override fields in direct outbound","text":"

Destination override fields (override_address / override_port) in direct outbound are deprecated and can be replaced by rule actions, check Migration.

"},{"location":"deprecated/#wireguard-outbound","title":"WireGuard outbound","text":"

WireGuard outbound is deprecated and can be replaced by endpoint, check Migration.

Old outbound will be removed in sing-box 1.13.0.

"},{"location":"deprecated/#gso-option-in-tun","title":"GSO option in TUN","text":"

GSO has no advantages for transparent proxy scenarios, is deprecated and no longer works in TUN.

Old fields will be removed in sing-box 1.13.0.

"},{"location":"deprecated/#1100","title":"1.10.0","text":""},{"location":"deprecated/#tun-address-fields-are-merged","title":"TUN address fields are merged","text":"

inet4_address and inet6_address are merged into address, inet4_route_address and inet6_route_address are merged into route_address, inet4_route_exclude_address and inet6_route_exclude_address are merged into route_exclude_address.

Old fields will be removed in sing-box 1.12.0.

"},{"location":"deprecated/#match-source-rule-items-are-renamed","title":"Match source rule items are renamed","text":"

rule_set_ipcidr_match_source route and DNS rule items are renamed to rule_set_ip_cidr_match_source and will be remove in sing-box 1.11.0.

"},{"location":"deprecated/#drop-support-for-go118-and-go119","title":"Drop support for go1.18 and go1.19","text":"

Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.

"},{"location":"deprecated/#180","title":"1.8.0","text":""},{"location":"deprecated/#cache-file-and-related-features-in-clash-api","title":"Cache file and related features in Clash API","text":"

cache_file and related features in Clash API is migrated to independent cache_file options, check Migration.

"},{"location":"deprecated/#geoip","title":"GeoIP","text":"

GeoIP is deprecated and will be removed in sing-box 1.12.0.

The maxmind GeoIP National Database, as an IP classification database, is not entirely suitable for traffic bypassing, and all existing implementations suffer from high memory usage and difficult management.

sing-box 1.8.0 introduces rule-set, which can completely replace GeoIP, check Migration.

"},{"location":"deprecated/#geosite","title":"Geosite","text":"

Geosite is deprecated and will be removed in sing-box 1.12.0.

Geosite, the domain-list-community project maintained by V2Ray as an early traffic bypassing solution, suffers from a number of problems, including lack of maintenance, inaccurate rules, and difficult management.

sing-box 1.8.0 introduces rule-set, which can completely replace Geosite, check Migration.

"},{"location":"deprecated/#160","title":"1.6.0","text":"

The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.

"},{"location":"deprecated/#shadowsocksr","title":"ShadowsocksR","text":"

ShadowsocksR support has never been enabled by default, since the most commonly used proxy sales panel in the illegal industry stopped using this protocol, it does not make sense to continue to maintain it.

"},{"location":"deprecated/#proxy-protocol","title":"Proxy Protocol","text":"

Proxy Protocol is added by Pull Request, has problems, is only used by the backend of HTTP multiplexers such as nginx, is intrusive, and is meaningless for proxy purposes.

"},{"location":"migration/","title":"Migration","text":""},{"location":"migration/#1110","title":"1.11.0","text":""},{"location":"migration/#migrate-legacy-special-outbounds-to-rule-actions","title":"Migrate legacy special outbounds to rule actions","text":"

Legacy special outbounds are deprecated and can be replaced by rule actions.

References

Rule Action / Block / DNS

BlockDNS Deprecated New
{\n  \"outbounds\": [\n    {\n      \"type\": \"block\",\n      \"tag\": \"block\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        ...,\n\n        \"outbound\": \"block\"\n      }\n    ]\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        ...,\n\n        \"action\": \"reject\"\n      }\n    ]\n  }\n}\n
Deprecated New
{\n  \"inbound\": [\n    {\n      ...,\n\n      \"sniff\": true\n    }\n  ],\n  \"outbounds\": [\n    {\n      \"tag\": \"dns\",\n      \"type\": \"dns\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"protocol\": \"dns\",\n        \"outbound\": \"dns\"\n      }\n    ]\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"action\": \"sniff\"\n      },\n      {\n        \"protocol\": \"dns\",\n        \"action\": \"hijack-dns\"\n      }\n    ]\n  }\n}\n
"},{"location":"migration/#migrate-legacy-inbound-fields-to-rule-actions","title":"Migrate legacy inbound fields to rule actions","text":"

Inbound fields are deprecated and can be replaced by rule actions.

References

Listen Fields / Rule / Rule Action / DNS Rule / DNS Rule Action

Deprecated New
{\n  \"inbounds\": [\n    {\n      \"type\": \"mixed\",\n      \"sniff\": true,\n      \"sniff_timeout\": \"1s\",\n      \"domain_strategy\": \"prefer_ipv4\"\n    }\n  ]\n}\n
{\n  \"inbounds\": [\n    {\n      \"type\": \"mixed\",\n      \"tag\": \"in\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"inbound\": \"in\",\n        \"action\": \"resolve\",\n        \"strategy\": \"prefer_ipv4\"\n      },\n      {\n        \"inbound\": \"in\",\n        \"action\": \"sniff\",\n        \"timeout\": \"1s\"\n      }\n    ]\n  }\n}\n
"},{"location":"migration/#migrate-destination-override-fields-to-route-options","title":"Migrate destination override fields to route options","text":"

Destination override fields in direct outbound are deprecated and can be replaced by route options.

References

Rule Action / Direct

Deprecated New
{\n  \"outbounds\": [\n    {\n      \"type\": \"direct\",\n      \"override_address\": \"1.1.1.1\",\n      \"override_port\": 443\n    }\n  ]\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"action\": \"route-options\", // or route\n        \"override_address\": \"1.1.1.1\",\n        \"override_port\": 443\n      }\n    ]\n  }\n
"},{"location":"migration/#migrate-wireguard-outbound-to-endpoint","title":"Migrate WireGuard outbound to endpoint","text":"

WireGuard outbound is deprecated and can be replaced by endpoint.

References

Endpoint / WireGuard Endpoint / WireGuard Outbound

Deprecated New
{\n  \"outbounds\": [\n    {\n      \"type\": \"wireguard\",\n      \"tag\": \"wg-out\",\n\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 10001,\n      \"system_interface\": true,\n      \"gso\": true,\n      \"interface_name\": \"wg0\",\n      \"local_address\": [\n        \"10.0.0.1/32\"\n      ],\n      \"private_key\": \"<private_key>\",\n      \"peer_public_key\": \"<peer_public_key>\",\n      \"pre_shared_key\": \"<pre_shared_key>\",\n      \"reserved\": [0, 0, 0],\n      \"mtu\": 1408\n    }\n  ]\n}\n
{\n  \"endpoints\": [\n    {\n      \"type\": \"wireguard\",\n      \"tag\": \"wg-ep\",\n      \"system\": true,\n      \"name\": \"wg0\",\n      \"mtu\": 1408,\n      \"address\": [\n        \"10.0.0.2/32\"\n      ],\n      \"private_key\": \"<private_key>\",\n      \"listen_port\": 10000,\n      \"peers\": [\n        {\n          \"address\": \"127.0.0.1\",\n          \"port\": 10001,\n          \"public_key\": \"<peer_public_key>\",\n          \"pre_shared_key\": \"<pre_shared_key>\",\n          \"allowed_ips\": [\n            \"0.0.0.0/0\"\n          ],\n          \"persistent_keepalive_interval\": 30,\n          \"reserved\": [0, 0, 0]\n        }\n      ]\n    }\n  ]\n}\n
"},{"location":"migration/#1100","title":"1.10.0","text":""},{"location":"migration/#tun-address-fields-are-merged","title":"TUN address fields are merged","text":"

inet4_address and inet6_address are merged into address, inet4_route_address and inet6_route_address are merged into route_address, inet4_route_exclude_address and inet6_route_exclude_address are merged into route_exclude_address.

References

TUN

Deprecated New
{\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"inet4_address\": \"172.19.0.1/30\",\n      \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n      \"inet4_route_address\": [\n        \"0.0.0.0/1\",\n        \"128.0.0.0/1\"\n      ],\n      \"inet6_route_address\": [\n        \"::/1\",\n        \"8000::/1\"\n      ],\n      \"inet4_route_exclude_address\": [\n        \"192.168.0.0/16\"\n      ],\n      \"inet6_route_exclude_address\": [\n        \"fc00::/7\"\n      ]\n    }\n  ]\n}\n
{\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"address\": [\n        \"172.19.0.1/30\",\n        \"fdfe:dcba:9876::1/126\"\n      ],\n      \"route_address\": [\n        \"0.0.0.0/1\",\n        \"128.0.0.0/1\",\n        \"::/1\",\n        \"8000::/1\"\n      ],\n      \"route_exclude_address\": [\n        \"192.168.0.0/16\",\n        \"fc00::/7\"\n      ]\n    }\n  ]\n}\n
"},{"location":"migration/#195","title":"1.9.5","text":""},{"location":"migration/#bundle-identifier-updates-in-apple-platform-clients","title":"Bundle Identifier updates in Apple platform clients","text":"

Due to problems with our old Apple developer account, we can only change Bundle Identifiers to re-list sing-box apps, which means the data will not be automatically inherited.

For iOS, you need to back up your old data yourself (if you still have access to it); for tvOS, you need to re-import profiles from your iPhone or iPad or create it manually; for macOS, you can migrate the data folder using the following command:

cd ~/Library/Group\\ Containers && \\ \n  mv group.io.nekohasekai.sfa group.io.nekohasekai.sfavt\n
"},{"location":"migration/#190","title":"1.9.0","text":""},{"location":"migration/#domain_suffix-behavior-update","title":"domain_suffix behavior update","text":"

For historical reasons, sing-box's domain_suffix rule matches literal prefixes instead of the same as other projects.

sing-box 1.9.0 modifies the behavior of domain_suffix: If the rule value is prefixed with ., the behavior is unchanged, otherwise it matches (domain|.+\\.domain) instead.

"},{"location":"migration/#process_path-format-update-on-windows","title":"process_path format update on Windows","text":"

The process_path rule of sing-box is inherited from Clash, the original code uses the local system's path format (e.g. \\Device\\HarddiskVolume1\\folder\\program.exe), but when the device has multiple disks, the HarddiskVolume serial number is not stable.

sing-box 1.9.0 make QueryFullProcessImageNameW output a Win32 path (such as C:\\folder\\program.exe), which will disrupt the existing process_path use cases in Windows.

"},{"location":"migration/#180","title":"1.8.0","text":""},{"location":"migration/#migrate-cache-file-from-clash-api-to-independent-options","title":"Migrate cache file from Clash API to independent options","text":"

References

Clash API / Cache File

Deprecated New
{\n  \"experimental\": {\n    \"clash_api\": {\n      \"cache_file\": \"cache.db\", // default value\n      \"cahce_id\": \"my_profile2\",\n      \"store_mode\": true,\n      \"store_selected\": true,\n      \"store_fakeip\": true\n    }\n  }\n}\n
{\n  \"experimental\"  : {\n    \"cache_file\": {\n      \"enabled\": true,\n      \"path\": \"cache.db\", // default value\n      \"cache_id\": \"my_profile2\",\n      \"store_fakeip\": true\n    }\n  }\n}\n
"},{"location":"migration/#migrate-geoip-to-rule-sets","title":"Migrate GeoIP to rule-sets","text":"

References

GeoIP / Route / Route Rule / DNS Rule / rule-set

Tip

sing-box geoip commands can help you convert custom GeoIP into rule-sets.

Deprecated New
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"geoip\": \"private\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"geoip\": \"cn\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"source_geoip\": \"cn\",\n        \"outbound\": \"block\"\n      }\n    ],\n    \"geoip\": {\n      \"download_detour\": \"proxy\"\n    }\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"ip_is_private\": true,\n        \"outbound\": \"direct\"\n      },\n      {\n        \"rule_set\": \"geoip-cn\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"rule_set\": \"geoip-us\",\n        \"rule_set_ipcidr_match_source\": true,\n        \"outbound\": \"block\"\n      }\n    ],\n    \"rule_set\": [\n      {\n        \"tag\": \"geoip-cn\",\n        \"type\": \"remote\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\",\n        \"download_detour\": \"proxy\"\n      },\n      {\n        \"tag\": \"geoip-us\",\n        \"type\": \"remote\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-us.srs\",\n        \"download_detour\": \"proxy\"\n      }\n    ]\n  },\n  \"experimental\": {\n    \"cache_file\": {\n      \"enabled\": true // required to save rule-set cache\n    }\n  }\n}\n
"},{"location":"migration/#migrate-geosite-to-rule-sets","title":"Migrate Geosite to rule-sets","text":"

References

Geosite / Route / Route Rule / DNS Rule / rule-set

Tip

sing-box geosite commands can help you convert custom Geosite into rule-sets.

Deprecated New
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"geosite\": \"cn\",\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"geosite\": {\n      \"download_detour\": \"proxy\"\n    }\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"rule_set\": \"geosite-cn\",\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"rule_set\": [\n      {\n        \"tag\": \"geosite-cn\",\n        \"type\": \"remote\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs\",\n        \"download_detour\": \"proxy\"\n      }\n    ]\n  },\n  \"experimental\": {\n    \"cache_file\": {\n      \"enabled\": true // required to save rule-set cache\n    }\n  }\n}\n
"},{"location":"sponsors/","title":"Sponsors","text":"

Do you or your friends use sing-box?

You can help keep the project bug-free and feature rich by sponsoring the project maintainer via GitHub Sponsors.

"},{"location":"sponsors/#special-sponsors","title":"Special Sponsors","text":"

Viral Tech, Inc.

Helping us re-list sing-box apps on the Apple Store.

Free license for the amazing IDEs.

"},{"location":"support/","title":"Support","text":"Channel Link GitHub Issues https://github.com/SagerNet/sing-box/issues Telegram notification channel https://t.me/yapnc Telegram user group https://t.me/yapug Email contact@sagernet.org"},{"location":"clients/","title":"Graphical Clients","text":"

Maintained by Project S to provide a unified experience and platform-specific functionality.

Platform Client Android sing-box for Android iOS/macOS/Apple tvOS sing-box for Apple platforms Desktop Working in progress

Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN client features, the code is usually of poor quality and contains ads.

"},{"location":"clients/general/","title":"General","text":"

Describes and explains the functions implemented uniformly by sing-box graphical clients.

"},{"location":"clients/general/#profile","title":"Profile","text":"

Profile describes a sing-box configuration file and its state.

"},{"location":"clients/general/#local","title":"Local","text":""},{"location":"clients/general/#icloud-on-ios-and-macos","title":"iCloud (on iOS and macOS)","text":""},{"location":"clients/general/#remote","title":"Remote","text":"

At the same time, the graphical client must provide support for importing remote profiles through a specific URL Scheme. The URL is defined as follows:

sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName\n
"},{"location":"clients/general/#dashboard","title":"Dashboard","text":"

While the sing-box service is running, the graphical client should provide a Dashboard interface to manage the service.

"},{"location":"clients/general/#status","title":"Status","text":"

Dashboard should display status information such as memory, connection, and traffic.

"},{"location":"clients/general/#mode","title":"Mode","text":"

Dashboard should provide a Mode selector for switching when the configuration uses at least two clash_mode values.

"},{"location":"clients/general/#groups","title":"Groups","text":"

When the configuration includes group outbounds (specifically, Selector or URLTest), the dashboard should provide a Group selector for status display or switching.

"},{"location":"clients/general/#chore","title":"Chore","text":""},{"location":"clients/general/#core","title":"Core","text":"

Graphical clients should provide a Core region:

"},{"location":"clients/privacy/","title":"Privacy policy","text":"

sing-box and official graphics clients do not collect or share personal data, and the data generated by the software is always on your device.

"},{"location":"clients/privacy/#android","title":"Android","text":"

If your configuration contains wifi_ssid or wifi_bssid routing rules, sing-box uses the location permission in the background to get information about the connected Wi-Fi network to make them work.

"},{"location":"clients/android/","title":"sing-box for Android","text":"

SFA allows users to manage and run local or remote sing-box configuration files, and provides platform-specific function implementation, such as TUN transparent proxy implementation.

"},{"location":"clients/android/#requirements","title":"Requirements","text":""},{"location":"clients/android/#download","title":"Download","text":""},{"location":"clients/android/#source-code","title":"Source code","text":""},{"location":"clients/android/features/","title":"Features","text":""},{"location":"clients/android/features/#ui-options","title":"UI options","text":""},{"location":"clients/android/features/#service","title":"Service","text":"

SFA allows you to run sing-box through ForegroundService or VpnService (when TUN is required).

"},{"location":"clients/android/features/#tun","title":"TUN","text":"

SFA provides an unprivileged TUN implementation through Android VpnService.

TUN inbound option Available Note interface_name Managed by Android inet4_address / inet6_address / mtu / gso No permission auto_route / strict_route Not implemented inet4_route_address / inet6_route_address / inet4_route_exclude_address / inet6_route_exclude_address / endpoint_independent_nat / stack / include_interface No permission exclude_interface No permission include_uid No permission exclude_uid No permission include_android_user No permission include_package / exclude_package / platform / Route/DNS rule option Available Note process_name No permission process_path No permission process_path_regex No permission package_name / user Use package_name instead user_id Use package_name instead wifi_ssid Fine location permission required wifi_bssid Fine location permission required"},{"location":"clients/android/features/#override","title":"Override","text":"

Overrides profile configuration items with platform-specific values.

"},{"location":"clients/android/features/#per-app-proxy","title":"Per-app proxy","text":"

SFA allows you to select a list of Android apps that require proxying or bypassing in the graphical interface to override the include_package and exclude_package configuration items.

In particular, the selector also provides the \u201cChina apps\u201d scanning feature, providing Chinese users with an excellent experience to bypass apps that do not require a proxy. Specifically, by scanning China application or SDK characteristics through dex class path and other means, there will be almost no missed reports.

"},{"location":"clients/android/features/#chore","title":"Chore","text":""},{"location":"clients/apple/","title":"sing-box for Apple platforms","text":"

SFI/SFM/SFT allows users to manage and run local or remote sing-box configuration files, and provides platform-specific function implementation, such as TUN transparent proxy implementation.

"},{"location":"clients/apple/#requirements","title":"Requirements","text":""},{"location":"clients/apple/#download","title":"Download","text":"

TestFlight quota is only available to sponsors (one-time sponsorships are accepted). Once you donate, you can get an invitation by join our Telegram group for sponsors from @yet_another_sponsor_bot or sending us your Apple ID via email.

"},{"location":"clients/apple/#download-macos-standalone-version","title":"Download (macOS standalone version)","text":"
brew install sfm\n
"},{"location":"clients/apple/#source-code","title":"Source code","text":""},{"location":"clients/apple/features/","title":"Features","text":""},{"location":"clients/apple/features/#ui-options","title":"UI options","text":""},{"location":"clients/apple/features/#service","title":"Service","text":"

SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application Extension or System Extension.

"},{"location":"clients/apple/features/#tun","title":"TUN","text":"

SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension.

TUN inbound option Available Note interface_name \ufe0f Managed by Darwin inet4_address / inet6_address / mtu / gso Not implemented auto_route / strict_route \ufe0f Not implemented inet4_route_address / inet6_route_address / inet4_route_exclude_address / inet6_route_exclude_address / endpoint_independent_nat / stack / include_interface \ufe0f Not implemented exclude_interface \ufe0f Not implemented include_uid \ufe0f Not implemented exclude_uid \ufe0f Not implemented include_android_user \ufe0f Not implemented include_package \ufe0f Not implemented exclude_package \ufe0f Not implemented platform / Route/DNS rule option Available Note process_name No permission process_path No permission process_path_regex No permission package_name / user No permission user_id No permission wifi_ssid Only supported on iOS wifi_bssid Only supported on iOS"},{"location":"clients/apple/features/#chore","title":"Chore","text":""},{"location":"configuration/","title":"Introduction","text":"

sing-box uses JSON for configuration files.

"},{"location":"configuration/#structure","title":"Structure","text":"
{\n  \"log\": {},\n  \"dns\": {},\n  \"ntp\": {},\n  \"endpoints\": [],\n  \"inbounds\": [],\n  \"outbounds\": [],\n  \"route\": {},\n  \"experimental\": {}\n}\n
"},{"location":"configuration/#fields","title":"Fields","text":"Key Format log Log dns DNS ntp NTP endpoints Endpoint inbounds Inbound outbounds Outbound route Route experimental Experimental"},{"location":"configuration/#check","title":"Check","text":"
sing-box check\n
"},{"location":"configuration/#format","title":"Format","text":"
sing-box format -w -c config.json -D config_directory\n
"},{"location":"configuration/#merge","title":"Merge","text":"
sing-box merge output.json -c config.json -D config_directory\n
"},{"location":"configuration/dns/","title":"Index","text":"

Changes in sing-box 1.11.0

cache_capacity

"},{"location":"configuration/dns/#dns","title":"DNS","text":""},{"location":"configuration/dns/#structure","title":"Structure","text":"
{\n  \"dns\": {\n    \"servers\": [],\n    \"rules\": [],\n    \"final\": \"\",\n    \"strategy\": \"\",\n    \"disable_cache\": false,\n    \"disable_expire\": false,\n    \"independent_cache\": false,\n    \"cache_capacity\": 0,\n    \"reverse_mapping\": false,\n    \"client_subnet\": \"\",\n    \"fakeip\": {}\n  }\n}\n
"},{"location":"configuration/dns/#fields","title":"Fields","text":"Key Format server List of DNS Server rules List of DNS Rule fakeip FakeIP"},{"location":"configuration/dns/#final","title":"final","text":"

Default dns server tag.

The first server will be used if empty.

"},{"location":"configuration/dns/#strategy","title":"strategy","text":"

Default domain strategy for resolving the domain names.

One of prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only.

Take no effect if server.strategy is set.

"},{"location":"configuration/dns/#disable_cache","title":"disable_cache","text":"

Disable dns cache.

"},{"location":"configuration/dns/#disable_expire","title":"disable_expire","text":"

Disable dns cache expire.

"},{"location":"configuration/dns/#independent_cache","title":"independent_cache","text":"

Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.

"},{"location":"configuration/dns/#cache_capacity","title":"cache_capacity","text":"

Since sing-box 1.11.0

LRU cache capacity.

Value less than 1024 will be ignored.

"},{"location":"configuration/dns/#reverse_mapping","title":"reverse_mapping","text":"

Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.

Since this process relies on the act of resolving domain names by an application before making a request, it can be problematic in environments such as macOS, where DNS is proxied and cached by the system.

"},{"location":"configuration/dns/#client_subnet","title":"client_subnet","text":"

Since sing-box 1.9.0

Append a edns0-subnet OPT extra record with the specified IP prefix to every query by default.

If value is an IP address instead of prefix, /32 or /128 will be appended automatically.

Can be overrides by servers.[].client_subnet or rules.[].client_subnet.

"},{"location":"configuration/dns/fakeip/","title":"FakeIP","text":""},{"location":"configuration/dns/fakeip/#structure","title":"Structure","text":"
{\n  \"enabled\": true,\n  \"inet4_range\": \"198.18.0.0/15\",\n  \"inet6_range\": \"fc00::/18\"\n}\n
"},{"location":"configuration/dns/fakeip/#fields","title":"Fields","text":""},{"location":"configuration/dns/fakeip/#enabled","title":"enabled","text":"

Enable FakeIP service.

"},{"location":"configuration/dns/fakeip/#inet4_range","title":"inet4_range","text":"

IPv4 address range for FakeIP.

"},{"location":"configuration/dns/fakeip/#inet6_address","title":"inet6_address","text":"

IPv6 address range for FakeIP.

"},{"location":"configuration/dns/rule/","title":"DNS Rule","text":"

Changes in sing-box 1.11.0

action server disable_cache rewrite_ttl client_subnet network_type network_is_expensive network_is_constrained

Changes in sing-box 1.10.0

rule_set_ipcidr_match_source rule_set_ip_cidr_match_source rule_set_ip_cidr_accept_empty process_path_regex

Changes in sing-box 1.9.0

geoip ip_cidr ip_is_private client_subnet rule_set_ipcidr_match_source

Changes in sing-box 1.8.0

rule_set source_ip_is_private geoip geosite

"},{"location":"configuration/dns/rule/#structure","title":"Structure","text":"
{\n  \"dns\": {\n    \"rules\": [\n      {\n        \"inbound\": [\n          \"mixed-in\"\n        ],\n        \"ip_version\": 6,\n        \"query_type\": [\n          \"A\",\n          \"HTTPS\",\n          32768\n        ],\n        \"network\": \"tcp\",\n        \"auth_user\": [\n          \"usera\",\n          \"userb\"\n        ],\n        \"protocol\": [\n          \"tls\",\n          \"http\",\n          \"quic\"\n        ],\n        \"domain\": [\n          \"test.com\"\n        ],\n        \"domain_suffix\": [\n          \".cn\"\n        ],\n        \"domain_keyword\": [\n          \"test\"\n        ],\n        \"domain_regex\": [\n          \"^stun\\\\..+\"\n        ],\n        \"geosite\": [\n          \"cn\"\n        ],\n        \"source_geoip\": [\n          \"private\"\n        ],\n        \"geoip\": [\n          \"cn\"\n        ],\n        \"source_ip_cidr\": [\n          \"10.0.0.0/24\",\n          \"192.168.0.1\"\n        ],\n        \"source_ip_is_private\": false,\n        \"ip_cidr\": [\n          \"10.0.0.0/24\",\n          \"192.168.0.1\"\n        ],\n        \"ip_is_private\": false,\n        \"source_port\": [\n          12345\n        ],\n        \"source_port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"port\": [\n          80,\n          443\n        ],\n        \"port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"process_name\": [\n          \"curl\"\n        ],\n        \"process_path\": [\n          \"/usr/bin/curl\"\n        ],\n        \"process_path_regex\": [\n          \"^/usr/bin/.+\"\n        ],\n        \"package_name\": [\n          \"com.termux\"\n        ],\n        \"user\": [\n          \"sekai\"\n        ],\n        \"user_id\": [\n          1000\n        ],\n        \"clash_mode\": \"direct\",\n        \"network_type\": [\n          \"wifi\"\n        ],\n        \"network_is_expensive\": false,\n        \"network_is_constrained\": false,\n        \"wifi_ssid\": [\n          \"My WIFI\"\n        ],\n        \"wifi_bssid\": [\n          \"00:00:00:00:00:00\"\n        ],\n        \"rule_set\": [\n          \"geoip-cn\",\n          \"geosite-cn\"\n        ],\n        // deprecated\n        \"rule_set_ipcidr_match_source\": false,\n        \"rule_set_ip_cidr_match_source\": false,\n        \"rule_set_ip_cidr_accept_empty\": false,\n        \"invert\": false,\n        \"outbound\": [\n          \"direct\"\n        ],\n        \"action\": \"route\",\n        \"server\": \"local\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"and\",\n        \"rules\": [],\n        \"action\": \"route\",\n        \"server\": \"local\"\n      }\n    ]\n  }\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/dns/rule/#default-fields","title":"Default Fields","text":"

The default rule uses the following matching logic: (domain || domain_suffix || domain_keyword || domain_regex || geosite) && (port || port_range) && (source_geoip || source_ip_cidr \uff5c\uff5c source_ip_is_private) && (source_port || source_port_range) && other fields

Additionally, included rule-sets can be considered merged rather than as a single rule sub-item.

"},{"location":"configuration/dns/rule/#inbound","title":"inbound","text":"

Tags of Inbound.

"},{"location":"configuration/dns/rule/#ip_version","title":"ip_version","text":"

4 (A DNS query) or 6 (AAAA DNS query).

Not limited if empty.

"},{"location":"configuration/dns/rule/#query_type","title":"query_type","text":"

DNS query type. Values can be integers or type name strings.

"},{"location":"configuration/dns/rule/#network","title":"network","text":"

tcp or udp.

"},{"location":"configuration/dns/rule/#auth_user","title":"auth_user","text":"

Username, see each inbound for details.

"},{"location":"configuration/dns/rule/#protocol","title":"protocol","text":"

Sniffed protocol, see Sniff for details.

"},{"location":"configuration/dns/rule/#domain","title":"domain","text":"

Match full domain.

"},{"location":"configuration/dns/rule/#domain_suffix","title":"domain_suffix","text":"

Match domain suffix.

"},{"location":"configuration/dns/rule/#domain_keyword","title":"domain_keyword","text":"

Match domain using keyword.

"},{"location":"configuration/dns/rule/#domain_regex","title":"domain_regex","text":"

Match domain using regular expression.

"},{"location":"configuration/dns/rule/#geosite","title":"geosite","text":"

Deprecated in sing-box 1.8.0

Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.

Match geosite.

"},{"location":"configuration/dns/rule/#source_geoip","title":"source_geoip","text":"

Deprecated in sing-box 1.8.0

GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.

Match source geoip.

"},{"location":"configuration/dns/rule/#source_ip_cidr","title":"source_ip_cidr","text":"

Match source IP CIDR.

"},{"location":"configuration/dns/rule/#source_ip_is_private","title":"source_ip_is_private","text":"

Since sing-box 1.8.0

Match non-public source IP.

"},{"location":"configuration/dns/rule/#source_port","title":"source_port","text":"

Match source port.

"},{"location":"configuration/dns/rule/#source_port_range","title":"source_port_range","text":"

Match source port range.

"},{"location":"configuration/dns/rule/#port","title":"port","text":"

Match port.

"},{"location":"configuration/dns/rule/#port_range","title":"port_range","text":"

Match port range.

"},{"location":"configuration/dns/rule/#process_name","title":"process_name","text":"

Only supported on Linux, Windows, and macOS.

Match process name.

"},{"location":"configuration/dns/rule/#process_path","title":"process_path","text":"

Only supported on Linux, Windows, and macOS.

Match process path.

"},{"location":"configuration/dns/rule/#process_path_regex","title":"process_path_regex","text":"

Since sing-box 1.10.0

Only supported on Linux, Windows, and macOS.

Match process path using regular expression.

"},{"location":"configuration/dns/rule/#package_name","title":"package_name","text":"

Match android package name.

"},{"location":"configuration/dns/rule/#user","title":"user","text":"

Only supported on Linux.

Match user name.

"},{"location":"configuration/dns/rule/#user_id","title":"user_id","text":"

Only supported on Linux.

Match user id.

"},{"location":"configuration/dns/rule/#clash_mode","title":"clash_mode","text":"

Match Clash mode.

"},{"location":"configuration/dns/rule/#network_type","title":"network_type","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms.

Match network type.

Available values: wifi, cellular, ethernet and other.

"},{"location":"configuration/dns/rule/#network_is_expensive","title":"network_is_expensive","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms.

Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).

"},{"location":"configuration/dns/rule/#network_is_constrained","title":"network_is_constrained","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Apple platforms.

Match if network is in Low Data Mode.

"},{"location":"configuration/dns/rule/#wifi_ssid","title":"wifi_ssid","text":"

Only supported in graphical clients on Android and Apple platforms.

Match WiFi SSID.

"},{"location":"configuration/dns/rule/#wifi_bssid","title":"wifi_bssid","text":"

Only supported in graphical clients on Android and Apple platforms.

Match WiFi BSSID.

"},{"location":"configuration/dns/rule/#rule_set","title":"rule_set","text":"

Since sing-box 1.8.0

Match rule-set.

"},{"location":"configuration/dns/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"

Since sing-box 1.9.0

Deprecated in sing-box 1.10.0

rule_set_ipcidr_match_source is renamed to rule_set_ip_cidr_match_source and will be remove in sing-box 1.11.0.

Make ip_cidr rule items in rule-sets match the source IP.

"},{"location":"configuration/dns/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"

Since sing-box 1.10.0

Make ip_cidr rule items in rule-sets match the source IP.

"},{"location":"configuration/dns/rule/#invert","title":"invert","text":"

Invert match result.

"},{"location":"configuration/dns/rule/#outbound","title":"outbound","text":"

Match outbound.

any can be used as a value to match any outbound.

"},{"location":"configuration/dns/rule/#action","title":"action","text":"

Required

See DNS Rule Actions for details.

"},{"location":"configuration/dns/rule/#server","title":"server","text":"

Deprecated in sing-box 1.11.0

Moved to DNS Rule Action.

"},{"location":"configuration/dns/rule/#disable_cache","title":"disable_cache","text":"

Deprecated in sing-box 1.11.0

Moved to DNS Rule Action.

"},{"location":"configuration/dns/rule/#rewrite_ttl","title":"rewrite_ttl","text":"

Deprecated in sing-box 1.11.0

Moved to DNS Rule Action.

"},{"location":"configuration/dns/rule/#client_subnet","title":"client_subnet","text":"

Deprecated in sing-box 1.11.0

Moved to DNS Rule Action.

"},{"location":"configuration/dns/rule/#address-filter-fields","title":"Address Filter Fields","text":"

Only takes effect for address requests (A/AAAA/HTTPS). When the query results do not match the address filtering rule items, the current rule will be skipped.

ip_cidr items in included rule-sets also takes effect as an address filtering field.

Enable experimental.cache_file.store_rdrc to cache results.

"},{"location":"configuration/dns/rule/#geoip","title":"geoip","text":"

Since sing-box 1.9.0

Match GeoIP with query response.

"},{"location":"configuration/dns/rule/#ip_cidr","title":"ip_cidr","text":"

Since sing-box 1.9.0

Match IP CIDR with query response.

"},{"location":"configuration/dns/rule/#ip_is_private","title":"ip_is_private","text":"

Since sing-box 1.9.0

Match private IP with query response.

"},{"location":"configuration/dns/rule/#rule_set_ip_cidr_accept_empty","title":"rule_set_ip_cidr_accept_empty","text":"

Since sing-box 1.10.0

Make ip_cidr rules in rule-sets accept empty query response.

"},{"location":"configuration/dns/rule/#logical-fields","title":"Logical Fields","text":""},{"location":"configuration/dns/rule/#type","title":"type","text":"

logical

"},{"location":"configuration/dns/rule/#mode","title":"mode","text":"

and or or

"},{"location":"configuration/dns/rule/#rules","title":"rules","text":"

Included rules.

"},{"location":"configuration/dns/rule_action/","title":"DNS Rule Action","text":"

Since sing-box 1.11.0

"},{"location":"configuration/dns/rule_action/#route","title":"route","text":"
{\n  \"action\": \"route\",  // default\n  \"server\": \"\",\n  \"disable_cache\": false,\n  \"rewrite_ttl\": 0,\n  \"client_subnet\": null\n}\n

route inherits the classic rule behavior of routing DNS requests to the specified server.

"},{"location":"configuration/dns/rule_action/#server","title":"server","text":"

Required

Tag of target server.

"},{"location":"configuration/dns/rule_action/#disable_cache","title":"disable_cache","text":"

Disable cache and save cache in this query.

"},{"location":"configuration/dns/rule_action/#rewrite_ttl","title":"rewrite_ttl","text":"

Rewrite TTL in DNS responses.

"},{"location":"configuration/dns/rule_action/#client_subnet","title":"client_subnet","text":"

Append a edns0-subnet OPT extra record with the specified IP prefix to every query by default.

If value is an IP address instead of prefix, /32 or /128 will be appended automatically.

Will overrides dns.client_subnet and servers.[].client_subnet.

"},{"location":"configuration/dns/rule_action/#route-options","title":"route-options","text":"
{\n  \"action\": \"route-options\",\n  \"disable_cache\": false,\n  \"rewrite_ttl\": null,\n  \"client_subnet\": null\n}\n

route-options set options for routing.

"},{"location":"configuration/dns/rule_action/#reject","title":"reject","text":"
{\n  \"action\": \"reject\",\n  \"method\": \"default\", // default\n  \"no_drop\": false\n}\n

reject reject DNS requests.

"},{"location":"configuration/dns/rule_action/#method","title":"method","text":""},{"location":"configuration/dns/rule_action/#no_drop","title":"no_drop","text":"

If not enabled, method will be temporarily overwritten to drop after 50 triggers in 30s.

Not available when method is set to drop.

"},{"location":"configuration/dns/server/","title":"DNS Server","text":"

Changes in sing-box 1.9.0

client_subnet

"},{"location":"configuration/dns/server/#structure","title":"Structure","text":"
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"\",\n        \"address\": \"\",\n        \"address_resolver\": \"\",\n        \"address_strategy\": \"\",\n        \"strategy\": \"\",\n        \"detour\": \"\",\n        \"client_subnet\": \"\"\n      }\n    ]\n  }\n}\n
"},{"location":"configuration/dns/server/#fields","title":"Fields","text":""},{"location":"configuration/dns/server/#tag","title":"tag","text":"

The tag of the dns server.

"},{"location":"configuration/dns/server/#address","title":"address","text":"

Required

The address of the dns server.

Protocol Format System local TCP tcp://1.0.0.1 UDP 8.8.8.8 udp://8.8.4.4 TLS tls://dns.google HTTPS https://1.1.1.1/dns-query QUIC quic://dns.adguard.com HTTP3 h3://8.8.8.8/dns-query RCode rcode://refused DHCP dhcp://auto or dhcp://en0 FakeIP fakeip

To ensure that Android system DNS is in effect, rather than Go's built-in default resolver, enable CGO at compile time.

the RCode transport is often used to block queries. Use with rules and the disable_cache rule option.

RCode Description success No error format_error Format error server_failure Server failure name_error Non-existent domain not_implemented Not implemented refused Query refused"},{"location":"configuration/dns/server/#address_resolver","title":"address_resolver","text":"

Required if address contains domain

Tag of a another server to resolve the domain name in the address.

"},{"location":"configuration/dns/server/#address_strategy","title":"address_strategy","text":"

The domain strategy for resolving the domain name in the address.

One of prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only.

dns.strategy will be used if empty.

"},{"location":"configuration/dns/server/#strategy","title":"strategy","text":"

Default domain strategy for resolving the domain names.

One of prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only.

Take no effect if overridden by other settings.

"},{"location":"configuration/dns/server/#detour","title":"detour","text":"

Tag of an outbound for connecting to the dns server.

Default outbound will be used if empty.

"},{"location":"configuration/dns/server/#client_subnet","title":"client_subnet","text":"

Since sing-box 1.9.0

Append a edns0-subnet OPT extra record with the specified IP prefix to every query by default.

If value is an IP address instead of prefix, /32 or /128 will be appended automatically.

Can be overrides by rules.[].client_subnet.

Will overrides dns.client_subnet.

"},{"location":"configuration/endpoint/","title":"Index","text":"

Since sing-box 1.11.0

"},{"location":"configuration/endpoint/#endpoint","title":"Endpoint","text":"

Endpoint is protocols that has both inbound and outbound behavior.

"},{"location":"configuration/endpoint/#structure","title":"Structure","text":"
{\n  \"endpoints\": [\n    {\n      \"type\": \"\",\n      \"tag\": \"\"\n    }\n  ]\n}\n
"},{"location":"configuration/endpoint/#fields","title":"Fields","text":"Type Format wireguard WireGuard"},{"location":"configuration/endpoint/#tag","title":"tag","text":"

The tag of the endpoint.

"},{"location":"configuration/endpoint/wireguard/","title":"WireGuard","text":"

Since sing-box 1.11.0

"},{"location":"configuration/endpoint/wireguard/#structure","title":"Structure","text":"
{\n  \"type\": \"wireguard\",\n  \"tag\": \"wg-ep\",\n\n  \"system\": false,\n  \"name\": \"\",\n  \"mtu\": 1408,\n  \"address\": [],\n  \"private_key\": \"\",\n  \"listen_port\": 10000,\n  \"peers\": [\n    {\n      \"address\": \"127.0.0.1\",\n      \"port\": 10001,\n      \"public_key\": \"\",\n      \"pre_shared_key\": \"\",\n      \"allowed_ips\": [],\n      \"persistent_keepalive_interval\": 0,\n      \"reserved\": [0, 0, 0]\n    }\n  ],\n  \"udp_timeout\": \"\",\n  \"workers\": 0,\n\n  ... // Dial Fields\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/endpoint/wireguard/#fields","title":"Fields","text":""},{"location":"configuration/endpoint/wireguard/#system","title":"system","text":"

Use system interface.

Requires privilege and cannot conflict with exists system interfaces.

"},{"location":"configuration/endpoint/wireguard/#name","title":"name","text":"

Custom interface name for system interface.

"},{"location":"configuration/endpoint/wireguard/#mtu","title":"mtu","text":"

WireGuard MTU.

1408 will be used by default.

"},{"location":"configuration/endpoint/wireguard/#address","title":"address","text":"

Required

List of IP (v4 or v6) address prefixes to be assigned to the interface.

"},{"location":"configuration/endpoint/wireguard/#private_key","title":"private_key","text":"

Required

WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:

wg genkey\necho \"private key\" || wg pubkey\n

or sing-box generate wg-keypair.

"},{"location":"configuration/endpoint/wireguard/#peers","title":"peers","text":"

Required

List of WireGuard peers.

"},{"location":"configuration/endpoint/wireguard/#peersaddress","title":"peers.address","text":"

WireGuard peer address.

"},{"location":"configuration/endpoint/wireguard/#peersport","title":"peers.port","text":"

WireGuard peer port.

"},{"location":"configuration/endpoint/wireguard/#peerspublic_key","title":"peers.public_key","text":"

Required

WireGuard peer public key.

"},{"location":"configuration/endpoint/wireguard/#peerspre_shared_key","title":"peers.pre_shared_key","text":"

WireGuard peer pre-shared key.

"},{"location":"configuration/endpoint/wireguard/#peersallowed_ips","title":"peers.allowed_ips","text":"

Required

WireGuard allowed IPs.

"},{"location":"configuration/endpoint/wireguard/#peerspersistent_keepalive_interval","title":"peers.persistent_keepalive_interval","text":"

WireGuard persistent keepalive interval, in seconds.

Disabled by default.

"},{"location":"configuration/endpoint/wireguard/#peersreserved","title":"peers.reserved","text":"

WireGuard reserved field bytes.

"},{"location":"configuration/endpoint/wireguard/#udp_timeout","title":"udp_timeout","text":"

UDP NAT expiration time.

5m will be used by default.

"},{"location":"configuration/endpoint/wireguard/#workers","title":"workers","text":"

WireGuard worker count.

CPU count is used by default.

"},{"location":"configuration/endpoint/wireguard/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/experimental/","title":"Experimental","text":"

Changes in sing-box 1.8.0

cache_file clash_api

"},{"location":"configuration/experimental/#structure","title":"Structure","text":"
{\n  \"experimental\": {\n    \"cache_file\": {},\n    \"clash_api\": {},\n    \"v2ray_api\": {}\n  }\n}\n
"},{"location":"configuration/experimental/#fields","title":"Fields","text":"Key Format cache_file Cache File clash_api Clash API v2ray_api V2Ray API"},{"location":"configuration/experimental/cache-file/","title":"Cache File","text":"

Since sing-box 1.8.0

Changes in sing-box 1.9.0

store_rdrc rdrc_timeout

"},{"location":"configuration/experimental/cache-file/#structure","title":"Structure","text":"
{\n  \"enabled\": true,\n  \"path\": \"\",\n  \"cache_id\": \"\",\n  \"store_fakeip\": false,\n  \"store_rdrc\": false,\n  \"rdrc_timeout\": \"\"\n}\n
"},{"location":"configuration/experimental/cache-file/#fields","title":"Fields","text":""},{"location":"configuration/experimental/cache-file/#enabled","title":"enabled","text":"

Enable cache file.

"},{"location":"configuration/experimental/cache-file/#path","title":"path","text":"

Path to the cache file.

cache.db will be used if empty.

"},{"location":"configuration/experimental/cache-file/#cache_id","title":"cache_id","text":"

Identifier in the cache file

If not empty, configuration specified data will use a separate store keyed by it.

"},{"location":"configuration/experimental/cache-file/#store_fakeip","title":"store_fakeip","text":"

Store fakeip in the cache file

"},{"location":"configuration/experimental/cache-file/#store_rdrc","title":"store_rdrc","text":"

Store rejected DNS response cache in the cache file

The check results of Address filter DNS rule items will be cached until expiration.

"},{"location":"configuration/experimental/cache-file/#rdrc_timeout","title":"rdrc_timeout","text":"

Timeout of rejected DNS response cache.

7d is used by default.

"},{"location":"configuration/experimental/clash-api/","title":"Clash API","text":"

Changes in sing-box 1.10.0

access_control_allow_origin access_control_allow_private_network

Changes in sing-box 1.8.0

store_mode store_selected store_fakeip cache_file cache_id

"},{"location":"configuration/experimental/clash-api/#structure","title":"Structure","text":"StructureExample (online)Example (download)
{\n  \"external_controller\": \"127.0.0.1:9090\",\n  \"external_ui\": \"\",\n  \"external_ui_download_url\": \"\",\n  \"external_ui_download_detour\": \"\",\n  \"secret\": \"\",\n  \"default_mode\": \"\",\n  \"access_control_allow_origin\": [],\n  \"access_control_allow_private_network\": false,\n\n  // Deprecated\n\n  \"store_mode\": false,\n  \"store_selected\": false,\n  \"store_fakeip\": false,\n  \"cache_file\": \"\",\n  \"cache_id\": \"\"\n}\n

Since sing-box 1.10.0

{\n  \"external_controller\": \"127.0.0.1:9090\",\n  \"access_control_allow_origin\": [\n    \"http://127.0.0.1\",\n    \"http://yacd.haishan.me\"\n  ],\n  \"access_control_allow_private_network\": true\n}\n

Since sing-box 1.10.0

{\n  \"external_controller\": \"0.0.0.0:9090\",\n  \"external_ui\": \"dashboard\"\n  // external_ui_download_detour: \"direct\"\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/experimental/clash-api/#fields","title":"Fields","text":""},{"location":"configuration/experimental/clash-api/#external_controller","title":"external_controller","text":"

RESTful web API listening address. Clash API will be disabled if empty.

"},{"location":"configuration/experimental/clash-api/#external_ui","title":"external_ui","text":"

A relative path to the configuration directory or an absolute path to a directory in which you put some static web resource. sing-box will then serve it at http://{{external-controller}}/ui.

"},{"location":"configuration/experimental/clash-api/#external_ui_download_url","title":"external_ui_download_url","text":"

ZIP download URL for the external UI, will be used if the specified external_ui directory is empty.

https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip will be used if empty.

"},{"location":"configuration/experimental/clash-api/#external_ui_download_detour","title":"external_ui_download_detour","text":"

The tag of the outbound to download the external UI.

Default outbound will be used if empty.

"},{"location":"configuration/experimental/clash-api/#secret","title":"secret","text":"

Secret for the RESTful API (optional) Authenticate by spedifying HTTP header Authorization: Bearer ${secret} ALWAYS set a secret if RESTful API is listening on 0.0.0.0

"},{"location":"configuration/experimental/clash-api/#default_mode","title":"default_mode","text":"

Default mode in clash, Rule will be used if empty.

This setting has no direct effect, but can be used in routing and DNS rules via the clash_mode rule item.

"},{"location":"configuration/experimental/clash-api/#access_control_allow_origin","title":"access_control_allow_origin","text":"

Since sing-box 1.10.0

CORS allowed origins, * will be used if empty.

To access the Clash API on a private network from a public website, you must explicitly specify it in access_control_allow_origin instead of using *.

"},{"location":"configuration/experimental/clash-api/#access_control_allow_private_network","title":"access_control_allow_private_network","text":"

Since sing-box 1.10.0

Allow access from private network.

To access the Clash API on a private network from a public website, access_control_allow_private_network must be enabled.

"},{"location":"configuration/experimental/clash-api/#store_mode","title":"store_mode","text":"

Deprecated in sing-box 1.8.0

store_mode is deprecated in Clash API and enabled by default if cache_file.enabled.

Store Clash mode in cache file.

"},{"location":"configuration/experimental/clash-api/#store_selected","title":"store_selected","text":"

Deprecated in sing-box 1.8.0

store_selected is deprecated in Clash API and enabled by default if cache_file.enabled.

The tag must be set for target outbounds.

Store selected outbound for the Selector outbound in cache file.

"},{"location":"configuration/experimental/clash-api/#store_fakeip","title":"store_fakeip","text":"

Deprecated in sing-box 1.8.0

store_selected is deprecated in Clash API and migrated to cache_file.store_fakeip.

Store fakeip in cache file.

"},{"location":"configuration/experimental/clash-api/#cache_file","title":"cache_file","text":"

Deprecated in sing-box 1.8.0

cache_file is deprecated in Clash API and migrated to cache_file.enabled and cache_file.path.

Cache file path, cache.db will be used if empty.

"},{"location":"configuration/experimental/clash-api/#cache_id","title":"cache_id","text":"

Deprecated in sing-box 1.8.0

cache_id is deprecated in Clash API and migrated to cache_file.cache_id.

Identifier in cache file.

If not empty, configuration specified data will use a separate store keyed by it.

"},{"location":"configuration/experimental/v2ray-api/","title":"V2Ray API","text":"

V2Ray API is not included by default, see Installation.

"},{"location":"configuration/experimental/v2ray-api/#structure","title":"Structure","text":"
{\n  \"listen\": \"127.0.0.1:8080\",\n  \"stats\": {\n    \"enabled\": true,\n    \"inbounds\": [\n      \"socks-in\"\n    ],\n    \"outbounds\": [\n      \"proxy\",\n      \"direct\"\n    ],\n    \"users\": [\n      \"sekai\"\n    ]\n  }\n}\n
"},{"location":"configuration/experimental/v2ray-api/#fields","title":"Fields","text":""},{"location":"configuration/experimental/v2ray-api/#listen","title":"listen","text":"

gRPC API listening address. V2Ray API will be disabled if empty.

"},{"location":"configuration/experimental/v2ray-api/#stats","title":"stats","text":"

Traffic statistics service settings.

"},{"location":"configuration/experimental/v2ray-api/#statsenabled","title":"stats.enabled","text":"

Enable statistics service.

"},{"location":"configuration/experimental/v2ray-api/#statsinbounds","title":"stats.inbounds","text":"

Inbound list to count traffic.

"},{"location":"configuration/experimental/v2ray-api/#statsoutbounds","title":"stats.outbounds","text":"

Outbound list to count traffic.

"},{"location":"configuration/experimental/v2ray-api/#statsusers","title":"stats.users","text":"

User list to count traffic.

"},{"location":"configuration/inbound/","title":"Inbound","text":""},{"location":"configuration/inbound/#structure","title":"Structure","text":"
{\n  \"inbounds\": [\n    {\n      \"type\": \"\",\n      \"tag\": \"\"\n    }\n  ]\n}\n
"},{"location":"configuration/inbound/#fields","title":"Fields","text":"Type Format Injectable direct Direct mixed Mixed TCP socks SOCKS TCP http HTTP TCP shadowsocks Shadowsocks TCP vmess VMess TCP trojan Trojan TCP naive Naive hysteria Hysteria shadowtls ShadowTLS TCP tuic TUIC hysteria2 Hysteria2 vless VLESS TCP tun Tun redirect Redirect tproxy TProxy"},{"location":"configuration/inbound/#tag","title":"tag","text":"

The tag of the inbound.

"},{"location":"configuration/inbound/direct/","title":"Direct","text":"

direct inbound is a tunnel server.

"},{"location":"configuration/inbound/direct/#structure","title":"Structure","text":"
{\n  \"type\": \"direct\",\n  \"tag\": \"direct-in\",\n\n  ... // Listen Fields\n\n  \"network\": \"udp\",\n  \"override_address\": \"1.0.0.1\",\n  \"override_port\": 53\n}\n
"},{"location":"configuration/inbound/direct/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/direct/#fields","title":"Fields","text":""},{"location":"configuration/inbound/direct/#network","title":"network","text":"

Listen network, one of tcp udp.

Both if empty.

"},{"location":"configuration/inbound/direct/#override_address","title":"override_address","text":"

Override the connection destination address.

"},{"location":"configuration/inbound/direct/#override_port","title":"override_port","text":"

Override the connection destination port.

"},{"location":"configuration/inbound/http/","title":"HTTP","text":""},{"location":"configuration/inbound/http/#structure","title":"Structure","text":"
{\n  \"type\": \"http\",\n  \"tag\": \"http-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"username\": \"admin\",\n      \"password\": \"admin\"\n    }\n  ],\n  \"tls\": {},\n  \"set_system_proxy\": false\n}\n
"},{"location":"configuration/inbound/http/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/http/#fields","title":"Fields","text":""},{"location":"configuration/inbound/http/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/inbound/http/#users","title":"users","text":"

HTTP users.

No authentication required if empty.

"},{"location":"configuration/inbound/http/#set_system_proxy","title":"set_system_proxy","text":"

Only supported on Linux, Android, Windows, and macOS.

To work on Android and Apple platforms without privileges, use tun.platform.http_proxy instead.

Automatically set system proxy configuration when start and clean up when stop.

"},{"location":"configuration/inbound/hysteria/","title":"Hysteria","text":""},{"location":"configuration/inbound/hysteria/#structure","title":"Structure","text":"
{\n  \"type\": \"hysteria\",\n  \"tag\": \"hysteria-in\",\n\n  ... // Listen Fields\n\n  \"up\": \"100 Mbps\",\n  \"up_mbps\": 100,\n  \"down\": \"100 Mbps\",\n  \"down_mbps\": 100,\n  \"obfs\": \"fuck me till the daylight\",\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"auth\": \"\",\n      \"auth_str\": \"password\"\n    }\n  ],\n\n  \"recv_window_conn\": 0,\n  \"recv_window_client\": 0,\n  \"max_conn_client\": 0,\n  \"disable_mtu_discovery\": false,\n  \"tls\": {}\n}\n
"},{"location":"configuration/inbound/hysteria/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/hysteria/#fields","title":"Fields","text":""},{"location":"configuration/inbound/hysteria/#up-down","title":"up, down","text":"

Required

Format: [Integer] [Unit] e.g. 100 Mbps, 640 KBps, 2 Gbps

Supported units (case sensitive, b = bits, B = bytes, 8b=1B):

bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n
"},{"location":"configuration/inbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

Required

up, down in Mbps.

"},{"location":"configuration/inbound/hysteria/#obfs","title":"obfs","text":"

Obfuscated password.

"},{"location":"configuration/inbound/hysteria/#users","title":"users","text":"

Hysteria users

"},{"location":"configuration/inbound/hysteria/#usersauth","title":"users.auth","text":"

Authentication password, in base64.

"},{"location":"configuration/inbound/hysteria/#usersauth_str","title":"users.auth_str","text":"

Authentication password.

"},{"location":"configuration/inbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"

The QUIC stream-level flow control window for receiving data.

15728640 (15 MB/s) will be used if empty.

"},{"location":"configuration/inbound/hysteria/#recv_window_client","title":"recv_window_client","text":"

The QUIC connection-level flow control window for receiving data.

67108864 (64 MB/s) will be used if empty.

"},{"location":"configuration/inbound/hysteria/#max_conn_client","title":"max_conn_client","text":"

The maximum number of QUIC concurrent bidirectional streams that a peer is allowed to open.

1024 will be used if empty.

"},{"location":"configuration/inbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"

Disables Path MTU Discovery (RFC 8899). Packets will then be at most 1252 (IPv4) / 1232 (IPv6) bytes in size.

Force enabled on for systems other than Linux and Windows (according to upstream).

"},{"location":"configuration/inbound/hysteria/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/inbound/hysteria2/","title":"Hysteria2","text":"

Changes in sing-box 1.11.0

masquerade

"},{"location":"configuration/inbound/hysteria2/#structure","title":"Structure","text":"
{\n  \"type\": \"hysteria2\",\n  \"tag\": \"hy2-in\",\n\n  ... // Listen Fields\n\n  \"up_mbps\": 100,\n  \"down_mbps\": 100,\n  \"obfs\": {\n    \"type\": \"salamander\",\n    \"password\": \"cry_me_a_r1ver\"\n  },\n  \"users\": [\n    {\n      \"name\": \"tobyxdd\",\n      \"password\": \"goofy_ahh_password\"\n    }\n  ],\n  \"ignore_client_bandwidth\": false,\n  \"tls\": {},\n  \"masquerade\": \"\", // or {}\n  \"brutal_debug\": false\n}\n

Difference from official Hysteria2

The official program supports an authentication method called userpass, which essentially uses a combination of <username>:<password> as the actual password, while sing-box does not provide this alias. To use sing-box with the official program, you need to fill in that combination as the actual password.

"},{"location":"configuration/inbound/hysteria2/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/hysteria2/#fields","title":"Fields","text":""},{"location":"configuration/inbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

Max bandwidth, in Mbps.

Not limited if empty.

Conflict with ignore_client_bandwidth.

"},{"location":"configuration/inbound/hysteria2/#obfstype","title":"obfs.type","text":"

QUIC traffic obfuscator type, only available with salamander.

Disabled if empty.

"},{"location":"configuration/inbound/hysteria2/#obfspassword","title":"obfs.password","text":"

QUIC traffic obfuscator password.

"},{"location":"configuration/inbound/hysteria2/#users","title":"users","text":"

Hysteria2 users

"},{"location":"configuration/inbound/hysteria2/#userspassword","title":"users.password","text":"

Authentication password

"},{"location":"configuration/inbound/hysteria2/#ignore_client_bandwidth","title":"ignore_client_bandwidth","text":"

Commands the client to use the BBR flow control algorithm instead of Hysteria CC.

Conflict with up_mbps and down_mbps.

"},{"location":"configuration/inbound/hysteria2/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/inbound/hysteria2/#masquerade","title":"masquerade","text":"

HTTP3 server behavior (URL string configuration) when authentication fails.

Scheme Example Description file file:///var/www As a file server http/https http://127.0.0.1:8080 As a reverse proxy

Conflict with masquerade.type.

A 404 page will be returned if masquerade is not configured.

"},{"location":"configuration/inbound/hysteria2/#masqueradetype","title":"masquerade.type","text":"

HTTP3 server behavior (Object configuration) when authentication fails.

Type Description Fields file As a file server directory proxy As a reverse proxy url, rewrite_host string Reply with a fixed response status_code, headers, content

Conflict with masquerade.

A 404 page will be returned if masquerade is not configured.

"},{"location":"configuration/inbound/hysteria2/#masqueradedirectory","title":"masquerade.directory","text":"

File server root directory.

"},{"location":"configuration/inbound/hysteria2/#masqueradeurl","title":"masquerade.url","text":"

Reverse proxy target URL.

"},{"location":"configuration/inbound/hysteria2/#masqueraderewrite_host","title":"masquerade.rewrite_host","text":"

Rewrite the Host header to the target URL.

"},{"location":"configuration/inbound/hysteria2/#masqueradestatus_code","title":"masquerade.status_code","text":"

Fixed response status code.

"},{"location":"configuration/inbound/hysteria2/#masqueradeheaders","title":"masquerade.headers","text":"

Fixed response headers.

"},{"location":"configuration/inbound/hysteria2/#masqueradecontent","title":"masquerade.content","text":"

Fixed response content.

"},{"location":"configuration/inbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"

Enable debug information logging for Hysteria Brutal CC.

"},{"location":"configuration/inbound/mixed/","title":"Mixed","text":"

mixed inbound is a socks4, socks4a, socks5 and http server.

"},{"location":"configuration/inbound/mixed/#structure","title":"Structure","text":"
{\n  \"type\": \"mixed\",\n  \"tag\": \"mixed-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"username\": \"admin\",\n      \"password\": \"admin\"\n    }\n  ],\n  \"set_system_proxy\": false\n}\n
"},{"location":"configuration/inbound/mixed/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/mixed/#fields","title":"Fields","text":""},{"location":"configuration/inbound/mixed/#users","title":"users","text":"

SOCKS and HTTP users.

No authentication required if empty.

"},{"location":"configuration/inbound/mixed/#set_system_proxy","title":"set_system_proxy","text":"

Only supported on Linux, Android, Windows, and macOS.

To work on Android and Apple platforms without privileges, use tun.platform.http_proxy instead.

Automatically set system proxy configuration when start and clean up when stop.

"},{"location":"configuration/inbound/naive/","title":"Naive","text":""},{"location":"configuration/inbound/naive/#structure","title":"Structure","text":"
{\n  \"type\": \"naive\",\n  \"tag\": \"naive-in\",\n  \"network\": \"udp\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"username\": \"sekai\",\n      \"password\": \"password\"\n    }\n  ],\n  \"tls\": {}\n}\n
"},{"location":"configuration/inbound/naive/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/naive/#fields","title":"Fields","text":""},{"location":"configuration/inbound/naive/#network","title":"network","text":"

Listen network, one of tcp udp.

Both if empty.

"},{"location":"configuration/inbound/naive/#users","title":"users","text":"

Required

Naive users.

"},{"location":"configuration/inbound/naive/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/inbound/redirect/","title":"Redirect","text":"

Only supported on Linux and macOS.

"},{"location":"configuration/inbound/redirect/#structure","title":"Structure","text":"
{\n  \"type\": \"redirect\",\n  \"tag\": \"redirect-in\",\n\n  ... // Listen Fields\n}\n
"},{"location":"configuration/inbound/redirect/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/shadowsocks/","title":"Shadowsocks","text":""},{"location":"configuration/inbound/shadowsocks/#structure","title":"Structure","text":"
{\n  \"type\": \"shadowsocks\",\n  \"tag\": \"ss-in\",\n\n  ... // Listen Fields\n\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"multiplex\": {}\n}\n
"},{"location":"configuration/inbound/shadowsocks/#multi-user-structure","title":"Multi-User Structure","text":"
{\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n    }\n  ],\n  \"multiplex\": {}\n}\n
"},{"location":"configuration/inbound/shadowsocks/#relay-structure","title":"Relay Structure","text":"
{\n  \"type\": \"shadowsocks\",\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"destinations\": [\n    {\n      \"name\": \"test\",\n      \"server\": \"example.com\",\n      \"server_port\": 8080,\n      \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n    }\n  ],\n  \"multiplex\": {}\n}\n
"},{"location":"configuration/inbound/shadowsocks/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/shadowsocks/#fields","title":"Fields","text":""},{"location":"configuration/inbound/shadowsocks/#network","title":"network","text":"

Listen network, one of tcp udp.

Both if empty.

"},{"location":"configuration/inbound/shadowsocks/#method","title":"method","text":"

Required

Method Key Length 2022-blake3-aes-128-gcm 16 2022-blake3-aes-256-gcm 32 2022-blake3-chacha20-poly1305 32 none / aes-128-gcm / aes-192-gcm / aes-256-gcm / chacha20-ietf-poly1305 / xchacha20-ietf-poly1305 /"},{"location":"configuration/inbound/shadowsocks/#password","title":"password","text":"

Required

Method Password Format none / 2022 methods sing-box generate rand --base64 <Key Length> other methods any string"},{"location":"configuration/inbound/shadowsocks/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/inbound/shadowtls/","title":"ShadowTLS","text":""},{"location":"configuration/inbound/shadowtls/#structure","title":"Structure","text":"
{\n  \"type\": \"shadowtls\",\n  \"tag\": \"st-in\",\n\n  ... // Listen Fields\n\n  \"version\": 3,\n  \"password\": \"fuck me till the daylight\",\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n    }\n  ],\n  \"handshake\": {\n    \"server\": \"google.com\",\n    \"server_port\": 443,\n\n    ... // Dial Fields\n  },\n  \"handshake_for_server_name\": {\n    \"example.com\": {\n      \"server\": \"example.com\",\n      \"server_port\": 443,\n\n      ... // Dial Fields\n    }\n  },\n  \"strict_mode\": false\n}\n
"},{"location":"configuration/inbound/shadowtls/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/shadowtls/#fields","title":"Fields","text":""},{"location":"configuration/inbound/shadowtls/#version","title":"version","text":"

ShadowTLS protocol version.

Value Protocol Version 1 (default) ShadowTLS v1 2 ShadowTLS v2 3 ShadowTLS v3"},{"location":"configuration/inbound/shadowtls/#password","title":"password","text":"

ShadowTLS password.

Only available in the ShadowTLS protocol 2.

"},{"location":"configuration/inbound/shadowtls/#users","title":"users","text":"

ShadowTLS users.

Only available in the ShadowTLS protocol 3.

"},{"location":"configuration/inbound/shadowtls/#handshake","title":"handshake","text":"

Required

Handshake server address and Dial Fields.

"},{"location":"configuration/inbound/shadowtls/#handshake_for_server_name","title":"handshake_for_server_name","text":"

Handshake server address and Dial Fields for specific server name.

Only available in the ShadowTLS protocol 2/3.

"},{"location":"configuration/inbound/shadowtls/#strict_mode","title":"strict_mode","text":"

ShadowTLS strict mode.

Only available in the ShadowTLS protocol 3.

"},{"location":"configuration/inbound/socks/","title":"SOCKS","text":"

socks inbound is a socks4, socks4a, socks5 server.

"},{"location":"configuration/inbound/socks/#structure","title":"Structure","text":"
{\n  \"type\": \"socks\",\n  \"tag\": \"socks-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"username\": \"admin\",\n      \"password\": \"admin\"\n    }\n  ]\n}\n
"},{"location":"configuration/inbound/socks/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/socks/#fields","title":"Fields","text":""},{"location":"configuration/inbound/socks/#users","title":"users","text":"

SOCKS users.

No authentication required if empty.

"},{"location":"configuration/inbound/tproxy/","title":"TProxy","text":"

Only supported on Linux.

"},{"location":"configuration/inbound/tproxy/#structure","title":"Structure","text":"
{\n  \"type\": \"tproxy\",\n  \"tag\": \"tproxy-in\",\n\n  ... // Listen Fields\n\n  \"network\": \"udp\"\n}\n
"},{"location":"configuration/inbound/tproxy/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/tproxy/#fields","title":"Fields","text":""},{"location":"configuration/inbound/tproxy/#network","title":"network","text":"

Listen network, one of tcp udp.

Both if empty.

"},{"location":"configuration/inbound/trojan/","title":"Trojan","text":""},{"location":"configuration/inbound/trojan/#structure","title":"Structure","text":"
{\n  \"type\": \"trojan\",\n  \"tag\": \"trojan-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n    }\n  ],\n  \"tls\": {},\n  \"fallback\": {\n    \"server\": \"127.0.0.1\",\n    \"server_port\": 8080\n  },\n  \"fallback_for_alpn\": {\n    \"http/1.1\": {\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8081\n    }\n  },\n  \"multiplex\": {},\n  \"transport\": {}\n}\n
"},{"location":"configuration/inbound/trojan/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/trojan/#fields","title":"Fields","text":""},{"location":"configuration/inbound/trojan/#users","title":"users","text":"

Required

Trojan users.

"},{"location":"configuration/inbound/trojan/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/inbound/trojan/#fallback","title":"fallback","text":"

There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature.

Fallback server configuration. Disabled if fallback and fallback_for_alpn are empty.

"},{"location":"configuration/inbound/trojan/#fallback_for_alpn","title":"fallback_for_alpn","text":"

Fallback server configuration for specified ALPN.

If not empty, TLS fallback requests with ALPN not in this table will be rejected.

"},{"location":"configuration/inbound/trojan/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/inbound/trojan/#transport","title":"transport","text":"

V2Ray Transport configuration, see V2Ray Transport.

"},{"location":"configuration/inbound/tuic/","title":"TUIC","text":""},{"location":"configuration/inbound/tuic/#structure","title":"Structure","text":"
{\n  \"type\": \"tuic\",\n  \"tag\": \"tuic-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"uuid\": \"059032A9-7D40-4A96-9BB1-36823D848068\",\n      \"password\": \"hello\"\n    }\n  ],\n  \"congestion_control\": \"cubic\",\n  \"auth_timeout\": \"3s\",\n  \"zero_rtt_handshake\": false,\n  \"heartbeat\": \"10s\",\n  \"tls\": {}\n}\n
"},{"location":"configuration/inbound/tuic/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/tuic/#fields","title":"Fields","text":""},{"location":"configuration/inbound/tuic/#users","title":"users","text":"

TUIC users

"},{"location":"configuration/inbound/tuic/#usersuuid","title":"users.uuid","text":"

Required

TUIC user uuid

"},{"location":"configuration/inbound/tuic/#userspassword","title":"users.password","text":"

TUIC user password

"},{"location":"configuration/inbound/tuic/#congestion_control","title":"congestion_control","text":"

QUIC congestion control algorithm

One of: cubic, new_reno, bbr

cubic is used by default.

"},{"location":"configuration/inbound/tuic/#auth_timeout","title":"auth_timeout","text":"

How long the server should wait for the client to send the authentication command

3s is used by default.

"},{"location":"configuration/inbound/tuic/#zero_rtt_handshake","title":"zero_rtt_handshake","text":"

Enable 0-RTT QUIC connection handshake on the client side This is not impacting much on the performance, as the protocol is fully multiplexed

Disabling this is highly recommended, as it is vulnerable to replay attacks. See Attack of the clones

"},{"location":"configuration/inbound/tuic/#heartbeat","title":"heartbeat","text":"

Interval for sending heartbeat packets for keeping the connection alive

10s is used by default.

"},{"location":"configuration/inbound/tuic/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/inbound/tun/","title":"Tun","text":"

Changes in sing-box 1.11.0

gso

Changes in sing-box 1.10.0

address inet4_address inet6_address route_address inet4_route_address inet6_route_address route_exclude_address inet4_route_exclude_address inet6_route_exclude_address iproute2_table_index iproute2_rule_index auto_redirect auto_redirect_input_mark auto_redirect_output_mark route_address_set route_exclude_address_set

Changes in sing-box 1.9.0

platform.http_proxy.bypass_domain platform.http_proxy.match_domain

Changes in sing-box 1.8.0

gso stack

Only supported on Linux, Windows and macOS.

"},{"location":"configuration/inbound/tun/#structure","title":"Structure","text":"
{\n  \"type\": \"tun\",\n  \"tag\": \"tun-in\",\n  \"interface_name\": \"tun0\",\n  \"address\": [\n    \"172.18.0.1/30\",\n    \"fdfe:dcba:9876::1/126\"\n  ],\n  \"mtu\": 9000,\n  \"auto_route\": true,\n  \"iproute2_table_index\": 2022,\n  \"iproute2_rule_index\": 9000,\n  \"auto_redirect\": false,\n  \"auto_redirect_input_mark\": \"0x2023\",\n  \"auto_redirect_output_mark\": \"0x2024\",\n  \"strict_route\": true,\n  \"route_address\": [\n    \"0.0.0.0/1\",\n    \"128.0.0.0/1\",\n    \"::/1\",\n    \"8000::/1\"\n  ],\n\n  \"route_exclude_address\": [\n    \"192.168.0.0/16\",\n    \"fc00::/7\"\n  ],\n  \"route_address_set\": [\n    \"geoip-cloudflare\"\n  ],\n  \"route_exclude_address_set\": [\n    \"geoip-cn\"\n  ],\n  \"endpoint_independent_nat\": false,\n  \"udp_timeout\": \"5m\",\n  \"stack\": \"system\",\n  \"include_interface\": [\n    \"lan0\"\n  ],\n  \"exclude_interface\": [\n    \"lan1\"\n  ],\n  \"include_uid\": [\n    0\n  ],\n  \"include_uid_range\": [\n    \"1000-99999\"\n  ],\n  \"exclude_uid\": [\n    1000\n  ],\n  \"exclude_uid_range\": [\n    \"1000-99999\"\n  ],\n  \"include_android_user\": [\n    0,\n    10\n  ],\n  \"include_package\": [\n    \"com.android.chrome\"\n  ],\n  \"exclude_package\": [\n    \"com.android.captiveportallogin\"\n  ],\n  \"platform\": {\n    \"http_proxy\": {\n      \"enabled\": false,\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"bypass_domain\": [],\n      \"match_domain\": []\n    }\n  },\n\n  // Deprecated\n  \"gso\": false,\n  \"inet4_address\": [\n    \"172.19.0.1/30\"\n  ],\n  \"inet6_address\": [\n    \"fdfe:dcba:9876::1/126\"\n  ],\n  \"inet4_route_address\": [\n    \"0.0.0.0/1\",\n    \"128.0.0.0/1\"\n  ],\n  \"inet6_route_address\": [\n    \"::/1\",\n    \"8000::/1\"\n  ],\n  \"inet4_route_exclude_address\": [\n    \"192.168.0.0/16\"\n  ],\n  \"inet6_route_exclude_address\": [\n    \"fc00::/7\"\n  ],\n\n  ... // Listen Fields\n}\n

You can ignore the JSON Array [] tag when the content is only one item

If tun is running in non-privileged mode, addresses and MTU will not be configured automatically, please make sure the settings are accurate.

"},{"location":"configuration/inbound/tun/#fields","title":"Fields","text":""},{"location":"configuration/inbound/tun/#interface_name","title":"interface_name","text":"

Virtual device name, automatically selected if empty.

"},{"location":"configuration/inbound/tun/#address","title":"address","text":"

Since sing-box 1.10.0

IPv4 and IPv6 prefix for the tun interface.

"},{"location":"configuration/inbound/tun/#inet4_address","title":"inet4_address","text":"

Deprecated in sing-box 1.10.0

inet4_address is merged to address and will be removed in sing-box 1.12.0.

IPv4 prefix for the tun interface.

"},{"location":"configuration/inbound/tun/#inet6_address","title":"inet6_address","text":"

Deprecated in sing-box 1.10.0

inet6_address is merged to address and will be removed in sing-box 1.12.0.

IPv6 prefix for the tun interface.

"},{"location":"configuration/inbound/tun/#mtu","title":"mtu","text":"

The maximum transmission unit.

"},{"location":"configuration/inbound/tun/#gso","title":"gso","text":"

Deprecated in sing-box 1.11.0

GSO has no advantages for transparent proxy scenarios, is deprecated and no longer works, and will be removed in sing-box 1.12.0.

Since sing-box 1.8.0

Only supported on Linux with auto_route enabled.

Enable generic segmentation offload.

"},{"location":"configuration/inbound/tun/#auto_route","title":"auto_route","text":"

Set the default route to the Tun.

To avoid traffic loopback, set route.auto_detect_interface or route.default_interface or outbound.bind_interface

Use with Android VPN

By default, VPN takes precedence over tun. To make tun go through VPN, enable route.override_android_vpn.

"},{"location":"configuration/inbound/tun/#iproute2_table_index","title":"iproute2_table_index","text":"

Since sing-box 1.10.0

Linux iproute2 table index generated by auto_route.

2022 is used by default.

"},{"location":"configuration/inbound/tun/#iproute2_rule_index","title":"iproute2_rule_index","text":"

Since sing-box 1.10.0

Linux iproute2 rule start index generated by auto_route.

9000 is used by default.

"},{"location":"configuration/inbound/tun/#auto_redirect","title":"auto_redirect","text":"

Since sing-box 1.10.0

Only supported on Linux with auto_route enabled.

Automatically configure iptables/nftables to redirect connections.

In Android\uff1a

Only local IPv4 connections are forwarded. To share your VPN connection over hotspot or repeater, use VPNHotspot.

In Linux:

auto_route with auto_redirect works as expected on routers without intervention.

"},{"location":"configuration/inbound/tun/#auto_redirect_input_mark","title":"auto_redirect_input_mark","text":"

Since sing-box 1.10.0

Connection input mark used by route_address_set and route_exclude_address_set.

0x2023 is used by default.

"},{"location":"configuration/inbound/tun/#auto_redirect_output_mark","title":"auto_redirect_output_mark","text":"

Since sing-box 1.10.0

Connection output mark used by route_address_set and route_exclude_address_set.

0x2024 is used by default.

"},{"location":"configuration/inbound/tun/#strict_route","title":"strict_route","text":"

Enforce strict routing rules when auto_route is enabled:

In Linux:

It prevents IP address leaks and makes DNS hijacking work on Android.

In Windows:

It may prevent some applications (such as VirtualBox) from working properly in certain situations.

"},{"location":"configuration/inbound/tun/#route_address","title":"route_address","text":"

Since sing-box 1.10.0

Use custom routes instead of default when auto_route is enabled.

"},{"location":"configuration/inbound/tun/#inet4_route_address","title":"inet4_route_address","text":"

Deprecated in sing-box 1.10.0

inet4_route_address is deprecated and will be removed in sing-box 1.12.0, please use route_address instead.

Use custom routes instead of default when auto_route is enabled.

"},{"location":"configuration/inbound/tun/#inet6_route_address","title":"inet6_route_address","text":"

Deprecated in sing-box 1.10.0

inet6_route_address is deprecated and will be removed in sing-box 1.12.0, please use route_address instead.

Use custom routes instead of default when auto_route is enabled.

"},{"location":"configuration/inbound/tun/#route_exclude_address","title":"route_exclude_address","text":"

Since sing-box 1.10.0

Exclude custom routes when auto_route is enabled.

"},{"location":"configuration/inbound/tun/#inet4_route_exclude_address","title":"inet4_route_exclude_address","text":"

Deprecated in sing-box 1.10.0

inet4_route_exclude_address is deprecated and will be removed in sing-box 1.12.0, please use route_exclude_address instead.

Exclude custom routes when auto_route is enabled.

"},{"location":"configuration/inbound/tun/#inet6_route_exclude_address","title":"inet6_route_exclude_address","text":"

Deprecated in sing-box 1.10.0

inet6_route_exclude_address is deprecated and will be removed in sing-box 1.12.0, please use route_exclude_address instead.

Exclude custom routes when auto_route is enabled.

"},{"location":"configuration/inbound/tun/#route_address_set","title":"route_address_set","text":"

Since sing-box 1.10.0

Only supported on Linux with nftables and requires auto_route and auto_redirect enabled.

Add the destination IP CIDR rules in the specified rule-sets to the firewall. Unmatched traffic will bypass the sing-box routes.

Conflict with route.default_mark and [dialOptions].routing_mark.

"},{"location":"configuration/inbound/tun/#route_exclude_address_set","title":"route_exclude_address_set","text":"

Since sing-box 1.10.0

Only supported on Linux with nftables and requires auto_route and auto_redirect enabled.

Add the destination IP CIDR rules in the specified rule-sets to the firewall. Matched traffic will bypass the sing-box routes.

Conflict with route.default_mark and [dialOptions].routing_mark.

"},{"location":"configuration/inbound/tun/#endpoint_independent_nat","title":"endpoint_independent_nat","text":"

This item is only available on the gvisor stack, other stacks are endpoint-independent NAT by default.

Enable endpoint-independent NAT.

Performance may degrade slightly, so it is not recommended to enable on when it is not needed.

"},{"location":"configuration/inbound/tun/#udp_timeout","title":"udp_timeout","text":"

UDP NAT expiration time.

5m will be used by default.

"},{"location":"configuration/inbound/tun/#stack","title":"stack","text":"

Changes in sing-box 1.8.0

The legacy LWIP stack has been deprecated and removed.

TCP/IP stack.

Stack Description system Perform L3 to L4 translation using the system network stack gvisor Perform L3 to L4 translation using gVisor's virtual network stack mixed Mixed system TCP stack and gvisor UDP stack

Defaults to the mixed stack if the gVisor build tag is enabled, otherwise defaults to the system stack.

"},{"location":"configuration/inbound/tun/#include_interface","title":"include_interface","text":"

Interface rules are only supported on Linux and require auto_route.

Limit interfaces in route. Not limited by default.

Conflict with exclude_interface.

"},{"location":"configuration/inbound/tun/#exclude_interface","title":"exclude_interface","text":"

When strict_route enabled, return traffic to excluded interfaces will not be automatically excluded, so add them as well (example: br-lan and pppoe-wan).

Exclude interfaces in route.

Conflict with include_interface.

"},{"location":"configuration/inbound/tun/#include_uid","title":"include_uid","text":"

UID rules are only supported on Linux and require auto_route.

Limit users in route. Not limited by default.

"},{"location":"configuration/inbound/tun/#include_uid_range","title":"include_uid_range","text":"

Limit users in route, but in range.

"},{"location":"configuration/inbound/tun/#exclude_uid","title":"exclude_uid","text":"

Exclude users in route.

"},{"location":"configuration/inbound/tun/#exclude_uid_range","title":"exclude_uid_range","text":"

Exclude users in route, but in range.

"},{"location":"configuration/inbound/tun/#include_android_user","title":"include_android_user","text":"

Android user and package rules are only supported on Android and require auto_route.

Limit android users in route.

Common user ID Main 0 Work Profile 10"},{"location":"configuration/inbound/tun/#include_package","title":"include_package","text":"

Limit android packages in route.

"},{"location":"configuration/inbound/tun/#exclude_package","title":"exclude_package","text":"

Exclude android packages in route.

"},{"location":"configuration/inbound/tun/#platform","title":"platform","text":"

Platform-specific settings, provided by client applications.

"},{"location":"configuration/inbound/tun/#platformhttp_proxy","title":"platform.http_proxy","text":"

System HTTP proxy settings.

"},{"location":"configuration/inbound/tun/#platformhttp_proxyenabled","title":"platform.http_proxy.enabled","text":"

Enable system HTTP proxy.

"},{"location":"configuration/inbound/tun/#platformhttp_proxyserver","title":"platform.http_proxy.server","text":"

Required

HTTP proxy server address.

"},{"location":"configuration/inbound/tun/#platformhttp_proxyserver_port","title":"platform.http_proxy.server_port","text":"

Required

HTTP proxy server port.

"},{"location":"configuration/inbound/tun/#platformhttp_proxybypass_domain","title":"platform.http_proxy.bypass_domain","text":"

On Apple platforms, bypass_domain items matches hostname suffixes.

Hostnames that bypass the HTTP proxy.

"},{"location":"configuration/inbound/tun/#platformhttp_proxymatch_domain","title":"platform.http_proxy.match_domain","text":"

Only supported in graphical clients on Apple platforms.

Hostnames that use the HTTP proxy.

"},{"location":"configuration/inbound/tun/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/vless/","title":"VLESS","text":""},{"location":"configuration/inbound/vless/#structure","title":"Structure","text":"
{\n  \"type\": \"vless\",\n  \"tag\": \"vless-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n      \"flow\": \"\"\n    }\n  ],\n  \"tls\": {},\n  \"multiplex\": {},\n  \"transport\": {}\n}\n
"},{"location":"configuration/inbound/vless/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/vless/#fields","title":"Fields","text":""},{"location":"configuration/inbound/vless/#users","title":"users","text":"

Required

VLESS users.

"},{"location":"configuration/inbound/vless/#usersuuid","title":"users.uuid","text":"

Required

VLESS user id.

"},{"location":"configuration/inbound/vless/#usersflow","title":"users.flow","text":"

VLESS Sub-protocol.

Available values:

"},{"location":"configuration/inbound/vless/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/inbound/vless/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/inbound/vless/#transport","title":"transport","text":"

V2Ray Transport configuration, see V2Ray Transport.

"},{"location":"configuration/inbound/vmess/","title":"VMess","text":""},{"location":"configuration/inbound/vmess/#structure","title":"Structure","text":"
{\n  \"type\": \"vmess\",\n  \"tag\": \"vmess-in\",\n\n  ... // Listen Fields\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n      \"alterId\": 0\n    }\n  ],\n  \"tls\": {},\n  \"multiplex\": {},\n  \"transport\": {}\n}\n
"},{"location":"configuration/inbound/vmess/#listen-fields","title":"Listen Fields","text":"

See Listen Fields for details.

"},{"location":"configuration/inbound/vmess/#fields","title":"Fields","text":""},{"location":"configuration/inbound/vmess/#users","title":"users","text":"

Required

VMess users.

Alter ID Description 0 Disable legacy protocol > 0 Enable legacy protocol

Legacy protocol support (VMess MD5 Authentication) is provided for compatibility purposes only, use of alterId > 1 is not recommended.

"},{"location":"configuration/inbound/vmess/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/inbound/vmess/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/inbound/vmess/#transport","title":"transport","text":"

V2Ray Transport configuration, see V2Ray Transport.

"},{"location":"configuration/log/","title":"Log","text":""},{"location":"configuration/log/#structure","title":"Structure","text":"
{\n  \"log\": {\n    \"disabled\": false,\n    \"level\": \"info\",\n    \"output\": \"box.log\",\n    \"timestamp\": true\n  }\n}\n
"},{"location":"configuration/log/#fields","title":"Fields","text":""},{"location":"configuration/log/#disabled","title":"disabled","text":"

Disable logging, no output after start.

"},{"location":"configuration/log/#level","title":"level","text":"

Log level. One of: trace debug info warn error fatal panic.

"},{"location":"configuration/log/#output","title":"output","text":"

Output file path. Will not write log to console after enable.

"},{"location":"configuration/log/#timestamp","title":"timestamp","text":"

Add time to each line.

"},{"location":"configuration/ntp/","title":"NTP","text":"

Built-in NTP client service.

If enabled, it will provide time for protocols like TLS/Shadowsocks/VMess, which is useful for environments where time synchronization is not possible.

"},{"location":"configuration/ntp/#structure","title":"Structure","text":"
{\n  \"ntp\": {\n    \"enabled\": false,\n    \"server\": \"time.apple.com\",\n    \"server_port\": 123,\n    \"interval\": \"30m\",\n\n    ... // Dial Fields\n  }\n}\n
"},{"location":"configuration/ntp/#fields","title":"Fields","text":""},{"location":"configuration/ntp/#enabled","title":"enabled","text":"

Enable NTP service.

"},{"location":"configuration/ntp/#server","title":"server","text":"

Required

NTP server address.

"},{"location":"configuration/ntp/#server_port","title":"server_port","text":"

NTP server port.

123 is used by default.

"},{"location":"configuration/ntp/#interval","title":"interval","text":"

Time synchronization interval.

30 minutes is used by default.

"},{"location":"configuration/ntp/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/","title":"Outbound","text":""},{"location":"configuration/outbound/#structure","title":"Structure","text":"
{\n  \"outbounds\": [\n    {\n      \"type\": \"\",\n      \"tag\": \"\"\n    }\n  ]\n}\n
"},{"location":"configuration/outbound/#fields","title":"Fields","text":"Type Format direct Direct block Block socks SOCKS http HTTP shadowsocks Shadowsocks vmess VMess trojan Trojan wireguard Wireguard hysteria Hysteria vless VLESS shadowtls ShadowTLS tuic TUIC hysteria2 Hysteria2 tor Tor ssh SSH dns DNS selector Selector urltest URLTest"},{"location":"configuration/outbound/#tag","title":"tag","text":"

The tag of the outbound.

"},{"location":"configuration/outbound/#features","title":"Features","text":""},{"location":"configuration/outbound/#outbounds-that-support-ip-connection","title":"Outbounds that support IP connection","text":""},{"location":"configuration/outbound/block/","title":"Block","text":"

Deprecated in sing-box 1.11.0

Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check Migration.

"},{"location":"configuration/outbound/block/#structure","title":"Structure","text":"

json F { \"type\": \"block\", \"tag\": \"block\" }

"},{"location":"configuration/outbound/block/#fields","title":"Fields","text":"

No fields.

"},{"location":"configuration/outbound/direct/","title":"Direct","text":"

Changes in sing-box 1.11.0

override_address override_port

direct outbound send requests directly.

"},{"location":"configuration/outbound/direct/#structure","title":"Structure","text":"
{\n  \"type\": \"direct\",\n  \"tag\": \"direct-out\",\n\n  \"override_address\": \"1.0.0.1\",\n  \"override_port\": 53,\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/direct/#fields","title":"Fields","text":""},{"location":"configuration/outbound/direct/#override_address","title":"override_address","text":"

Deprecated in sing-box 1.11.0

Destination override fields are deprecated in sing-box 1.11.0 and will be removed in sing-box 1.13.0, see Migration.

Override the connection destination address.

"},{"location":"configuration/outbound/direct/#override_port","title":"override_port","text":"

Deprecated in sing-box 1.11.0

Destination override fields are deprecated in sing-box 1.11.0 and will be removed in sing-box 1.13.0, see Migration.

Override the connection destination port.

Protocol value can be 1 or 2.

"},{"location":"configuration/outbound/direct/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/dns/","title":"DNS","text":"

Deprecated in sing-box 1.11.0

Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check Migration.

dns outbound is a internal DNS server.

"},{"location":"configuration/outbound/dns/#structure","title":"Structure","text":"
{\n  \"type\": \"dns\",\n  \"tag\": \"dns-out\"\n}\n

There are no outbound connections by the DNS outbound, all requests are handled internally.

"},{"location":"configuration/outbound/dns/#fields","title":"Fields","text":"

No fields.

"},{"location":"configuration/outbound/http/","title":"HTTP","text":"

http outbound is a HTTP CONNECT proxy client.

"},{"location":"configuration/outbound/http/#structure","title":"Structure","text":"
{\n  \"type\": \"http\",\n  \"tag\": \"http-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"username\": \"sekai\",\n  \"password\": \"admin\",\n  \"path\": \"\",\n  \"headers\": {},\n  \"tls\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/http/#fields","title":"Fields","text":""},{"location":"configuration/outbound/http/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/http/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/http/#username","title":"username","text":"

Basic authorization username.

"},{"location":"configuration/outbound/http/#password","title":"password","text":"

Basic authorization password.

"},{"location":"configuration/outbound/http/#path","title":"path","text":"

Path of HTTP request.

"},{"location":"configuration/outbound/http/#headers","title":"headers","text":"

Extra headers of HTTP request.

"},{"location":"configuration/outbound/http/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/outbound/http/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/hysteria/","title":"Hysteria","text":""},{"location":"configuration/outbound/hysteria/#structure","title":"Structure","text":"
{\n  \"type\": \"hysteria\",\n  \"tag\": \"hysteria-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"up\": \"100 Mbps\",\n  \"up_mbps\": 100,\n  \"down\": \"100 Mbps\",\n  \"down_mbps\": 100,\n  \"obfs\": \"fuck me till the daylight\",\n  \"auth\": \"\",\n  \"auth_str\": \"password\",\n  \"recv_window_conn\": 0,\n  \"recv_window\": 0,\n  \"disable_mtu_discovery\": false,\n  \"network\": \"tcp\",\n  \"tls\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/hysteria/#fields","title":"Fields","text":""},{"location":"configuration/outbound/hysteria/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/hysteria/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/hysteria/#up-down","title":"up, down","text":"

Required

Format: [Integer] [Unit] e.g. 100 Mbps, 640 KBps, 2 Gbps

Supported units (case sensitive, b = bits, B = bytes, 8b=1B):

bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n
"},{"location":"configuration/outbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

Required

up, down in Mbps.

"},{"location":"configuration/outbound/hysteria/#obfs","title":"obfs","text":"

Obfuscated password.

"},{"location":"configuration/outbound/hysteria/#auth","title":"auth","text":"

Authentication password, in base64.

"},{"location":"configuration/outbound/hysteria/#auth_str","title":"auth_str","text":"

Authentication password.

"},{"location":"configuration/outbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"

The QUIC stream-level flow control window for receiving data.

15728640 (15 MB/s) will be used if empty.

"},{"location":"configuration/outbound/hysteria/#recv_window","title":"recv_window","text":"

The QUIC connection-level flow control window for receiving data.

67108864 (64 MB/s) will be used if empty.

"},{"location":"configuration/outbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"

Disables Path MTU Discovery (RFC 8899). Packets will then be at most 1252 (IPv4) / 1232 (IPv6) bytes in size.

Force enabled on for systems other than Linux and Windows (according to upstream).

"},{"location":"configuration/outbound/hysteria/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/hysteria/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/outbound/hysteria/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/hysteria2/","title":"Hysteria2","text":""},{"location":"configuration/outbound/hysteria2/#structure","title":"Structure","text":"
{\n  \"type\": \"hysteria2\",\n  \"tag\": \"hy2-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"up_mbps\": 100,\n  \"down_mbps\": 100,\n  \"obfs\": {\n    \"type\": \"salamander\",\n    \"password\": \"cry_me_a_r1ver\"\n  },\n  \"password\": \"goofy_ahh_password\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"brutal_debug\": false,\n\n  ... // Dial Fields\n}\n

Difference from official Hysteria2

The official Hysteria2 supports an authentication method called userpass, which essentially uses a combination of <username>:<password> as the actual password, while sing-box does not provide this alias. If you are planning to use sing-box with the official program, please note that you will need to fill the combination as the password.

"},{"location":"configuration/outbound/hysteria2/#fields","title":"Fields","text":""},{"location":"configuration/outbound/hysteria2/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/hysteria2/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

Max bandwidth, in Mbps.

If empty, the BBR congestion control algorithm will be used instead of Hysteria CC.

"},{"location":"configuration/outbound/hysteria2/#obfstype","title":"obfs.type","text":"

QUIC traffic obfuscator type, only available with salamander.

Disabled if empty.

"},{"location":"configuration/outbound/hysteria2/#obfspassword","title":"obfs.password","text":"

QUIC traffic obfuscator password.

"},{"location":"configuration/outbound/hysteria2/#password","title":"password","text":"

Authentication password.

"},{"location":"configuration/outbound/hysteria2/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/hysteria2/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/outbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"

Enable debug information logging for Hysteria Brutal CC.

"},{"location":"configuration/outbound/hysteria2/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/selector/","title":"Selector","text":""},{"location":"configuration/outbound/selector/#structure","title":"Structure","text":"
{\n  \"type\": \"selector\",\n  \"tag\": \"select\",\n\n  \"outbounds\": [\n    \"proxy-a\",\n    \"proxy-b\",\n    \"proxy-c\"\n  ],\n  \"default\": \"proxy-c\",\n  \"interrupt_exist_connections\": false\n}\n

The selector can only be controlled through the Clash API currently.

"},{"location":"configuration/outbound/selector/#fields","title":"Fields","text":""},{"location":"configuration/outbound/selector/#outbounds","title":"outbounds","text":"

Required

List of outbound tags to select.

"},{"location":"configuration/outbound/selector/#default","title":"default","text":"

The default outbound tag. The first outbound will be used if empty.

"},{"location":"configuration/outbound/selector/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"

Interrupt existing connections when the selected outbound has changed.

Only inbound connections are affected by this setting, internal connections will always be interrupted.

"},{"location":"configuration/outbound/shadowsocks/","title":"Shadowsocks","text":""},{"location":"configuration/outbound/shadowsocks/#structure","title":"Structure","text":"
{\n  \"type\": \"shadowsocks\",\n  \"tag\": \"ss-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"plugin\": \"\",\n  \"plugin_opts\": \"\",\n  \"network\": \"udp\",\n  \"udp_over_tcp\": false | {},\n  \"multiplex\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/shadowsocks/#fields","title":"Fields","text":""},{"location":"configuration/outbound/shadowsocks/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/shadowsocks/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/shadowsocks/#method","title":"method","text":"

Required

Encryption methods:

Legacy encryption methods:

"},{"location":"configuration/outbound/shadowsocks/#password","title":"password","text":"

Required

The shadowsocks password.

"},{"location":"configuration/outbound/shadowsocks/#plugin","title":"plugin","text":"

Shadowsocks SIP003 plugin, implemented in internal.

Only obfs-local and v2ray-plugin are supported.

"},{"location":"configuration/outbound/shadowsocks/#plugin_opts","title":"plugin_opts","text":"

Shadowsocks SIP003 plugin options.

"},{"location":"configuration/outbound/shadowsocks/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/shadowsocks/#udp_over_tcp","title":"udp_over_tcp","text":"

UDP over TCP configuration.

See UDP Over TCP for details.

Conflict with multiplex.

"},{"location":"configuration/outbound/shadowsocks/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/outbound/shadowsocks/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/shadowtls/","title":"ShadowTLS","text":""},{"location":"configuration/outbound/shadowtls/#structure","title":"Structure","text":"
{\n  \"type\": \"shadowtls\",\n  \"tag\": \"st-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"version\": 3,\n  \"password\": \"fuck me till the daylight\",\n  \"tls\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/shadowtls/#fields","title":"Fields","text":""},{"location":"configuration/outbound/shadowtls/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/shadowtls/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/shadowtls/#version","title":"version","text":"

ShadowTLS protocol version.

Value Protocol Version 1 (default) ShadowTLS v1 2 ShadowTLS v2 3 ShadowTLS v3"},{"location":"configuration/outbound/shadowtls/#password","title":"password","text":"

Set password.

Only available in the ShadowTLS v2/v3 protocol.

"},{"location":"configuration/outbound/shadowtls/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/outbound/shadowtls/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/socks/","title":"SOCKS","text":"

socks outbound is a socks4/socks4a/socks5 client.

"},{"location":"configuration/outbound/socks/#structure","title":"Structure","text":"
{\n  \"type\": \"socks\",\n  \"tag\": \"socks-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"version\": \"5\",\n  \"username\": \"sekai\",\n  \"password\": \"admin\",\n  \"network\": \"udp\",\n  \"udp_over_tcp\": false | {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/socks/#fields","title":"Fields","text":""},{"location":"configuration/outbound/socks/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/socks/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/socks/#version","title":"version","text":"

The SOCKS version, one of 4 4a 5.

SOCKS5 used by default.

"},{"location":"configuration/outbound/socks/#username","title":"username","text":"

SOCKS username.

"},{"location":"configuration/outbound/socks/#password","title":"password","text":"

SOCKS5 password.

"},{"location":"configuration/outbound/socks/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/socks/#udp_over_tcp","title":"udp_over_tcp","text":"

UDP over TCP protocol settings.

See UDP Over TCP for details.

"},{"location":"configuration/outbound/socks/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/ssh/","title":"SSH","text":""},{"location":"configuration/outbound/ssh/#structure","title":"Structure","text":"
{\n  \"type\": \"ssh\",\n  \"tag\": \"ssh-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 22,\n  \"user\": \"root\",\n  \"password\": \"admin\",\n  \"private_key\": \"\",\n  \"private_key_path\": \"$HOME/.ssh/id_rsa\",\n  \"private_key_passphrase\": \"\",\n  \"host_key\": [\n    \"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH...\"\n  ],\n  \"host_key_algorithms\": [],\n  \"client_version\": \"SSH-2.0-OpenSSH_7.4p1\",\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/ssh/#fields","title":"Fields","text":""},{"location":"configuration/outbound/ssh/#server","title":"server","text":"

Required

Server address.

"},{"location":"configuration/outbound/ssh/#server_port","title":"server_port","text":"

Server port. 22 will be used if empty.

"},{"location":"configuration/outbound/ssh/#user","title":"user","text":"

SSH user, root will be used if empty.

"},{"location":"configuration/outbound/ssh/#password","title":"password","text":"

Password.

"},{"location":"configuration/outbound/ssh/#private_key","title":"private_key","text":"

Private key.

"},{"location":"configuration/outbound/ssh/#private_key_path","title":"private_key_path","text":"

Private key path.

"},{"location":"configuration/outbound/ssh/#private_key_passphrase","title":"private_key_passphrase","text":"

Private key passphrase.

"},{"location":"configuration/outbound/ssh/#host_key","title":"host_key","text":"

Host key. Accept any if empty.

"},{"location":"configuration/outbound/ssh/#host_key_algorithms","title":"host_key_algorithms","text":"

Host key algorithms.

"},{"location":"configuration/outbound/ssh/#client_version","title":"client_version","text":"

Client version. Random version will be used if empty.

"},{"location":"configuration/outbound/ssh/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/tor/","title":"Tor","text":""},{"location":"configuration/outbound/tor/#structure","title":"Structure","text":"
{\n  \"type\": \"tor\",\n  \"tag\": \"tor-out\",\n\n  \"executable_path\": \"/usr/bin/tor\",\n  \"extra_args\": [],\n  \"data_directory\": \"$HOME/.cache/tor\",\n  \"torrc\": {\n    \"ClientOnly\": 1\n  },\n\n  ... // Dial Fields\n}\n

Embedded Tor is not included by default, see Installation.

"},{"location":"configuration/outbound/tor/#fields","title":"Fields","text":""},{"location":"configuration/outbound/tor/#executable_path","title":"executable_path","text":"

The path to the Tor executable.

Embedded Tor will be ignored if set.

"},{"location":"configuration/outbound/tor/#extra_args","title":"extra_args","text":"

List of extra arguments passed to the Tor instance when started.

"},{"location":"configuration/outbound/tor/#data_directory","title":"data_directory","text":"

Recommended

The data directory of Tor.

Each start will be very slow if not specified.

"},{"location":"configuration/outbound/tor/#torrc","title":"torrc","text":"

Map of torrc options.

See tor(1) for details.

"},{"location":"configuration/outbound/tor/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/trojan/","title":"Trojan","text":""},{"location":"configuration/outbound/trojan/#structure","title":"Structure","text":"
{\n  \"type\": \"trojan\",\n  \"tag\": \"trojan-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"multiplex\": {},\n  \"transport\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/trojan/#fields","title":"Fields","text":""},{"location":"configuration/outbound/trojan/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/trojan/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/trojan/#password","title":"password","text":"

Required

The Trojan password.

"},{"location":"configuration/outbound/trojan/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/trojan/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/outbound/trojan/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/outbound/trojan/#transport","title":"transport","text":"

V2Ray Transport configuration, see V2Ray Transport.

"},{"location":"configuration/outbound/trojan/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/tuic/","title":"TUIC","text":""},{"location":"configuration/outbound/tuic/#structure","title":"Structure","text":"
{\n  \"type\": \"tuic\",\n  \"tag\": \"tuic-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"uuid\": \"2DD61D93-75D8-4DA4-AC0E-6AECE7EAC365\",\n  \"password\": \"hello\",\n  \"congestion_control\": \"cubic\",\n  \"udp_relay_mode\": \"native\",\n  \"udp_over_stream\": false,\n  \"zero_rtt_handshake\": false,\n  \"heartbeat\": \"10s\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/tuic/#fields","title":"Fields","text":""},{"location":"configuration/outbound/tuic/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/tuic/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/tuic/#uuid","title":"uuid","text":"

Required

TUIC user uuid

"},{"location":"configuration/outbound/tuic/#password","title":"password","text":"

TUIC user password

"},{"location":"configuration/outbound/tuic/#congestion_control","title":"congestion_control","text":"

QUIC congestion control algorithm

One of: cubic, new_reno, bbr

cubic is used by default.

"},{"location":"configuration/outbound/tuic/#udp_relay_mode","title":"udp_relay_mode","text":"

UDP packet relay mode

Mode Description native native UDP characteristics quic lossless UDP relay using QUIC streams, additional overhead is introduced

native is used by default.

Conflict with udp_over_stream.

"},{"location":"configuration/outbound/tuic/#udp_over_stream","title":"udp_over_stream","text":"

This is the TUIC port of the UDP over TCP protocol, designed to provide a QUIC stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or another program compatible with the protocol as a server.

This mode has no positive effect in a proper UDP proxy scenario and should only be applied to relay streaming UDP traffic (basically QUIC streams).

Conflict with udp_relay_mode.

"},{"location":"configuration/outbound/tuic/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/tuic/#tls","title":"tls","text":"

Required

TLS configuration, see TLS.

"},{"location":"configuration/outbound/tuic/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/urltest/","title":"URLTest","text":""},{"location":"configuration/outbound/urltest/#structure","title":"Structure","text":"
{\n  \"type\": \"urltest\",\n  \"tag\": \"auto\",\n\n  \"outbounds\": [\n    \"proxy-a\",\n    \"proxy-b\",\n    \"proxy-c\"\n  ],\n  \"url\": \"\",\n  \"interval\": \"\",\n  \"tolerance\": 0,\n  \"idle_timeout\": \"\",\n  \"interrupt_exist_connections\": false\n}\n
"},{"location":"configuration/outbound/urltest/#fields","title":"Fields","text":""},{"location":"configuration/outbound/urltest/#outbounds","title":"outbounds","text":"

Required

List of outbound tags to test.

"},{"location":"configuration/outbound/urltest/#url","title":"url","text":"

The URL to test. https://www.gstatic.com/generate_204 will be used if empty.

"},{"location":"configuration/outbound/urltest/#interval","title":"interval","text":"

The test interval. 3m will be used if empty.

"},{"location":"configuration/outbound/urltest/#tolerance","title":"tolerance","text":"

The test tolerance in milliseconds. 50 will be used if empty.

"},{"location":"configuration/outbound/urltest/#idle_timeout","title":"idle_timeout","text":"

The idle timeout. 30m will be used if empty.

"},{"location":"configuration/outbound/urltest/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"

Interrupt existing connections when the selected outbound has changed.

Only inbound connections are affected by this setting, internal connections will always be interrupted.

"},{"location":"configuration/outbound/vless/","title":"VLESS","text":""},{"location":"configuration/outbound/vless/#structure","title":"Structure","text":"
{\n  \"type\": \"vless\",\n  \"tag\": \"vless-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n  \"flow\": \"xtls-rprx-vision\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"packet_encoding\": \"\",\n  \"multiplex\": {},\n  \"transport\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/vless/#fields","title":"Fields","text":""},{"location":"configuration/outbound/vless/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/vless/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/vless/#uuid","title":"uuid","text":"

Required

VLESS user id.

"},{"location":"configuration/outbound/vless/#flow","title":"flow","text":"

VLESS Sub-protocol.

Available values:

"},{"location":"configuration/outbound/vless/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/vless/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/outbound/vless/#packet_encoding","title":"packet_encoding","text":"

UDP packet encoding, xudp is used by default.

Encoding Description (none) Disabled packetaddr Supported by v2ray 5+ xudp Supported by xray"},{"location":"configuration/outbound/vless/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/outbound/vless/#transport","title":"transport","text":"

V2Ray Transport configuration, see V2Ray Transport.

"},{"location":"configuration/outbound/vless/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/vmess/","title":"VMess","text":""},{"location":"configuration/outbound/vmess/#structure","title":"Structure","text":"
{\n  \"type\": \"vmess\",\n  \"tag\": \"vmess-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n  \"security\": \"auto\",\n  \"alter_id\": 0,\n  \"global_padding\": false,\n  \"authenticated_length\": true,\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"packet_encoding\": \"\",\n  \"transport\": {},\n  \"multiplex\": {},\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/vmess/#fields","title":"Fields","text":""},{"location":"configuration/outbound/vmess/#server","title":"server","text":"

Required

The server address.

"},{"location":"configuration/outbound/vmess/#server_port","title":"server_port","text":"

Required

The server port.

"},{"location":"configuration/outbound/vmess/#uuid","title":"uuid","text":"

Required

The VMess user id.

"},{"location":"configuration/outbound/vmess/#security","title":"security","text":"

Encryption methods:

Legacy encryption methods:

"},{"location":"configuration/outbound/vmess/#alter_id","title":"alter_id","text":"Alter ID Description 0 Use AEAD protocol 1 Use legacy protocol > 1 Unused, same as 1"},{"location":"configuration/outbound/vmess/#global_padding","title":"global_padding","text":"

Protocol parameter. Will waste traffic randomly if enabled (enabled by default in v2ray and cannot be disabled).

"},{"location":"configuration/outbound/vmess/#authenticated_length","title":"authenticated_length","text":"

Protocol parameter. Enable length block encryption.

"},{"location":"configuration/outbound/vmess/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/vmess/#tls","title":"tls","text":"

TLS configuration, see TLS.

"},{"location":"configuration/outbound/vmess/#packet_encoding","title":"packet_encoding","text":"

UDP packet encoding.

Encoding Description (none) Disabled packetaddr Supported by v2ray 5+ xudp Supported by xray"},{"location":"configuration/outbound/vmess/#multiplex","title":"multiplex","text":"

See Multiplex for details.

"},{"location":"configuration/outbound/vmess/#transport","title":"transport","text":"

V2Ray Transport configuration, see V2Ray Transport.

"},{"location":"configuration/outbound/vmess/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/outbound/wireguard/","title":"WireGuard","text":"

Deprecated in sing-box 1.11.0

WireGuard outbound is deprecated and will be removed in sing-box 1.13.0, check Migration.

Changes in sing-box 1.11.0

gso

Changes in sing-box 1.8.0

gso

"},{"location":"configuration/outbound/wireguard/#structure","title":"Structure","text":"
{\n  \"type\": \"wireguard\",\n  \"tag\": \"wireguard-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"system_interface\": false,\n  \"interface_name\": \"wg0\",\n  \"local_address\": [\n    \"10.0.0.1/32\"\n  ],\n  \"private_key\": \"YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=\",\n  \"peers\": [\n    {\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 1080,\n      \"public_key\": \"Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=\",\n      \"pre_shared_key\": \"31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=\",\n      \"allowed_ips\": [\n        \"0.0.0.0/0\"\n      ],\n      \"reserved\": [0, 0, 0]\n    }\n  ],\n  \"peer_public_key\": \"Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=\",\n  \"pre_shared_key\": \"31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=\",\n  \"reserved\": [0, 0, 0],\n  \"workers\": 4,\n  \"mtu\": 1408,\n  \"network\": \"tcp\",\n\n  // Deprecated\n\n  \"gso\": false,\n\n  ... // Dial Fields\n}\n
"},{"location":"configuration/outbound/wireguard/#fields","title":"Fields","text":""},{"location":"configuration/outbound/wireguard/#server","title":"server","text":"

Required if multi-peer disabled

The server address.

"},{"location":"configuration/outbound/wireguard/#server_port","title":"server_port","text":"

Required if multi-peer disabled

The server port.

"},{"location":"configuration/outbound/wireguard/#system_interface","title":"system_interface","text":"

Use system interface.

Requires privilege and cannot conflict with exists system interfaces.

Forced if gVisor not included in the build.

"},{"location":"configuration/outbound/wireguard/#interface_name","title":"interface_name","text":"

Custom interface name for system interface.

"},{"location":"configuration/outbound/wireguard/#gso","title":"gso","text":"

Deprecated in sing-box 1.11.0

GSO will be automatically enabled when available since sing-box 1.11.0.

Since sing-box 1.8.0

Only supported on Linux.

Try to enable generic segmentation offload.

"},{"location":"configuration/outbound/wireguard/#local_address","title":"local_address","text":"

Required

List of IP (v4 or v6) address prefixes to be assigned to the interface.

"},{"location":"configuration/outbound/wireguard/#private_key","title":"private_key","text":"

Required

WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:

wg genkey\necho \"private key\" || wg pubkey\n
"},{"location":"configuration/outbound/wireguard/#peers","title":"peers","text":"

Multi-peer support.

If enabled, server, server_port, peer_public_key, pre_shared_key will be ignored.

"},{"location":"configuration/outbound/wireguard/#peersallowed_ips","title":"peers.allowed_ips","text":"

WireGuard allowed IPs.

"},{"location":"configuration/outbound/wireguard/#peersreserved","title":"peers.reserved","text":"

WireGuard reserved field bytes.

$outbound.reserved will be used if empty.

"},{"location":"configuration/outbound/wireguard/#peer_public_key","title":"peer_public_key","text":"

Required if multi-peer disabled

WireGuard peer public key.

"},{"location":"configuration/outbound/wireguard/#pre_shared_key","title":"pre_shared_key","text":"

WireGuard pre-shared key.

"},{"location":"configuration/outbound/wireguard/#reserved","title":"reserved","text":"

WireGuard reserved field bytes.

"},{"location":"configuration/outbound/wireguard/#workers","title":"workers","text":"

WireGuard worker count.

CPU count is used by default.

"},{"location":"configuration/outbound/wireguard/#mtu","title":"mtu","text":"

WireGuard MTU.

1408 will be used if empty.

"},{"location":"configuration/outbound/wireguard/#network","title":"network","text":"

Enabled network

One of tcp udp.

Both is enabled by default.

"},{"location":"configuration/outbound/wireguard/#dial-fields","title":"Dial Fields","text":"

See Dial Fields for details.

"},{"location":"configuration/route/","title":"Route","text":"

Changes in sing-box 1.11.0

default_network_strategy default_network_type default_fallback_network_type default_fallback_delay

Changes in sing-box 1.8.0

rule_set geoip geosite

"},{"location":"configuration/route/#structure","title":"Structure","text":"
{\n  \"route\": {\n    \"geoip\": {},\n    \"geosite\": {},\n    \"rules\": [],\n    \"rule_set\": [],\n    \"final\": \"\",\n    \"auto_detect_interface\": false,\n    \"override_android_vpn\": false,\n    \"default_interface\": \"\",\n    \"default_mark\": 0,\n    \"default_network_strategy\": \"\",\n    \"default_network_type\": [],\n    \"default_fallback_network_type\": [],\n    \"default_fallback_delay\": \"\"\n  }\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/route/#fields","title":"Fields","text":""},{"location":"configuration/route/#rules","title":"rules","text":"

List of Route Rule

"},{"location":"configuration/route/#rule_set","title":"rule_set","text":"

Since sing-box 1.8.0

List of rule-set

"},{"location":"configuration/route/#final","title":"final","text":"

Default outbound tag. the first outbound will be used if empty.

"},{"location":"configuration/route/#auto_detect_interface","title":"auto_detect_interface","text":"

Only supported on Linux, Windows and macOS.

Bind outbound connections to the default NIC by default to prevent routing loops under tun.

Takes no effect if outbound.bind_interface is set.

"},{"location":"configuration/route/#override_android_vpn","title":"override_android_vpn","text":"

Only supported on Android.

Accept Android VPN as upstream NIC when auto_detect_interface enabled.

"},{"location":"configuration/route/#default_interface","title":"default_interface","text":"

Only supported on Linux, Windows and macOS.

Bind outbound connections to the specified NIC by default to prevent routing loops under tun.

Takes no effect if auto_detect_interface is set.

"},{"location":"configuration/route/#default_mark","title":"default_mark","text":"

Only supported on Linux.

Set routing mark by default.

Takes no effect if outbound.routing_mark is set.

"},{"location":"configuration/route/#default_network_strategy","title":"default_network_strategy","text":"

Since sing-box 1.11.0

See Dial Fields for details.

Takes no effect if outbound.bind_interface, outbound.inet4_bind_address or outbound.inet6_bind_address is set.

Can be overrides by outbound.network_strategy.

Conflicts with default_interface.

"},{"location":"configuration/route/#default_network_type","title":"default_network_type","text":"

Since sing-box 1.11.0

See Dial Fields for details.

"},{"location":"configuration/route/#default_fallback_network_type","title":"default_fallback_network_type","text":"

Since sing-box 1.11.0

See Dial Fields for details.

"},{"location":"configuration/route/#default_fallback_delay","title":"default_fallback_delay","text":"

Since sing-box 1.11.0

See Dial Fields for details.

"},{"location":"configuration/route/geoip/","title":"GeoIP","text":"

Deprecated in sing-box 1.8.0

GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.

"},{"location":"configuration/route/geoip/#structure","title":"Structure","text":"
{\n  \"route\": {\n    \"geoip\": {\n      \"path\": \"\",\n      \"download_url\": \"\",\n      \"download_detour\": \"\"\n    }\n  }\n}\n
"},{"location":"configuration/route/geoip/#fields","title":"Fields","text":""},{"location":"configuration/route/geoip/#path","title":"path","text":"

The path to the sing-geoip database.

geoip.db will be used if empty.

"},{"location":"configuration/route/geoip/#download_url","title":"download_url","text":"

The download URL of the sing-geoip database.

Default is https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db.

"},{"location":"configuration/route/geoip/#download_detour","title":"download_detour","text":"

The tag of the outbound to download the database.

Default outbound will be used if empty.

"},{"location":"configuration/route/geosite/","title":"Geosite","text":"

Deprecated in sing-box 1.8.0

Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.

"},{"location":"configuration/route/geosite/#structure","title":"Structure","text":"
{\n  \"route\": {\n    \"geosite\": {\n      \"path\": \"\",\n      \"download_url\": \"\",\n      \"download_detour\": \"\"\n    }\n  }\n}\n
"},{"location":"configuration/route/geosite/#fields","title":"Fields","text":""},{"location":"configuration/route/geosite/#path","title":"path","text":"

The path to the sing-geosite database.

geosite.db will be used if empty.

"},{"location":"configuration/route/geosite/#download_url","title":"download_url","text":"

The download URL of the sing-geoip database.

Default is https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db.

"},{"location":"configuration/route/geosite/#download_detour","title":"download_detour","text":"

The tag of the outbound to download the database.

Default outbound will be used if empty.

"},{"location":"configuration/route/rule/","title":"Route Rule","text":"

Changes in sing-box 1.11.0

action outbound network_type network_is_expensive network_is_constrained

Changes in sing-box 1.10.0

client rule_set_ipcidr_match_source rule_set_ip_cidr_match_source process_path_regex

Changes in sing-box 1.8.0

rule_set rule_set_ipcidr_match_source source_ip_is_private ip_is_private source_geoip geoip geosite

"},{"location":"configuration/route/rule/#structure","title":"Structure","text":"
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"inbound\": [\n          \"mixed-in\"\n        ],\n        \"ip_version\": 6,\n        \"network\": [\n          \"tcp\"\n        ],\n        \"auth_user\": [\n          \"usera\",\n          \"userb\"\n        ],\n        \"protocol\": [\n          \"tls\",\n          \"http\",\n          \"quic\"\n        ],\n        \"client\": [\n          \"chromium\",\n          \"safari\",\n          \"firefox\",\n          \"quic-go\"\n        ],\n        \"domain\": [\n          \"test.com\"\n        ],\n        \"domain_suffix\": [\n          \".cn\"\n        ],\n        \"domain_keyword\": [\n          \"test\"\n        ],\n        \"domain_regex\": [\n          \"^stun\\\\..+\"\n        ],\n        \"geosite\": [\n          \"cn\"\n        ],\n        \"source_geoip\": [\n          \"private\"\n        ],\n        \"geoip\": [\n          \"cn\"\n        ],\n        \"source_ip_cidr\": [\n          \"10.0.0.0/24\",\n          \"192.168.0.1\"\n        ],\n        \"source_ip_is_private\": false,\n        \"ip_cidr\": [\n          \"10.0.0.0/24\",\n          \"192.168.0.1\"\n        ],\n        \"ip_is_private\": false,\n        \"source_port\": [\n          12345\n        ],\n        \"source_port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"port\": [\n          80,\n          443\n        ],\n        \"port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"process_name\": [\n          \"curl\"\n        ],\n        \"process_path\": [\n          \"/usr/bin/curl\"\n        ],\n        \"process_path_regex\": [\n          \"^/usr/bin/.+\"\n        ],\n        \"package_name\": [\n          \"com.termux\"\n        ],\n        \"user\": [\n          \"sekai\"\n        ],\n        \"user_id\": [\n          1000\n        ],\n        \"clash_mode\": \"direct\",\n        \"network_type\": [\n          \"wifi\"\n        ],\n        \"network_is_expensive\": false,\n        \"network_is_constrained\": false,\n        \"wifi_ssid\": [\n          \"My WIFI\"\n        ],\n        \"wifi_bssid\": [\n          \"00:00:00:00:00:00\"\n        ],\n        \"rule_set\": [\n          \"geoip-cn\",\n          \"geosite-cn\"\n        ],\n        // deprecated\n        \"rule_set_ipcidr_match_source\": false,\n        \"rule_set_ip_cidr_match_source\": false,\n        \"invert\": false,\n        \"action\": \"route\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"and\",\n        \"rules\": [],\n        \"invert\": false,\n        \"action\": \"route\",\n        \"outbound\": \"direct\"\n      }\n    ]\n  }\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/route/rule/#default-fields","title":"Default Fields","text":"

The default rule uses the following matching logic: (domain || domain_suffix || domain_keyword || domain_regex || geosite || geoip || ip_cidr || ip_is_private) && (port || port_range) && (source_geoip || source_ip_cidr || source_ip_is_private) && (source_port || source_port_range) && other fields

Additionally, included rule-sets can be considered merged rather than as a single rule sub-item.

"},{"location":"configuration/route/rule/#inbound","title":"inbound","text":"

Tags of Inbound.

"},{"location":"configuration/route/rule/#ip_version","title":"ip_version","text":"

4 or 6.

Not limited if empty.

"},{"location":"configuration/route/rule/#auth_user","title":"auth_user","text":"

Username, see each inbound for details.

"},{"location":"configuration/route/rule/#protocol","title":"protocol","text":"

Sniffed protocol, see Protocol Sniff for details.

"},{"location":"configuration/route/rule/#client","title":"client","text":"

Since sing-box 1.10.0

Sniffed client type, see Protocol Sniff for details.

"},{"location":"configuration/route/rule/#network","title":"network","text":"

tcp or udp.

"},{"location":"configuration/route/rule/#domain","title":"domain","text":"

Match full domain.

"},{"location":"configuration/route/rule/#domain_suffix","title":"domain_suffix","text":"

Match domain suffix.

"},{"location":"configuration/route/rule/#domain_keyword","title":"domain_keyword","text":"

Match domain using keyword.

"},{"location":"configuration/route/rule/#domain_regex","title":"domain_regex","text":"

Match domain using regular expression.

"},{"location":"configuration/route/rule/#geosite","title":"geosite","text":"

Deprecated in sing-box 1.8.0

Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.

Match geosite.

"},{"location":"configuration/route/rule/#source_geoip","title":"source_geoip","text":"

Deprecated in sing-box 1.8.0

GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.

Match source geoip.

"},{"location":"configuration/route/rule/#geoip","title":"geoip","text":"

Deprecated in sing-box 1.8.0

GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.

Match geoip.

"},{"location":"configuration/route/rule/#source_ip_cidr","title":"source_ip_cidr","text":"

Match source IP CIDR.

"},{"location":"configuration/route/rule/#ip_is_private","title":"ip_is_private","text":"

Since sing-box 1.8.0

Match non-public IP.

"},{"location":"configuration/route/rule/#ip_cidr","title":"ip_cidr","text":"

Match IP CIDR.

"},{"location":"configuration/route/rule/#source_ip_is_private","title":"source_ip_is_private","text":"

Since sing-box 1.8.0

Match non-public source IP.

"},{"location":"configuration/route/rule/#source_port","title":"source_port","text":"

Match source port.

"},{"location":"configuration/route/rule/#source_port_range","title":"source_port_range","text":"

Match source port range.

"},{"location":"configuration/route/rule/#port","title":"port","text":"

Match port.

"},{"location":"configuration/route/rule/#port_range","title":"port_range","text":"

Match port range.

"},{"location":"configuration/route/rule/#process_name","title":"process_name","text":"

Only supported on Linux, Windows, and macOS.

Match process name.

"},{"location":"configuration/route/rule/#process_path","title":"process_path","text":"

Only supported on Linux, Windows, and macOS.

Match process path.

"},{"location":"configuration/route/rule/#process_path_regex","title":"process_path_regex","text":"

Since sing-box 1.10.0

Only supported on Linux, Windows, and macOS.

Match process path using regular expression.

"},{"location":"configuration/route/rule/#package_name","title":"package_name","text":"

Match android package name.

"},{"location":"configuration/route/rule/#user","title":"user","text":"

Only supported on Linux.

Match user name.

"},{"location":"configuration/route/rule/#user_id","title":"user_id","text":"

Only supported on Linux.

Match user id.

"},{"location":"configuration/route/rule/#clash_mode","title":"clash_mode","text":"

Match Clash mode.

"},{"location":"configuration/route/rule/#network_type","title":"network_type","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms.

Match network type.

Available values: wifi, cellular, ethernet and other.

"},{"location":"configuration/route/rule/#network_is_expensive","title":"network_is_expensive","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms.

Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).

"},{"location":"configuration/route/rule/#network_is_constrained","title":"network_is_constrained","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Apple platforms.

Match if network is in Low Data Mode.

"},{"location":"configuration/route/rule/#wifi_ssid","title":"wifi_ssid","text":"

Only supported in graphical clients on Android and Apple platforms.

Match WiFi SSID.

"},{"location":"configuration/route/rule/#wifi_bssid","title":"wifi_bssid","text":"

Only supported in graphical clients on Android and Apple platforms.

Match WiFi BSSID.

"},{"location":"configuration/route/rule/#rule_set","title":"rule_set","text":"

Since sing-box 1.8.0

Match rule-set.

"},{"location":"configuration/route/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"

Since sing-box 1.8.0

Deprecated in sing-box 1.10.0

rule_set_ipcidr_match_source is renamed to rule_set_ip_cidr_match_source and will be remove in sing-box 1.11.0.

Make ip_cidr in rule-sets match the source IP.

"},{"location":"configuration/route/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"

Since sing-box 1.10.0

Make ip_cidr in rule-sets match the source IP.

"},{"location":"configuration/route/rule/#invert","title":"invert","text":"

Invert match result.

"},{"location":"configuration/route/rule/#action","title":"action","text":"

Required

See Rule Actions for details.

"},{"location":"configuration/route/rule/#outbound","title":"outbound","text":"

Deprecated in sing-box 1.11.0

Moved to Rule Action.

"},{"location":"configuration/route/rule/#logical-fields","title":"Logical Fields","text":""},{"location":"configuration/route/rule/#type","title":"type","text":"

logical

"},{"location":"configuration/route/rule/#mode","title":"mode","text":"

Required

and or or

"},{"location":"configuration/route/rule/#rules","title":"rules","text":"

Required

Included rules.

"},{"location":"configuration/route/rule_action/","title":"Rule Action","text":""},{"location":"configuration/route/rule_action/#final-actions","title":"Final actions","text":""},{"location":"configuration/route/rule_action/#route","title":"route","text":"
{\n  \"action\": \"route\", // default\n  \"outbound\": \"\",\n\n  ... // route-options Fields\n}\n

You can ignore the JSON Array [] tag when the content is only one item

route inherits the classic rule behavior of routing connection to the specified outbound.

"},{"location":"configuration/route/rule_action/#outbound","title":"outbound","text":"

Required

Tag of target outbound.

"},{"location":"configuration/route/rule_action/#route-options-fields","title":"route-options Fields","text":"

See route-options fields below.

"},{"location":"configuration/route/rule_action/#route-options","title":"route-options","text":"
{\n  \"action\": \"route-options\",\n  \"override_address\": \"\",\n  \"override_port\": 0,\n  \"network_strategy\": \"\",\n  \"fallback_delay\": \"\",\n  \"udp_disable_domain_unmapping\": false,\n  \"udp_connect\": false,\n  \"udp_timeout\": \"\"\n}\n

route-options set options for routing.

"},{"location":"configuration/route/rule_action/#override_address","title":"override_address","text":"

Override the connection destination address.

"},{"location":"configuration/route/rule_action/#override_port","title":"override_port","text":"

Override the connection destination port.

"},{"location":"configuration/route/rule_action/#network_strategy","title":"network_strategy","text":"

See Dial Fields for details.

Only take effect if outbound is direct without outbound.bind_interface, outbound.inet4_bind_address and outbound.inet6_bind_address set.

"},{"location":"configuration/route/rule_action/#network_type","title":"network_type","text":"

See Dial Fields for details.

"},{"location":"configuration/route/rule_action/#fallback_network_type","title":"fallback_network_type","text":"

See Dial Fields for details.

"},{"location":"configuration/route/rule_action/#fallback_delay","title":"fallback_delay","text":"

See Dial Fields for details.

"},{"location":"configuration/route/rule_action/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"

If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.

This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.

"},{"location":"configuration/route/rule_action/#udp_connect","title":"udp_connect","text":"

If enabled, attempts to connect UDP connection to the destination instead of listen.

"},{"location":"configuration/route/rule_action/#udp_timeout","title":"udp_timeout","text":"

Timeout for UDP connections.

Setting a larger value than the UDP timeout in inbounds will have no effect.

Default value for protocol sniffed connections:

Timeout Protocol 10s dns, ntp, stun 30s quic, dtls

If no protocol is sniffed, the following ports will be recognized as protocols by default:

Port Protocol 53 dns 123 ntp 443 quic 3478 stun"},{"location":"configuration/route/rule_action/#reject","title":"reject","text":"
{\n  \"action\": \"reject\",\n  \"method\": \"default\", // default\n  \"no_drop\": false\n}\n

reject reject connections

The specified method is used for reject tun connections if sniff action has not been performed yet.

For non-tun connections and already established connections, will just be closed.

"},{"location":"configuration/route/rule_action/#method","title":"method","text":""},{"location":"configuration/route/rule_action/#no_drop","title":"no_drop","text":"

If not enabled, method will be temporarily overwritten to drop after 50 triggers in 30s.

Not available when method is set to drop.

"},{"location":"configuration/route/rule_action/#hijack-dns","title":"hijack-dns","text":"
{\n  \"action\": \"hijack-dns\"\n}\n

hijack-dns hijack DNS requests to the sing-box DNS module.

"},{"location":"configuration/route/rule_action/#non-final-actions","title":"Non-final actions","text":""},{"location":"configuration/route/rule_action/#sniff","title":"sniff","text":"
{\n  \"action\": \"sniff\",\n  \"sniffer\": [],\n  \"timeout\": \"\"\n}\n

sniff performs protocol sniffing on connections.

For deprecated inbound.sniff options, it is considered to sniff() performed before routing.

"},{"location":"configuration/route/rule_action/#sniffer","title":"sniffer","text":"

Enabled sniffers.

All sniffers enabled by default.

Available protocol values an be found on in Protocol Sniff

"},{"location":"configuration/route/rule_action/#timeout","title":"timeout","text":"

Timeout for sniffing.

300ms is used by default.

"},{"location":"configuration/route/rule_action/#resolve","title":"resolve","text":"
{\n  \"action\": \"resolve\",\n  \"strategy\": \"\",\n  \"server\": \"\"\n}\n

resolve resolve request destination from domain to IP addresses.

"},{"location":"configuration/route/rule_action/#strategy","title":"strategy","text":"

DNS resolution strategy, available values are: prefer_ipv4, prefer_ipv6, ipv4_only, ipv6_only.

dns.strategy will be used by default.

"},{"location":"configuration/route/rule_action/#server","title":"server","text":"

Specifies DNS server tag to use instead of selecting through DNS routing.

"},{"location":"configuration/route/sniff/","title":"Protocol Sniff","text":"

Changes in sing-box 1.10.0

QUIC client type detect support for QUIC Chromium support for QUIC BitTorrent support DTLS support SSH support RDP support

If enabled in the inbound, the protocol and domain name (if present) of by the connection can be sniffed.

"},{"location":"configuration/route/sniff/#supported-protocols","title":"Supported Protocols","text":"Network Protocol Domain Name Client TCP http Host / TCP tls Server Name / UDP quic Server Name QUIC Client Type UDP stun / / TCP/UDP dns / / TCP/UDP bittorrent / / UDP dtls / / TCP ssh / SSH Client Name TCP rdp / / QUIC Client Type Chromium/Cronet chrimium Safari/Apple Network API safari Firefox / uquic firefox firefox quic-go / uquic chrome quic-go"},{"location":"configuration/rule-set/","title":"Index","text":"

Changes in sing-box 1.10.0

type: inline

"},{"location":"configuration/rule-set/#rule-set","title":"rule-set","text":"

Since sing-box 1.8.0

"},{"location":"configuration/rule-set/#structure","title":"Structure","text":"InlineLocal FileRemote File

Since sing-box 1.10.0

{\n  \"type\": \"inline\", // optional\n  \"tag\": \"\",\n  \"rules\": []\n}\n
{\n  \"type\": \"local\",\n  \"tag\": \"\",\n  \"format\": \"source\", // or binary\n  \"path\": \"\"\n}\n

Remote rule-set will be cached if experimental.cache_file.enabled.

{\n  \"type\": \"remote\",\n  \"tag\": \"\",\n  \"format\": \"source\", // or binary\n  \"url\": \"\",\n  \"download_detour\": \"\", // optional\n  \"update_interval\": \"\" // optional\n}\n
"},{"location":"configuration/rule-set/#fields","title":"Fields","text":""},{"location":"configuration/rule-set/#type","title":"type","text":"

Required

Type of rule-set, local or remote.

"},{"location":"configuration/rule-set/#tag","title":"tag","text":"

Required

Tag of rule-set.

"},{"location":"configuration/rule-set/#inline-fields","title":"Inline Fields","text":"

Since sing-box 1.10.0

"},{"location":"configuration/rule-set/#rules","title":"rules","text":"

Required

List of Headless Rule.

"},{"location":"configuration/rule-set/#local-or-remote-fields","title":"Local or Remote Fields","text":""},{"location":"configuration/rule-set/#format","title":"format","text":"

Required

Format of rule-set file, source or binary.

"},{"location":"configuration/rule-set/#local-fields","title":"Local Fields","text":""},{"location":"configuration/rule-set/#path","title":"path","text":"

Required

Will be automatically reloaded if file modified since sing-box 1.10.0.

File path of rule-set.

"},{"location":"configuration/rule-set/#remote-fields","title":"Remote Fields","text":""},{"location":"configuration/rule-set/#url","title":"url","text":"

Required

Download URL of rule-set.

"},{"location":"configuration/rule-set/#download_detour","title":"download_detour","text":"

Tag of the outbound to download rule-set.

Default outbound will be used if empty.

"},{"location":"configuration/rule-set/#update_interval","title":"update_interval","text":"

Update interval of rule-set.

1d will be used if empty.

"},{"location":"configuration/rule-set/adguard/","title":"AdGuard DNS Filer","text":"

Since sing-box 1.10.0

sing-box supports some rule-set formats from other projects which cannot be fully translated to sing-box, currently only AdGuard DNS Filter.

These formats are not directly supported as source formats, instead you need to convert them to binary rule-set.

"},{"location":"configuration/rule-set/adguard/#convert","title":"Convert","text":"

Use sing-box rule-set convert --type adguard [--output <file-name>.srs] <file-name>.txt to convert to binary rule-set.

"},{"location":"configuration/rule-set/adguard/#performance","title":"Performance","text":"

AdGuard keeps all rules in memory and matches them sequentially, while sing-box chooses high performance and smaller memory usage. As a trade-off, you cannot know which rule item is matched.

"},{"location":"configuration/rule-set/adguard/#compatibility","title":"Compatibility","text":"

Almost all rules in AdGuardSDNSFilter and rules in rule-sets listed in adguard-filter-list are supported.

"},{"location":"configuration/rule-set/adguard/#supported-formats","title":"Supported formats","text":""},{"location":"configuration/rule-set/adguard/#adguard-filter","title":"AdGuard Filter","text":""},{"location":"configuration/rule-set/adguard/#basic-rule-syntax","title":"Basic rule syntax","text":"Syntax Supported @@ \\|\\| \\| ^ *"},{"location":"configuration/rule-set/adguard/#host-syntax","title":"Host syntax","text":"Syntax Example Supported Scheme https:// Ignored Domain Host example.org IP Host 1.1.1.1, 10.0.0. Regexp /regexp/ Port example.org:80 Path example.org/path/ad.js"},{"location":"configuration/rule-set/adguard/#modifier-syntax","title":"Modifier syntax","text":"Modifier Supported $important $dnsrewrite=0.0.0.0 Ignored Any other modifiers"},{"location":"configuration/rule-set/adguard/#hosts","title":"Hosts","text":"

Only items with 0.0.0.0 IP addresses will be accepted.

"},{"location":"configuration/rule-set/adguard/#simple","title":"Simple","text":"

When all rule lines are valid domains, they are treated as simple line-by-line domain rules which, like hosts, only match the exact same domain.

"},{"location":"configuration/rule-set/headless-rule/","title":"Headless Rule","text":"

Changes in sing-box 1.11.0

network_type network_is_expensive network_is_constrained

"},{"location":"configuration/rule-set/headless-rule/#structure","title":"Structure","text":"

Since sing-box 1.8.0

{\n  \"rules\": [\n    {\n      \"query_type\": [\n        \"A\",\n        \"HTTPS\",\n        32768\n      ],\n      \"network\": [\n        \"tcp\"\n      ],\n      \"domain\": [\n        \"test.com\"\n      ],\n      \"domain_suffix\": [\n        \".cn\"\n      ],\n      \"domain_keyword\": [\n        \"test\"\n      ],\n      \"domain_regex\": [\n        \"^stun\\\\..+\"\n      ],\n      \"source_ip_cidr\": [\n        \"10.0.0.0/24\",\n        \"192.168.0.1\"\n      ],\n      \"ip_cidr\": [\n        \"10.0.0.0/24\",\n        \"192.168.0.1\"\n      ],\n      \"source_port\": [\n        12345\n      ],\n      \"source_port_range\": [\n        \"1000:2000\",\n        \":3000\",\n        \"4000:\"\n      ],\n      \"port\": [\n        80,\n        443\n      ],\n      \"port_range\": [\n        \"1000:2000\",\n        \":3000\",\n        \"4000:\"\n      ],\n      \"process_name\": [\n        \"curl\"\n      ],\n      \"process_path\": [\n        \"/usr/bin/curl\"\n      ],\n      \"process_path_regex\": [\n        \"^/usr/bin/.+\"\n      ],\n      \"package_name\": [\n        \"com.termux\"\n      ],\n      \"network_type\": [\n        \"wifi\"\n      ],\n      \"network_is_expensive\": false,\n      \"network_is_constrained\": false,\n      \"wifi_ssid\": [\n        \"My WIFI\"\n      ],\n      \"wifi_bssid\": [\n        \"00:00:00:00:00:00\"\n      ],\n      \"invert\": false\n    },\n    {\n      \"type\": \"logical\",\n      \"mode\": \"and\",\n      \"rules\": [],\n      \"invert\": false\n    }\n  ]\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/rule-set/headless-rule/#default-fields","title":"Default Fields","text":"

The default rule uses the following matching logic: (domain || domain_suffix || domain_keyword || domain_regex || ip_cidr) && (port || port_range) && (source_port || source_port_range) && other fields

"},{"location":"configuration/rule-set/headless-rule/#query_type","title":"query_type","text":"

DNS query type. Values can be integers or type name strings.

"},{"location":"configuration/rule-set/headless-rule/#network","title":"network","text":"

tcp or udp.

"},{"location":"configuration/rule-set/headless-rule/#domain","title":"domain","text":"

Match full domain.

"},{"location":"configuration/rule-set/headless-rule/#domain_suffix","title":"domain_suffix","text":"

Match domain suffix.

"},{"location":"configuration/rule-set/headless-rule/#domain_keyword","title":"domain_keyword","text":"

Match domain using keyword.

"},{"location":"configuration/rule-set/headless-rule/#domain_regex","title":"domain_regex","text":"

Match domain using regular expression.

"},{"location":"configuration/rule-set/headless-rule/#source_ip_cidr","title":"source_ip_cidr","text":"

Match source IP CIDR.

"},{"location":"configuration/rule-set/headless-rule/#ip_cidr","title":"ip_cidr","text":"

ip_cidr is an alias for source_ip_cidr when rule_set_ipcidr_match_source enabled in route/DNS rules.

Match IP CIDR.

"},{"location":"configuration/rule-set/headless-rule/#source_port","title":"source_port","text":"

Match source port.

"},{"location":"configuration/rule-set/headless-rule/#source_port_range","title":"source_port_range","text":"

Match source port range.

"},{"location":"configuration/rule-set/headless-rule/#port","title":"port","text":"

Match port.

"},{"location":"configuration/rule-set/headless-rule/#port_range","title":"port_range","text":"

Match port range.

"},{"location":"configuration/rule-set/headless-rule/#process_name","title":"process_name","text":"

Only supported on Linux, Windows, and macOS.

Match process name.

"},{"location":"configuration/rule-set/headless-rule/#process_path","title":"process_path","text":"

Only supported on Linux, Windows, and macOS.

Match process path.

"},{"location":"configuration/rule-set/headless-rule/#process_path_regex","title":"process_path_regex","text":"

Since sing-box 1.10.0

Only supported on Linux, Windows, and macOS.

Match process path using regular expression.

"},{"location":"configuration/rule-set/headless-rule/#package_name","title":"package_name","text":"

Match android package name.

"},{"location":"configuration/rule-set/headless-rule/#network_type","title":"network_type","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms.

Match network type.

Available values: wifi, cellular, ethernet and other.

"},{"location":"configuration/rule-set/headless-rule/#network_is_expensive","title":"network_is_expensive","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms.

Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).

"},{"location":"configuration/rule-set/headless-rule/#network_is_constrained","title":"network_is_constrained","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Apple platforms.

Match if network is in Low Data Mode.

"},{"location":"configuration/rule-set/headless-rule/#wifi_ssid","title":"wifi_ssid","text":"

Only supported in graphical clients on Android and Apple platforms.

Match WiFi SSID.

"},{"location":"configuration/rule-set/headless-rule/#wifi_bssid","title":"wifi_bssid","text":"

Only supported in graphical clients on Android and Apple platforms.

Match WiFi BSSID.

"},{"location":"configuration/rule-set/headless-rule/#invert","title":"invert","text":"

Invert match result.

"},{"location":"configuration/rule-set/headless-rule/#logical-fields","title":"Logical Fields","text":""},{"location":"configuration/rule-set/headless-rule/#type","title":"type","text":"

logical

"},{"location":"configuration/rule-set/headless-rule/#mode","title":"mode","text":"

Required

and or or

"},{"location":"configuration/rule-set/headless-rule/#rules","title":"rules","text":"

Required

Included rules.

"},{"location":"configuration/rule-set/source-format/","title":"Source Format","text":"

Changes in sing-box 1.11.0

version 3

Changes in sing-box 1.10.0

version 2

Since sing-box 1.8.0

"},{"location":"configuration/rule-set/source-format/#structure","title":"Structure","text":"
{\n  \"version\": 3,\n  \"rules\": []\n}\n
"},{"location":"configuration/rule-set/source-format/#compile","title":"Compile","text":"

Use sing-box rule-set compile [--output <file-name>.srs] <file-name>.json to compile source to binary rule-set.

"},{"location":"configuration/rule-set/source-format/#fields","title":"Fields","text":""},{"location":"configuration/rule-set/source-format/#version","title":"version","text":"

Required

Version of rule-set.

"},{"location":"configuration/rule-set/source-format/#rules","title":"rules","text":"

Required

List of Headless Rule.

"},{"location":"configuration/shared/dial/","title":"Dial Fields","text":"

Changes in sing-box 1.11.0

network_strategy fallback_delay network_type fallback_network_type

"},{"location":"configuration/shared/dial/#structure","title":"Structure","text":"
{\n  \"detour\": \"upstream-out\",\n  \"bind_interface\": \"en0\",\n  \"inet4_bind_address\": \"0.0.0.0\",\n  \"inet6_bind_address\": \"::\",\n  \"routing_mark\": 1234,\n  \"reuse_addr\": false,\n  \"connect_timeout\": \"5s\",\n  \"tcp_fast_open\": false,\n  \"tcp_multi_path\": false,\n  \"udp_fragment\": false,\n  \"domain_strategy\": \"prefer_ipv6\",\n  \"network_strategy\": \"default\",\n  \"network_type\": [],\n  \"fallback_network_type\": [],\n  \"fallback_delay\": \"300ms\"\n}\n

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/shared/dial/#fields","title":"Fields","text":""},{"location":"configuration/shared/dial/#detour","title":"detour","text":"

The tag of the upstream outbound.

If enabled, all other fields will be ignored.

"},{"location":"configuration/shared/dial/#bind_interface","title":"bind_interface","text":"

The network interface to bind to.

"},{"location":"configuration/shared/dial/#inet4_bind_address","title":"inet4_bind_address","text":"

The IPv4 address to bind to.

"},{"location":"configuration/shared/dial/#inet6_bind_address","title":"inet6_bind_address","text":"

The IPv6 address to bind to.

"},{"location":"configuration/shared/dial/#routing_mark","title":"routing_mark","text":"

Only supported on Linux.

Set netfilter routing mark.

"},{"location":"configuration/shared/dial/#reuse_addr","title":"reuse_addr","text":"

Reuse listener address.

"},{"location":"configuration/shared/dial/#tcp_fast_open","title":"tcp_fast_open","text":"

Enable TCP Fast Open.

"},{"location":"configuration/shared/dial/#tcp_multi_path","title":"tcp_multi_path","text":"

Go 1.21 required.

Enable TCP Multi Path.

"},{"location":"configuration/shared/dial/#udp_fragment","title":"udp_fragment","text":"

Enable UDP fragmentation.

"},{"location":"configuration/shared/dial/#connect_timeout","title":"connect_timeout","text":"

Connect timeout, in golang's Duration format.

A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".

"},{"location":"configuration/shared/dial/#domain_strategy","title":"domain_strategy","text":"

Available values: prefer_ipv4, prefer_ipv6, ipv4_only, ipv6_only.

If set, the requested domain name will be resolved to IP before connect.

Outbound Effected domains Fallback Value direct Domain in request Take inbound.domain_strategy if not set others Domain in server address /"},{"location":"configuration/shared/dial/#network_strategy","title":"network_strategy","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.

Strategy for selecting network interfaces.

Available values:

For fallback, when preferred interfaces fails or times out, it will enter a 15s fast fallback state (Connect to all preferred and fallback networks concurrently), and exit immediately if preferred networks recover.

Conflicts with bind_interface, inet4_bind_address and inet6_bind_address.

"},{"location":"configuration/shared/dial/#network_type","title":"network_type","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.

Network types to use when using default or hybrid network strategy or preferred network types to use when using fallback network strategy.

Available values: wifi, cellular, ethernet, other.

Device's default network is used by default.

"},{"location":"configuration/shared/dial/#fallback_network_type","title":"fallback_network_type","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.

Fallback network types when preferred networks are unavailable or timeout when using fallback network strategy.

All other networks expect preferred are used by default.

"},{"location":"configuration/shared/dial/#fallback_delay","title":"fallback_delay","text":"

Since sing-box 1.11.0

Only supported in graphical clients on Android and Apple platforms with auto_detect_interface enabled.

The length of time to wait before spawning a RFC 6555 Fast Fallback connection.

For domain_strategy, is the amount of time to wait for connection to succeed before assuming that IPv4/IPv6 is misconfigured and falling back to other type of addresses.

For network_strategy, is the amount of time to wait for connection to succeed before falling back to other interfaces.

Only take effect when domain_strategy or network_strategy is set.

300ms is used by default.

"},{"location":"configuration/shared/dns01_challenge/","title":"DNS01 Challenge Fields","text":""},{"location":"configuration/shared/dns01_challenge/#structure","title":"Structure","text":"
{\n  \"provider\": \"\",\n\n  ... // Provider Fields\n}\n
"},{"location":"configuration/shared/dns01_challenge/#provider-fields","title":"Provider Fields","text":""},{"location":"configuration/shared/dns01_challenge/#alibaba-cloud-dns","title":"Alibaba Cloud DNS","text":"
{\n  \"provider\": \"alidns\",\n  \"access_key_id\": \"\",\n  \"access_key_secret\": \"\",\n  \"region_id\": \"\"\n}\n
"},{"location":"configuration/shared/dns01_challenge/#cloudflare","title":"Cloudflare","text":"
{\n  \"provider\": \"cloudflare\",\n  \"api_token\": \"\"\n}\n
"},{"location":"configuration/shared/listen/","title":"Listen Fields","text":"

Changes in sing-box 1.11.0

sniff sniff_override_destination sniff_timeout domain_strategy udp_disable_domain_unmapping

"},{"location":"configuration/shared/listen/#structure","title":"Structure","text":"
{\n  \"listen\": \"::\",\n  \"listen_port\": 5353,\n  \"tcp_fast_open\": false,\n  \"tcp_multi_path\": false,\n  \"udp_fragment\": false,\n  \"udp_timeout\": \"5m\",\n  \"detour\": \"another-in\",\n  \"sniff\": false,\n  \"sniff_override_destination\": false,\n  \"sniff_timeout\": \"300ms\",\n  \"domain_strategy\": \"prefer_ipv6\",\n  \"udp_disable_domain_unmapping\": false\n}\n
"},{"location":"configuration/shared/listen/#fields","title":"Fields","text":"Field Available Context listen Needs to listen on TCP or UDP. listen_port Needs to listen on TCP or UDP. tcp_fast_open Needs to listen on TCP. tcp_multi_path Needs to listen on TCP. udp_timeout Needs to assemble UDP connections. udp_disable_domain_unmapping Needs to listen on UDP and accept domain UDP addresses."},{"location":"configuration/shared/listen/#listen","title":"listen","text":"

Required

Listen address.

"},{"location":"configuration/shared/listen/#listen_port","title":"listen_port","text":"

Listen port.

"},{"location":"configuration/shared/listen/#tcp_fast_open","title":"tcp_fast_open","text":"

Enable TCP Fast Open.

"},{"location":"configuration/shared/listen/#tcp_multi_path","title":"tcp_multi_path","text":"

Go 1.21 required.

Enable TCP Multi Path.

"},{"location":"configuration/shared/listen/#udp_fragment","title":"udp_fragment","text":"

Enable UDP fragmentation.

"},{"location":"configuration/shared/listen/#udp_timeout","title":"udp_timeout","text":"

UDP NAT expiration time.

5m will be used by default.

"},{"location":"configuration/shared/listen/#detour","title":"detour","text":"

If set, connections will be forwarded to the specified inbound.

Requires target inbound support, see Injectable.

"},{"location":"configuration/shared/listen/#sniff","title":"sniff","text":"

Deprecated in sing-box 1.11.0

Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.

Enable sniffing.

See Protocol Sniff for details.

"},{"location":"configuration/shared/listen/#sniff_override_destination","title":"sniff_override_destination","text":"

Deprecated in sing-box 1.11.0

Inbound fields are deprecated and will be removed in sing-box 1.13.0.

Override the connection destination address with the sniffed domain.

If the domain name is invalid (like tor), this will not work.

"},{"location":"configuration/shared/listen/#sniff_timeout","title":"sniff_timeout","text":"

Deprecated in sing-box 1.11.0

Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.

Timeout for sniffing.

300ms is used by default.

"},{"location":"configuration/shared/listen/#domain_strategy","title":"domain_strategy","text":"

Deprecated in sing-box 1.11.0

Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.

One of prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only.

If set, the requested domain name will be resolved to IP before routing.

If sniff_override_destination is in effect, its value will be taken as a fallback.

"},{"location":"configuration/shared/listen/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"

Deprecated in sing-box 1.11.0

Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.

If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.

This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.

"},{"location":"configuration/shared/multiplex/","title":"Multiplex","text":""},{"location":"configuration/shared/multiplex/#inbound","title":"Inbound","text":"
{\n  \"enabled\": true,\n  \"padding\": false,\n  \"brutal\": {}\n}\n
"},{"location":"configuration/shared/multiplex/#outbound","title":"Outbound","text":"
{\n  \"enabled\": true,\n  \"protocol\": \"smux\",\n  \"max_connections\": 4,\n  \"min_streams\": 4,\n  \"max_streams\": 0,\n  \"padding\": false,\n  \"brutal\": {}\n}\n
"},{"location":"configuration/shared/multiplex/#inbound-fields","title":"Inbound Fields","text":""},{"location":"configuration/shared/multiplex/#enabled","title":"enabled","text":"

Enable multiplex support.

"},{"location":"configuration/shared/multiplex/#padding","title":"padding","text":"

If enabled, non-padded connections will be rejected.

"},{"location":"configuration/shared/multiplex/#brutal","title":"brutal","text":"

See TCP Brutal for details.

"},{"location":"configuration/shared/multiplex/#outbound-fields","title":"Outbound Fields","text":""},{"location":"configuration/shared/multiplex/#enabled_1","title":"enabled","text":"

Enable multiplex.

"},{"location":"configuration/shared/multiplex/#protocol","title":"protocol","text":"

Multiplex protocol.

Protocol Description smux https://github.com/xtaci/smux yamux https://github.com/hashicorp/yamux h2mux https://golang.org/x/net/http2

h2mux is used by default.

"},{"location":"configuration/shared/multiplex/#max_connections","title":"max_connections","text":"

Maximum connections.

Conflict with max_streams.

"},{"location":"configuration/shared/multiplex/#min_streams","title":"min_streams","text":"

Minimum multiplexed streams in a connection before opening a new connection.

Conflict with max_streams.

"},{"location":"configuration/shared/multiplex/#max_streams","title":"max_streams","text":"

Maximum multiplexed streams in a connection before opening a new connection.

Conflict with max_connections and min_streams.

"},{"location":"configuration/shared/multiplex/#padding_1","title":"padding","text":"

Info

Requires sing-box server version 1.3-beta9 or later.

Enable padding.

"},{"location":"configuration/shared/multiplex/#brutal_1","title":"brutal","text":"

See TCP Brutal for details.

"},{"location":"configuration/shared/tcp-brutal/","title":"TCP Brutal","text":""},{"location":"configuration/shared/tcp-brutal/#server-requirements","title":"Server Requirements","text":"

See tcp-brutal for details.

"},{"location":"configuration/shared/tcp-brutal/#structure","title":"Structure","text":"
{\n  \"enabled\": true,\n  \"up_mbps\": 100,\n  \"down_mbps\": 100\n}\n
"},{"location":"configuration/shared/tcp-brutal/#fields","title":"Fields","text":""},{"location":"configuration/shared/tcp-brutal/#enabled","title":"enabled","text":"

Enable TCP Brutal congestion control algorithm\u3002

"},{"location":"configuration/shared/tcp-brutal/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

Required

Upload and download bandwidth, in Mbps.

"},{"location":"configuration/shared/tls/","title":"TLS","text":"

Changes in sing-box 1.10.0

utls

"},{"location":"configuration/shared/tls/#inbound","title":"Inbound","text":"
{\n  \"enabled\": true,\n  \"server_name\": \"\",\n  \"alpn\": [],\n  \"min_version\": \"\",\n  \"max_version\": \"\",\n  \"cipher_suites\": [],\n  \"certificate\": [],\n  \"certificate_path\": \"\",\n  \"key\": [],\n  \"key_path\": \"\",\n  \"acme\": {\n    \"domain\": [],\n    \"data_directory\": \"\",\n    \"default_server_name\": \"\",\n    \"email\": \"\",\n    \"provider\": \"\",\n    \"disable_http_challenge\": false,\n    \"disable_tls_alpn_challenge\": false,\n    \"alternative_http_port\": 0,\n    \"alternative_tls_port\": 0,\n    \"external_account\": {\n      \"key_id\": \"\",\n      \"mac_key\": \"\"\n    },\n    \"dns01_challenge\": {}\n  },\n  \"ech\": {\n    \"enabled\": false,\n    \"pq_signature_schemes_enabled\": false,\n    \"dynamic_record_sizing_disabled\": false,\n    \"key\": [],\n    \"key_path\": \"\"\n  },\n  \"reality\": {\n    \"enabled\": false,\n    \"handshake\": {\n      \"server\": \"google.com\",\n      \"server_port\": 443,\n\n      ... // Dial Fields\n    },\n    \"private_key\": \"UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc\",\n    \"short_id\": [\n      \"0123456789abcdef\"\n    ],\n    \"max_time_difference\": \"1m\"\n  }\n}\n
"},{"location":"configuration/shared/tls/#outbound","title":"Outbound","text":"
{\n  \"enabled\": true,\n  \"disable_sni\": false,\n  \"server_name\": \"\",\n  \"insecure\": false,\n  \"alpn\": [],\n  \"min_version\": \"\",\n  \"max_version\": \"\",\n  \"cipher_suites\": [],\n  \"certificate\": \"\",\n  \"certificate_path\": \"\",\n  \"ech\": {\n    \"enabled\": false,\n    \"pq_signature_schemes_enabled\": false,\n    \"dynamic_record_sizing_disabled\": false,\n    \"config\": [],\n    \"config_path\": \"\"\n  },\n  \"utls\": {\n    \"enabled\": false,\n    \"fingerprint\": \"\"\n  },\n  \"reality\": {\n    \"enabled\": false,\n    \"public_key\": \"jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0\",\n    \"short_id\": \"0123456789abcdef\"\n  }\n}\n

TLS version values:

Cipher suite values:

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/shared/tls/#fields","title":"Fields","text":""},{"location":"configuration/shared/tls/#enabled","title":"enabled","text":"

Enable TLS.

"},{"location":"configuration/shared/tls/#disable_sni","title":"disable_sni","text":"

Client only

Do not send server name in ClientHello.

"},{"location":"configuration/shared/tls/#server_name","title":"server_name","text":"

Used to verify the hostname on the returned certificates unless insecure is given.

It is also included in the client's handshake to support virtual hosting unless it is an IP address.

"},{"location":"configuration/shared/tls/#insecure","title":"insecure","text":"

Client only

Accepts any server certificate.

"},{"location":"configuration/shared/tls/#alpn","title":"alpn","text":"

List of supported application level protocols, in order of preference.

If both peers support ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol.

See Application-Layer Protocol Negotiation.

"},{"location":"configuration/shared/tls/#min_version","title":"min_version","text":"

The minimum TLS version that is acceptable.

By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server.

"},{"location":"configuration/shared/tls/#max_version","title":"max_version","text":"

The maximum TLS version that is acceptable.

By default, the maximum version is currently TLS 1.3.

"},{"location":"configuration/shared/tls/#cipher_suites","title":"cipher_suites","text":"

A list of enabled TLS 1.0\u20131.2 cipher suites. The order of the list is ignored. Note that TLS 1.3 cipher suites are not configurable.

If empty, a safe default list is used. The default cipher suites might change over time.

"},{"location":"configuration/shared/tls/#certificate","title":"certificate","text":"

The server certificate line array, in PEM format.

"},{"location":"configuration/shared/tls/#certificate_path","title":"certificate_path","text":"

Will be automatically reloaded if file modified.

The path to the server certificate, in PEM format.

"},{"location":"configuration/shared/tls/#key","title":"key","text":"

Server only

The server private key line array, in PEM format.

"},{"location":"configuration/shared/tls/#key_path","title":"key_path","text":"

Server only

Will be automatically reloaded if file modified.

The path to the server private key, in PEM format.

"},{"location":"configuration/shared/tls/#custom-tls-support","title":"Custom TLS support","text":"

QUIC support

Only ECH is supported in QUIC.

"},{"location":"configuration/shared/tls/#utls","title":"utls","text":"

Client only

There is no evidence that GFW detects and blocks servers based on TLS client fingerprinting, and using an imperfect emulation that has not been security reviewed could pose security risks.

uTLS is a fork of \"crypto/tls\", which provides ClientHello fingerprinting resistance.

Available fingerprint values:

Removed since sing-box 1.10.0

Some legacy chrome fingerprints have been removed and will fallback to chrome:

chrome_psk chrome_psk_shuffle chrome_padding_psk_shuffle chrome_pq chrome_pq_psk

Chrome fingerprint will be used if empty.

"},{"location":"configuration/shared/tls/#ech-fields","title":"ECH Fields","text":"

ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message.

The ECH key and configuration can be generated by sing-box generate ech-keypair [--pq-signature-schemes-enabled].

"},{"location":"configuration/shared/tls/#pq_signature_schemes_enabled","title":"pq_signature_schemes_enabled","text":"

Enable support for post-quantum peer certificate signature schemes.

It is recommended to match the parameters of sing-box generate ech-keypair.

"},{"location":"configuration/shared/tls/#dynamic_record_sizing_disabled","title":"dynamic_record_sizing_disabled","text":"

Disables adaptive sizing of TLS records.

When true, the largest possible TLS record size is always used. When false, the size of TLS records may be adjusted in an attempt to improve latency.

"},{"location":"configuration/shared/tls/#key_1","title":"key","text":"

Server only

ECH key line array, in PEM format.

"},{"location":"configuration/shared/tls/#key_path_1","title":"key_path","text":"

Server only

Will be automatically reloaded if file modified.

The path to ECH key, in PEM format.

"},{"location":"configuration/shared/tls/#config","title":"config","text":"

Client only

ECH configuration line array, in PEM format.

If empty, load from DNS will be attempted.

"},{"location":"configuration/shared/tls/#config_path","title":"config_path","text":"

Client only

The path to ECH configuration, in PEM format.

If empty, load from DNS will be attempted.

"},{"location":"configuration/shared/tls/#acme-fields","title":"ACME Fields","text":""},{"location":"configuration/shared/tls/#domain","title":"domain","text":"

List of domain.

ACME will be disabled if empty.

"},{"location":"configuration/shared/tls/#data_directory","title":"data_directory","text":"

The directory to store ACME data.

$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic will be used if empty.

"},{"location":"configuration/shared/tls/#default_server_name","title":"default_server_name","text":"

Server name to use when choosing a certificate if the ClientHello's ServerName field is empty.

"},{"location":"configuration/shared/tls/#email","title":"email","text":"

The email address to use when creating or selecting an existing ACME server account

"},{"location":"configuration/shared/tls/#provider","title":"provider","text":"

The ACME CA provider to use.

Value Provider letsencrypt (default) Let's Encrypt zerossl ZeroSSL https://... Custom"},{"location":"configuration/shared/tls/#disable_http_challenge","title":"disable_http_challenge","text":"

Disable all HTTP challenges.

"},{"location":"configuration/shared/tls/#disable_tls_alpn_challenge","title":"disable_tls_alpn_challenge","text":"

Disable all TLS-ALPN challenges

"},{"location":"configuration/shared/tls/#alternative_http_port","title":"alternative_http_port","text":"

The alternate port to use for the ACME HTTP challenge; if non-empty, this port will be used instead of 80 to spin up a listener for the HTTP challenge.

"},{"location":"configuration/shared/tls/#alternative_tls_port","title":"alternative_tls_port","text":"

The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to succeed.

"},{"location":"configuration/shared/tls/#external_account","title":"external_account","text":"

EAB (External Account Binding) contains information necessary to bind or map an ACME account to some other account known by the CA.

External account bindings are \"used to associate an ACME account with an existing account in a non-ACME system, such as a CA customer database.

To enable ACME account binding, the CA operating the ACME server needs to provide the ACME client with a MAC key and a key identifier, using some mechanism outside of ACME. \u00a77.3.4

"},{"location":"configuration/shared/tls/#external_accountkey_id","title":"external_account.key_id","text":"

The key identifier.

"},{"location":"configuration/shared/tls/#external_accountmac_key","title":"external_account.mac_key","text":"

The MAC key.

"},{"location":"configuration/shared/tls/#dns01_challenge","title":"dns01_challenge","text":"

ACME DNS01 challenge field. If configured, other challenge methods will be disabled.

See DNS01 Challenge Fields for details.

"},{"location":"configuration/shared/tls/#reality-fields","title":"Reality Fields","text":""},{"location":"configuration/shared/tls/#handshake","title":"handshake","text":"

Server only

Required

Handshake server address and Dial Fields.

"},{"location":"configuration/shared/tls/#private_key","title":"private_key","text":"

Server only

Required

Private key, generated by sing-box generate reality-keypair.

"},{"location":"configuration/shared/tls/#public_key","title":"public_key","text":"

Client only

Required

Public key, generated by sing-box generate reality-keypair.

"},{"location":"configuration/shared/tls/#short_id","title":"short_id","text":"

Required

A hexadecimal string with zero to eight digits.

"},{"location":"configuration/shared/tls/#max_time_difference","title":"max_time_difference","text":"

Server only

The maximum time difference between the server and the client.

Check disabled if empty.

"},{"location":"configuration/shared/udp-over-tcp/","title":"UDP over TCP","text":"

It's a proprietary protocol created by SagerNet, not part of shadowsocks.

The UDP over TCP protocol is used to transmit UDP packets in TCP.

"},{"location":"configuration/shared/udp-over-tcp/#structure","title":"Structure","text":"
{\n  \"enabled\": true,\n  \"version\": 2\n}\n

The structure can be replaced with a boolean value when the version is not specified.

"},{"location":"configuration/shared/udp-over-tcp/#fields","title":"Fields","text":""},{"location":"configuration/shared/udp-over-tcp/#enabled","title":"enabled","text":"

Enable the UDP over TCP protocol.

"},{"location":"configuration/shared/udp-over-tcp/#version","title":"version","text":"

The protocol version, 1 or 2.

2 is used by default.

"},{"location":"configuration/shared/udp-over-tcp/#application-support","title":"Application support","text":"Project UoT v1 UoT v2 sing-box v0 (2022/08/11) v1.2-beta9 Xray-core v1.5.7 (2022/06/05) f57ec13 (Not released) Clash.Meta v1.12.0 (2022/07/02) 8cb67b6 (Not released) Shadowrocket v2.2.12 (2022/08/13) /"},{"location":"configuration/shared/udp-over-tcp/#protocol-details","title":"Protocol details","text":""},{"location":"configuration/shared/udp-over-tcp/#protocol-version-1","title":"Protocol version 1","text":"

The client requests the magic address to the upper layer proxy protocol to indicate the request: sp.udp-over-tcp.arpa

"},{"location":"configuration/shared/udp-over-tcp/#stream-format","title":"Stream format","text":"ATYP address port length data u8 variable u16be u16be variable

ATYP / address / port: Uses the SOCKS address format.

"},{"location":"configuration/shared/udp-over-tcp/#protocol-version-2","title":"Protocol version 2","text":"

Protocol version 2 uses a new magic address: sp.v2.udp-over-tcp.arpa

"},{"location":"configuration/shared/udp-over-tcp/#request-format","title":"Request format","text":"isConnect ATYP address port u8 u8 variable u16be

isConnect: Set to 1 to indicates that the stream uses the connect format, 0 to disable.

ATYP / address / port: Request destination, uses the SOCKS address format.

"},{"location":"configuration/shared/udp-over-tcp/#connect-stream-format","title":"Connect stream format","text":"length data u16be variable"},{"location":"configuration/shared/udp-over-tcp/#non-connect-stream-format","title":"Non-connect stream format","text":"

As the same as the stream format in protocol version 1.

"},{"location":"configuration/shared/v2ray-transport/","title":"V2Ray Transport","text":"

V2Ray Transport is a set of private protocols invented by v2ray, and has contaminated the names of other protocols, such as trojan-grpc in clash.

"},{"location":"configuration/shared/v2ray-transport/#structure","title":"Structure","text":"
{\n  \"type\": \"\"\n}\n

Available transports:

Difference from v2ray-core

You can ignore the JSON Array [] tag when the content is only one item

"},{"location":"configuration/shared/v2ray-transport/#http","title":"HTTP","text":"
{\n  \"type\": \"http\",\n  \"host\": [],\n  \"path\": \"\",\n  \"method\": \"\",\n  \"headers\": {},\n  \"idle_timeout\": \"15s\",\n  \"ping_timeout\": \"15s\"\n}\n

Difference from v2ray-core

TLS is not enforced. If TLS is not configured, plain HTTP 1.1 is used.

"},{"location":"configuration/shared/v2ray-transport/#host","title":"host","text":"

List of host domain.

The client will choose randomly and the server will verify if not empty.

"},{"location":"configuration/shared/v2ray-transport/#path","title":"path","text":"

Warning

V2Ray's documentation says that the path between the server and the client must be consistent, but the actual code allows the client to add any suffix to the path. sing-box uses the same behavior as V2Ray, but note that the behavior does not exist in WebSocket and HTTPUpgrade transport.

Path of HTTP request.

The server will verify.

"},{"location":"configuration/shared/v2ray-transport/#method","title":"method","text":"

Method of HTTP request.

The server will verify if not empty.

"},{"location":"configuration/shared/v2ray-transport/#headers","title":"headers","text":"

Extra headers of HTTP request.

The server will write in response if not empty.

"},{"location":"configuration/shared/v2ray-transport/#idle_timeout","title":"idle_timeout","text":"

In HTTP2 server:

Specifies the time until idle clients should be closed with a GOAWAY frame. PING frames are not considered as activity.

In HTTP2 client:

Specifies the period of time after which a health check will be performed using a ping frame if no frames have been received on the connection.Please note that a ping response is considered a received frame, so if there is no other traffic on the connection, the health check will be executed every interval. If the value is zero, no health check will be performed.

Zero is used by default.

"},{"location":"configuration/shared/v2ray-transport/#ping_timeout","title":"ping_timeout","text":"

In HTTP2 client:

Specifies the timeout duration after sending a PING frame, within which a response must be received. If a response to the PING frame is not received within the specified timeout duration, the connection will be closed. The default timeout duration is 15 seconds.

"},{"location":"configuration/shared/v2ray-transport/#websocket","title":"WebSocket","text":"
{\n  \"type\": \"ws\",\n  \"path\": \"\",\n  \"headers\": {},\n  \"max_early_data\": 0,\n  \"early_data_header_name\": \"\"\n}\n
"},{"location":"configuration/shared/v2ray-transport/#path_1","title":"path","text":"

Path of HTTP request.

The server will verify.

"},{"location":"configuration/shared/v2ray-transport/#headers_1","title":"headers","text":"

Extra headers of HTTP request.

The server will write in response if not empty.

"},{"location":"configuration/shared/v2ray-transport/#max_early_data","title":"max_early_data","text":"

Allowed payload size is in the request. Enabled if not zero.

"},{"location":"configuration/shared/v2ray-transport/#early_data_header_name","title":"early_data_header_name","text":"

Early data is sent in path instead of header by default.

To be compatible with Xray-core, set this to Sec-WebSocket-Protocol.

It needs to be consistent with the server.

"},{"location":"configuration/shared/v2ray-transport/#quic","title":"QUIC","text":"
{\n  \"type\": \"quic\"\n}\n

Difference from v2ray-core

No additional encryption support: It's basically duplicate encryption. And Xray-core is not compatible with v2ray-core in here.

"},{"location":"configuration/shared/v2ray-transport/#grpc","title":"gRPC","text":"

standard gRPC has good compatibility but poor performance and is not included by default, see Installation.

{\n  \"type\": \"grpc\",\n  \"service_name\": \"TunService\",\n  \"idle_timeout\": \"15s\",\n  \"ping_timeout\": \"15s\",\n  \"permit_without_stream\": false\n}\n
"},{"location":"configuration/shared/v2ray-transport/#service_name","title":"service_name","text":"

Service name of gRPC.

"},{"location":"configuration/shared/v2ray-transport/#idle_timeout_1","title":"idle_timeout","text":"

In standard gRPC server/client:

If the transport doesn't see any activity after a duration of this time, it pings the client to check if the connection is still active.

In default gRPC server/client:

It has the same behavior as the corresponding setting in HTTP transport.

"},{"location":"configuration/shared/v2ray-transport/#ping_timeout_1","title":"ping_timeout","text":"

In standard gRPC server/client:

The timeout that after performing a keepalive check, the client will wait for activity. If no activity is detected, the connection will be closed.

In default gRPC server/client:

It has the same behavior as the corresponding setting in HTTP transport.

"},{"location":"configuration/shared/v2ray-transport/#permit_without_stream","title":"permit_without_stream","text":"

In standard gRPC client:

If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, idle_timeout and ping_timeout will be ignored and no keepalive pings will be sent.

Disabled by default.

"},{"location":"configuration/shared/v2ray-transport/#httpupgrade","title":"HTTPUpgrade","text":"
{\n  \"type\": \"httpupgrade\",\n  \"host\": \"\",\n  \"path\": \"\",\n  \"headers\": {}\n}\n
"},{"location":"configuration/shared/v2ray-transport/#host_1","title":"host","text":"

Host domain.

The server will verify if not empty.

"},{"location":"configuration/shared/v2ray-transport/#path_2","title":"path","text":"

Path of HTTP request.

The server will verify.

"},{"location":"configuration/shared/v2ray-transport/#headers_2","title":"headers","text":"

Extra headers of HTTP request.

The server will write in response if not empty.

"},{"location":"installation/build-from-source/","title":"Build from source","text":""},{"location":"installation/build-from-source/#requirements","title":"Requirements","text":""},{"location":"installation/build-from-source/#sing-box-110","title":"sing-box 1.10","text":""},{"location":"installation/build-from-source/#sing-box-19","title":"sing-box 1.9","text":"

You can download and install Go from: https://go.dev/doc/install, latest version is recommended.

"},{"location":"installation/build-from-source/#simple-build","title":"Simple Build","text":"
make\n

Or build and install binary to $GOBIN:

make install\n
"},{"location":"installation/build-from-source/#custom-build","title":"Custom Build","text":"
TAGS=\"tag_a tag_b\" make\n

or

go build -tags \"tag_a tag_b\" ./cmd/sing-box\n
"},{"location":"installation/build-from-source/#build-tags","title":"Build Tags","text":"Build Tag Enabled by default Description with_quic Build with QUIC support, see QUIC and HTTP3 DNS transports, Naive inbound, Hysteria Inbound, Hysteria Outbound and V2Ray Transport#QUIC. with_grpc \ufe0f Build with standard gRPC support, see V2Ray Transport#gRPC. with_dhcp Build with DHCP support, see DHCP DNS transport. with_wireguard Build with WireGuard support, see WireGuard outbound. with_ech Build with TLS ECH extension support for TLS outbound, see TLS. with_utls Build with uTLS support for TLS outbound, see TLS. with_reality_server Build with reality TLS server support, see TLS. with_acme Build with ACME TLS certificate issuer support, see TLS. with_clash_api Build with Clash API support, see Experimental. with_v2ray_api \ufe0f Build with V2Ray API support, see Experimental. with_gvisor Build with gVisor support, see Tun inbound and WireGuard outbound. with_embedded_tor (CGO required) \ufe0f Build with embedded Tor support, see Tor outbound.

It is not recommended to change the default build tag list unless you really know what you are adding.

"},{"location":"installation/docker/","title":"Docker","text":""},{"location":"installation/docker/#command","title":"Command","text":"
docker run -d \\\n  -v /etc/sing-box:/etc/sing-box/ \\\n  --name=sing-box \\\n  --restart=always \\\n  ghcr.io/sagernet/sing-box \\\n  -D /var/lib/sing-box \\\n  -C /etc/sing-box/ run\n
"},{"location":"installation/docker/#compose","title":"Compose","text":"
version: \"3.8\"\nservices:\n  sing-box:\n    image: ghcr.io/sagernet/sing-box\n    container_name: sing-box\n    restart: always\n    volumes:\n      - /etc/sing-box:/etc/sing-box/\n    command: -D /var/lib/sing-box -C /etc/sing-box/ run\n
"},{"location":"installation/package-manager/","title":"Package Manager","text":""},{"location":"installation/package-manager/#repository-installation","title":"Repository Installation","text":"Debian / APT Redhat / DNF
sudo curl -fsSL https://sing-box.app/gpg.key -o /etc/apt/keyrings/sagernet.asc\nsudo chmod a+r /etc/apt/keyrings/sagernet.asc\necho \"deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/sagernet.asc] https://deb.sagernet.org/ * *\" | \\\n  sudo tee /etc/apt/sources.list.d/sagernet.list > /dev/null\nsudo apt-get update\nsudo apt-get install sing-box # or sing-box-beta\n

sudo dnf -y install dnf-plugins-core\nsudo dnf config-manager --add-repo https://sing-box.app/sing-box.repo\nsudo dnf install sing-box # or sing-box-beta\n
(This applies to any distribution that uses dnf as the package manager: Fedora, CentOS, even OpenSUSE with DNF installed.)

"},{"location":"installation/package-manager/#manual-installation","title":"Manual Installation","text":"Debian / DEB Redhat / RPM Archlinux / PKG
bash <(curl -fsSL https://sing-box.app/deb-install.sh)\n

bash <(curl -fsSL https://sing-box.app/rpm-install.sh)\n
(This applies to any distribution that uses rpm and systemd. Because of how rpm defines dependencies, if it installs, it probably works.)

bash <(curl -fsSL https://sing-box.app/arch-install.sh)\n
"},{"location":"installation/package-manager/#managed-installation","title":"Managed Installation","text":"Linux macOS Windows Android FreeBSD Type Platform Command Link AUR Arch Linux ? -S sing-box nixpkgs NixOS nix-env -iA nixos.sing-box Homebrew macOS / Linux brew install sing-box APK Alpine apk add sing-box DEB AOSC apt install sing-box Type Platform Command Link Homebrew macOS brew install sing-box Type Platform Command Link Scoop Windows scoop install sing-box Chocolatey Windows choco install sing-box winget Windows winget install sing-box Type Platform Command Link Termux Android pkg add sing-box Type Platform Command Link FreshPorts FreeBSD pkg install sing-box"},{"location":"installation/package-manager/#problematic-sources","title":"Problematic Sources","text":"Type Platform Link Promblem(s) DEB AOSC aosc-os-abbs Problematic build tag list modification Homebrew / homebrew-core Problematic build tag list modification Termux Android termux-packages Problematic build tag list modification FreshPorts FreeBSD FreeBSD ports Old Go (go1.20)

If you are a user of them, please report issues to them:

  1. Please do not modify release build tags without full understanding of the related functionality: enabling non-default labels may result in decreased performance; the lack of default labels may cause user confusion.
  2. sing-box supports compiling with some older Go versions, but it is not recommended (especially versions that are no longer supported by Go).
"},{"location":"installation/package-manager/#service-management","title":"Service Management","text":"

For Linux systems with systemd, usually the installation already includes a sing-box service, you can manage the service using the following command:

Operation Command Enable sudo systemctl enable sing-box Disable sudo systemctl disable sing-box Start sudo systemctl start sing-box Stop sudo systemctl stop sing-box Kill sudo systemctl kill sing-box Restart sudo systemctl restart sing-box Logs sudo journalctl -u sing-box --output cat -e New Logs sudo journalctl -u sing-box --output cat -f"},{"location":"manual/misc/tunnelvision/","title":"TunnelVision","text":"

TunnelVision is an attack that uses DHCP option 121 to set higher priority routes so that traffic does not go through the VPN.

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661

"},{"location":"manual/misc/tunnelvision/#status","title":"Status","text":""},{"location":"manual/misc/tunnelvision/#android","title":"Android","text":"

Android does not handle DHCP option 121 and is not affected.

"},{"location":"manual/misc/tunnelvision/#apple-platforms","title":"Apple platforms","text":"

Update sing-box graphical client to 1.9.0-rc.16 or newer, then enable includeAllNetworks in Settings \u2014 Packet Tunnel and you will be unaffected.

Note: when includeAllNetworks is enabled, the default TUN stack is changed to gvisor, and the system and mixed stacks are not available.

"},{"location":"manual/misc/tunnelvision/#linux","title":"Linux","text":"

Update sing-box to 1.9.0-rc.16 or newer, rules generated by auto-route are unaffected.

"},{"location":"manual/misc/tunnelvision/#windows","title":"Windows","text":"

No solution yet.

"},{"location":"manual/misc/tunnelvision/#workarounds","title":"Workarounds","text":""},{"location":"manual/proxy/client/","title":"Client","text":""},{"location":"manual/proxy/client/#introduction","title":"Introduction","text":"

For a long time, the modern usage and principles of proxy clients for graphical operating systems have not been clearly described. However, we can categorize them into three types: system proxy, firewall redirection, and virtual interface.

"},{"location":"manual/proxy/client/#system-proxy","title":"System Proxy","text":"

Almost all graphical environments support system-level proxies, which are essentially ordinary HTTP proxies that only support TCP.

Operating System / Desktop Environment System Proxy Application Support Windows macOS GNOME/KDE Android ROOT or adb (permission) is required Android/iOS (with sing-box graphical client) via tun.platform.http_proxy

As one of the most well-known proxy methods, it has many shortcomings: many TCP clients that are not based on HTTP do not check and use the system proxy. Moreover, UDP and ICMP traffics bypass the proxy.

flowchart LR\n    dns[DNS query] -- Is HTTP request? --> proxy[HTTP proxy]\n    dns --> leak[Leak]\n    tcp[TCP connection] -- Is HTTP request? --> proxy\n    tcp -- Check and use HTTP CONNECT? --> proxy\n    tcp --> leak\n    udp[UDP packet] --> leak
"},{"location":"manual/proxy/client/#firewall-redirection","title":"Firewall Redirection","text":"

This type of usage typically relies on the firewall or hook interface provided by the operating system, such as Windows\u2019 WFP, Linux\u2019s redirect, TProxy and eBPF, and macOS\u2019s pf. Although it is intrusive and cumbersome to configure, it remains popular within the community of amateur proxy open source projects like V2Ray, due to the low technical requirements it imposes on the software.

"},{"location":"manual/proxy/client/#virtual-interface","title":"Virtual Interface","text":"

All L2/L3 proxies (seriously defined VPNs, such as OpenVPN, WireGuard) are based on virtual network interfaces, which is also the only way for all L4 proxies to work as VPNs on mobile platforms like Android, iOS.

The sing-box inherits and develops clash-premium\u2019s TUN inbound (L3 to L4 conversion) as the most reasonable method for performing transparent proxying.

flowchart TB\n    packet[IP Packet]\n    packet --> windows[Windows / macOS]\n    packet --> linux[Linux]\n    tun[TUN interface]\n    windows -. route .-> tun\n    linux -. iproute2 route/rule .-> tun\n    tun --> gvisor[gVisor TUN stack]\n    tun --> system[system TUN stack]\n    assemble([L3 to L4 assemble])\n    gvisor --> assemble\n    system --> assemble\n    assemble --> conn[TCP and UDP connections]\n    conn --> router[sing-box Router]\n    router --> direct[Direct outbound]\n    router --> proxy[Proxy outbounds]\n    router -- DNS hijack --> dns_out[DNS outbound]\n    dns_out --> dns_router[DNS router]\n    dns_router --> router\n    direct --> adi([auto detect interface])\n    proxy --> adi\n    adi --> default[Default network interface in the system]\n    default --> destination[Destination server]\n    default --> proxy_server[Proxy server]\n    proxy_server --> destination
"},{"location":"manual/proxy/client/#examples","title":"Examples","text":""},{"location":"manual/proxy/client/#basic-tun-usage-for-chinese-users","title":"Basic TUN usage for Chinese users","text":"IPv4 only IPv4 & IPv6 FakeIP
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"google\",\n        \"address\": \"tls://8.8.8.8\"\n      },\n      {\n        \"tag\": \"local\",\n        \"address\": \"223.5.5.5\",\n        \"detour\": \"direct\"\n      }\n    ],\n    \"rules\": [\n      {\n        \"outbound\": \"any\",\n        \"server\": \"local\"\n      }\n    ],\n    \"strategy\": \"ipv4_only\"\n  },\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"inet4_address\": \"172.19.0.1/30\",\n      \"auto_route\": true,\n      \"strict_route\": false\n    }\n  ],\n  \"outbounds\": [\n    // ...\n    {\n      \"type\": \"direct\",\n      \"tag\": \"direct\"\n    },\n    {\n      \"type\": \"dns\",\n      \"tag\": \"dns-out\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"protocol\": \"dns\",\n        \"outbound\": \"dns-out\"\n      },\n      {\n        \"geoip\": [\n          \"private\"\n        ],\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"auto_detect_interface\": true\n  }\n}\n
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"google\",\n        \"address\": \"tls://8.8.8.8\"\n      },\n      {\n        \"tag\": \"local\",\n        \"address\": \"223.5.5.5\",\n        \"detour\": \"direct\"\n      }\n    ],\n    \"rules\": [\n      {\n        \"outbound\": \"any\",\n        \"server\": \"local\"\n      }\n    ]\n  },\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"inet4_address\": \"172.19.0.1/30\",\n      \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n      \"auto_route\": true,\n      \"strict_route\": false\n    }\n  ],\n  \"outbounds\": [\n    // ...\n    {\n      \"type\": \"direct\",\n      \"tag\": \"direct\"\n    },\n    {\n      \"type\": \"dns\",\n      \"tag\": \"dns-out\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"protocol\": \"dns\",\n        \"outbound\": \"dns-out\"\n      },\n      {\n        \"geoip\": [\n          \"private\"\n        ],\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"auto_detect_interface\": true\n  }\n}\n
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"google\",\n        \"address\": \"tls://8.8.8.8\"\n      },\n      {\n        \"tag\": \"local\",\n        \"address\": \"223.5.5.5\",\n        \"detour\": \"direct\"\n      },\n      {\n        \"tag\": \"remote\",\n        \"address\": \"fakeip\"\n      }\n    ],\n    \"rules\": [\n      {\n        \"outbound\": \"any\",\n        \"server\": \"local\"\n      },\n      {\n        \"query_type\": [\n          \"A\",\n          \"AAAA\"\n        ],\n        \"server\": \"remote\"\n      }\n    ],\n    \"fakeip\": {\n      \"enabled\": true,\n      \"inet4_range\": \"198.18.0.0/15\",\n      \"inet6_range\": \"fc00::/18\"\n    },\n    \"independent_cache\": true\n  },\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"inet4_address\": \"172.19.0.1/30\",\n      \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n      \"auto_route\": true,\n      \"strict_route\": true\n    }\n  ],\n  \"outbounds\": [\n    // ...\n    {\n      \"type\": \"direct\",\n      \"tag\": \"direct\"\n    },\n    {\n      \"type\": \"dns\",\n      \"tag\": \"dns-out\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"protocol\": \"dns\",\n        \"outbound\": \"dns-out\"\n      },\n      {\n        \"geoip\": [\n          \"private\"\n        ],\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"auto_detect_interface\": true\n  }\n}\n
"},{"location":"manual/proxy/client/#traffic-bypass-usage-for-chinese-users","title":"Traffic bypass usage for Chinese users","text":"DNS rules DNS rules (Enhanced, but slower) (1.9.0+) Route rules
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"google\",\n        \"address\": \"tls://8.8.8.8\"\n      },\n      {\n        \"tag\": \"local\",\n        \"address\": \"223.5.5.5\",\n        \"detour\": \"direct\"\n      }\n    ],\n    \"rules\": [\n      {\n        \"outbound\": \"any\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Direct\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Global\",\n        \"server\": \"google\"\n      },\n      {\n        \"rule_set\": \"geosite-geolocation-cn\",\n        \"server\": \"local\"\n      }\n    ]\n  },\n  \"route\": {\n    \"rule_set\": [\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geosite-geolocation-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n      }\n    ]\n  }\n}\n
With DNS leaks Without DNS leaks, but slower (1.9.0-alpha.2+)
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"google\",\n        \"address\": \"tls://8.8.8.8\"\n      },\n      {\n        \"tag\": \"local\",\n        \"address\": \"https://223.5.5.5/dns-query\",\n        \"detour\": \"direct\"\n      }\n    ],\n    \"rules\": [\n      {\n        \"outbound\": \"any\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Direct\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Global\",\n        \"server\": \"google\"\n      },\n      {\n        \"rule_set\": \"geosite-geolocation-cn\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Default\",\n        \"server\": \"google\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"and\",\n        \"rules\": [\n          {\n            \"rule_set\": \"geosite-geolocation-!cn\",\n            \"invert\": true\n          },\n          {\n            \"rule_set\": \"geoip-cn\"\n          }\n        ],\n        \"server\": \"local\"\n      }\n    ]\n  },\n  \"route\": {\n    \"rule_set\": [\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geosite-geolocation-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n      },\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geosite-geolocation-!cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs\"\n      },\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geoip-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\"\n      }\n    ]\n  },\n  \"experimental\": {\n    \"cache_file\": {\n      \"enabled\": true,\n      \"store_rdrc\": true\n    },\n    \"clash_api\": {\n      \"default_mode\": \"Enhanced\"\n    }\n  }\n}\n
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"google\",\n        \"address\": \"tls://8.8.8.8\"\n      },\n      {\n        \"tag\": \"local\",\n        \"address\": \"https://223.5.5.5/dns-query\",\n        \"detour\": \"direct\"\n      }\n    ],\n    \"rules\": [\n      {\n        \"outbound\": \"any\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Direct\",\n        \"server\": \"local\"\n      },\n      {\n        \"clash_mode\": \"Global\",\n        \"server\": \"google\"\n      },\n      {\n        \"rule_set\": \"geosite-geolocation-cn\",\n        \"server\": \"local\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"and\",\n        \"rules\": [\n          {\n            \"rule_set\": \"geosite-geolocation-!cn\",\n            \"invert\": true\n          },\n          {\n            \"rule_set\": \"geoip-cn\"\n          }\n        ],\n        \"server\": \"google\",\n        \"client_subnet\": \"114.114.114.114/24\" // Any China client IP address\n      }\n    ]\n  },\n  \"route\": {\n    \"rule_set\": [\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geosite-geolocation-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n      },\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geosite-geolocation-!cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs\"\n      },\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geoip-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\"\n      }\n    ]\n  },\n  \"experimental\": {\n    \"cache_file\": {\n      \"enabled\": true,\n      \"store_rdrc\": true\n    },\n    \"clash_api\": {\n      \"default_mode\": \"Enhanced\"\n    }\n  }\n}\n
{\n  \"outbounds\": [\n    {\n      \"type\": \"direct\",\n      \"tag\": \"direct\"\n    },\n    {\n      \"type\": \"block\",\n      \"tag\": \"block\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"type\": \"logical\",\n        \"mode\": \"or\",\n        \"rules\": [\n          {\n            \"protocol\": \"dns\"\n          },\n          {\n            \"port\": 53\n          }\n        ],\n        \"outbound\": \"dns\"\n      },\n      {\n        \"ip_is_private\": true,\n        \"outbound\": \"direct\"\n      },\n      {\n        \"clash_mode\": \"Direct\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"clash_mode\": \"Global\",\n        \"outbound\": \"default\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"or\",\n        \"rules\": [\n          {\n            \"port\": 853\n          },\n          {\n            \"network\": \"udp\",\n            \"port\": 443\n          },\n          {\n            \"protocol\": \"stun\"\n          }\n        ],\n        \"outbound\": \"block\"\n      },\n      {\n        \"rule_set\": [\n          \"geoip-cn\",\n          \"geosite-geolocation-cn\"\n        ],\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"rule_set\": [\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geoip-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\"\n      },\n      {\n        \"type\": \"remote\",\n        \"tag\": \"geosite-geolocation-cn\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n      }\n    ]\n  }\n}\n
"},{"location":"manual/proxy/server/","title":"Server","text":"

To use sing-box as a proxy protocol server, you pretty much only need to configure the inbound for that protocol.

The Proxy Protocol menu below contains descriptions and configuration examples of recommended protocols for bypassing GFW.

"},{"location":"manual/proxy-protocol/hysteria2/","title":"Hysteria 2","text":"

Hysteria 2 is a simple, Chinese-made protocol based on QUIC. The selling point is Brutal, a congestion control algorithm that tries to achieve a user-defined bandwidth despite packet loss.

Warning

Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more obvious characteristics than TCP based proxies.

Specification Resists passive detection Resists active probes hysteria.network"},{"location":"manual/proxy-protocol/hysteria2/#password-generator","title":"Password Generator","text":"Generate Password Action Refresh"},{"location":"manual/proxy-protocol/hysteria2/#difference-from-official-hysteria","title":"Difference from official Hysteria","text":"

The official program supports an authentication method called userpass, which essentially uses a combination of <username>:<password> as the actual password, while sing-box does not provide this alias. To use sing-box with the official program, you need to fill in that combination as the actual password.

"},{"location":"manual/proxy-protocol/hysteria2/#server-example","title":"Server Example","text":"

Replace up_mbps and down_mbps values with the actual bandwidth of your server.

With local certificate With ACME With ACME and Cloudflare API
 {\n  \"inbounds\": [\n    {\n      \"type\": \"hysteria2\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"up_mbps\": 100,\n      \"down_mbps\": 100,\n      \"users\": [\n        {\n          \"name\": \"sekai\",\n          \"password\": \"<password>\"\n        }\n      ],\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"key_path\": \"/path/to/key.pem\",\n        \"certificate_path\": \"/path/to/certificate.pem\"\n      }\n    }\n  ]\n}\n
 {\n  \"inbounds\": [\n    {\n      \"type\": \"hysteria2\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"up_mbps\": 100,\n      \"down_mbps\": 100,\n      \"users\": [\n        {\n          \"name\": \"sekai\",\n          \"password\": \"<password>\"\n        }\n      ],\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"acme\": {\n          \"domain\": \"example.org\",\n          \"email\": \"admin@example.org\"\n        }\n      }\n    }\n  ]\n}\n
 {\n  \"inbounds\": [\n    {\n      \"type\": \"hysteria2\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"up_mbps\": 100,\n      \"down_mbps\": 100,\n      \"users\": [\n        {\n          \"name\": \"sekai\",\n          \"password\": \"<password>\"\n        }\n      ],\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"acme\": {\n          \"domain\": \"example.org\",\n          \"email\": \"admin@example.org\",\n          \"dns01_challenge\": {\n            \"provider\": \"cloudflare\",\n            \"api_token\": \"my_token\"\n          }\n        }\n      }\n    }\n  ]\n}\n
"},{"location":"manual/proxy-protocol/hysteria2/#client-example","title":"Client Example","text":"

Replace up_mbps and down_mbps values with the actual bandwidth of your client.

With valid certificate With self-sign certificate Ignore certificate verification
{\n  \"outbounds\": [\n    {\n      \"type\": \"hysteria2\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"up_mbps\": 100,\n      \"down_mbps\": 100,\n      \"password\": \"<password>\",\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\"\n      }\n    }\n  ]\n}\n

Tip

Use sing-box merge command to merge configuration and certificate into one file.

{\n  \"outbounds\": [\n    {\n      \"type\": \"hysteria2\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"up_mbps\": 100,\n      \"down_mbps\": 100,\n      \"password\": \"<password>\",\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"certificate_path\": \"/path/to/certificate.pem\"\n      }\n    }\n  ]\n}\n
{\n  \"outbounds\": [\n    {\n      \"type\": \"hysteria2\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"up_mbps\": 100,\n      \"down_mbps\": 100,\n      \"password\": \"<password>\",\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"insecure\": true\n      }\n    }\n  ]\n}\n
"},{"location":"manual/proxy-protocol/shadowsocks/","title":"Shadowsocks","text":"

Shadowsocks is the most well-known Chinese-made proxy protocol. It exists in multiple versions, but only AEAD 2022 ciphers over TCP with multiplexing is recommended.

Ciphers Specification Cryptographically sound Resists passive detection Resists active probes Stream Ciphers shadowsocks.org AEAD shadowsocks.org AEAD 2022 shadowsocks.org

(We strongly recommend using multiplexing to send UDP traffic over TCP, because doing otherwise is vulnerable to passive detection.)

"},{"location":"manual/proxy-protocol/shadowsocks/#password-generator","title":"Password Generator","text":"For 2022-blake3-aes-128-gcm cipher For other ciphers Action Refresh"},{"location":"manual/proxy-protocol/shadowsocks/#server-example","title":"Server Example","text":"Single-user Multi-user
 {\n  \"inbounds\": [\n    {\n      \"type\": \"shadowsocks\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"network\": \"tcp\",\n      \"method\": \"2022-blake3-aes-128-gcm\",\n      \"password\": \"<password>\",\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
 {\n  \"inbounds\": [\n    {\n      \"type\": \"shadowsocks\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"network\": \"tcp\",\n      \"method\": \"2022-blake3-aes-128-gcm\",\n      \"password\": \"<server_password>\",\n      \"users\": [\n        {\n          \"name\": \"sekai\",\n          \"password\": \"<user_password>\"\n        }\n      ],\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
"},{"location":"manual/proxy-protocol/shadowsocks/#client-example","title":"Client Example","text":"Single-user Multi-user
{\n  \"outbounds\": [\n    {\n      \"type\": \"shadowsocks\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"method\": \"2022-blake3-aes-128-gcm\",\n      \"password\": \"<pasword>\",\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
{\n  \"outbounds\": [\n    {\n      \"type\": \"shadowsocks\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"method\": \"2022-blake3-aes-128-gcm\",\n      \"password\": \"<server_pasword>:<user_password>\",\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
"},{"location":"manual/proxy-protocol/trojan/","title":"Trojan","text":"

Torjan is the most commonly used TLS proxy made in China. It can be used in various combinations, but only the combination of uTLS and multiplexing is recommended.

Protocol and implementation combination Specification Resists passive detection Resists active probes Origin / trojan-gfw trojan-gfw.github.io Basic Go implementation / with privates transport by V2Ray No formal definition with uTLS enabled No formal definition"},{"location":"manual/proxy-protocol/trojan/#password-generator","title":"Password Generator","text":"Generate Password Action Refresh"},{"location":"manual/proxy-protocol/trojan/#server-example","title":"Server Example","text":"With local certificate With ACME With ACME and Cloudflare API
{\n  \"inbounds\": [\n    {\n      \"type\": \"trojan\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"users\": [\n        {\n          \"name\": \"example\",\n          \"password\": \"password\"\n        }\n      ],\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"key_path\": \"/path/to/key.pem\",\n        \"certificate_path\": \"/path/to/certificate.pem\"\n      },\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
{\n  \"inbounds\": [\n    {\n      \"type\": \"trojan\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"users\": [\n        {\n          \"name\": \"example\",\n          \"password\": \"password\"\n        }\n      ],\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"acme\": {\n          \"domain\": \"example.org\",\n          \"email\": \"admin@example.org\"\n        }\n      },\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
{\n  \"inbounds\": [\n    {\n      \"type\": \"trojan\",\n      \"listen\": \"::\",\n      \"listen_port\": 8080,\n      \"users\": [\n        {\n          \"name\": \"example\",\n          \"password\": \"password\"\n        }\n      ],\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"acme\": {\n          \"domain\": \"example.org\",\n          \"email\": \"admin@example.org\",\n          \"dns01_challenge\": {\n            \"provider\": \"cloudflare\",\n            \"api_token\": \"my_token\"\n          }\n        }\n      },\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
"},{"location":"manual/proxy-protocol/trojan/#client-example","title":"Client Example","text":"With valid certificate With self-sign certificate Ignore certificate verification
{\n  \"outbounds\": [\n    {\n      \"type\": \"trojan\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"password\": \"password\",\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"utls\": {\n          \"enabled\": true,\n          \"fingerprint\": \"firefox\"\n        }\n      },\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n

Tip

Use sing-box merge command to merge configuration and certificate into one file.

{\n  \"outbounds\": [\n    {\n      \"type\": \"trojan\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"password\": \"password\",\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"certificate_path\": \"/path/to/certificate.pem\",\n        \"utls\": {\n          \"enabled\": true,\n          \"fingerprint\": \"firefox\"\n        }\n      },\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
{\n  \"outbounds\": [\n    {\n      \"type\": \"trojan\",\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"password\": \"password\",\n      \"tls\": {\n        \"enabled\": true,\n        \"server_name\": \"example.org\",\n        \"insecure\": true,\n        \"utls\": {\n          \"enabled\": true,\n          \"fingerprint\": \"firefox\"\n        }\n      },\n      \"multiplex\": {\n        \"enabled\": true\n      }\n    }\n  ]\n}\n
"},{"location":"zh/","title":"\u5f00\u59cb","text":"

\u6b22\u8fce\u6765\u5230\u8be5 sing-box \u9879\u76ee\u7684\u6587\u6863\u9875\u3002

\u901a\u7528\u4ee3\u7406\u5e73\u53f0\u3002

"},{"location":"zh/#_2","title":"\u6388\u6743","text":"
Copyright (C) 2022 by nekohasekai <contact-sagernet@sekai.icu>\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program. If not, see <http://www.gnu.org/licenses/>.\n\nIn addition, no derivative work may use the name or imply association\nwith this application without prior consent.\n
"},{"location":"zh/changelog/","title":"\u66f4\u65b0\u65e5\u5fd7","text":""},{"location":"zh/deprecated/","title":"\u5e9f\u5f03\u529f\u80fd\u5217\u8868","text":""},{"location":"zh/deprecated/#_2","title":"\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9","text":"

\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\uff08block / dns\uff09\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#_3","title":"\u65e7\u7684\u5165\u7ad9\u5b57\u6bb5","text":"

\u65e7\u7684\u5165\u7ad9\u5b57\u6bb5\uff08inbound.<sniff/domain_strategy/...>\uff09\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#direct","title":"direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5","text":"

direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5\uff08override_address / override_port\uff09\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#wireguard","title":"WireGuard \u51fa\u7ad9","text":"

WireGuard \u51fa\u7ad9\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u7aef\u70b9\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u65e7\u51fa\u7ad9\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#tun-gso","title":"TUN \u7684 GSO \u5b57\u6bb5","text":"

GSO \u5bf9\u900f\u660e\u4ee3\u7406\u573a\u666f\u6ca1\u6709\u4f18\u52bf\uff0c\u5df2\u5e9f\u5f03\u4e14\u5728 TUN \u4e2d\u4e0d\u518d\u8d77\u4f5c\u7528\u3002

\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#match-source","title":"Match source \u89c4\u5219\u9879\u5df2\u91cd\u547d\u540d","text":"

rule_set_ipcidr_match_source \u8def\u7531\u548c DNS \u89c4\u5219\u9879\u5df2\u88ab\u91cd\u547d\u540d\u4e3a rule_set_ip_cidr_match_source \u4e14\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#tun","title":"TUN \u5730\u5740\u5b57\u6bb5\u5df2\u5408\u5e76","text":"

inet4_address \u548c inet6_address \u5df2\u5408\u5e76\u4e3a address\uff0c inet4_route_address \u548c inet6_route_address \u5df2\u5408\u5e76\u4e3a route_address\uff0c inet4_route_exclude_address \u548c inet6_route_exclude_address \u5df2\u5408\u5e76\u4e3a route_exclude_address\u3002

\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002

"},{"location":"zh/deprecated/#go118-go119","title":"\u79fb\u9664\u5bf9 go1.18 \u548c go1.19 \u7684\u652f\u6301","text":"

\u7531\u4e8e\u7ef4\u62a4\u56f0\u96be\uff0csing-box 1.10.0 \u8981\u6c42\u81f3\u5c11 Go 1.20 \u624d\u80fd\u7f16\u8bd1\u3002

"},{"location":"zh/deprecated/#clash-api-cache-file","title":"Clash API \u4e2d\u7684 Cache file \u53ca\u76f8\u5173\u529f\u80fd","text":"

Clash API \u4e2d\u7684 cache_file \u53ca\u76f8\u5173\u529f\u80fd\u5df2\u5e9f\u5f03\u4e14\u5df2\u8fc1\u79fb\u5230\u72ec\u7acb\u7684 cache_file \u8bbe\u7f6e\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

"},{"location":"zh/deprecated/#geoip","title":"GeoIP","text":"

GeoIP \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

maxmind GeoIP \u56fd\u5bb6\u6570\u636e\u5e93\u4f5c\u4e3a IP \u5206\u7c7b\u6570\u636e\u5e93\uff0c\u4e0d\u5b8c\u5168\u9002\u5408\u6d41\u91cf\u7ed5\u8fc7\uff0c \u4e14\u73b0\u6709\u7684\u5b9e\u73b0\u5747\u5b58\u5728\u5185\u5b58\u4f7f\u7528\u5927\u4e0e\u7ba1\u7406\u56f0\u96be\u7684\u95ee\u9898\u3002

sing-box 1.8.0 \u5f15\u5165\u4e86\u89c4\u5219\u96c6\uff0c \u53ef\u4ee5\u5b8c\u5168\u66ff\u4ee3 GeoIP\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

"},{"location":"zh/deprecated/#geosite","title":"Geosite","text":"

Geosite \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

Geosite\uff0c\u5373\u7531 V2Ray \u7ef4\u62a4\u7684 domain-list-community \u9879\u76ee\uff0c\u4f5c\u4e3a\u65e9\u671f\u6d41\u91cf\u7ed5\u8fc7\u89e3\u51b3\u65b9\u6848\uff0c \u5b58\u5728\u7740\u5305\u62ec\u7f3a\u5c11\u7ef4\u62a4\u3001\u89c4\u5219\u4e0d\u51c6\u786e\u548c\u7ba1\u7406\u56f0\u96be\u5185\u7684\u5927\u91cf\u95ee\u9898\u3002

sing-box 1.8.0 \u5f15\u5165\u4e86\u89c4\u5219\u96c6\uff0c \u53ef\u4ee5\u5b8c\u5168\u66ff\u4ee3 Geosite\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

"},{"location":"zh/deprecated/#160","title":"1.6.0","text":"

\u4e0b\u5217\u529f\u80fd\u5df2\u5728 1.5.0 \u4e2d\u6807\u8bb0\u4e3a\u5df2\u5f03\u7528\uff0c\u5e76\u5728 1.6.0 \u4e2d\u5b8c\u5168\u5220\u9664\u3002

"},{"location":"zh/deprecated/#shadowsocksr","title":"ShadowsocksR","text":"

ShadowsocksR \u652f\u6301\u4ece\u672a\u9ed8\u8ba4\u542f\u7528\uff0c\u81ea\u4ece\u5e38\u7528\u7684\u9ed1\u4ea7\u4ee3\u7406\u9500\u552e\u9762\u677f\u505c\u6b62\u4f7f\u7528\u8be5\u534f\u8bae\uff0c\u7ee7\u7eed\u7ef4\u62a4\u5b83\u662f\u6ca1\u6709\u610f\u4e49\u7684\u3002

"},{"location":"zh/deprecated/#proxy-protocol","title":"Proxy Protocol","text":"

Proxy Protocol \u652f\u6301\u7531 Pull Request \u6dfb\u52a0\uff0c\u5b58\u5728\u95ee\u9898\u4e14\u4ec5\u7531 HTTP \u591a\u8def\u590d\u7528\u5668\uff08\u5982 nginx\uff09\u7684\u540e\u7aef\u4f7f\u7528\uff0c\u5177\u6709\u4fb5\u5165\u6027\uff0c\u5bf9\u4e8e\u4ee3\u7406\u76ee\u7684\u6beb\u65e0\u610f\u4e49\u3002

"},{"location":"zh/migration/","title":"\u8fc1\u79fb\u6307\u5357","text":""},{"location":"zh/migration/#_1","title":"\u8fc1\u79fb\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5230\u89c4\u5219\u52a8\u4f5c","text":"

\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u53ef\u4ee5\u88ab\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\u3002

\u53c2\u8003

\u89c4\u5219\u52a8\u4f5c / Block / DNS

BlockDNS \u5f03\u7528\u7684 \u65b0\u7684
{\n  \"outbounds\": [\n    {\n      \"type\": \"block\",\n      \"tag\": \"block\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        ...,\n\n        \"outbound\": \"block\"\n      }\n    ]\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        ...,\n\n        \"action\": \"reject\"\n      }\n    ]\n  }\n}\n
\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"inbound\": [\n    {\n      ...,\n\n      \"sniff\": true\n    }\n  ],\n  \"outbounds\": [\n    {\n      \"tag\": \"dns\",\n      \"type\": \"dns\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"protocol\": \"dns\",\n        \"outbound\": \"dns\"\n      }\n    ]\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"action\": \"sniff\"\n      },\n      {\n        \"protocol\": \"dns\",\n        \"action\": \"hijack-dns\"\n      }\n    ]\n  }\n}\n
"},{"location":"zh/migration/#_2","title":"\u8fc1\u79fb\u65e7\u7684\u5165\u7ad9\u5b57\u6bb5\u5230\u89c4\u5219\u52a8\u4f5c","text":"

\u5165\u7ad9\u9009\u9879\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u53ef\u4ee5\u88ab\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\u3002

\u53c2\u8003

\u76d1\u542c\u5b57\u6bb5 / \u89c4\u5219 / \u89c4\u5219\u52a8\u4f5c / DNS \u89c4\u5219 / DNS \u89c4\u5219\u52a8\u4f5c

\u5f03\u7528\u7684 New
{\n  \"inbounds\": [\n    {\n      \"type\": \"mixed\",\n      \"sniff\": true,\n      \"sniff_timeout\": \"1s\",\n      \"domain_strategy\": \"prefer_ipv4\"\n    }\n  ]\n}\n
{\n  \"inbounds\": [\n    {\n      \"type\": \"mixed\",\n      \"tag\": \"in\"\n    }\n  ],\n  \"route\": {\n    \"rules\": [\n      {\n        \"inbound\": \"in\",\n        \"action\": \"resolve\",\n        \"strategy\": \"prefer_ipv4\"\n      },\n      {\n        \"inbound\": \"in\",\n        \"action\": \"sniff\",\n        \"timeout\": \"1s\"\n      }\n    ]\n  }\n}\n
"},{"location":"zh/migration/#direct","title":"\u8fc1\u79fb direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5\u5230\u8def\u7531\u5b57\u6bb5","text":"

direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5\u5df2\u5e9f\u5f03\uff0c\u4e14\u53ef\u4ee5\u88ab\u8def\u7531\u5b57\u6bb5\u66ff\u4ee3\u3002

\u53c2\u8003

Rule Action / Direct

\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"outbounds\": [\n    {\n      \"type\": \"direct\",\n      \"override_address\": \"1.1.1.1\",\n      \"override_port\": 443\n    }\n  ]\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"action\": \"route-options\", // \u6216 route\n        \"override_address\": \"1.1.1.1\",\n        \"override_port\": 443\n      }\n    ]\n  }\n}\n
"},{"location":"zh/migration/#wireguard","title":"\u8fc1\u79fb WireGuard \u51fa\u7ad9\u5230\u7aef\u70b9","text":"

WireGuard \u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u53ef\u4ee5\u88ab\u7aef\u70b9\u66ff\u4ee3\u3002

\u53c2\u8003

\u7aef\u70b9 / WireGuard \u7aef\u70b9 / WireGuard \u51fa\u7ad9

\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"outbounds\": [\n    {\n      \"type\": \"wireguard\",\n      \"tag\": \"wg-out\",\n\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 10001,\n      \"system_interface\": true,\n      \"gso\": true,\n      \"interface_name\": \"wg0\",\n      \"local_address\": [\n        \"10.0.0.1/32\"\n      ],\n      \"private_key\": \"<private_key>\",\n      \"peer_public_key\": \"<peer_public_key>\",\n      \"pre_shared_key\": \"<pre_shared_key>\",\n      \"reserved\": [0, 0, 0],\n      \"mtu\": 1408\n    }\n  ]\n}\n
{\n  \"endpoints\": [\n    {\n      \"type\": \"wireguard\",\n      \"tag\": \"wg-ep\",\n      \"system\": true,\n      \"name\": \"wg0\",\n      \"mtu\": 1408,\n      \"address\": [\n        \"10.0.0.2/32\"\n      ],\n      \"private_key\": \"<private_key>\",\n      \"listen_port\": 10000,\n      \"peers\": [\n        {\n          \"address\": \"127.0.0.1\",\n          \"port\": 10001,\n          \"public_key\": \"<peer_public_key>\",\n          \"pre_shared_key\": \"<pre_shared_key>\",\n          \"allowed_ips\": [\n            \"0.0.0.0/0\"\n          ],\n          \"persistent_keepalive_interval\": 30,\n          \"reserved\": [0, 0, 0]\n        }\n      ]\n    }\n  ]\n}\n
"},{"location":"zh/migration/#tun","title":"TUN \u5730\u5740\u5b57\u6bb5\u5df2\u5408\u5e76","text":"

inet4_address \u548c inet6_address \u5df2\u5408\u5e76\u4e3a address\uff0c inet4_route_address \u548c inet6_route_address \u5df2\u5408\u5e76\u4e3a route_address\uff0c inet4_route_exclude_address \u548c inet6_route_exclude_address \u5df2\u5408\u5e76\u4e3a route_exclude_address\u3002

\u53c2\u8003

TUN

\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"inet4_address\": \"172.19.0.1/30\",\n      \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n      \"inet4_route_address\": [\n        \"0.0.0.0/1\",\n        \"128.0.0.0/1\"\n      ],\n      \"inet6_route_address\": [\n        \"::/1\",\n        \"8000::/1\"\n      ],\n      \"inet4_route_exclude_address\": [\n        \"192.168.0.0/16\"\n      ],\n      \"inet6_route_exclude_address\": [\n        \"fc00::/7\"\n      ]\n    }\n  ]\n}\n
{\n  \"inbounds\": [\n    {\n      \"type\": \"tun\",\n      \"address\": [\n        \"172.19.0.1/30\",\n        \"fdfe:dcba:9876::1/126\"\n      ],\n      \"route_address\": [\n        \"0.0.0.0/1\",\n        \"128.0.0.0/1\",\n        \"::/1\",\n        \"8000::/1\"\n      ],\n      \"route_exclude_address\": [\n        \"192.168.0.0/16\",\n        \"fc00::/7\"\n      ]\n    }\n  ]\n}\n
"},{"location":"zh/migration/#apple-bundle-identifier","title":"Apple \u5e73\u53f0\u5ba2\u6237\u7aef\u7684 Bundle Identifier \u66f4\u65b0","text":"

\u7531\u4e8e\u6211\u4eec\u65e7\u7684\u82f9\u679c\u5f00\u53d1\u8005\u8d26\u6237\u5b58\u5728\u95ee\u9898\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7\u66f4\u65b0 Bundle Identifiers \u6765\u91cd\u65b0\u4e0a\u67b6 sing-box \u5e94\u7528\uff0c \u8fd9\u610f\u5473\u7740\u6570\u636e\u4e0d\u4f1a\u81ea\u52a8\u7ee7\u627f\u3002

\u5bf9\u4e8e iOS\uff0c\u60a8\u9700\u8981\u81ea\u884c\u5907\u4efd\u65e7\u7684\u6570\u636e\uff08\u5982\u679c\u60a8\u4ecd\u7136\u53ef\u4ee5\u8bbf\u95ee\uff09\uff1b \u5bf9\u4e8e Apple tvOS\uff0c\u60a8\u9700\u8981\u4ece iPhone \u6216 iPad \u91cd\u65b0\u5bfc\u5165\u914d\u7f6e\u6216\u8005\u624b\u52a8\u521b\u5efa\uff1b \u5bf9\u4e8e macOS\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u8fc1\u79fb\u6570\u636e\u6587\u4ef6\u5939\uff1a

cd ~/Library/Group\\ Containers && \\ \n  mv group.io.nekohasekai.sfa group.io.nekohasekai.sfavt\n
"},{"location":"zh/migration/#domain_suffix","title":"domain_suffix \u884c\u4e3a\u66f4\u65b0","text":"

\u7531\u4e8e\u5386\u53f2\u539f\u56e0\uff0csing-box \u7684 domain_suffix \u89c4\u5219\u5339\u914d\u5b57\u9762\u524d\u7f00\uff0c\u800c\u4e0d\u4e0e\u5176\u4ed6\u9879\u76ee\u76f8\u540c\u3002

sing-box 1.9.0 \u4fee\u6539\u4e86 domain_suffix \u7684\u884c\u4e3a\uff1a\u5982\u679c\u89c4\u5219\u503c\u4ee5 . \u4e3a\u524d\u7f00\u5219\u884c\u4e3a\u4e0d\u53d8\uff0c\u5426\u5219\u6539\u4e3a\u5339\u914d (domain|.+\\.domain)\u3002

"},{"location":"zh/migration/#windows-process_path","title":"\u5bf9 Windows \u4e0a process_path \u683c\u5f0f\u7684\u66f4\u65b0","text":"

sing-box \u7684 process_path \u89c4\u5219\u7ee7\u627f\u81eaClash\uff0c \u539f\u59cb\u4ee3\u7801\u4f7f\u7528\u672c\u5730\u7cfb\u7edf\u7684\u8def\u5f84\u683c\u5f0f\uff08\u4f8b\u5982 \\Device\\HarddiskVolume1\\folder\\program.exe\uff09\uff0c \u4f46\u662f\u5f53\u8bbe\u5907\u6709\u591a\u4e2a\u786c\u76d8\u65f6\uff0c\u8be5 HarddiskVolume \u7cfb\u5217\u53f7\u5e76\u4e0d\u7a33\u5b9a\u3002

sing-box 1.9.0 \u4f7f QueryFullProcessImageNameW \u8f93\u51fa Win32 \u8def\u5f84\uff08\u5982 C:\\folder\\program.exe\uff09\uff0c \u8fd9\u5c06\u4f1a\u7834\u574f\u73b0\u6709\u7684 Windows process_path \u7528\u4f8b\u3002

"},{"location":"zh/migration/#clash-api","title":"\u5c06\u7f13\u5b58\u6587\u4ef6\u4ece Clash API \u8fc1\u79fb\u5230\u72ec\u7acb\u9009\u9879","text":"

\u53c2\u8003

Clash API / Cache File

\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"experimental\": {\n    \"clash_api\": {\n      \"cache_file\": \"cache.db\", // \u9ed8\u8ba4\u503c\n      \"cahce_id\": \"my_profile2\",\n      \"store_mode\": true,\n      \"store_selected\": true,\n      \"store_fakeip\": true\n    }\n  }\n}\n
{\n  \"experimental\"  : {\n    \"cache_file\": {\n      \"enabled\": true,\n      \"path\": \"cache.db\", // \u9ed8\u8ba4\u503c\n      \"cache_id\": \"my_profile2\",\n      \"store_fakeip\": true\n    }\n  }\n}\n
"},{"location":"zh/migration/#geoip","title":"\u8fc1\u79fb GeoIP \u5230\u89c4\u5219\u96c6","text":"

\u53c2\u8003

GeoIP / \u8def\u7531 / \u8def\u7531\u89c4\u5219 / DNS \u89c4\u5219 / \u89c4\u5219\u96c6

Tip

sing-box geoip \u547d\u4ee4\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c06\u81ea\u5b9a\u4e49 GeoIP \u8f6c\u6362\u4e3a\u89c4\u5219\u96c6\u3002

\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"geoip\": \"private\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"geoip\": \"cn\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"source_geoip\": \"cn\",\n        \"outbound\": \"block\"\n      }\n    ],\n    \"geoip\": {\n      \"download_detour\": \"proxy\"\n    }\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"ip_is_private\": true,\n        \"outbound\": \"direct\"\n      },\n      {\n        \"rule_set\": \"geoip-cn\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"rule_set\": \"geoip-us\",\n        \"rule_set_ipcidr_match_source\": true,\n        \"outbound\": \"block\"\n      }\n    ],\n    \"rule_set\": [\n      {\n        \"tag\": \"geoip-cn\",\n        \"type\": \"remote\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\",\n        \"download_detour\": \"proxy\"\n      },\n      {\n        \"tag\": \"geoip-us\",\n        \"type\": \"remote\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-us.srs\",\n        \"download_detour\": \"proxy\"\n      }\n    ]\n  },\n  \"experimental\": {\n    \"cache_file\": {\n      \"enabled\": true // required to save rule-set cache\n    }\n  }\n}\n
"},{"location":"zh/migration/#geosite","title":"\u8fc1\u79fb Geosite \u5230\u89c4\u5219\u96c6","text":"

\u53c2\u8003

Geosite / \u8def\u7531 / \u8def\u7531\u89c4\u5219 / DNS \u89c4\u5219 / \u89c4\u5219\u96c6

Tip

sing-box geosite \u547d\u4ee4\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c06\u81ea\u5b9a\u4e49 Geosite \u8f6c\u6362\u4e3a\u89c4\u5219\u96c6\u3002

\u5f03\u7528\u7684 \u65b0\u7684
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"geosite\": \"cn\",\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"geosite\": {\n      \"download_detour\": \"proxy\"\n    }\n  }\n}\n
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"rule_set\": \"geosite-cn\",\n        \"outbound\": \"direct\"\n      }\n    ],\n    \"rule_set\": [\n      {\n        \"tag\": \"geosite-cn\",\n        \"type\": \"remote\",\n        \"format\": \"binary\",\n        \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs\",\n        \"download_detour\": \"proxy\"\n      }\n    ]\n  },\n  \"experimental\": {\n    \"cache_file\": {\n      \"enabled\": true // required to save rule-set cache\n    }\n  }\n}\n
"},{"location":"zh/support/","title":"\u652f\u6301","text":"\u901a\u9053 \u94fe\u63a5 GitHub Issues https://github.com/SagerNet/sing-box/issues Telegram \u901a\u77e5\u9891\u9053 https://t.me/yapnc Telegram \u7528\u6237\u7ec4 https://t.me/yapug \u90ae\u4ef6 contact@sagernet.org"},{"location":"zh/clients/","title":"\u56fe\u5f62\u754c\u9762\u5ba2\u6237\u7aef","text":"

\u7531 Project S \u7ef4\u62a4\uff0c\u63d0\u4f9b\u7edf\u4e00\u7684\u4f53\u9a8c\u4e0e\u5e73\u53f0\u7279\u5b9a\u7684\u529f\u80fd\u3002

\u5e73\u53f0 \u5ba2\u6237\u7aef Android sing-box for Android iOS/macOS/Apple tvOS sing-box for Apple platforms Desktop \u65bd\u5de5\u4e2d

\u6b64\u5904\u6ca1\u6709\u5217\u51fa\u4e00\u4e9b\u58f0\u79f0\u4f7f\u7528\u6216\u4ee5 sing-box \u4e3a\u5356\u70b9\u7684\u7b2c\u4e09\u65b9\u9879\u76ee\u3002\u6b64\u7c7b\u9879\u76ee\u7ef4\u62a4\u8005\u7684\u52a8\u673a\u662f\u83b7\u5f97\u66f4\u591a\u7528\u6237\uff0c\u5373\u4f7f\u5b83\u4eec\u63d0\u4f9b\u53cb\u597d\u7684\u5546\u4e1a VPN \u5ba2\u6237\u7aef\u529f\u80fd\uff0c \u4f46\u4ee3\u7801\u8d28\u91cf\u5f88\u5dee\u4e14\u5305\u542b\u5e7f\u544a\u3002

"},{"location":"zh/configuration/","title":"\u5f15\u8a00","text":"

sing-box \u4f7f\u7528 JSON \u4f5c\u4e3a\u914d\u7f6e\u6587\u4ef6\u683c\u5f0f\u3002

"},{"location":"zh/configuration/#_2","title":"\u7ed3\u6784","text":"
{\n  \"log\": {},\n  \"dns\": {},\n  \"endpoints\": [],\n  \"inbounds\": [],\n  \"outbounds\": [],\n  \"route\": {},\n  \"experimental\": {}\n}\n
"},{"location":"zh/configuration/#_3","title":"\u5b57\u6bb5","text":"Key Format log \u65e5\u5fd7 dns DNS endpoints \u7aef\u70b9 inbounds \u5165\u7ad9 outbounds \u51fa\u7ad9 route \u8def\u7531 experimental \u5b9e\u9a8c\u6027"},{"location":"zh/configuration/#_4","title":"\u68c0\u67e5","text":"
sing-box check\n
"},{"location":"zh/configuration/#_5","title":"\u683c\u5f0f\u5316","text":"
sing-box format -w -c config.json -D config_directory\n
"},{"location":"zh/configuration/#_6","title":"\u5408\u5e76","text":"
sing-box merge output.json -c config.json -D config_directory\n
"},{"location":"zh/configuration/dns/","title":"Index","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

cache_capacity

"},{"location":"zh/configuration/dns/#_1","title":"\u7ed3\u6784","text":"
{\n  \"dns\": {\n    \"servers\": [],\n    \"rules\": [],\n    \"final\": \"\",\n    \"strategy\": \"\",\n    \"disable_cache\": false,\n    \"disable_expire\": false,\n    \"independent_cache\": false,\n    \"cache_capacity\": 0,\n    \"reverse_mapping\": false,\n    \"client_subnet\": \"\",\n    \"fakeip\": {}\n  }\n}\n
"},{"location":"zh/configuration/dns/#_2","title":"\u5b57\u6bb5","text":"\u952e \u683c\u5f0f server \u4e00\u7ec4 DNS \u670d\u52a1\u5668 rules \u4e00\u7ec4 DNS \u89c4\u5219"},{"location":"zh/configuration/dns/#final","title":"final","text":"

\u9ed8\u8ba4 DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002

\u9ed8\u8ba4\u4f7f\u7528\u7b2c\u4e00\u4e2a\u670d\u52a1\u5668\u3002

"},{"location":"zh/configuration/dns/#strategy","title":"strategy","text":"

\u9ed8\u8ba4\u89e3\u6790\u57df\u540d\u7b56\u7565\u3002

\u53ef\u9009\u503c: prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only\u3002

\u5982\u679c\u8bbe\u7f6e\u4e86 server.strategy\uff0c\u5219\u4e0d\u751f\u6548\u3002

"},{"location":"zh/configuration/dns/#disable_cache","title":"disable_cache","text":"

\u7981\u7528 DNS \u7f13\u5b58\u3002

"},{"location":"zh/configuration/dns/#disable_expire","title":"disable_expire","text":"

\u7981\u7528 DNS \u7f13\u5b58\u8fc7\u671f\u3002

"},{"location":"zh/configuration/dns/#independent_cache","title":"independent_cache","text":"

\u4f7f\u6bcf\u4e2a DNS \u670d\u52a1\u5668\u7684\u7f13\u5b58\u72ec\u7acb\uff0c\u4ee5\u6ee1\u8db3\u7279\u6b8a\u76ee\u7684\u3002\u5982\u679c\u542f\u7528\uff0c\u5c06\u8f7b\u5fae\u964d\u4f4e\u6027\u80fd\u3002

"},{"location":"zh/configuration/dns/#cache_capacity","title":"cache_capacity","text":"

\u81ea sing-box 1.11.0 \u8d77

LRU \u7f13\u5b58\u5bb9\u91cf\u3002

\u5c0f\u4e8e 1024 \u7684\u503c\u5c06\u88ab\u5ffd\u7565\u3002

"},{"location":"zh/configuration/dns/#reverse_mapping","title":"reverse_mapping","text":"

\u5728\u54cd\u5e94 DNS \u67e5\u8be2\u540e\u5b58\u50a8 IP \u5730\u5740\u7684\u53cd\u5411\u6620\u5c04\u4ee5\u4e3a\u8def\u7531\u76ee\u7684\u63d0\u4f9b\u57df\u540d\u3002

\u7531\u4e8e\u6b64\u8fc7\u7a0b\u4f9d\u8d56\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5728\u53d1\u51fa\u8bf7\u6c42\u4e4b\u524d\u89e3\u6790\u57df\u540d\u7684\u884c\u4e3a\uff0c\u56e0\u6b64\u5728 macOS \u7b49 DNS \u7531\u7cfb\u7edf\u4ee3\u7406\u548c\u7f13\u5b58\u7684\u73af\u5883\u4e2d\u53ef\u80fd\u4f1a\u51fa\u73b0\u95ee\u9898\u3002

"},{"location":"zh/configuration/dns/#client_subnet","title":"client_subnet","text":"

\u81ea sing-box 1.9.0 \u8d77

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u5e26\u6709\u6307\u5b9a IP \u524d\u7f00\u7684 edns0-subnet OPT \u9644\u52a0\u8bb0\u5f55\u9644\u52a0\u5230\u6bcf\u4e2a\u67e5\u8be2\u3002

\u5982\u679c\u503c\u662f IP \u5730\u5740\u800c\u4e0d\u662f\u524d\u7f00\uff0c\u5219\u4f1a\u81ea\u52a8\u9644\u52a0 /32 \u6216 /128\u3002

\u53ef\u4ee5\u88ab servers.[].client_subnet \u6216 rules.[].client_subnet \u8986\u76d6\u3002

"},{"location":"zh/configuration/dns/#fakeip","title":"fakeip","text":"

FakeIP \u8bbe\u7f6e\u3002

"},{"location":"zh/configuration/dns/fakeip/#_1","title":"\u7ed3\u6784","text":"
{\n  \"enabled\": true,\n  \"inet4_range\": \"198.18.0.0/15\",\n  \"inet6_range\": \"fc00::/18\"\n}\n
"},{"location":"zh/configuration/dns/fakeip/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/dns/fakeip/#enabled","title":"enabled","text":"

\u542f\u7528 FakeIP \u670d\u52a1\u3002

"},{"location":"zh/configuration/dns/fakeip/#inet4_range","title":"inet4_range","text":"

\u7528\u4e8e FakeIP \u7684 IPv4 \u5730\u5740\u8303\u56f4\u3002

"},{"location":"zh/configuration/dns/fakeip/#inet6_range","title":"inet6_range","text":"

\u7528\u4e8e FakeIP \u7684 IPv6 \u5730\u5740\u8303\u56f4\u3002

"},{"location":"zh/configuration/dns/rule/","title":"DNS \u89c4\u5219","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

action server disable_cache rewrite_ttl client_subnet network_type network_is_expensive network_is_constrained

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

rule_set_ipcidr_match_source rule_set_ip_cidr_match_source rule_set_ip_cidr_accept_empty process_path_regex

sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539

geoip ip_cidr ip_is_private client_subnet rule_set_ipcidr_match_source

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

rule_set source_ip_is_private geoip geosite

"},{"location":"zh/configuration/dns/rule/#_1","title":"\u7ed3\u6784","text":"
{\n  \"dns\": {\n    \"rules\": [\n      {\n        \"inbound\": [\n          \"mixed-in\"\n        ],\n        \"ip_version\": 6,\n        \"query_type\": [\n          \"A\",\n          \"HTTPS\",\n          32768\n        ],\n        \"network\": \"tcp\",\n        \"auth_user\": [\n          \"usera\",\n          \"userb\"\n        ],\n        \"protocol\": [\n          \"tls\",\n          \"http\",\n          \"quic\"\n        ],\n        \"domain\": [\n          \"test.com\"\n        ],\n        \"domain_suffix\": [\n          \".cn\"\n        ],\n        \"domain_keyword\": [\n          \"test\"\n        ],\n        \"domain_regex\": [\n          \"^stun\\\\..+\"\n        ],\n        \"geosite\": [\n          \"cn\"\n        ],\n        \"source_geoip\": [\n          \"private\"\n        ],\n        \"geoip\": [\n          \"cn\"\n        ],\n        \"source_ip_cidr\": [\n          \"10.0.0.0/24\",\n          \"192.168.0.1\"\n        ],\n        \"source_ip_is_private\": false,\n        \"ip_cidr\": [\n          \"10.0.0.0/24\",\n          \"192.168.0.1\"\n        ],\n        \"ip_is_private\": false,\n        \"source_port\": [\n          12345\n        ],\n        \"source_port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"port\": [\n          80,\n          443\n        ],\n        \"port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"process_name\": [\n          \"curl\"\n        ],\n        \"process_path\": [\n          \"/usr/bin/curl\"\n        ],\n        \"process_path_regex\": [\n          \"^/usr/bin/.+\"\n        ],\n        \"package_name\": [\n          \"com.termux\"\n        ],\n        \"user\": [\n          \"sekai\"\n        ],\n        \"user_id\": [\n          1000\n        ],\n        \"clash_mode\": \"direct\",\n        \"network_type\": [\n          \"wifi\"\n        ],\n        \"network_is_expensive\": false,\n        \"network_is_constrained\": false,\n        \"wifi_ssid\": [\n          \"My WIFI\"\n        ],\n        \"wifi_bssid\": [\n          \"00:00:00:00:00:00\"\n        ],\n        \"rule_set\": [\n          \"geoip-cn\",\n          \"geosite-cn\"\n        ],\n        // \u5df2\u5f03\u7528\n        \"rule_set_ipcidr_match_source\": false,\n        \"rule_set_ip_cidr_match_source\": false,\n        \"rule_set_ip_cidr_accept_empty\": false,\n        \"invert\": false,\n        \"outbound\": [\n          \"direct\"\n        ],\n        \"action\": \"route\",\n        \"server\": \"local\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"and\",\n        \"rules\": [],\n        \"action\": \"route\",\n        \"server\": \"local\"\n      }\n    ]\n  }\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

"},{"location":"zh/configuration/dns/rule/#_2","title":"\u9ed8\u8ba4\u5b57\u6bb5","text":"

\u9ed8\u8ba4\u89c4\u5219\u4f7f\u7528\u4ee5\u4e0b\u5339\u914d\u903b\u8f91: (domain || domain_suffix || domain_keyword || domain_regex || geosite) && (port || port_range) && (source_geoip || source_ip_cidr || source_ip_is_private) && (source_port || source_port_range) && other fields

\u53e6\u5916\uff0c\u5f15\u7528\u7684\u89c4\u5219\u96c6\u53ef\u89c6\u4e3a\u88ab\u5408\u5e76\uff0c\u800c\u4e0d\u662f\u4f5c\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684\u89c4\u5219\u5b50\u9879\u3002

"},{"location":"zh/configuration/dns/rule/#inbound","title":"inbound","text":"

\u5165\u7ad9 \u6807\u7b7e.

"},{"location":"zh/configuration/dns/rule/#ip_version","title":"ip_version","text":"

4 (A DNS \u67e5\u8be2) \u6216 6 (AAAA DNS \u67e5\u8be2)\u3002

\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002

"},{"location":"zh/configuration/dns/rule/#query_type","title":"query_type","text":"

DNS \u67e5\u8be2\u7c7b\u578b\u3002\u503c\u53ef\u4ee5\u4e3a\u6574\u6570\u6216\u8005\u7c7b\u578b\u540d\u79f0\u5b57\u7b26\u4e32\u3002

"},{"location":"zh/configuration/dns/rule/#network","title":"network","text":"

tcp \u6216 udp\u3002

"},{"location":"zh/configuration/dns/rule/#auth_user","title":"auth_user","text":"

\u8ba4\u8bc1\u7528\u6237\u540d\uff0c\u53c2\u9605\u5165\u7ad9\u8bbe\u7f6e\u3002

"},{"location":"zh/configuration/dns/rule/#protocol","title":"protocol","text":"

\u63a2\u6d4b\u5230\u7684\u534f\u8bae, \u53c2\u9605 \u534f\u8bae\u63a2\u6d4b\u3002

"},{"location":"zh/configuration/dns/rule/#domain","title":"domain","text":"

\u5339\u914d\u5b8c\u6574\u57df\u540d\u3002

"},{"location":"zh/configuration/dns/rule/#domain_suffix","title":"domain_suffix","text":"

\u5339\u914d\u57df\u540d\u540e\u7f00\u3002

"},{"location":"zh/configuration/dns/rule/#domain_keyword","title":"domain_keyword","text":"

\u5339\u914d\u57df\u540d\u5173\u952e\u5b57\u3002

"},{"location":"zh/configuration/dns/rule/#domain_regex","title":"domain_regex","text":"

\u5339\u914d\u57df\u540d\u6b63\u5219\u8868\u8fbe\u5f0f\u3002

"},{"location":"zh/configuration/dns/rule/#geosite","title":"geosite","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

Geosite \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u5339\u914d Geosite\u3002

"},{"location":"zh/configuration/dns/rule/#source_geoip","title":"source_geoip","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

GeoIP \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u5339\u914d\u6e90 GeoIP\u3002

"},{"location":"zh/configuration/dns/rule/#source_ip_cidr","title":"source_ip_cidr","text":"

\u5339\u914d\u6e90 IP CIDR\u3002

"},{"location":"zh/configuration/dns/rule/#source_ip_is_private","title":"source_ip_is_private","text":"

\u81ea sing-box 1.8.0 \u8d77

\u5339\u914d\u975e\u516c\u5f00\u6e90 IP\u3002

"},{"location":"zh/configuration/dns/rule/#source_port","title":"source_port","text":"

\u5339\u914d\u6e90\u7aef\u53e3\u3002

"},{"location":"zh/configuration/dns/rule/#source_port_range","title":"source_port_range","text":"

\u5339\u914d\u6e90\u7aef\u53e3\u8303\u56f4\u3002

"},{"location":"zh/configuration/dns/rule/#port","title":"port","text":"

\u5339\u914d\u7aef\u53e3\u3002

"},{"location":"zh/configuration/dns/rule/#port_range","title":"port_range","text":"

\u5339\u914d\u7aef\u53e3\u8303\u56f4\u3002

"},{"location":"zh/configuration/dns/rule/#process_name","title":"process_name","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u5339\u914d\u8fdb\u7a0b\u540d\u79f0\u3002

"},{"location":"zh/configuration/dns/rule/#process_path","title":"process_path","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002

"},{"location":"zh/configuration/dns/rule/#process_path_regex","title":"process_path_regex","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002

"},{"location":"zh/configuration/dns/rule/#package_name","title":"package_name","text":"

\u5339\u914d Android \u5e94\u7528\u5305\u540d\u3002

"},{"location":"zh/configuration/dns/rule/#user","title":"user","text":"

\u4ec5\u652f\u6301 Linux\u3002

\u5339\u914d\u7528\u6237\u540d\u3002

"},{"location":"zh/configuration/dns/rule/#user_id","title":"user_id","text":"

\u4ec5\u652f\u6301 Linux\u3002

\u5339\u914d\u7528\u6237 ID\u3002

"},{"location":"zh/configuration/dns/rule/#clash_mode","title":"clash_mode","text":"

\u5339\u914d Clash \u6a21\u5f0f\u3002

"},{"location":"zh/configuration/dns/rule/#network_type","title":"network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u7f51\u7edc\u7c7b\u578b\u3002

Available values: wifi, cellular, ethernet and other.

"},{"location":"zh/configuration/dns/rule/#network_is_expensive","title":"network_is_expensive","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u5982\u679c\u7f51\u7edc\u88ab\u89c6\u4e3a\u8ba1\u8d39 (\u5728 Android) \u6216\u88ab\u89c6\u4e3a\u6602\u8d35\uff0c \u50cf\u8702\u7a9d\u7f51\u7edc\u6216\u4e2a\u4eba\u70ed\u70b9 (\u5728 Apple \u5e73\u53f0)\u3002

"},{"location":"zh/configuration/dns/rule/#network_is_constrained","title":"network_is_constrained","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u5982\u679c\u7f51\u7edc\u5728\u4f4e\u6570\u636e\u6a21\u5f0f\u4e0b\u3002

"},{"location":"zh/configuration/dns/rule/#wifi_ssid","title":"wifi_ssid","text":"

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d WiFi SSID\u3002

"},{"location":"zh/configuration/dns/rule/#wifi_bssid","title":"wifi_bssid","text":"

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d WiFi BSSID\u3002

"},{"location":"zh/configuration/dns/rule/#rule_set","title":"rule_set","text":"

\u81ea sing-box 1.8.0 \u8d77

\u5339\u914d\u89c4\u5219\u96c6\u3002

"},{"location":"zh/configuration/dns/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"

\u81ea sing-box 1.9.0 \u8d77

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

rule_set_ipcidr_match_source \u5df2\u91cd\u547d\u540d\u4e3a rule_set_ip_cidr_match_source \u4e14\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 ip_cidr \u89c4\u5219\u5339\u914d\u6e90 IP\u3002

"},{"location":"zh/configuration/dns/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 ip_cidr \u89c4\u5219\u5339\u914d\u6e90 IP\u3002

"},{"location":"zh/configuration/dns/rule/#invert","title":"invert","text":"

\u53cd\u9009\u5339\u914d\u7ed3\u679c\u3002

"},{"location":"zh/configuration/dns/rule/#outbound","title":"outbound","text":"

\u5339\u914d\u51fa\u7ad9\u3002

any \u53ef\u4f5c\u4e3a\u503c\u7528\u4e8e\u5339\u914d\u4efb\u610f\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/dns/rule/#action","title":"action","text":"

\u5fc5\u586b

\u53c2\u9605 \u89c4\u5219\u52a8\u4f5c\u3002

"},{"location":"zh/configuration/dns/rule/#server","title":"server","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.

"},{"location":"zh/configuration/dns/rule/#disable_cache","title":"disable_cache","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.

"},{"location":"zh/configuration/dns/rule/#rewrite_ttl","title":"rewrite_ttl","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.

"},{"location":"zh/configuration/dns/rule/#client_subnet","title":"client_subnet","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.

"},{"location":"zh/configuration/dns/rule/#_3","title":"\u5730\u5740\u7b5b\u9009\u5b57\u6bb5","text":"

\u4ec5\u5bf9\u5730\u5740\u8bf7\u6c42 (A/AAAA/HTTPS) \u751f\u6548\u3002 \u5f53\u67e5\u8be2\u7ed3\u679c\u4e0e\u5730\u5740\u7b5b\u9009\u89c4\u5219\u9879\u4e0d\u5339\u914d\u65f6\uff0c\u5c06\u8df3\u8fc7\u5f53\u524d\u89c4\u5219\u3002

\u5f15\u7528\u7684\u89c4\u5219\u96c6\u4e2d\u7684 ip_cidr \u9879\u4e5f\u4f5c\u4e3a\u5730\u5740\u7b5b\u9009\u5b57\u6bb5\u751f\u6548\u3002

\u542f\u7528 experimental.cache_file.store_rdrc \u4ee5\u7f13\u5b58\u7ed3\u679c\u3002

"},{"location":"zh/configuration/dns/rule/#geoip","title":"geoip","text":"

\u81ea sing-box 1.9.0 \u8d77

\u4e0e\u67e5\u8be2\u54cd\u5e94\u5339\u914d GeoIP\u3002

"},{"location":"zh/configuration/dns/rule/#ip_cidr","title":"ip_cidr","text":"

\u81ea sing-box 1.9.0 \u8d77

\u4e0e\u67e5\u8be2\u54cd\u5e94\u5339\u914d IP CIDR\u3002

"},{"location":"zh/configuration/dns/rule/#ip_is_private","title":"ip_is_private","text":"

\u81ea sing-box 1.9.0 \u8d77

\u4e0e\u67e5\u8be2\u54cd\u5e94\u5339\u914d\u975e\u516c\u5f00 IP\u3002

"},{"location":"zh/configuration/dns/rule/#rule_set_ip_cidr_accept_empty","title":"rule_set_ip_cidr_accept_empty","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 ip_cidr \u89c4\u5219\u63a5\u53d7\u7a7a\u67e5\u8be2\u54cd\u5e94\u3002

"},{"location":"zh/configuration/dns/rule/#_4","title":"\u903b\u8f91\u5b57\u6bb5","text":""},{"location":"zh/configuration/dns/rule/#mode","title":"mode","text":"

\u5fc5\u586b

and \u6216 or

"},{"location":"zh/configuration/dns/rule/#rules","title":"rules","text":"

\u5fc5\u586b

\u5305\u62ec\u7684\u89c4\u5219\u3002

"},{"location":"zh/configuration/dns/rule_action/","title":"DNS \u89c4\u5219\u52a8\u4f5c","text":"

\u81ea sing-box 1.11.0 \u8d77

"},{"location":"zh/configuration/dns/rule_action/#route","title":"route","text":"
{\n  \"action\": \"route\",  // \u9ed8\u8ba4\n  \"server\": \"\",\n\n  // \u517c\u5bb9\u6027\n  \"disable_cache\": false,\n  \"rewrite_ttl\": 0,\n  \"client_subnet\": null\n}\n

route \u7ee7\u627f\u4e86\u5c06 DNS \u8bf7\u6c42 \u8def\u7531\u5230\u6307\u5b9a\u670d\u52a1\u5668\u7684\u7ecf\u5178\u89c4\u5219\u52a8\u4f5c\u3002

"},{"location":"zh/configuration/dns/rule_action/#server","title":"server","text":"

\u5fc5\u586b

\u76ee\u6807 DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/dns/rule_action/#disable_cache","title":"disable_cache","text":"

\u5728\u6b64\u67e5\u8be2\u4e2d\u7981\u7528\u7f13\u5b58\u3002

"},{"location":"zh/configuration/dns/rule_action/#rewrite_ttl","title":"rewrite_ttl","text":"

\u91cd\u5199 DNS \u56de\u5e94\u4e2d\u7684 TTL\u3002

"},{"location":"zh/configuration/dns/rule_action/#client_subnet","title":"client_subnet","text":"

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u5e26\u6709\u6307\u5b9a IP \u524d\u7f00\u7684 edns0-subnet OPT \u9644\u52a0\u8bb0\u5f55\u9644\u52a0\u5230\u6bcf\u4e2a\u67e5\u8be2\u3002

\u5982\u679c\u503c\u662f IP \u5730\u5740\u800c\u4e0d\u662f\u524d\u7f00\uff0c\u5219\u4f1a\u81ea\u52a8\u9644\u52a0 /32 \u6216 /128\u3002

\u5c06\u8986\u76d6 dns.client_subnet \u4e0e servers.[].client_subnet\u3002

"},{"location":"zh/configuration/dns/rule_action/#route-options","title":"route-options","text":"
{\n  \"action\": \"route-options\",\n  \"disable_cache\": false,\n  \"rewrite_ttl\": null,\n  \"client_subnet\": null\n}\n

route-options \u4e3a\u8def\u7531\u8bbe\u7f6e\u9009\u9879\u3002

"},{"location":"zh/configuration/dns/rule_action/#reject","title":"reject","text":"
{\n  \"action\": \"reject\",\n  \"method\": \"default\", // default\n  \"no_drop\": false\n}\n

reject \u62d2\u7edd DNS \u8bf7\u6c42\u3002

"},{"location":"zh/configuration/dns/rule_action/#method","title":"method","text":"
  • default: \u8fd4\u56de NXDOMAIN\u3002
  • drop: \u4e22\u5f03\u8bf7\u6c42\u3002
"},{"location":"zh/configuration/dns/rule_action/#no_drop","title":"no_drop","text":"

\u5982\u679c\u672a\u542f\u7528\uff0c\u5219 30 \u79d2\u5185\u89e6\u53d1 50 \u6b21\u540e\uff0cmethod \u5c06\u88ab\u6682\u65f6\u8986\u76d6\u4e3a drop\u3002

\u5f53 method \u8bbe\u4e3a drop \u65f6\u4e0d\u53ef\u7528\u3002

"},{"location":"zh/configuration/dns/server/","title":"DNS \u670d\u52a1\u5668","text":"

sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539

client_subnet

"},{"location":"zh/configuration/dns/server/#_1","title":"\u7ed3\u6784","text":"
{\n  \"dns\": {\n    \"servers\": [\n      {\n        \"tag\": \"\",\n        \"address\": \"\",\n        \"address_resolver\": \"\",\n        \"address_strategy\": \"\",\n        \"strategy\": \"\",\n        \"detour\": \"\",\n        \"client_subnet\": \"\"\n      }\n    ]\n  }\n}\n
"},{"location":"zh/configuration/dns/server/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/dns/server/#tag","title":"tag","text":"

DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/dns/server/#address","title":"address","text":"

\u5fc5\u586b

DNS \u670d\u52a1\u5668\u7684\u5730\u5740\u3002

\u534f\u8bae \u683c\u5f0f System local TCP tcp://1.0.0.1 UDP 8.8.8.8 udp://8.8.4.4 TLS tls://dns.google HTTPS https://1.1.1.1/dns-query QUIC quic://dns.adguard.com HTTP3 h3://8.8.8.8/dns-query RCode rcode://refused DHCP dhcp://auto \u6216 dhcp://en0 FakeIP fakeip

\u4e3a\u4e86\u786e\u4fdd Android \u7cfb\u7edf DNS \u751f\u6548\uff0c\u800c\u4e0d\u662f Go \u7684\u5185\u7f6e\u9ed8\u8ba4\u89e3\u6790\u5668\uff0c\u8bf7\u5728\u7f16\u8bd1\u65f6\u542f\u7528 CGO\u3002

RCode \u4f20\u8f93\u5c42\u4f20\u8f93\u5c42\u5e38\u7528\u4e8e\u5c4f\u853d\u8bf7\u6c42. \u4e0e DNS \u89c4\u5219\u548c disable_cache \u89c4\u5219\u9009\u9879\u4e00\u8d77\u4f7f\u7528\u3002

RCode \u63cf\u8ff0 success \u65e0\u9519\u8bef format_error \u8bf7\u6c42\u683c\u5f0f\u9519\u8bef server_failure \u670d\u52a1\u5668\u51fa\u9519 name_error \u57df\u540d\u4e0d\u5b58\u5728 not_implemented \u529f\u80fd\u672a\u5b9e\u73b0 refused \u8bf7\u6c42\u88ab\u62d2\u7edd"},{"location":"zh/configuration/dns/server/#address_resolver","title":"address_resolver","text":"

\u5982\u679c\u670d\u52a1\u5668\u5730\u5740\u5305\u62ec\u57df\u540d\u5219\u5fc5\u987b

\u7528\u4e8e\u89e3\u6790\u672c DNS \u670d\u52a1\u5668\u7684\u57df\u540d\u7684\u53e6\u4e00\u4e2a DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/dns/server/#address_strategy","title":"address_strategy","text":"

\u7528\u4e8e\u89e3\u6790\u672c DNS \u670d\u52a1\u5668\u7684\u57df\u540d\u7684\u7b56\u7565\u3002

\u53ef\u9009\u9879\uff1aprefer_ipv4 prefer_ipv6 ipv4_only ipv6_only\u3002

\u9ed8\u8ba4\u4f7f\u7528 dns.strategy\u3002

"},{"location":"zh/configuration/dns/server/#strategy","title":"strategy","text":"

\u9ed8\u8ba4\u89e3\u6790\u7b56\u7565\u3002

\u53ef\u9009\u9879\uff1aprefer_ipv4 prefer_ipv6 ipv4_only ipv6_only\u3002

\u5982\u679c\u88ab\u5176\u4ed6\u8bbe\u7f6e\u8986\u76d6\u5219\u4e0d\u751f\u6548\u3002

"},{"location":"zh/configuration/dns/server/#detour","title":"detour","text":"

\u7528\u4e8e\u8fde\u63a5\u5230 DNS \u670d\u52a1\u5668\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/dns/server/#client_subnet","title":"client_subnet","text":"

\u81ea sing-box 1.9.0 \u8d77

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u5e26\u6709\u6307\u5b9a IP \u524d\u7f00\u7684 edns0-subnet OPT \u9644\u52a0\u8bb0\u5f55\u9644\u52a0\u5230\u6bcf\u4e2a\u67e5\u8be2\u3002

\u5982\u679c\u503c\u662f IP \u5730\u5740\u800c\u4e0d\u662f\u524d\u7f00\uff0c\u5219\u4f1a\u81ea\u52a8\u9644\u52a0 /32 \u6216 /128\u3002

\u53ef\u4ee5\u88ab rules.[].client_subnet \u8986\u76d6\u3002

\u5c06\u8986\u76d6 dns.client_subnet\u3002

"},{"location":"zh/configuration/endpoint/","title":"Index","text":"

\u81ea sing-box 1.11.0 \u8d77

"},{"location":"zh/configuration/endpoint/#_1","title":"\u7aef\u70b9","text":"

\u7aef\u70b9\u662f\u5177\u6709\u5165\u7ad9\u548c\u51fa\u7ad9\u884c\u4e3a\u7684\u534f\u8bae\u3002

"},{"location":"zh/configuration/endpoint/#_2","title":"\u7ed3\u6784","text":"
{\n  \"endpoints\": [\n    {\n      \"type\": \"\",\n      \"tag\": \"\"\n    }\n  ]\n}\n
"},{"location":"zh/configuration/endpoint/#_3","title":"\u5b57\u6bb5","text":"\u7c7b\u578b \u683c\u5f0f wireguard WireGuard"},{"location":"zh/configuration/endpoint/#tag","title":"tag","text":"

\u7aef\u70b9\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/endpoint/wireguard/","title":"WireGuard","text":"

\u81ea sing-box 1.11.0 \u8d77

"},{"location":"zh/configuration/endpoint/wireguard/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"wireguard\",\n  \"tag\": \"wg-ep\",\n\n  \"system\": false,\n  \"name\": \"\",\n  \"mtu\": 1408,\n  \"address\": [],\n  \"private_key\": \"\",\n  \"listen_port\": 10000,\n  \"peers\": [\n    {\n      \"address\": \"127.0.0.1\",\n      \"port\": 10001,\n      \"public_key\": \"\",\n      \"pre_shared_key\": \"\",\n      \"allowed_ips\": [],\n      \"persistent_keepalive_interval\": 0,\n      \"reserved\": [0, 0, 0]\n    }\n  ],\n  \"udp_timeout\": \"\",\n  \"workers\": 0,\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

"},{"location":"zh/configuration/endpoint/wireguard/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/endpoint/wireguard/#system_interface","title":"system_interface","text":"

\u4f7f\u7528\u7cfb\u7edf\u8bbe\u5907\u3002

\u9700\u8981\u7279\u6743\u4e14\u4e0d\u80fd\u4e0e\u5df2\u6709\u7cfb\u7edf\u63a5\u53e3\u51b2\u7a81\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#name","title":"name","text":"

\u4e3a\u7cfb\u7edf\u63a5\u53e3\u81ea\u5b9a\u4e49\u8bbe\u5907\u540d\u79f0\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#mtu","title":"mtu","text":"

WireGuard MTU\u3002

\u9ed8\u8ba4\u4f7f\u7528 1408\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#address","title":"address","text":"

\u5fc5\u586b

\u63a5\u53e3\u7684 IPv4/IPv6 \u5730\u5740\u6216\u5730\u5740\u6bb5\u7684\u5217\u8868\u60a8\u3002

\u8981\u5206\u914d\u7ed9\u63a5\u53e3\u7684 IP\uff08v4 \u6216 v6\uff09\u5730\u5740\u6bb5\u5217\u8868\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#private_key","title":"private_key","text":"

\u5fc5\u586b

WireGuard \u9700\u8981 base64 \u7f16\u7801\u7684\u516c\u94a5\u548c\u79c1\u94a5\u3002 \u8fd9\u4e9b\u53ef\u4ee5\u4f7f\u7528 wg(8) \u5b9e\u7528\u7a0b\u5e8f\u751f\u6210\uff1a

wg genkey\necho \"private key\" || wg pubkey\n

\u6216 sing-box generate wg-keypair.

"},{"location":"zh/configuration/endpoint/wireguard/#peers","title":"peers","text":"

\u5fc5\u586b

WireGuard \u5bf9\u7b49\u65b9\u7684\u5217\u8868\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peersaddress","title":"peers.address","text":"

\u5bf9\u7b49\u65b9\u7684 IP \u5730\u5740\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peersport","title":"peers.port","text":"

\u5bf9\u7b49\u65b9\u7684 WireGuard \u7aef\u53e3\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peerspublic_key","title":"peers.public_key","text":"

\u5fc5\u586b

\u5bf9\u7b49\u65b9\u7684 WireGuard \u516c\u94a5\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peerspre_shared_key","title":"peers.pre_shared_key","text":"

\u5bf9\u7b49\u65b9\u7684\u9884\u5171\u4eab\u5bc6\u94a5\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peersallowed_ips","title":"peers.allowed_ips","text":"

\u5fc5\u586b

\u5bf9\u7b49\u65b9\u7684\u5141\u8bb8 IP \u5730\u5740\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peerspersistent_keepalive_interval","title":"peers.persistent_keepalive_interval","text":"

\u5bf9\u7b49\u65b9\u7684\u6301\u4e45\u6027\u4fdd\u6301\u6d3b\u52a8\u95f4\u9694\uff0c\u4ee5\u79d2\u4e3a\u5355\u4f4d\u3002

\u9ed8\u8ba4\u7981\u7528\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#peersreserved","title":"peers.reserved","text":"

\u5bf9\u7b49\u65b9\u7684\u4fdd\u7559\u5b57\u6bb5\u5b57\u8282\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#udp_timeout","title":"udp_timeout","text":"

UDP NAT \u8fc7\u671f\u65f6\u95f4\u3002

\u9ed8\u8ba4\u4f7f\u7528 5m\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#workers","title":"workers","text":"

WireGuard worker \u6570\u91cf\u3002

\u9ed8\u8ba4\u4f7f\u7528 CPU \u6570\u91cf\u3002

"},{"location":"zh/configuration/endpoint/wireguard/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/experimental/","title":"\u5b9e\u9a8c\u6027","text":"

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

cache_file clash_api

"},{"location":"zh/configuration/experimental/#_2","title":"\u7ed3\u6784","text":"
{\n  \"experimental\": {\n    \"cache_file\": {},\n    \"clash_api\": {},\n    \"v2ray_api\": {}\n  }\n}\n
"},{"location":"zh/configuration/experimental/#_3","title":"\u5b57\u6bb5","text":"\u952e \u683c\u5f0f cache_file \u7f13\u5b58\u6587\u4ef6 clash_api Clash API v2ray_api V2Ray API"},{"location":"zh/configuration/experimental/cache-file/","title":"\u7f13\u5b58\u6587\u4ef6","text":"

\u81ea sing-box 1.8.0 \u8d77

sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539

store_rdrc rdrc_timeout

"},{"location":"zh/configuration/experimental/cache-file/#_1","title":"\u7ed3\u6784","text":"
{\n  \"enabled\": true,\n  \"path\": \"\",\n  \"cache_id\": \"\",\n  \"store_fakeip\": false,\n  \"store_rdrc\": false,\n  \"rdrc_timeout\": \"\"\n}\n
"},{"location":"zh/configuration/experimental/cache-file/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/experimental/cache-file/#enabled","title":"enabled","text":"

\u542f\u7528\u7f13\u5b58\u6587\u4ef6\u3002

"},{"location":"zh/configuration/experimental/cache-file/#path","title":"path","text":"

\u7f13\u5b58\u6587\u4ef6\u8def\u5f84\uff0c\u9ed8\u8ba4\u4f7f\u7528cache.db\u3002

"},{"location":"zh/configuration/experimental/cache-file/#cache_id","title":"cache_id","text":"

\u7f13\u5b58\u6587\u4ef6\u4e2d\u7684\u6807\u8bc6\u7b26\u3002

\u5982\u679c\u4e0d\u4e3a\u7a7a\uff0c\u914d\u7f6e\u7279\u5b9a\u7684\u6570\u636e\u5c06\u4f7f\u7528\u7531\u5176\u952e\u63a7\u7684\u5355\u72ec\u5b58\u50a8\u3002

"},{"location":"zh/configuration/experimental/cache-file/#store_fakeip","title":"store_fakeip","text":"

\u5c06 fakeip \u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002

"},{"location":"zh/configuration/experimental/cache-file/#store_rdrc","title":"store_rdrc","text":"

\u5c06\u62d2\u7edd\u7684 DNS \u54cd\u5e94\u7f13\u5b58\u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002

\u5730\u5740\u7b5b\u9009 DNS \u89c4\u5219\u9879 \u7684\u68c0\u67e5\u7ed3\u679c\u5c06\u88ab\u7f13\u5b58\u81f3\u8fc7\u671f\u3002

"},{"location":"zh/configuration/experimental/cache-file/#rdrc_timeout","title":"rdrc_timeout","text":"

\u62d2\u7edd\u7684 DNS \u54cd\u5e94\u7f13\u5b58\u8d85\u65f6\u3002

\u9ed8\u8ba4\u4f7f\u7528 7d\u3002

"},{"location":"zh/configuration/experimental/clash-api/","title":"Clash API","text":"

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

access_control_allow_origin access_control_allow_private_network

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

store_mode store_selected store_fakeip cache_file cache_id

"},{"location":"zh/configuration/experimental/clash-api/#_1","title":"\u7ed3\u6784","text":"\u7ed3\u6784\u793a\u4f8b (\u5728\u7ebf)\u793a\u4f8b (\u4e0b\u8f7d)
{\n  \"external_controller\": \"127.0.0.1:9090\",\n  \"external_ui\": \"\",\n  \"external_ui_download_url\": \"\",\n  \"external_ui_download_detour\": \"\",\n  \"secret\": \"\",\n  \"default_mode\": \"\",\n  \"access_control_allow_origin\": [],\n  \"access_control_allow_private_network\": false,\n\n  // Deprecated\n\n  \"store_mode\": false,\n  \"store_selected\": false,\n  \"store_fakeip\": false,\n  \"cache_file\": \"\",\n  \"cache_id\": \"\"\n}\n

\u81ea sing-box 1.10.0 \u8d77

{\n  \"external_controller\": \"127.0.0.1:9090\",\n  \"access_control_allow_origin\": [\n    \"http://127.0.0.1\",\n    \"http://yacd.haishan.me\"\n  ],\n  \"access_control_allow_private_network\": true\n}\n

\u81ea sing-box 1.10.0 \u8d77

{\n  \"external_controller\": \"0.0.0.0:9090\",\n  \"external_ui\": \"dashboard\"\n  // external_ui_download_detour: \"direct\"\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

"},{"location":"zh/configuration/experimental/clash-api/#external_controller","title":"external_controller","text":"

RESTful web API \u76d1\u542c\u5730\u5740\u3002\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u7981\u7528 Clash API\u3002

"},{"location":"zh/configuration/experimental/clash-api/#external_ui","title":"external_ui","text":"

\u5230\u9759\u6001\u7f51\u9875\u8d44\u6e90\u76ee\u5f55\u7684\u76f8\u5bf9\u8def\u5f84\u6216\u7edd\u5bf9\u8def\u5f84\u3002sing-box \u4f1a\u5728 http://{{external-controller}}/ui \u4e0b\u63d0\u4f9b\u5b83\u3002

"},{"location":"zh/configuration/experimental/clash-api/#external_ui_download_url","title":"external_ui_download_url","text":"

\u9759\u6001\u7f51\u9875\u8d44\u6e90\u7684 ZIP \u4e0b\u8f7d URL\uff0c\u5982\u679c\u6307\u5b9a\u7684 external_ui \u76ee\u5f55\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u3002

\u9ed8\u8ba4\u4f7f\u7528 https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip\u3002

"},{"location":"zh/configuration/experimental/clash-api/#external_ui_download_detour","title":"external_ui_download_detour","text":"

\u7528\u4e8e\u4e0b\u8f7d\u9759\u6001\u7f51\u9875\u8d44\u6e90\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/experimental/clash-api/#secret","title":"secret","text":"

RESTful API \u7684\u5bc6\u94a5\uff08\u53ef\u9009\uff09 \u901a\u8fc7\u6307\u5b9a HTTP \u6807\u5934 Authorization: Bearer ${secret} \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u5982\u679c RESTful API \u6b63\u5728\u76d1\u542c 0.0.0.0\uff0c\u8bf7\u59cb\u7ec8\u8bbe\u7f6e\u4e00\u4e2a\u5bc6\u94a5\u3002

"},{"location":"zh/configuration/experimental/clash-api/#default_mode","title":"default_mode","text":"

Clash \u4e2d\u7684\u9ed8\u8ba4\u6a21\u5f0f\uff0c\u9ed8\u8ba4\u4f7f\u7528 Rule\u3002

\u6b64\u8bbe\u7f6e\u6ca1\u6709\u76f4\u63a5\u5f71\u54cd\uff0c\u4f46\u53ef\u4ee5\u901a\u8fc7 clash_mode \u89c4\u5219\u9879\u5728\u8def\u7531\u548c DNS \u89c4\u5219\u4e2d\u4f7f\u7528\u3002

"},{"location":"zh/configuration/experimental/clash-api/#access_control_allow_origin","title":"access_control_allow_origin","text":"

\u81ea sing-box 1.10.0 \u8d77

\u5141\u8bb8\u7684 CORS \u6765\u6e90\uff0c\u9ed8\u8ba4\u4f7f\u7528 *\u3002

\u8981\u4ece\u516c\u5171\u7f51\u7ad9\u8bbf\u95ee\u79c1\u6709\u7f51\u7edc\u4e0a\u7684 Clash API\uff0c\u5fc5\u987b\u5728 access_control_allow_origin \u4e2d\u660e\u786e\u6307\u5b9a\u5b83\u800c\u4e0d\u662f\u4f7f\u7528 *\u3002

"},{"location":"zh/configuration/experimental/clash-api/#access_control_allow_private_network","title":"access_control_allow_private_network","text":"

\u81ea sing-box 1.10.0 \u8d77

\u5141\u8bb8\u4ece\u79c1\u6709\u7f51\u7edc\u8bbf\u95ee\u3002

\u8981\u4ece\u516c\u5171\u7f51\u7ad9\u8bbf\u95ee\u79c1\u6709\u7f51\u7edc\u4e0a\u7684 Clash API\uff0c\u5fc5\u987b\u542f\u7528 access_control_allow_private_network\u3002

"},{"location":"zh/configuration/experimental/clash-api/#store_mode","title":"store_mode","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

store_mode \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u9ed8\u8ba4\u542f\u7528\u5f53 cache_file.enabled\u3002

\u5c06 Clash \u6a21\u5f0f\u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002

"},{"location":"zh/configuration/experimental/clash-api/#store_selected","title":"store_selected","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

store_selected \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u9ed8\u8ba4\u542f\u7528\u5f53 cache_file.enabled\u3002

\u5fc5\u987b\u4e3a\u76ee\u6807\u51fa\u7ad9\u8bbe\u7f6e\u6807\u7b7e\u3002

\u5c06 Selector \u4e2d\u51fa\u7ad9\u7684\u9009\u5b9a\u7684\u76ee\u6807\u51fa\u7ad9\u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002

"},{"location":"zh/configuration/experimental/clash-api/#store_fakeip","title":"store_fakeip","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

store_selected \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u5df2\u8fc1\u79fb\u5230 cache_file.store_fakeip\u3002

\u5c06 fakeip \u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002

"},{"location":"zh/configuration/experimental/clash-api/#cache_file","title":"cache_file","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

cache_file \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u5df2\u8fc1\u79fb\u5230 cache_file.enabled \u548c cache_file.path\u3002

\u7f13\u5b58\u6587\u4ef6\u8def\u5f84\uff0c\u9ed8\u8ba4\u4f7f\u7528cache.db\u3002

"},{"location":"zh/configuration/experimental/clash-api/#cache_id","title":"cache_id","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

cache_id \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u5df2\u8fc1\u79fb\u5230 cache_file.cache_id\u3002

\u7f13\u5b58 ID\u3002

\u5982\u679c\u4e0d\u4e3a\u7a7a\uff0c\u914d\u7f6e\u7279\u5b9a\u7684\u6570\u636e\u5c06\u4f7f\u7528\u7531\u5176\u952e\u63a7\u7684\u5355\u72ec\u5b58\u50a8\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/","title":"V2Ray API","text":"

\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u542b V2Ray API\uff0c\u53c2\u9605 \u5b89\u88c5\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/#_1","title":"\u7ed3\u6784","text":"
{\n  \"listen\": \"127.0.0.1:8080\",\n  \"stats\": {\n    \"enabled\": true,\n    \"inbounds\": [\n      \"socks-in\"\n    ],\n    \"outbounds\": [\n      \"proxy\",\n      \"direct\"\n    ],\n    \"users\": [\n      \"sekai\"\n    ]\n  }\n}\n
"},{"location":"zh/configuration/experimental/v2ray-api/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/experimental/v2ray-api/#listen","title":"listen","text":"

gRPC API \u76d1\u542c\u5730\u5740\u3002\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u7981\u7528 V2Ray API\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/#stats","title":"stats","text":"

\u6d41\u91cf\u7edf\u8ba1\u670d\u52a1\u8bbe\u7f6e\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/#statsenabled","title":"stats.enabled","text":"

\u542f\u7528\u7edf\u8ba1\u670d\u52a1\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/#statsinbounds","title":"stats.inbounds","text":"

\u7edf\u8ba1\u6d41\u91cf\u7684\u5165\u7ad9\u5217\u8868\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/#statsoutbounds","title":"stats.outbounds","text":"

\u7edf\u8ba1\u6d41\u91cf\u7684\u51fa\u7ad9\u5217\u8868\u3002

"},{"location":"zh/configuration/experimental/v2ray-api/#statsusers","title":"stats.users","text":"

\u7edf\u8ba1\u6d41\u91cf\u7684\u7528\u6237\u5217\u8868\u3002

"},{"location":"zh/configuration/inbound/","title":"\u5165\u7ad9","text":""},{"location":"zh/configuration/inbound/#_2","title":"\u7ed3\u6784","text":"
{\n  \"inbounds\": [\n    {\n      \"type\": \"\",\n      \"tag\": \"\"\n    }\n  ]\n}\n
"},{"location":"zh/configuration/inbound/#_3","title":"\u5b57\u6bb5","text":"\u7c7b\u578b \u683c\u5f0f \u6ce8\u5165\u652f\u6301 direct Direct mixed Mixed TCP socks SOCKS TCP http HTTP TCP shadowsocks Shadowsocks TCP vmess VMess TCP trojan Trojan TCP naive Naive hysteria Hysteria shadowtls ShadowTLS TCP tuic TUIC hysteria2 Hysteria2 vless VLESS TCP tun Tun redirect Redirect tproxy TProxy"},{"location":"zh/configuration/inbound/#tag","title":"tag","text":"

\u5165\u7ad9\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/inbound/direct/","title":"Direct","text":"

direct \u5165\u7ad9\u662f\u4e00\u4e2a\u96a7\u9053\u670d\u52a1\u5668\u3002

"},{"location":"zh/configuration/inbound/direct/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"direct\",\n  \"tag\": \"direct-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"network\": \"udp\",\n  \"override_address\": \"1.0.0.1\",\n  \"override_port\": 53\n}\n
"},{"location":"zh/configuration/inbound/direct/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/direct/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/direct/#network","title":"network","text":"

\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0ctcp udp \u4e4b\u4e00\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/inbound/direct/#override_address","title":"override_address","text":"

\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u5730\u5740\u3002

"},{"location":"zh/configuration/inbound/direct/#override_port","title":"override_port","text":"

\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u7aef\u53e3\u3002

"},{"location":"zh/configuration/inbound/http/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"http\",\n  \"tag\": \"http-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"username\": \"admin\",\n      \"password\": \"admin\"\n    }\n  ],\n  \"tls\": {},\n  \"set_system_proxy\": false\n}\n
"},{"location":"zh/configuration/inbound/http/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/http/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/http/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/http/#users","title":"users","text":"

HTTP \u7528\u6237

\u5982\u679c\u4e3a\u7a7a\u5219\u4e0d\u9700\u8981\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/inbound/http/#set_system_proxy","title":"set_system_proxy","text":"

\u4ec5\u652f\u6301 Linux\u3001Android\u3001Windows \u548c macOS\u3002

\u8981\u5728\u65e0\u7279\u6743\u7684 Android \u548c iOS \u4e0a\u5de5\u4f5c\uff0c\u8bf7\u6539\u7528 tun.platform.http_proxy\u3002

\u542f\u52a8\u65f6\u81ea\u52a8\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\uff0c\u505c\u6b62\u65f6\u81ea\u52a8\u6e05\u7406\u3002

"},{"location":"zh/configuration/inbound/hysteria/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"hysteria\",\n  \"tag\": \"hysteria-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"up\": \"100 Mbps\",\n  \"up_mbps\": 100,\n  \"down\": \"100 Mbps\",\n  \"down_mbps\": 100,\n  \"obfs\": \"fuck me till the daylight\",\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"auth\": \"\",\n      \"auth_str\": \"password\"\n    }\n  ],\n\n  \"recv_window_conn\": 0,\n  \"recv_window_client\": 0,\n  \"max_conn_client\": 0,\n  \"disable_mtu_discovery\": false,\n  \"tls\": {}\n}\n
"},{"location":"zh/configuration/inbound/hysteria/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/hysteria/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/hysteria/#up-down","title":"up, down","text":"

\u5fc5\u586b

\u683c\u5f0f: [Integer] [Unit] \u4f8b\u5982\uff1a 100 Mbps, 640 KBps, 2 Gbps

\u652f\u6301\u7684\u5355\u4f4d (\u5927\u5c0f\u5199\u654f\u611f, b = bits, B = bytes, 8b=1B)\uff1a

bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n
"},{"location":"zh/configuration/inbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

\u5fc5\u586b

\u4ee5 Mbps \u4e3a\u5355\u4f4d\u7684 up, down\u3002

"},{"location":"zh/configuration/inbound/hysteria/#obfs","title":"obfs","text":"

\u6df7\u6dc6\u5bc6\u7801\u3002

"},{"location":"zh/configuration/inbound/hysteria/#users","title":"users","text":"

Hysteria \u7528\u6237

"},{"location":"zh/configuration/inbound/hysteria/#usersauth","title":"users.auth","text":"

base64 \u7f16\u7801\u7684\u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/inbound/hysteria/#usersauth_str","title":"users.auth_str","text":"

\u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/inbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"

\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u6d41\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002

\u9ed8\u8ba4 15728640 (15 MB/s)\u3002

"},{"location":"zh/configuration/inbound/hysteria/#recv_window_client","title":"recv_window_client","text":"

\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u8fde\u63a5\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002

\u9ed8\u8ba4 67108864 (64 MB/s)\u3002

"},{"location":"zh/configuration/inbound/hysteria/#max_conn_client","title":"max_conn_client","text":"

\u5141\u8bb8\u5bf9\u7b49\u70b9\u6253\u5f00\u7684 QUIC \u5e76\u53d1\u53cc\u5411\u6d41\u7684\u6700\u5927\u6570\u91cf\u3002

\u9ed8\u8ba4 1024\u3002

"},{"location":"zh/configuration/inbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"

\u7981\u7528\u8def\u5f84 MTU \u53d1\u73b0 (RFC 8899)\u3002 \u6570\u636e\u5305\u7684\u5927\u5c0f\u6700\u591a\u4e3a 1252 (IPv4) / 1232 (IPv6) \u5b57\u8282\u3002

\u5f3a\u5236\u4e3a Linux \u548c Windows \u4ee5\u5916\u7684\u7cfb\u7edf\u542f\u7528\uff08\u6839\u636e\u4e0a\u6e38\uff09\u3002

"},{"location":"zh/configuration/inbound/hysteria/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/hysteria2/","title":"Hysteria2","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

masquerade

"},{"location":"zh/configuration/inbound/hysteria2/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"hysteria2\",\n  \"tag\": \"hy2-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"up_mbps\": 100,\n  \"down_mbps\": 100,\n  \"obfs\": {\n    \"type\": \"salamander\",\n    \"password\": \"cry_me_a_r1ver\"\n  },\n  \"users\": [\n    {\n      \"name\": \"tobyxdd\",\n      \"password\": \"goofy_ahh_password\"\n    }\n  ],\n  \"ignore_client_bandwidth\": false,\n  \"tls\": {},\n  \"masquerade\": \"\", // \u6216 {}\n  \"brutal_debug\": false\n}\n

\u4e0e\u5b98\u65b9 Hysteria2 \u7684\u533a\u522b

\u5b98\u65b9\u7a0b\u5e8f\u652f\u6301\u4e00\u79cd\u540d\u4e3a userpass \u7684\u9a8c\u8bc1\u65b9\u5f0f\uff0c \u672c\u8d28\u4e0a\u4e0a\u662f\u5c06\u7528\u6237\u540d\u4e0e\u5bc6\u7801\u7684\u7ec4\u5408 <username>:<password> \u4f5c\u4e3a\u5b9e\u9645\u4e0a\u7684\u5bc6\u7801\uff0c\u800c sing-box \u4e0d\u63d0\u4f9b\u6b64\u522b\u540d\u3002 \u8981\u5c06 sing-box \u4e0e\u5b98\u65b9\u7a0b\u5e8f\u4e00\u8d77\u4f7f\u7528\uff0c \u60a8\u9700\u8981\u586b\u5199\u8be5\u7ec4\u5408\u4f5c\u4e3a\u5b9e\u9645\u5bc6\u7801\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

\u652f\u6301\u7684\u901f\u7387\uff0c\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002

\u4e0e ignore_client_bandwidth \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#obfstype","title":"obfs.type","text":"

QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u7c7b\u578b\uff0c\u4ec5\u53ef\u8bbe\u4e3a salamander\u3002

\u5982\u679c\u4e3a\u7a7a\u5219\u7981\u7528\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#obfspassword","title":"obfs.password","text":"

QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u5bc6\u7801.

"},{"location":"zh/configuration/inbound/hysteria2/#users","title":"users","text":"

Hysteria \u7528\u6237

"},{"location":"zh/configuration/inbound/hysteria2/#userspassword","title":"users.password","text":"

\u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#ignore_client_bandwidth","title":"ignore_client_bandwidth","text":"

\u547d\u4ee4\u5ba2\u6237\u7aef\u4f7f\u7528 BBR \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u800c\u4e0d\u662f Hysteria CC\u3002

\u4e0e up_mbps \u548c down_mbps \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masquerade","title":"masquerade","text":"

HTTP3 \u670d\u52a1\u5668\u8ba4\u8bc1\u5931\u8d25\u65f6\u7684\u884c\u4e3a \uff08URL \u5b57\u7b26\u4e32\u914d\u7f6e\uff09\u3002

Scheme \u793a\u4f8b \u63cf\u8ff0 file file:///var/www \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668 http/https http://127.0.0.1:8080 \u4f5c\u4e3a\u53cd\u5411\u4ee3\u7406

\u5982\u679c masquerade \u672a\u914d\u7f6e\uff0c\u5219\u8fd4\u56de 404 \u9875\u3002

\u4e0e masquerade.type \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueradetype","title":"masquerade.type","text":"

HTTP3 \u670d\u52a1\u5668\u8ba4\u8bc1\u5931\u8d25\u65f6\u7684\u884c\u4e3a \uff08\u5bf9\u8c61\u914d\u7f6e\uff09\u3002

Type \u63cf\u8ff0 \u5b57\u6bb5 file \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668 directory proxy \u4f5c\u4e3a\u53cd\u5411\u4ee3\u7406 url, rewrite_host string \u8fd4\u56de\u56fa\u5b9a\u54cd\u5e94 status_code, headers, content

\u5982\u679c masquerade \u672a\u914d\u7f6e\uff0c\u5219\u8fd4\u56de 404 \u9875\u3002

\u4e0e masquerade \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueradedirectory","title":"masquerade.directory","text":"

\u6587\u4ef6\u670d\u52a1\u5668\u6839\u76ee\u5f55\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueradeurl","title":"masquerade.url","text":"

\u53cd\u5411\u4ee3\u7406\u76ee\u6807 URL\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueraderewrite_host","title":"masquerade.rewrite_host","text":"

\u91cd\u5199\u8bf7\u6c42\u5934\u4e2d\u7684 Host \u5b57\u6bb5\u5230\u76ee\u6807 URL\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueradestatus_code","title":"masquerade.status_code","text":"

\u56fa\u5b9a\u54cd\u5e94\u72b6\u6001\u7801\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueradeheaders","title":"masquerade.headers","text":"

\u56fa\u5b9a\u54cd\u5e94\u5934\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#masqueradecontent","title":"masquerade.content","text":"

\u56fa\u5b9a\u54cd\u5e94\u5185\u5bb9\u3002

"},{"location":"zh/configuration/inbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"

\u542f\u7528 Hysteria Brutal CC \u7684\u8c03\u8bd5\u4fe1\u606f\u65e5\u5fd7\u8bb0\u5f55\u3002

"},{"location":"zh/configuration/inbound/mixed/","title":"Mixed","text":"

mixed \u5165\u7ad9\u662f\u4e00\u4e2a socks4, socks4a, socks5 \u548c http \u670d\u52a1\u5668.

"},{"location":"zh/configuration/inbound/mixed/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"mixed\",\n  \"tag\": \"mixed-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"username\": \"admin\",\n      \"password\": \"admin\"\n    }\n  ],\n  \"set_system_proxy\": false\n}\n
"},{"location":"zh/configuration/inbound/mixed/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/mixed/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/mixed/#users","title":"users","text":"

SOCKS \u548c HTTP \u7528\u6237

\u5982\u679c\u4e3a\u7a7a\u5219\u4e0d\u9700\u8981\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/inbound/mixed/#set_system_proxy","title":"set_system_proxy","text":"

\u4ec5\u652f\u6301 Linux\u3001Android\u3001Windows \u548c macOS\u3002

\u8981\u5728\u65e0\u7279\u6743\u7684 Android \u548c iOS \u4e0a\u5de5\u4f5c\uff0c\u8bf7\u6539\u7528 tun.platform.http_proxy\u3002

\u542f\u52a8\u65f6\u81ea\u52a8\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\uff0c\u505c\u6b62\u65f6\u81ea\u52a8\u6e05\u7406\u3002

"},{"location":"zh/configuration/inbound/naive/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"naive\",\n  \"tag\": \"naive-in\",\n  \"network\": \"udp\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"username\": \"sekai\",\n      \"password\": \"password\"\n    }\n  ],\n  \"tls\": {}\n}\n
"},{"location":"zh/configuration/inbound/naive/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/naive/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/naive/#network","title":"network","text":"

\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0ctcp udp \u4e4b\u4e00\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/inbound/naive/#users","title":"users","text":"

\u5fc5\u586b

Naive \u7528\u6237\u3002

"},{"location":"zh/configuration/inbound/naive/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/redirect/","title":"Redirect","text":"

\u4ec5\u652f\u6301 Linux \u548c macOS\u3002

"},{"location":"zh/configuration/inbound/redirect/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"redirect\",\n  \"tag\": \"redirect-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/inbound/redirect/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/shadowsocks/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"shadowsocks\",\n  \"tag\": \"ss-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"multiplex\": {}\n}\n
"},{"location":"zh/configuration/inbound/shadowsocks/#_2","title":"\u591a\u7528\u6237\u7ed3\u6784","text":"
{\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n    }\n  ],\n  \"multiplex\": {}\n}\n
"},{"location":"zh/configuration/inbound/shadowsocks/#_3","title":"\u4e2d\u8f6c\u7ed3\u6784","text":"
{\n  \"type\": \"shadowsocks\",\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"destinations\": [\n    {\n      \"name\": \"test\",\n      \"server\": \"example.com\",\n      \"server_port\": 8080,\n      \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n    }\n  ],\n  \"multiplex\": {}\n}\n
"},{"location":"zh/configuration/inbound/shadowsocks/#_4","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/shadowsocks/#network","title":"network","text":"

\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0ctcp udp \u4e4b\u4e00\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/inbound/shadowsocks/#method","title":"method","text":"

\u5fc5\u586b

\u65b9\u6cd5 \u5bc6\u94a5\u957f\u5ea6 2022-blake3-aes-128-gcm 16 2022-blake3-aes-256-gcm 32 2022-blake3-chacha20-poly1305 32 none / aes-128-gcm / aes-192-gcm / aes-256-gcm / chacha20-ietf-poly1305 / xchacha20-ietf-poly1305 /"},{"location":"zh/configuration/inbound/shadowsocks/#password","title":"password","text":"

\u5fc5\u586b

\u65b9\u6cd5 \u5bc6\u7801\u683c\u5f0f none / 2022 methods sing-box generate rand --base64 <\u5bc6\u94a5\u957f\u5ea6> other methods \u4efb\u610f\u5b57\u7b26\u4e32"},{"location":"zh/configuration/inbound/shadowsocks/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/inbound/shadowtls/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"shadowtls\",\n  \"tag\": \"st-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"version\": 3,\n  \"password\": \"fuck me till the daylight\",\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n    }\n  ],\n  \"handshake\": {\n    \"server\": \"google.com\",\n    \"server_port\": 443,\n\n    ... // \u62e8\u53f7\u5b57\u6bb5\n  },\n  \"handshake_for_server_name\": {\n    \"example.com\": {\n      \"server\": \"example.com\",\n      \"server_port\": 443,\n\n      ... // \u62e8\u53f7\u5b57\u6bb5\n    }\n  },\n  \"strict_mode\": false\n}\n
"},{"location":"zh/configuration/inbound/shadowtls/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/shadowtls/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/shadowtls/#version","title":"version","text":"

ShadowTLS \u534f\u8bae\u7248\u672c\u3002

\u503c \u534f\u8bae\u7248\u672c 1 (default) ShadowTLS v1 2 ShadowTLS v2 3 ShadowTLS v3"},{"location":"zh/configuration/inbound/shadowtls/#password","title":"password","text":"

ShadowTLS \u5bc6\u7801\u3002

\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 2 \u4e2d\u53ef\u7528\u3002

"},{"location":"zh/configuration/inbound/shadowtls/#users","title":"users","text":"

ShadowTLS \u7528\u6237\u3002

\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 3 \u4e2d\u53ef\u7528\u3002

"},{"location":"zh/configuration/inbound/shadowtls/#handshake","title":"handshake","text":"

\u5fc5\u586b

\u63e1\u624b\u670d\u52a1\u5668\u5730\u5740\u548c \u62e8\u53f7\u53c2\u6570\u3002

"},{"location":"zh/configuration/inbound/shadowtls/#handshake_for_server_name","title":"handshake_for_server_name","text":"

\u5fc5\u586b

\u5bf9\u4e8e\u7279\u5b9a\u670d\u52a1\u5668\u540d\u79f0\u7684\u63e1\u624b\u670d\u52a1\u5668\u5730\u5740\u548c \u62e8\u53f7\u53c2\u6570\u3002

\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 2/3 \u4e2d\u53ef\u7528\u3002

"},{"location":"zh/configuration/inbound/shadowtls/#strict_mode","title":"strict_mode","text":"

ShadowTLS \u4e25\u683c\u6a21\u5f0f\u3002

\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 3 \u4e2d\u53ef\u7528\u3002

"},{"location":"zh/configuration/inbound/socks/","title":"SOCKS","text":"

socks \u5165\u7ad9\u662f\u4e00\u4e2a socks4, socks4a \u548c socks5 \u670d\u52a1\u5668.

"},{"location":"zh/configuration/inbound/socks/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"socks\",\n  \"tag\": \"socks-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"username\": \"admin\",\n      \"password\": \"admin\"\n    }\n  ]\n}\n
"},{"location":"zh/configuration/inbound/socks/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/socks/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/socks/#users","title":"users","text":"

SOCKS \u7528\u6237

\u5982\u679c\u4e3a\u7a7a\u5219\u4e0d\u9700\u8981\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/inbound/tproxy/","title":"TProxy","text":"

\u4ec5\u652f\u6301 Linux\u3002

"},{"location":"zh/configuration/inbound/tproxy/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"tproxy\",\n  \"tag\": \"tproxy-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"network\": \"udp\"\n}\n
"},{"location":"zh/configuration/inbound/tproxy/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/tproxy/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/tproxy/#network","title":"network","text":"

\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0ctcp udp \u4e4b\u4e00\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/inbound/trojan/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"trojan\",\n  \"tag\": \"trojan-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n    }\n  ],\n  \"tls\": {},\n  \"fallback\": {\n    \"server\": \"127.0.0.1\",\n    \"server_port\": 8080\n  },\n  \"fallback_for_alpn\": {\n    \"http/1.1\": {\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8081\n    }\n  },\n  \"multiplex\": {},\n  \"transport\": {}\n}\n
"},{"location":"zh/configuration/inbound/trojan/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/trojan/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/trojan/#users","title":"users","text":"

\u5fc5\u586b

Trojan \u7528\u6237\u3002

"},{"location":"zh/configuration/inbound/trojan/#tls","title":"tls","text":"

\u5982\u679c\u542f\u7528 HTTP3 \u5219\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/trojan/#fallback","title":"fallback","text":"

\u6ca1\u6709\u8bc1\u636e\u8868\u660e GFW \u57fa\u4e8e HTTP \u54cd\u5e94\u68c0\u6d4b\u5e76\u963b\u6b62 Trojan \u670d\u52a1\u5668\uff0c\u5e76\u4e14\u5728\u670d\u52a1\u5668\u4e0a\u6253\u5f00\u6807\u51c6 http/s \u7aef\u53e3\u662f\u4e00\u4e2a\u66f4\u5927\u7684\u7279\u5f81\u3002

\u56de\u9000\u670d\u52a1\u5668\u914d\u7f6e\u3002\u5982\u679c fallback \u548c fallback_for_alpn \u4e3a\u7a7a\uff0c\u5219\u7981\u7528\u56de\u9000\u3002

"},{"location":"zh/configuration/inbound/trojan/#fallback_for_alpn","title":"fallback_for_alpn","text":"

\u4e3a ALPN \u6307\u5b9a\u56de\u9000\u670d\u52a1\u5668\u914d\u7f6e\u3002

\u5982\u679c\u4e0d\u4e3a\u7a7a\uff0cALPN \u4e0d\u5728\u6b64\u5217\u8868\u4e2d\u7684 TLS \u56de\u9000\u8bf7\u6c42\u5c06\u88ab\u62d2\u7edd\u3002

"},{"location":"zh/configuration/inbound/trojan/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/inbound/trojan/#transport","title":"transport","text":"

V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002

"},{"location":"zh/configuration/inbound/tuic/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"tuic\",\n  \"tag\": \"tuic-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"uuid\": \"059032A9-7D40-4A96-9BB1-36823D848068\",\n      \"password\": \"hello\"\n    }\n  ],\n  \"congestion_control\": \"cubic\",\n  \"auth_timeout\": \"3s\",\n  \"zero_rtt_handshake\": false,\n  \"heartbeat\": \"10s\",\n  \"tls\": {}\n}\n
"},{"location":"zh/configuration/inbound/tuic/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/tuic/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/tuic/#users","title":"users","text":"

TUIC \u7528\u6237

"},{"location":"zh/configuration/inbound/tuic/#usersuuid","title":"users.uuid","text":"

\u5fc5\u586b

TUIC \u7528\u6237 UUID

"},{"location":"zh/configuration/inbound/tuic/#userspassword","title":"users.password","text":"

TUIC \u7528\u6237\u5bc6\u7801

"},{"location":"zh/configuration/inbound/tuic/#congestion_control","title":"congestion_control","text":"

QUIC \u62e5\u585e\u63a7\u5236\u7b97\u6cd5

\u53ef\u9009\u503c: cubic, new_reno, bbr

\u9ed8\u8ba4\u4f7f\u7528 cubic\u3002

"},{"location":"zh/configuration/inbound/tuic/#auth_timeout","title":"auth_timeout","text":"

\u670d\u52a1\u5668\u7b49\u5f85\u5ba2\u6237\u7aef\u53d1\u9001\u8ba4\u8bc1\u547d\u4ee4\u7684\u65f6\u95f4

\u9ed8\u8ba4\u4f7f\u7528 3s\u3002

"},{"location":"zh/configuration/inbound/tuic/#zero_rtt_handshake","title":"zero_rtt_handshake","text":"

\u5728\u5ba2\u6237\u7aef\u542f\u7528 0-RTT QUIC \u8fde\u63a5\u63e1\u624b \u8fd9\u5bf9\u6027\u80fd\u5f71\u54cd\u4e0d\u5927\uff0c\u56e0\u4e3a\u534f\u8bae\u662f\u5b8c\u5168\u590d\u7528\u7684

\u5f3a\u70c8\u5efa\u8bae\u7981\u7528\u6b64\u529f\u80fd\uff0c\u56e0\u4e3a\u5b83\u5bb9\u6613\u53d7\u5230\u91cd\u653e\u653b\u51fb\u3002 \u8bf7\u53c2\u9605 Attack of the clones

"},{"location":"zh/configuration/inbound/tuic/#heartbeat","title":"heartbeat","text":"

\u53d1\u9001\u5fc3\u8df3\u5305\u4ee5\u4fdd\u6301\u8fde\u63a5\u5b58\u6d3b\u7684\u65f6\u95f4\u95f4\u9694

\u9ed8\u8ba4\u4f7f\u7528 10s\u3002

"},{"location":"zh/configuration/inbound/tuic/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/tun/","title":"Tun","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

gso

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

address inet4_address inet6_address route_address inet4_route_address inet6_route_address route_exclude_address inet4_route_exclude_address inet6_route_exclude_address iproute2_table_index iproute2_rule_index auto_redirect auto_redirect_input_mark auto_redirect_output_mark route_address_set route_exclude_address_set

sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539

platform.http_proxy.bypass_domain platform.http_proxy.match_domain

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

gso stack

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002

"},{"location":"zh/configuration/inbound/tun/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"tun\",\n  \"tag\": \"tun-in\",\n  \"interface_name\": \"tun0\",\n  \"address\": [\n    \"172.18.0.1/30\",\n    \"fdfe:dcba:9876::1/126\"\n  ],\n  \"mtu\": 9000,\n  \"auto_route\": true,\n  \"iproute2_table_index\": 2022,\n  \"iproute2_rule_index\": 9000,\n  \"auto_redirect\": false,\n  \"auto_redirect_input_mark\": \"0x2023\",\n  \"auto_redirect_output_mark\": \"0x2024\",\n  \"strict_route\": true,\n  \"route_address\": [\n    \"0.0.0.0/1\",\n    \"128.0.0.0/1\",\n    \"::/1\",\n    \"8000::/1\"\n  ],\n\n  \"route_exclude_address\": [\n    \"192.168.0.0/16\",\n    \"fc00::/7\"\n  ],\n  \"route_address_set\": [\n    \"geoip-cloudflare\"\n  ],\n  \"route_exclude_address_set\": [\n    \"geoip-cn\"\n  ],\n  \"endpoint_independent_nat\": false,\n  \"udp_timeout\": \"5m\",\n  \"stack\": \"system\",\n  \"include_interface\": [\n    \"lan0\"\n  ],\n  \"exclude_interface\": [\n    \"lan1\"\n  ],\n  \"include_uid\": [\n    0\n  ],\n  \"include_uid_range\": [\n    \"1000-99999\"\n  ],\n  \"exclude_uid\": [\n    1000\n  ],\n  \"exclude_uid_range\": [\n    \"1000-99999\"\n  ],\n  \"include_android_user\": [\n    0,\n    10\n  ],\n  \"include_package\": [\n    \"com.android.chrome\"\n  ],\n  \"exclude_package\": [\n    \"com.android.captiveportallogin\"\n  ],\n  \"platform\": {\n    \"http_proxy\": {\n      \"enabled\": false,\n      \"server\": \"127.0.0.1\",\n      \"server_port\": 8080,\n      \"bypass_domain\": [],\n      \"match_domain\": []\n    }\n  },\n\n  // \u5df2\u5f03\u7528\n  \"gso\": false,\n  \"inet4_address\": [\n    \"172.19.0.1/30\"\n  ],\n  \"inet6_address\": [\n    \"fdfe:dcba:9876::1/126\"\n  ],\n  \"inet4_route_address\": [\n    \"0.0.0.0/1\",\n    \"128.0.0.0/1\"\n  ],\n  \"inet6_route_address\": [\n    \"::/1\",\n    \"8000::/1\"\n  ],\n  \"inet4_route_exclude_address\": [\n    \"192.168.0.0/16\"\n  ],\n  \"inet6_route_exclude_address\": [\n    \"fc00::/7\"\n  ],\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002

\u5982\u679c tun \u5728\u975e\u7279\u6743\u6a21\u5f0f\u4e0b\u8fd0\u884c\uff0c\u5730\u5740\u548c MTU \u5c06\u4e0d\u4f1a\u81ea\u52a8\u914d\u7f6e\uff0c\u8bf7\u786e\u4fdd\u8bbe\u7f6e\u6b63\u786e\u3002

"},{"location":"zh/configuration/inbound/tun/#tun","title":"Tun \u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/tun/#interface_name","title":"interface_name","text":"

\u865a\u62df\u8bbe\u5907\u540d\u79f0\uff0c\u9ed8\u8ba4\u81ea\u52a8\u9009\u62e9\u3002

"},{"location":"zh/configuration/inbound/tun/#address","title":"address","text":"

\u81ea sing-box 1.10.0 \u8d77

\u5fc5\u586b

tun \u63a5\u53e3\u7684 IPv4 \u548c IPv6 \u524d\u7f00\u3002

"},{"location":"zh/configuration/inbound/tun/#inet4_address","title":"inet4_address","text":"

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

inet4_address \u5df2\u5408\u5e76\u5230 address \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u5fc5\u586b

tun \u63a5\u53e3\u7684 IPv4 \u524d\u7f00\u3002

"},{"location":"zh/configuration/inbound/tun/#inet6_address","title":"inet6_address","text":"

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

inet6_address \u5df2\u5408\u5e76\u5230 address \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

tun \u63a5\u53e3\u7684 IPv6 \u524d\u7f00\u3002

"},{"location":"zh/configuration/inbound/tun/#mtu","title":"mtu","text":"

\u6700\u5927\u4f20\u8f93\u5355\u5143\u3002

"},{"location":"zh/configuration/inbound/tun/#gso","title":"gso","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

GSO \u5bf9\u4e8e\u900f\u660e\u4ee3\u7406\u573a\u666f\u6ca1\u6709\u4f18\u52bf\uff0c\u5df2\u5e9f\u5f03\u548c\u4e0d\u518d\u751f\u6548\uff0c\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u81ea sing-box 1.8.0 \u8d77

\u4ec5\u652f\u6301 Linux\u3002

\u542f\u7528\u901a\u7528\u5206\u6bb5\u5378\u8f7d\u3002

"},{"location":"zh/configuration/inbound/tun/#auto_route","title":"auto_route","text":"

\u8bbe\u7f6e\u5230 Tun \u7684\u9ed8\u8ba4\u8def\u7531\u3002

\u4e3a\u907f\u514d\u6d41\u91cf\u73af\u56de\uff0c\u8bf7\u8bbe\u7f6e route.auto_detect_interface \u6216 route.default_interface \u6216 outbound.bind_interface\u3002

\u4e0e Android VPN \u4e00\u8d77\u4f7f\u7528

VPN \u9ed8\u8ba4\u4f18\u5148\u4e8e tun\u3002\u8981\u4f7f tun \u7ecf\u8fc7 VPN\uff0c\u542f\u7528 route.override_android_vpn\u3002

"},{"location":"zh/configuration/inbound/tun/#iproute2_table_index","title":"iproute2_table_index","text":"

\u81ea sing-box 1.10.0 \u8d77

auto_route \u751f\u6210\u7684 iproute2 \u8def\u7531\u8868\u7d22\u5f15\u3002

\u9ed8\u8ba4\u4f7f\u7528 2022\u3002

"},{"location":"zh/configuration/inbound/tun/#iproute2_rule_index","title":"iproute2_rule_index","text":"

\u81ea sing-box 1.10.0 \u8d77

auto_route \u751f\u6210\u7684 iproute2 \u89c4\u5219\u8d77\u59cb\u7d22\u5f15\u3002

\u9ed8\u8ba4\u4f7f\u7528 9000\u3002

"},{"location":"zh/configuration/inbound/tun/#auto_redirect","title":"auto_redirect","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4ec5\u652f\u6301 Linux\uff0c\u4e14\u9700\u8981 auto_route \u5df2\u542f\u7528\u3002

\u81ea\u52a8\u914d\u7f6e iptables/nftables \u4ee5\u91cd\u5b9a\u5411\u8fde\u63a5\u3002

\u5728 Android \u4e2d\uff1a

\u4ec5\u8f6c\u53d1\u672c\u5730 IPv4 \u8fde\u63a5\u3002 \u8981\u901a\u8fc7\u70ed\u70b9\u6216\u4e2d\u7ee7\u5171\u4eab\u60a8\u7684 VPN \u8fde\u63a5\uff0c\u8bf7\u4f7f\u7528 VPNHotspot\u3002

\u5728 Linux \u4e2d:

\u5e26\u6709 auto_redirect\u7684 auto_route \u53ef\u4ee5\u5728\u8def\u7531\u5668\u4e0a\u6309\u9884\u671f\u5de5\u4f5c\uff0c\u65e0\u9700\u5e72\u9884\u3002

"},{"location":"zh/configuration/inbound/tun/#auto_redirect_input_mark","title":"auto_redirect_input_mark","text":"

\u81ea sing-box 1.10.0 \u8d77

route_address_set \u548c route_exclude_address_set \u4f7f\u7528\u7684\u8fde\u63a5\u8f93\u5165\u6807\u8bb0\u3002

\u9ed8\u8ba4\u4f7f\u7528 0x2023\u3002

"},{"location":"zh/configuration/inbound/tun/#auto_redirect_output_mark","title":"auto_redirect_output_mark","text":"

\u81ea sing-box 1.10.0 \u8d77

route_address_set \u548c route_exclude_address_set \u4f7f\u7528\u7684\u8fde\u63a5\u8f93\u51fa\u6807\u8bb0\u3002

\u9ed8\u8ba4\u4f7f\u7528 0x2024\u3002

"},{"location":"zh/configuration/inbound/tun/#strict_route","title":"strict_route","text":"

\u542f\u7528 auto_route \u65f6\u6267\u884c\u4e25\u683c\u7684\u8def\u7531\u89c4\u5219\u3002

\u5728 Linux \u4e2d:

  • \u8ba9\u4e0d\u652f\u6301\u7684\u7f51\u7edc\u65e0\u6cd5\u5230\u8fbe
  • \u4f7f ICMP \u6d41\u91cf\u8def\u7531\u5230 tun \u800c\u4e0d\u662f\u4e0a\u6e38\u63a5\u53e3
  • \u5c06\u6240\u6709\u8fde\u63a5\u8def\u7531\u5230 tun

\u5b83\u53ef\u4ee5\u9632\u6b62 IP \u5730\u5740\u6cc4\u6f0f\uff0c\u5e76\u4f7f DNS \u52ab\u6301\u5728 Android \u4e0a\u5de5\u4f5c\u3002

\u5728 Windows \u4e2d:

  • \u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u4ee5\u963b\u6b62 Windows \u7684 \u666e\u901a\u591a\u5bbf\u4e3b DNS \u89e3\u6790\u884c\u4e3a \u9020\u6210\u7684 DNS \u6cc4\u9732

\u5b83\u53ef\u80fd\u4f1a\u4f7f\u67d0\u4e9b\u5e94\u7528\u7a0b\u5e8f\uff08\u5982 VirtualBox\uff09\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\u3002

"},{"location":"zh/configuration/inbound/tun/#route_address","title":"route_address","text":"

\u81ea sing-box 1.10.0 \u8d77

\u8bbe\u7f6e\u5230 Tun \u7684\u81ea\u5b9a\u4e49\u8def\u7531\u3002

"},{"location":"zh/configuration/inbound/tun/#inet4_route_address","title":"inet4_route_address","text":"

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

inet4_route_address \u5df2\u5408\u5e76\u5230 route_address \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u542f\u7528 auto_route \u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u8def\u7531\u800c\u4e0d\u662f\u9ed8\u8ba4\u8def\u7531\u3002

"},{"location":"zh/configuration/inbound/tun/#inet6_route_address","title":"inet6_route_address","text":"

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

inet6_route_address \u5df2\u5408\u5e76\u5230 route_address \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u542f\u7528 auto_route \u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u8def\u7531\u800c\u4e0d\u662f\u9ed8\u8ba4\u8def\u7531\u3002

"},{"location":"zh/configuration/inbound/tun/#route_exclude_address","title":"route_exclude_address","text":"

\u81ea sing-box 1.10.0 \u8d77

\u8bbe\u7f6e\u5230 Tun \u7684\u6392\u9664\u81ea\u5b9a\u4e49\u8def\u7531\u3002

"},{"location":"zh/configuration/inbound/tun/#inet4_route_exclude_address","title":"inet4_route_exclude_address","text":"

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

inet4_route_exclude_address \u5df2\u5408\u5e76\u5230 route_exclude_address \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u542f\u7528 auto_route \u65f6\u6392\u9664\u81ea\u5b9a\u4e49\u8def\u7531\u3002

"},{"location":"zh/configuration/inbound/tun/#inet6_route_exclude_address","title":"inet6_route_exclude_address","text":"

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

inet6_route_exclude_address \u5df2\u5408\u5e76\u5230 route_exclude_address \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u542f\u7528 auto_route \u65f6\u6392\u9664\u81ea\u5b9a\u4e49\u8def\u7531\u3002

"},{"location":"zh/configuration/inbound/tun/#route_address_set","title":"route_address_set","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4ec5\u652f\u6301 Linux\uff0c\u4e14\u9700\u8981 nftables\uff0cauto_route \u548c auto_redirect \u5df2\u542f\u7528\u3002

\u5c06\u6307\u5b9a\u89c4\u5219\u96c6\u4e2d\u7684\u76ee\u6807 IP CIDR \u89c4\u5219\u6dfb\u52a0\u5230\u9632\u706b\u5899\u3002 \u4e0d\u5339\u914d\u7684\u6d41\u91cf\u5c06\u7ed5\u8fc7 sing-box \u8def\u7531\u3002

\u4e0e route.default_mark \u548c [dialOptions].routing_mark \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/tun/#route_exclude_address_set","title":"route_exclude_address_set","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4ec5\u652f\u6301 Linux\uff0c\u4e14\u9700\u8981 nftables\uff0cauto_route \u548c auto_redirect \u5df2\u542f\u7528\u3002

\u5c06\u6307\u5b9a\u89c4\u5219\u96c6\u4e2d\u7684\u76ee\u6807 IP CIDR \u89c4\u5219\u6dfb\u52a0\u5230\u9632\u706b\u5899\u3002 \u5339\u914d\u7684\u6d41\u91cf\u5c06\u7ed5\u8fc7 sing-box \u8def\u7531\u3002

\u4e0e route.default_mark \u548c [dialOptions].routing_mark \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/tun/#endpoint_independent_nat","title":"endpoint_independent_nat","text":"

\u542f\u7528\u72ec\u7acb\u4e8e\u7aef\u70b9\u7684 NAT\u3002

\u6027\u80fd\u53ef\u80fd\u4f1a\u7565\u6709\u4e0b\u964d\uff0c\u6240\u4ee5\u4e0d\u5efa\u8bae\u5728\u4e0d\u9700\u8981\u7684\u65f6\u5019\u5f00\u542f\u3002

"},{"location":"zh/configuration/inbound/tun/#udp_timeout","title":"udp_timeout","text":"

UDP NAT \u8fc7\u671f\u65f6\u95f4\u3002

\u9ed8\u8ba4\u4f7f\u7528 5m\u3002

"},{"location":"zh/configuration/inbound/tun/#stack","title":"stack","text":"

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

\u65e7\u7684 LWIP \u6808\u5df2\u88ab\u5f03\u7528\u5e76\u79fb\u9664\u3002

TCP/IP \u6808\u3002

\u6808 \u63cf\u8ff0 system \u57fa\u4e8e\u7cfb\u7edf\u7f51\u7edc\u6808\u6267\u884c L3 \u5230 L4 \u8f6c\u6362 gVisor \u57fa\u4e8e gVisor \u865a\u62df\u7f51\u7edc\u6808\u6267\u884c L3 \u5230 L4 \u8f6c\u6362 mixed \u6df7\u5408 system TCP \u6808\u4e0e gvisor UDP \u6808

\u9ed8\u8ba4\u4f7f\u7528 mixed \u6808\u5982\u679c gVisor \u6784\u5efa\u6807\u8bb0\u5df2\u542f\u7528\uff0c\u5426\u5219\u9ed8\u8ba4\u4f7f\u7528 system \u6808\u3002

"},{"location":"zh/configuration/inbound/tun/#include_interface","title":"include_interface","text":"

\u63a5\u53e3\u89c4\u5219\u4ec5\u5728 Linux \u4e0b\u88ab\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 auto_route\u3002

\u9650\u5236\u88ab\u8def\u7531\u7684\u63a5\u53e3\u3002\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002

\u4e0e exclude_interface \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/tun/#exclude_interface","title":"exclude_interface","text":"

\u5f53 strict_route \u542f\u7528\uff0c\u5230\u88ab\u6392\u9664\u63a5\u53e3\u7684\u56de\u7a0b\u6d41\u91cf\u5c06\u4e0d\u4f1a\u88ab\u81ea\u52a8\u6392\u9664\uff0c\u56e0\u6b64\u4e5f\u8981\u6dfb\u52a0\u5b83\u4eec\uff08\u4f8b\uff1abr-lan \u4e0e pppoe-wan\uff09\u3002

\u6392\u9664\u8def\u7531\u7684\u63a5\u53e3\u3002

\u4e0e include_interface \u51b2\u7a81\u3002

"},{"location":"zh/configuration/inbound/tun/#include_uid","title":"include_uid","text":"

UID \u89c4\u5219\u4ec5\u5728 Linux \u4e0b\u88ab\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 auto_route\u3002

\u9650\u5236\u88ab\u8def\u7531\u7684\u7528\u6237\u3002\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002

"},{"location":"zh/configuration/inbound/tun/#include_uid_range","title":"include_uid_range","text":"

\u9650\u5236\u88ab\u8def\u7531\u7684\u7528\u6237\u8303\u56f4\u3002

"},{"location":"zh/configuration/inbound/tun/#exclude_uid","title":"exclude_uid","text":"

\u6392\u9664\u8def\u7531\u7684\u7528\u6237\u3002

"},{"location":"zh/configuration/inbound/tun/#exclude_uid_range","title":"exclude_uid_range","text":"

\u6392\u9664\u8def\u7531\u7684\u7528\u6237\u8303\u56f4\u3002

"},{"location":"zh/configuration/inbound/tun/#include_android_user","title":"include_android_user","text":"

Android \u7528\u6237\u548c\u5e94\u7528\u89c4\u5219\u4ec5\u5728 Android \u4e0b\u88ab\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 auto_route\u3002

\u9650\u5236\u88ab\u8def\u7531\u7684 Android \u7528\u6237\u3002

\u5e38\u7528\u7528\u6237 ID \u60a8 0 \u5de5\u4f5c\u8d44\u6599 10"},{"location":"zh/configuration/inbound/tun/#include_package","title":"include_package","text":"

\u9650\u5236\u88ab\u8def\u7531\u7684 Android \u5e94\u7528\u5305\u540d\u3002

"},{"location":"zh/configuration/inbound/tun/#exclude_package","title":"exclude_package","text":"

\u6392\u9664\u8def\u7531\u7684 Android \u5e94\u7528\u5305\u540d\u3002

"},{"location":"zh/configuration/inbound/tun/#platform","title":"platform","text":"

\u5e73\u53f0\u7279\u5b9a\u7684\u8bbe\u7f6e\uff0c\u7531\u5ba2\u6237\u7aef\u5e94\u7528\u63d0\u4f9b\u3002

"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxy","title":"platform.http_proxy","text":"

\u7cfb\u7edf HTTP \u4ee3\u7406\u8bbe\u7f6e\u3002

"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxyenabled","title":"platform.http_proxy.enabled","text":"

\u542f\u7528\u7cfb\u7edf HTTP \u4ee3\u7406\u3002

"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxyserver","title":"platform.http_proxy.server","text":"

\u5fc5\u586b

\u7cfb\u7edf HTTP \u4ee3\u7406\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxyserver_port","title":"platform.http_proxy.server_port","text":"

\u5fc5\u586b

\u7cfb\u7edf HTTP \u4ee3\u7406\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxybypass_domain","title":"platform.http_proxy.bypass_domain","text":"

\u5728 Apple \u5e73\u53f0\uff0cbypass_domain \u9879\u5339\u914d\u4e3b\u673a\u540d \u540e\u7f00.

\u7ed5\u8fc7\u4ee3\u7406\u7684\u4e3b\u673a\u540d\u5217\u8868\u3002

"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxymatch_domain","title":"platform.http_proxy.match_domain","text":"

\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u4ee3\u7406\u7684\u4e3b\u673a\u540d\u5217\u8868\u3002

"},{"location":"zh/configuration/inbound/tun/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/vless/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"vless\",\n  \"tag\": \"vless-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n      \"flow\": \"\"\n    }\n  ],\n  \"tls\": {},\n  \"multiplex\": {},\n  \"transport\": {}\n}\n
"},{"location":"zh/configuration/inbound/vless/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/vless/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/vless/#users","title":"users","text":"

\u5fc5\u586b

VLESS \u7528\u6237\u3002

"},{"location":"zh/configuration/inbound/vless/#usersuuid","title":"users.uuid","text":"

\u5fc5\u586b

VLESS \u7528\u6237 ID\u3002

"},{"location":"zh/configuration/inbound/vless/#usersflow","title":"users.flow","text":"

VLESS \u5b50\u534f\u8bae\u3002

\u53ef\u7528\u503c\uff1a

  • xtls-rprx-vision
"},{"location":"zh/configuration/inbound/vless/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/vless/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/inbound/vless/#transport","title":"transport","text":"

V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002

"},{"location":"zh/configuration/inbound/vmess/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"vmess\",\n  \"tag\": \"vmess-in\",\n\n  ... // \u76d1\u542c\u5b57\u6bb5\n\n  \"users\": [\n    {\n      \"name\": \"sekai\",\n      \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n      \"alterId\": 0\n    }\n  ],\n  \"tls\": {},\n  \"multiplex\": {},\n  \"transport\": {}\n}\n
"},{"location":"zh/configuration/inbound/vmess/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"

\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/inbound/vmess/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/vmess/#users","title":"users","text":"

\u5fc5\u586b

VMess \u7528\u6237\u3002

Alter ID \u63cf\u8ff0 0 \u7981\u7528\u65e7\u534f\u8bae > 0 \u542f\u7528\u65e7\u534f\u8bae

\u63d0\u4f9b\u65e7\u534f\u8bae\u652f\u6301\uff08VMess MD5 \u8eab\u4efd\u9a8c\u8bc1\uff09\u4ec5\u51fa\u4e8e\u517c\u5bb9\u6027\u76ee\u7684\uff0c\u4e0d\u5efa\u8bae\u4f7f\u7528 alterId > 1\u3002

"},{"location":"zh/configuration/inbound/vmess/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/inbound/vmess/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/inbound/vmess/#transport","title":"transport","text":"

V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002

"},{"location":"zh/configuration/log/","title":"\u65e5\u5fd7","text":""},{"location":"zh/configuration/log/#_2","title":"\u7ed3\u6784","text":"
{\n  \"log\": {\n    \"disabled\": false,\n    \"level\": \"info\",\n    \"output\": \"box.log\",\n    \"timestamp\": true\n  }\n}\n
"},{"location":"zh/configuration/log/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/log/#disabled","title":"disabled","text":"

\u7981\u7528\u65e5\u5fd7\uff0c\u542f\u52a8\u540e\u4e0d\u8f93\u51fa\u65e5\u5fd7\u3002

"},{"location":"zh/configuration/log/#level","title":"level","text":"

\u65e5\u5fd7\u7b49\u7ea7\uff0c\u53ef\u9009\u503c\uff1atrace debug info warn error fatal panic\u3002

"},{"location":"zh/configuration/log/#output","title":"output","text":"

\u8f93\u51fa\u6587\u4ef6\u8def\u5f84\uff0c\u542f\u52a8\u540e\u5c06\u4e0d\u8f93\u51fa\u5230\u63a7\u5236\u53f0\u3002

"},{"location":"zh/configuration/log/#timestamp","title":"timestamp","text":"

\u6dfb\u52a0\u65f6\u95f4\u5230\u6bcf\u884c\u3002

"},{"location":"zh/configuration/ntp/","title":"NTP","text":"

\u5185\u5efa\u7684 NTP \u5ba2\u6237\u7aef\u670d\u52a1\u3002

\u5982\u679c\u542f\u7528\uff0c\u5b83\u5c06\u4e3a\u50cf TLS/Shadowsocks/VMess \u8fd9\u6837\u7684\u534f\u8bae\u63d0\u4f9b\u65f6\u95f4\uff0c\u8fd9\u5bf9\u4e8e\u65e0\u6cd5\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\u7684\u73af\u5883\u5f88\u6709\u7528\u3002

"},{"location":"zh/configuration/ntp/#_1","title":"\u7ed3\u6784","text":"
{\n  \"ntp\": {\n    \"enabled\": false,\n    \"server\": \"time.apple.com\",\n    \"server_port\": 123,\n    \"interval\": \"30m\",\n\n    ... // \u62e8\u53f7\u5b57\u6bb5\n  }\n}\n
"},{"location":"zh/configuration/ntp/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/ntp/#enabled","title":"enabled","text":"

\u542f\u7528 NTP \u670d\u52a1\u3002

"},{"location":"zh/configuration/ntp/#server","title":"server","text":"

\u5fc5\u586b

NTP \u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/ntp/#server_port","title":"server_port","text":"

NTP \u670d\u52a1\u5668\u7aef\u53e3\u3002

\u9ed8\u8ba4\u4f7f\u7528 123\u3002

"},{"location":"zh/configuration/ntp/#interval","title":"interval","text":"

\u65f6\u95f4\u540c\u6b65\u95f4\u9694\u3002

\u9ed8\u8ba4\u4f7f\u7528 30 \u5206\u949f\u3002

"},{"location":"zh/configuration/ntp/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/","title":"\u51fa\u7ad9","text":""},{"location":"zh/configuration/outbound/#_2","title":"\u7ed3\u6784","text":"
{\n  \"outbounds\": [\n    {\n      \"type\": \"\",\n      \"tag\": \"\"\n    }\n  ]\n}\n
"},{"location":"zh/configuration/outbound/#_3","title":"\u5b57\u6bb5","text":"\u7c7b\u578b \u683c\u5f0f direct Direct block Block socks SOCKS http HTTP shadowsocks Shadowsocks vmess VMess trojan Trojan wireguard Wireguard hysteria Hysteria vless VLESS shadowtls ShadowTLS tuic TUIC hysteria2 Hysteria2 tor Tor ssh SSH dns DNS selector Selector urltest URLTest"},{"location":"zh/configuration/outbound/#tag","title":"tag","text":"

\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/outbound/#_4","title":"\u7279\u6027","text":""},{"location":"zh/configuration/outbound/#ip","title":"\u652f\u6301 IP \u8fde\u63a5\u7684\u51fa\u7ad9","text":"
  • WireGuard
"},{"location":"zh/configuration/outbound/block/","title":"Block","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.

block \u51fa\u7ad9\u5173\u95ed\u6240\u6709\u4f20\u5165\u8bf7\u6c42\u3002

"},{"location":"zh/configuration/outbound/block/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"block\",\n  \"tag\": \"block\"\n}\n
"},{"location":"zh/configuration/outbound/block/#_2","title":"\u5b57\u6bb5","text":"

\u65e0\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/direct/","title":"Direct","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

override_address override_port

direct \u51fa\u7ad9\u76f4\u63a5\u53d1\u9001\u8bf7\u6c42\u3002

"},{"location":"zh/configuration/outbound/direct/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"direct\",\n  \"tag\": \"direct-out\",\n\n  \"override_address\": \"1.0.0.1\",\n  \"override_port\": 53,\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/direct/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/direct/#override_address","title":"override_address","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u76ee\u6807\u8986\u76d6\u5b57\u6bb5\u5728 sing-box 1.11.0 \u4e2d\u5df2\u5e9f\u5f03\uff0c\u5e76\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/direct/#override_port","title":"override_port","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u76ee\u6807\u8986\u76d6\u5b57\u6bb5\u5728 sing-box 1.11.0 \u4e2d\u5df2\u5e9f\u5f03\uff0c\u5e76\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/direct/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/dns/","title":"DNS","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664, \u53c2\u9605 \u8fc1\u79fb\u6307\u5357.

dns \u51fa\u7ad9\u662f\u4e00\u4e2a\u5185\u90e8 DNS \u670d\u52a1\u5668\u3002

"},{"location":"zh/configuration/outbound/dns/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"dns\",\n  \"tag\": \"dns-out\"\n}\n

DNS \u51fa\u7ad9\u6ca1\u6709\u51fa\u7ad9\u8fde\u63a5\uff0c\u6240\u6709\u8bf7\u6c42\u5747\u5728\u5185\u90e8\u5904\u7406\u3002

"},{"location":"zh/configuration/outbound/dns/#_2","title":"\u5b57\u6bb5","text":"

\u65e0\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/http/","title":"HTTP","text":"

http \u51fa\u7ad9\u662f\u4e00\u4e2a HTTP CONNECT \u4ee3\u7406\u5ba2\u6237\u7aef

"},{"location":"zh/configuration/outbound/http/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"http\",\n  \"tag\": \"http-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"username\": \"sekai\",\n  \"password\": \"admin\",\n  \"path\": \"\",\n  \"headers\": {},\n  \"tls\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/http/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/http/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/http/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/http/#username","title":"username","text":"

Basic \u8ba4\u8bc1\u7528\u6237\u540d\u3002

"},{"location":"zh/configuration/outbound/http/#password","title":"password","text":"

Basic \u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/http/#path","title":"path","text":"

HTTP \u8bf7\u6c42\u8def\u5f84\u3002

"},{"location":"zh/configuration/outbound/http/#headers","title":"headers","text":"

HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934\u3002

"},{"location":"zh/configuration/outbound/http/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/http/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/hysteria/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"hysteria\",\n  \"tag\": \"hysteria-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"up\": \"100 Mbps\",\n  \"up_mbps\": 100,\n  \"down\": \"100 Mbps\",\n  \"down_mbps\": 100,\n  \"obfs\": \"fuck me till the daylight\",\n  \"auth\": \"\",\n  \"auth_str\": \"password\",\n  \"recv_window_conn\": 0,\n  \"recv_window\": 0,\n  \"disable_mtu_discovery\": false,\n  \"network\": \"tcp\",\n  \"tls\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/hysteria/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/hysteria/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/hysteria/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/hysteria/#up-down","title":"up, down","text":"

\u5fc5\u586b

\u683c\u5f0f\uff1a [Integer] [Unit] \u4f8b\u5982\uff1a 100 Mbps, 640 KBps, 2 Gbps

\u652f\u6301\u7684\u5355\u4f4d (\u5927\u5c0f\u5199\u654f\u611f, b = bits, B = bytes, 8b=1B)\uff1a

bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n
"},{"location":"zh/configuration/outbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

\u5fc5\u586b

\u4ee5 Mbps \u4e3a\u5355\u4f4d\u7684 up, down\u3002

"},{"location":"zh/configuration/outbound/hysteria/#obfs","title":"obfs","text":"

\u6df7\u6dc6\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/hysteria/#auth","title":"auth","text":"

base64 \u7f16\u7801\u7684\u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/hysteria/#auth_str","title":"auth_str","text":"

\u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"

\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u6d41\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002

\u9ed8\u8ba4 15728640 (15 MB/s)\u3002

"},{"location":"zh/configuration/outbound/hysteria/#recv_window","title":"recv_window","text":"

\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u8fde\u63a5\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002

\u9ed8\u8ba4 67108864 (64 MB/s)\u3002

"},{"location":"zh/configuration/outbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"

\u7981\u7528\u8def\u5f84 MTU \u53d1\u73b0 (RFC 8899)\u3002 \u6570\u636e\u5305\u7684\u5927\u5c0f\u6700\u591a\u4e3a 1252 (IPv4) / 1232 (IPv6) \u5b57\u8282\u3002

\u5f3a\u5236\u4e3a Linux \u548c Windows \u4ee5\u5916\u7684\u7cfb\u7edf\u542f\u7528\uff08\u6839\u636e\u4e0a\u6e38\uff09\u3002

"},{"location":"zh/configuration/outbound/hysteria/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/hysteria/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/hysteria/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"hysteria2\",\n  \"tag\": \"hy2-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"up_mbps\": 100,\n  \"down_mbps\": 100,\n  \"obfs\": {\n    \"type\": \"salamander\",\n    \"password\": \"cry_me_a_r1ver\"\n  },\n  \"password\": \"goofy_ahh_password\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"brutal_debug\": false,\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n

\u4e0e\u5b98\u65b9 Hysteria2 \u7684\u533a\u522b

\u5b98\u65b9\u7a0b\u5e8f\u652f\u6301\u4e00\u79cd\u540d\u4e3a userpass \u7684\u9a8c\u8bc1\u65b9\u5f0f\uff0c \u672c\u8d28\u4e0a\u4e0a\u662f\u5c06\u7528\u6237\u540d\u4e0e\u5bc6\u7801\u7684\u7ec4\u5408 <username>:<password> \u4f5c\u4e3a\u5b9e\u9645\u4e0a\u7684\u5bc6\u7801\uff0c\u800c sing-box \u4e0d\u63d0\u4f9b\u6b64\u522b\u540d\u3002 \u8981\u5c06 sing-box \u4e0e\u5b98\u65b9\u7a0b\u5e8f\u4e00\u8d77\u4f7f\u7528\uff0c \u60a8\u9700\u8981\u586b\u5199\u8be5\u7ec4\u5408\u4f5c\u4e3a\u5b9e\u9645\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/hysteria2/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

\u6700\u5927\u5e26\u5bbd\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528 BBR \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u800c\u4e0d\u662f Hysteria CC\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#obfstype","title":"obfs.type","text":"

QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u7c7b\u578b\uff0c\u4ec5\u53ef\u8bbe\u4e3a salamander\u3002

\u5982\u679c\u4e3a\u7a7a\u5219\u7981\u7528\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#obfspassword","title":"obfs.password","text":"

QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u5bc6\u7801.

"},{"location":"zh/configuration/outbound/hysteria2/#password","title":"password","text":"

\u8ba4\u8bc1\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"

\u542f\u7528 Hysteria Brutal CC \u7684\u8c03\u8bd5\u4fe1\u606f\u65e5\u5fd7\u8bb0\u5f55\u3002

"},{"location":"zh/configuration/outbound/hysteria2/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/selector/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"selector\",\n  \"tag\": \"select\",\n\n  \"outbounds\": [\n    \"proxy-a\",\n    \"proxy-b\",\n    \"proxy-c\"\n  ],\n  \"default\": \"proxy-c\",\n  \"interrupt_exist_connections\": false\n}\n

\u9009\u62e9\u5668\u76ee\u524d\u53ea\u80fd\u901a\u8fc7 Clash API \u6765\u63a7\u5236\u3002

"},{"location":"zh/configuration/outbound/selector/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/selector/#outbounds","title":"outbounds","text":"

\u5fc5\u586b

\u7528\u4e8e\u9009\u62e9\u7684\u51fa\u7ad9\u6807\u7b7e\u5217\u8868\u3002

"},{"location":"zh/configuration/outbound/selector/#default","title":"default","text":"

\u9ed8\u8ba4\u7684\u51fa\u7ad9\u6807\u7b7e\u3002\u9ed8\u8ba4\u4f7f\u7528\u7b2c\u4e00\u4e2a\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/outbound/selector/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"

\u5f53\u9009\u5b9a\u7684\u51fa\u7ad9\u53d1\u751f\u66f4\u6539\u65f6\uff0c\u4e2d\u65ad\u73b0\u6709\u8fde\u63a5\u3002

\u4ec5\u5165\u7ad9\u8fde\u63a5\u53d7\u6b64\u8bbe\u7f6e\u5f71\u54cd\uff0c\u5185\u90e8\u8fde\u63a5\u5c06\u59cb\u7ec8\u88ab\u4e2d\u65ad\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"shadowsocks\",\n  \"tag\": \"ss-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"method\": \"2022-blake3-aes-128-gcm\",\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"plugin\": \"\",\n  \"plugin_opts\": \"\",\n  \"network\": \"udp\",\n  \"udp_over_tcp\": false | {},\n  \"multiplex\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/shadowsocks/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/shadowsocks/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#method","title":"method","text":"

\u5fc5\u586b

\u52a0\u5bc6\u65b9\u6cd5\uff1a

  • 2022-blake3-aes-128-gcm
  • 2022-blake3-aes-256-gcm
  • 2022-blake3-chacha20-poly1305
  • none
  • aes-128-gcm
  • aes-192-gcm
  • aes-256-gcm
  • chacha20-ietf-poly1305
  • xchacha20-ietf-poly1305

\u65e7\u52a0\u5bc6\u65b9\u6cd5\uff1a

  • aes-128-ctr
  • aes-192-ctr
  • aes-256-ctr
  • aes-128-cfb
  • aes-192-cfb
  • aes-256-cfb
  • rc4-md5
  • chacha20-ietf
  • xchacha20
"},{"location":"zh/configuration/outbound/shadowsocks/#password","title":"password","text":"

\u5fc5\u586b

Shadowsocks \u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#plugin","title":"plugin","text":"

Shadowsocks SIP003 \u63d2\u4ef6\uff0c\u7531\u5185\u90e8\u5b9e\u73b0\u3002

\u4ec5\u652f\u6301 obfs-local \u548c v2ray-plugin\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#plugin_opts","title":"plugin_opts","text":"

Shadowsocks SIP003 \u63d2\u4ef6\u53c2\u6570\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#udp_over_tcp","title":"udp_over_tcp","text":"

UDP over TCP \u914d\u7f6e\u3002

\u53c2\u9605 UDP Over TCP\u3002

\u4e0e multiplex \u51b2\u7a81\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/outbound/shadowsocks/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/shadowtls/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"shadowtls\",\n  \"tag\": \"st-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"version\": 3,\n  \"password\": \"fuck me till the daylight\",\n  \"tls\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/shadowtls/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/shadowtls/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/shadowtls/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/shadowtls/#version","title":"version","text":"

ShadowTLS \u534f\u8bae\u7248\u672c\u3002

\u503c \u534f\u8bae\u7248\u672c 1 (default) ShadowTLS v1 2 ShadowTLS v2 3 ShadowTLS v3"},{"location":"zh/configuration/outbound/shadowtls/#password","title":"password","text":"

\u8bbe\u7f6e\u5bc6\u7801\u3002

\u4ec5\u5728 ShadowTLS v2/v3 \u534f\u8bae\u4e2d\u53ef\u7528\u3002

"},{"location":"zh/configuration/outbound/shadowtls/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/shadowtls/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/socks/","title":"SOCKS","text":"

socks \u51fa\u7ad9\u662f socks4/socks4a/socks5 \u5ba2\u6237\u7aef

"},{"location":"zh/configuration/outbound/socks/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"socks\",\n  \"tag\": \"socks-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"version\": \"5\",\n  \"username\": \"sekai\",\n  \"password\": \"admin\",\n  \"network\": \"udp\",\n  \"udp_over_tcp\": false | {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/socks/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/socks/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/socks/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/socks/#version","title":"version","text":"

SOCKS \u7248\u672c, \u53ef\u4e3a 4 4a 5.

\u9ed8\u8ba4\u4f7f\u7528 SOCKS5\u3002

"},{"location":"zh/configuration/outbound/socks/#username","title":"username","text":"

SOCKS \u7528\u6237\u540d\u3002

"},{"location":"zh/configuration/outbound/socks/#password","title":"password","text":"

SOCKS5 \u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/socks/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/socks/#udp_over_tcp","title":"udp_over_tcp","text":"

UDP over TCP \u914d\u7f6e\u3002

\u53c2\u9605 UDP Over TCP\u3002

"},{"location":"zh/configuration/outbound/socks/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/ssh/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"ssh\",\n  \"tag\": \"ssh-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 22,\n  \"user\": \"root\",\n  \"password\": \"admin\",\n  \"private_key\": \"\",\n  \"private_key_path\": \"$HOME/.ssh/id_rsa\",\n  \"private_key_passphrase\": \"\",\n  \"host_key\": [\n    \"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH...\"\n  ],\n  \"host_key_algorithms\": [],\n  \"client_version\": \"SSH-2.0-OpenSSH_7.4p1\",\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/ssh/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/ssh/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/ssh/#server_port","title":"server_port","text":"

\u670d\u52a1\u5668\u7aef\u53e3\uff0c\u9ed8\u8ba4\u4f7f\u7528 22\u3002

"},{"location":"zh/configuration/outbound/ssh/#user","title":"user","text":"

SSH \u7528\u6237, \u9ed8\u8ba4\u4f7f\u7528 root\u3002

"},{"location":"zh/configuration/outbound/ssh/#password","title":"password","text":"

\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/ssh/#private_key","title":"private_key","text":"

\u5bc6\u94a5\u3002

"},{"location":"zh/configuration/outbound/ssh/#private_key_path","title":"private_key_path","text":"

\u5bc6\u94a5\u8def\u5f84\u3002

"},{"location":"zh/configuration/outbound/ssh/#private_key_passphrase","title":"private_key_passphrase","text":"

\u5bc6\u94a5\u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/ssh/#host_key","title":"host_key","text":"

\u4e3b\u673a\u5bc6\u94a5\uff0c\u7559\u7a7a\u63a5\u53d7\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/ssh/#host_key_algorithms","title":"host_key_algorithms","text":"

\u4e3b\u673a\u5bc6\u94a5\u7b97\u6cd5\u3002

"},{"location":"zh/configuration/outbound/ssh/#client_version","title":"client_version","text":"

\u5ba2\u6237\u7aef\u7248\u672c\uff0c\u9ed8\u8ba4\u4f7f\u7528\u968f\u673a\u503c\u3002

"},{"location":"zh/configuration/outbound/ssh/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/tor/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"tor\",\n  \"tag\": \"tor-out\",\n\n  \"executable_path\": \"/usr/bin/tor\",\n  \"extra_args\": [],\n  \"data_directory\": \"$HOME/.cache/tor\",\n  \"torrc\": {\n    \"ClientOnly\": 1\n  },\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n

\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u542b\u5d4c\u5165\u5f0f Tor, \u53c2\u9605 \u5b89\u88c5\u3002

"},{"location":"zh/configuration/outbound/tor/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/tor/#executable_path","title":"executable_path","text":"

Tor \u53ef\u6267\u884c\u6587\u4ef6\u8def\u5f84

\u5982\u679c\u8bbe\u7f6e\uff0c\u5c06\u8986\u76d6\u5d4c\u5165\u5f0f Tor\u3002

"},{"location":"zh/configuration/outbound/tor/#extra_args","title":"extra_args","text":"

\u542f\u52a8 Tor \u65f6\u4f20\u9012\u7684\u9644\u52a0\u53c2\u6570\u5217\u8868\u3002

"},{"location":"zh/configuration/outbound/tor/#data_directory","title":"data_directory","text":"

\u63a8\u8350

Tor \u7684\u6570\u636e\u76ee\u5f55\u3002

\u5982\u672a\u8bbe\u7f6e\uff0c\u6bcf\u6b21\u542f\u52a8\u90fd\u9700\u8981\u957f\u65f6\u95f4\u3002

"},{"location":"zh/configuration/outbound/tor/#torrc","title":"torrc","text":"

torrc \u53c2\u6570\u8868\u3002

\u53c2\u9605 tor(1)\u3002

"},{"location":"zh/configuration/outbound/tor/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/trojan/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"trojan\",\n  \"tag\": \"trojan-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"multiplex\": {},\n  \"transport\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/trojan/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/trojan/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/trojan/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/trojan/#password","title":"password","text":"

\u5fc5\u586b

Trojan \u5bc6\u7801\u3002

"},{"location":"zh/configuration/outbound/trojan/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/trojan/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/trojan/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/outbound/trojan/#transport","title":"transport","text":"

V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002

"},{"location":"zh/configuration/outbound/trojan/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/tuic/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"tuic\",\n  \"tag\": \"tuic-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"uuid\": \"2DD61D93-75D8-4DA4-AC0E-6AECE7EAC365\",\n  \"password\": \"hello\",\n  \"congestion_control\": \"cubic\",\n  \"udp_relay_mode\": \"native\",\n  \"udp_over_stream\": false,\n  \"zero_rtt_handshake\": false,\n  \"heartbeat\": \"10s\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/tuic/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/tuic/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/tuic/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/tuic/#uuid","title":"uuid","text":"

\u5fc5\u586b

TUIC \u7528\u6237 UUID

"},{"location":"zh/configuration/outbound/tuic/#password","title":"password","text":"

TUIC \u7528\u6237\u5bc6\u7801

"},{"location":"zh/configuration/outbound/tuic/#congestion_control","title":"congestion_control","text":"

QUIC \u62e5\u585e\u63a7\u5236\u7b97\u6cd5

\u53ef\u9009\u503c: cubic, new_reno, bbr

\u9ed8\u8ba4\u4f7f\u7528 cubic\u3002

"},{"location":"zh/configuration/outbound/tuic/#udp_relay_mode","title":"udp_relay_mode","text":"

UDP \u5305\u4e2d\u7ee7\u6a21\u5f0f

\u6a21\u5f0f \u63cf\u8ff0 native \u539f\u751f UDP quic \u4f7f\u7528 QUIC \u6d41\u7684\u65e0\u635f UDP \u4e2d\u7ee7\uff0c\u5f15\u5165\u4e86\u989d\u5916\u7684\u5f00\u9500

\u4e0e udp_over_stream \u51b2\u7a81\u3002

"},{"location":"zh/configuration/outbound/tuic/#udp_over_stream","title":"udp_over_stream","text":"

\u8fd9\u662f TUIC \u7684 UDP over TCP \u534f\u8bae \u79fb\u690d\uff0c \u65e8\u5728\u63d0\u4f9b TUIC \u4e0d\u63d0\u4f9b\u7684 \u57fa\u4e8e QUIC \u6d41\u7684 UDP \u4e2d\u7ee7\u6a21\u5f0f\u3002 \u7531\u4e8e\u5b83\u662f\u4e00\u4e2a\u9644\u52a0\u534f\u8bae\uff0c\u56e0\u6b64\u60a8\u9700\u8981\u4f7f\u7528 sing-box \u6216\u5176\u4ed6\u517c\u5bb9\u7684\u7a0b\u5e8f\u4f5c\u4e3a\u670d\u52a1\u5668\u3002

\u6b64\u6a21\u5f0f\u5728\u6b63\u786e\u7684 UDP \u4ee3\u7406\u573a\u666f\u4e2d\u6ca1\u6709\u4efb\u4f55\u79ef\u6781\u4f5c\u7528\uff0c\u4ec5\u9002\u7528\u4e8e\u4e2d\u7ee7\u6d41\u5f0f UDP \u6d41\u91cf\uff08\u57fa\u672c\u4e0a\u662f QUIC \u6d41\uff09\u3002

\u4e0e udp_relay_mode \u51b2\u7a81\u3002

"},{"location":"zh/configuration/outbound/tuic/#zero_rtt_handshake","title":"zero_rtt_handshake","text":"

\u5728\u5ba2\u6237\u7aef\u542f\u7528 0-RTT QUIC \u8fde\u63a5\u63e1\u624b \u8fd9\u5bf9\u6027\u80fd\u5f71\u54cd\u4e0d\u5927\uff0c\u56e0\u4e3a\u534f\u8bae\u662f\u5b8c\u5168\u590d\u7528\u7684

\u5f3a\u70c8\u5efa\u8bae\u7981\u7528\u6b64\u529f\u80fd\uff0c\u56e0\u4e3a\u5b83\u5bb9\u6613\u53d7\u5230\u91cd\u653e\u653b\u51fb\u3002 \u8bf7\u53c2\u9605 Attack of the clones

"},{"location":"zh/configuration/outbound/tuic/#heartbeat","title":"heartbeat","text":"

\u53d1\u9001\u5fc3\u8df3\u5305\u4ee5\u4fdd\u6301\u8fde\u63a5\u5b58\u6d3b\u7684\u65f6\u95f4\u95f4\u9694

"},{"location":"zh/configuration/outbound/tuic/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/tuic/#tls","title":"tls","text":"

\u5fc5\u586b

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/tuic/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/urltest/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"urltest\",\n  \"tag\": \"auto\",\n\n  \"outbounds\": [\n    \"proxy-a\",\n    \"proxy-b\",\n    \"proxy-c\"\n  ],\n  \"url\": \"\",\n  \"interval\": \"\",\n  \"tolerance\": 50,\n  \"idle_timeout\": \"\",\n  \"interrupt_exist_connections\": false\n}\n
"},{"location":"zh/configuration/outbound/urltest/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/urltest/#outbounds","title":"outbounds","text":"

\u5fc5\u586b

\u7528\u4e8e\u6d4b\u8bd5\u7684\u51fa\u7ad9\u6807\u7b7e\u5217\u8868\u3002

"},{"location":"zh/configuration/outbound/urltest/#url","title":"url","text":"

\u7528\u4e8e\u6d4b\u8bd5\u7684\u94fe\u63a5\u3002\u9ed8\u8ba4\u4f7f\u7528 https://www.gstatic.com/generate_204\u3002

"},{"location":"zh/configuration/outbound/urltest/#interval","title":"interval","text":"

\u6d4b\u8bd5\u95f4\u9694\u3002 \u9ed8\u8ba4\u4f7f\u7528 3m\u3002

"},{"location":"zh/configuration/outbound/urltest/#tolerance","title":"tolerance","text":"

\u4ee5\u6beb\u79d2\u4e3a\u5355\u4f4d\u7684\u6d4b\u8bd5\u5bb9\u5dee\u3002 \u9ed8\u8ba4\u4f7f\u7528 50\u3002

"},{"location":"zh/configuration/outbound/urltest/#idle_timeout","title":"idle_timeout","text":"

\u7a7a\u95f2\u8d85\u65f6\u3002\u9ed8\u8ba4\u4f7f\u7528 30m\u3002

"},{"location":"zh/configuration/outbound/urltest/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"

\u5f53\u9009\u5b9a\u7684\u51fa\u7ad9\u53d1\u751f\u66f4\u6539\u65f6\uff0c\u4e2d\u65ad\u73b0\u6709\u8fde\u63a5\u3002

\u4ec5\u5165\u7ad9\u8fde\u63a5\u53d7\u6b64\u8bbe\u7f6e\u5f71\u54cd\uff0c\u5185\u90e8\u8fde\u63a5\u5c06\u59cb\u7ec8\u88ab\u4e2d\u65ad\u3002

"},{"location":"zh/configuration/outbound/vless/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"vless\",\n  \"tag\": \"vless-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n  \"flow\": \"xtls-rprx-vision\",\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"packet_encoding\": \"\",\n  \"multiplex\": {},\n  \"transport\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/vless/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/vless/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/vless/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/vless/#uuid","title":"uuid","text":"

\u5fc5\u586b

VLESS \u7528\u6237 ID\u3002

"},{"location":"zh/configuration/outbound/vless/#flow","title":"flow","text":"

VLESS \u5b50\u534f\u8bae\u3002

\u53ef\u7528\u503c\uff1a

  • xtls-rprx-vision
"},{"location":"zh/configuration/outbound/vless/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/vless/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/vless/#packet_encoding","title":"packet_encoding","text":"

UDP \u5305\u7f16\u7801\uff0c\u9ed8\u8ba4\u4f7f\u7528 xudp\u3002

\u7f16\u7801 \u63cf\u8ff0 (\u7a7a) \u7981\u7528 packetaddr \u7531 v2ray 5+ \u652f\u6301 xudp \u7531 xray \u652f\u6301"},{"location":"zh/configuration/outbound/vless/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/outbound/vless/#transport","title":"transport","text":"

V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002

"},{"location":"zh/configuration/outbound/vless/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/vmess/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"vmess\",\n  \"tag\": \"vmess-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n  \"security\": \"auto\",\n  \"alter_id\": 0,\n  \"global_padding\": false,\n  \"authenticated_length\": true,\n  \"network\": \"tcp\",\n  \"tls\": {},\n  \"packet_encoding\": \"\",\n  \"multiplex\": {},\n  \"transport\": {},\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/vmess/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/vmess/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/vmess/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/vmess/#uuid","title":"uuid","text":"

\u5fc5\u586b

VMess \u7528\u6237 ID\u3002

"},{"location":"zh/configuration/outbound/vmess/#security","title":"security","text":"

\u52a0\u5bc6\u65b9\u6cd5\uff1a

  • auto
  • none
  • zero
  • aes-128-gcm
  • chacha20-poly1305

\u65e7\u52a0\u5bc6\u65b9\u6cd5\uff1a

  • aes-128-ctr
"},{"location":"zh/configuration/outbound/vmess/#alter_id","title":"alter_id","text":"Alter ID \u63cf\u8ff0 0 \u7981\u7528\u65e7\u534f\u8bae 1 \u542f\u7528\u65e7\u534f\u8bae > 1 \u672a\u4f7f\u7528, \u884c\u4e3a\u540c 1"},{"location":"zh/configuration/outbound/vmess/#global_padding","title":"global_padding","text":"

\u534f\u8bae\u53c2\u6570\u3002 \u5982\u679c\u542f\u7528\u4f1a\u968f\u673a\u6d6a\u8d39\u6d41\u91cf\uff08\u5728 v2ray \u4e2d\u9ed8\u8ba4\u542f\u7528\u5e76\u4e14\u65e0\u6cd5\u7981\u7528\uff09\u3002

"},{"location":"zh/configuration/outbound/vmess/#authenticated_length","title":"authenticated_length","text":"

\u534f\u8bae\u53c2\u6570\u3002\u542f\u7528\u957f\u5ea6\u5757\u52a0\u5bc6\u3002

"},{"location":"zh/configuration/outbound/vmess/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/vmess/#tls","title":"tls","text":"

TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002

"},{"location":"zh/configuration/outbound/vmess/#packet_encoding","title":"packet_encoding","text":"

UDP \u5305\u7f16\u7801\u3002

\u7f16\u7801 \u63cf\u8ff0 (\u7a7a) \u7981\u7528 packetaddr \u7531 v2ray 5+ \u652f\u6301 xudp \u7531 xray \u652f\u6301"},{"location":"zh/configuration/outbound/vmess/#multiplex","title":"multiplex","text":"

\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/outbound/vmess/#transport","title":"transport","text":"

V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002

"},{"location":"zh/configuration/outbound/vmess/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/outbound/wireguard/","title":"WireGuard","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

WireGuard \u51fa\u7ad9\u5df2\u88ab\u542f\u7528\uff0c\u4e14\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

gso

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

gso

"},{"location":"zh/configuration/outbound/wireguard/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"wireguard\",\n  \"tag\": \"wireguard-out\",\n\n  \"server\": \"127.0.0.1\",\n  \"server_port\": 1080,\n  \"system_interface\": false,\n  \"interface_name\": \"wg0\",\n  \"local_address\": [\n    \"10.0.0.1/32\"\n  ],\n  \"private_key\": \"YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=\",\n  \"peer_public_key\": \"Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=\",\n  \"pre_shared_key\": \"31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=\",\n  \"reserved\": [0, 0, 0],\n  \"workers\": 4,\n  \"mtu\": 1408,\n  \"network\": \"tcp\",\n\n  // \u5e9f\u5f03\u7684\n\n  \"gso\": false,\n\n  ... // \u62e8\u53f7\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/outbound/wireguard/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/wireguard/#server","title":"server","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u5730\u5740\u3002

"},{"location":"zh/configuration/outbound/wireguard/#server_port","title":"server_port","text":"

\u5fc5\u586b

\u670d\u52a1\u5668\u7aef\u53e3\u3002

"},{"location":"zh/configuration/outbound/wireguard/#system_interface","title":"system_interface","text":"

\u4f7f\u7528\u7cfb\u7edf\u8bbe\u5907\u3002

\u9700\u8981\u7279\u6743\u4e14\u4e0d\u80fd\u4e0e\u5df2\u6709\u7cfb\u7edf\u63a5\u53e3\u51b2\u7a81\u3002

\u5982\u679c gVisor \u672a\u5305\u542b\u5728\u6784\u5efa\u4e2d\uff0c\u5219\u5f3a\u5236\u6267\u884c\u3002

"},{"location":"zh/configuration/outbound/wireguard/#interface_name","title":"interface_name","text":"

\u4e3a\u7cfb\u7edf\u63a5\u53e3\u81ea\u5b9a\u4e49\u8bbe\u5907\u540d\u79f0\u3002

"},{"location":"zh/configuration/outbound/wireguard/#gso","title":"gso","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u81ea sing-box 1.11.0 \u8d77\uff0cGSO \u5c06\u53ef\u7528\u65f6\u81ea\u52a8\u542f\u7528\u3002

\u81ea sing-box 1.8.0 \u8d77

\u4ec5\u652f\u6301 Linux\u3002

\u5c1d\u8bd5\u542f\u7528\u901a\u7528\u5206\u6bb5\u5378\u8f7d\u3002

"},{"location":"zh/configuration/outbound/wireguard/#local_address","title":"local_address","text":"

\u5fc5\u586b

\u63a5\u53e3\u7684 IPv4/IPv6 \u5730\u5740\u6216\u5730\u5740\u6bb5\u7684\u5217\u8868\u60a8\u3002

\u8981\u5206\u914d\u7ed9\u63a5\u53e3\u7684 IP\uff08v4 \u6216 v6\uff09\u5730\u5740\u6bb5\u5217\u8868\u3002

"},{"location":"zh/configuration/outbound/wireguard/#private_key","title":"private_key","text":"

\u5fc5\u586b

WireGuard \u9700\u8981 base64 \u7f16\u7801\u7684\u516c\u94a5\u548c\u79c1\u94a5\u3002 \u8fd9\u4e9b\u53ef\u4ee5\u4f7f\u7528 wg(8) \u5b9e\u7528\u7a0b\u5e8f\u751f\u6210\uff1a

wg genkey\necho \"private key\" || wg pubkey\n
"},{"location":"zh/configuration/outbound/wireguard/#peer_public_key","title":"peer_public_key","text":"

\u5fc5\u586b

WireGuard \u5bf9\u7b49\u516c\u94a5\u3002

"},{"location":"zh/configuration/outbound/wireguard/#pre_shared_key","title":"pre_shared_key","text":"

WireGuard \u9884\u5171\u4eab\u5bc6\u94a5\u3002

"},{"location":"zh/configuration/outbound/wireguard/#reserved","title":"reserved","text":"

WireGuard \u4fdd\u7559\u5b57\u6bb5\u5b57\u8282\u3002

"},{"location":"zh/configuration/outbound/wireguard/#workers","title":"workers","text":"

WireGuard worker \u6570\u91cf\u3002

\u9ed8\u8ba4\u4f7f\u7528 CPU \u6570\u91cf\u3002

"},{"location":"zh/configuration/outbound/wireguard/#mtu","title":"mtu","text":"

WireGuard MTU\u3002

\u9ed8\u8ba4\u4f7f\u7528 1408\u3002

"},{"location":"zh/configuration/outbound/wireguard/#network","title":"network","text":"

\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae

tcp \u6216 udp\u3002

\u9ed8\u8ba4\u6240\u6709\u3002

"},{"location":"zh/configuration/outbound/wireguard/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/","title":"\u8def\u7531","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

network_strategy default_network_type default_fallback_network_type default_fallback_delay

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

rule_set geoip geosite

"},{"location":"zh/configuration/route/#_2","title":"\u7ed3\u6784","text":"
{\n  \"route\": {\n    \"geoip\": {},\n    \"geosite\": {},\n    \"rules\": [],\n    \"rule_set\": [],\n    \"final\": \"\",\n    \"auto_detect_interface\": false,\n    \"override_android_vpn\": false,\n    \"default_interface\": \"\",\n    \"default_mark\": 0,\n    \"default_network_strategy\": \"\",\n    \"default_fallback_delay\": \"\"\n  }\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

"},{"location":"zh/configuration/route/#_3","title":"\u5b57\u6bb5","text":"\u952e \u683c\u5f0f geoip GeoIP geosite Geosite"},{"location":"zh/configuration/route/#rule","title":"rule","text":"

\u4e00\u7ec4 \u8def\u7531\u89c4\u5219 \u3002

"},{"location":"zh/configuration/route/#rule_set","title":"rule_set","text":"

\u81ea sing-box 1.8.0 \u8d77

\u4e00\u7ec4 \u89c4\u5219\u96c6\u3002

"},{"location":"zh/configuration/route/#final","title":"final","text":"

\u9ed8\u8ba4\u51fa\u7ad9\u6807\u7b7e\u3002\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u7b2c\u4e00\u4e2a\u53ef\u7528\u4e8e\u5bf9\u5e94\u534f\u8bae\u7684\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/route/#auto_detect_interface","title":"auto_detect_interface","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002

\u9ed8\u8ba4\u5c06\u51fa\u7ad9\u8fde\u63a5\u7ed1\u5b9a\u5230\u9ed8\u8ba4\u7f51\u5361\uff0c\u4ee5\u9632\u6b62\u5728 tun \u4e0b\u51fa\u73b0\u8def\u7531\u73af\u8def\u3002

\u5982\u679c\u8bbe\u7f6e\u4e86 outbound.bind_interface \u8bbe\u7f6e\uff0c\u5219\u4e0d\u751f\u6548\u3002

"},{"location":"zh/configuration/route/#override_android_vpn","title":"override_android_vpn","text":"

\u4ec5\u652f\u6301 Android\u3002

\u542f\u7528 auto_detect_interface \u65f6\u63a5\u53d7 Android VPN \u4f5c\u4e3a\u4e0a\u6e38\u7f51\u5361\u3002

"},{"location":"zh/configuration/route/#default_interface","title":"default_interface","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002

\u9ed8\u8ba4\u5c06\u51fa\u7ad9\u8fde\u63a5\u7ed1\u5b9a\u5230\u6307\u5b9a\u7f51\u5361\uff0c\u4ee5\u9632\u6b62\u5728 tun \u4e0b\u51fa\u73b0\u8def\u7531\u73af\u8def\u3002

\u5982\u679c\u8bbe\u7f6e\u4e86 auto_detect_interface \u8bbe\u7f6e\uff0c\u5219\u4e0d\u751f\u6548\u3002

"},{"location":"zh/configuration/route/#default_mark","title":"default_mark","text":"

\u4ec5\u652f\u6301 Linux\u3002

\u9ed8\u8ba4\u4e3a\u51fa\u7ad9\u8fde\u63a5\u8bbe\u7f6e\u8def\u7531\u6807\u8bb0\u3002

\u5982\u679c\u8bbe\u7f6e\u4e86 outbound.routing_mark \u8bbe\u7f6e\uff0c\u5219\u4e0d\u751f\u6548\u3002

"},{"location":"zh/configuration/route/#network_strategy","title":"network_strategy","text":"

\u81ea sing-box 1.11.0 \u8d77

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

\u5f53 outbound.bind_interface, outbound.inet4_bind_address \u6216 outbound.inet6_bind_address \u5df2\u8bbe\u7f6e\u65f6\u4e0d\u751f\u6548\u3002

\u53ef\u4ee5\u88ab outbound.network_strategy \u8986\u76d6\u3002

\u4e0e default_interface \u51b2\u7a81\u3002

"},{"location":"zh/configuration/route/#default_network_type","title":"default_network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/#default_fallback_network_type","title":"default_fallback_network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/#default_fallback_delay","title":"default_fallback_delay","text":"

\u81ea sing-box 1.11.0 \u8d77

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/geoip/","title":"GeoIP","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

GeoIP \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

"},{"location":"zh/configuration/route/geoip/#_1","title":"\u7ed3\u6784","text":"
{\n  \"route\": {\n    \"geoip\": {\n      \"path\": \"\",\n      \"download_url\": \"\",\n      \"download_detour\": \"\"\n    }\n  }\n}\n
"},{"location":"zh/configuration/route/geoip/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/route/geoip/#path","title":"path","text":"

\u6307\u5b9a GeoIP \u8d44\u6e90\u7684\u8def\u5f84\u3002

\u9ed8\u8ba4 geoip.db\u3002

"},{"location":"zh/configuration/route/geoip/#download_url","title":"download_url","text":"

\u6307\u5b9a GeoIP \u8d44\u6e90\u7684\u4e0b\u8f7d\u94fe\u63a5\u3002

\u9ed8\u8ba4\u4e3a https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db\u3002

"},{"location":"zh/configuration/route/geoip/#download_detour","title":"download_detour","text":"

\u7528\u4e8e\u4e0b\u8f7d GeoIP \u8d44\u6e90\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/route/geosite/","title":"Geosite","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

Geosite \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

"},{"location":"zh/configuration/route/geosite/#_1","title":"\u7ed3\u6784","text":"
{\n  \"route\": {\n    \"geosite\": {\n      \"path\": \"\",\n      \"download_url\": \"\",\n      \"download_detour\": \"\"\n    }\n  }\n}\n
"},{"location":"zh/configuration/route/geosite/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/route/geosite/#path","title":"path","text":"

\u6307\u5b9a GeoSite \u8d44\u6e90\u7684\u8def\u5f84\u3002

\u9ed8\u8ba4 geosite.db\u3002

"},{"location":"zh/configuration/route/geosite/#download_url","title":"download_url","text":"

\u6307\u5b9a GeoSite \u8d44\u6e90\u7684\u4e0b\u8f7d\u94fe\u63a5\u3002

\u9ed8\u8ba4\u4e3a https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db\u3002

"},{"location":"zh/configuration/route/geosite/#download_detour","title":"download_detour","text":"

\u7528\u4e8e\u4e0b\u8f7d GeoSite \u8d44\u6e90\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/route/rule/","title":"\u8def\u7531\u89c4\u5219","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

action outbound network_type network_is_expensive network_is_constrained

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

client rule_set_ipcidr_match_source process_path_regex

sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539

rule_set rule_set_ipcidr_match_source source_ip_is_private ip_is_private source_geoip geoip geosite

"},{"location":"zh/configuration/route/rule/#_1","title":"\u7ed3\u6784","text":"
{\n  \"route\": {\n    \"rules\": [\n      {\n        \"inbound\": [\n          \"mixed-in\"\n        ],\n        \"ip_version\": 6,\n        \"network\": [\n          \"tcp\"\n        ],\n        \"auth_user\": [\n          \"usera\",\n          \"userb\"\n        ],\n        \"protocol\": [\n          \"tls\",\n          \"http\",\n          \"quic\"\n        ],\n        \"client\": [\n          \"chromium\",\n          \"safari\",\n          \"firefox\",\n          \"quic-go\"\n        ],\n        \"domain\": [\n          \"test.com\"\n        ],\n        \"domain_suffix\": [\n          \".cn\"\n        ],\n        \"domain_keyword\": [\n          \"test\"\n        ],\n        \"domain_regex\": [\n          \"^stun\\\\..+\"\n        ],\n        \"geosite\": [\n          \"cn\"\n        ],\n        \"source_geoip\": [\n          \"private\"\n        ],\n        \"geoip\": [\n          \"cn\"\n        ],\n        \"source_ip_cidr\": [\n          \"10.0.0.0/24\"\n        ],\n        \"source_ip_is_private\": false,\n        \"ip_cidr\": [\n          \"10.0.0.0/24\"\n        ],\n        \"ip_is_private\": false,\n        \"source_port\": [\n          12345\n        ],\n        \"source_port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"port\": [\n          80,\n          443\n        ],\n        \"port_range\": [\n          \"1000:2000\",\n          \":3000\",\n          \"4000:\"\n        ],\n        \"process_name\": [\n          \"curl\"\n        ],\n        \"process_path\": [\n          \"/usr/bin/curl\"\n        ],\n        \"process_path_regex\": [\n          \"^/usr/bin/.+\"\n        ],\n        \"package_name\": [\n          \"com.termux\"\n        ],\n        \"user\": [\n          \"sekai\"\n        ],\n        \"user_id\": [\n          1000\n        ],\n        \"clash_mode\": \"direct\",\n        \"network_type\": [\n          \"wifi\"\n        ],\n        \"network_is_expensive\": false,\n        \"network_is_constrained\": false,\n        \"wifi_ssid\": [\n          \"My WIFI\"\n        ],\n        \"wifi_bssid\": [\n          \"00:00:00:00:00:00\"\n        ],\n        \"rule_set\": [\n          \"geoip-cn\",\n          \"geosite-cn\"\n        ],\n        // \u5df2\u5f03\u7528\n        \"rule_set_ipcidr_match_source\": false,\n        \"rule_set_ip_cidr_match_source\": false,\n        \"invert\": false,\n        \"action\": \"route\",\n        \"outbound\": \"direct\"\n      },\n      {\n        \"type\": \"logical\",\n        \"mode\": \"and\",\n        \"rules\": [],\n        \"invert\": false,\n        \"action\": \"route\",\n        \"outbound\": \"direct\"\n      }\n    ]\n  }\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002

"},{"location":"zh/configuration/route/rule/#_2","title":"\u9ed8\u8ba4\u5b57\u6bb5","text":"

\u9ed8\u8ba4\u89c4\u5219\u4f7f\u7528\u4ee5\u4e0b\u5339\u914d\u903b\u8f91: (domain || domain_suffix || domain_keyword || domain_regex || geosite || geoip || ip_cidr || ip_is_private) && (port || port_range) && (source_geoip || source_ip_cidr || source_ip_is_private) && (source_port || source_port_range) && other fields

\u53e6\u5916\uff0c\u5f15\u7528\u7684\u89c4\u5219\u96c6\u53ef\u89c6\u4e3a\u88ab\u5408\u5e76\uff0c\u800c\u4e0d\u662f\u4f5c\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684\u89c4\u5219\u5b50\u9879\u3002

"},{"location":"zh/configuration/route/rule/#inbound","title":"inbound","text":"

\u5165\u7ad9 \u6807\u7b7e\u3002

"},{"location":"zh/configuration/route/rule/#ip_version","title":"ip_version","text":"

4 \u6216 6\u3002

\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002

"},{"location":"zh/configuration/route/rule/#auth_user","title":"auth_user","text":"

\u8ba4\u8bc1\u7528\u6237\u540d\uff0c\u53c2\u9605\u5165\u7ad9\u8bbe\u7f6e\u3002

"},{"location":"zh/configuration/route/rule/#protocol","title":"protocol","text":"

\u63a2\u6d4b\u5230\u7684\u534f\u8bae, \u53c2\u9605 \u534f\u8bae\u63a2\u6d4b\u3002

"},{"location":"zh/configuration/route/rule/#client","title":"client","text":"

\u81ea sing-box 1.10.0 \u8d77

\u63a2\u6d4b\u5230\u7684\u5ba2\u6237\u7aef\u7c7b\u578b, \u53c2\u9605 \u534f\u8bae\u63a2\u6d4b\u3002

"},{"location":"zh/configuration/route/rule/#network","title":"network","text":"

tcp \u6216 udp\u3002

"},{"location":"zh/configuration/route/rule/#domain","title":"domain","text":"

\u5339\u914d\u5b8c\u6574\u57df\u540d\u3002

"},{"location":"zh/configuration/route/rule/#domain_suffix","title":"domain_suffix","text":"

\u5339\u914d\u57df\u540d\u540e\u7f00\u3002

"},{"location":"zh/configuration/route/rule/#domain_keyword","title":"domain_keyword","text":"

\u5339\u914d\u57df\u540d\u5173\u952e\u5b57\u3002

"},{"location":"zh/configuration/route/rule/#domain_regex","title":"domain_regex","text":"

\u5339\u914d\u57df\u540d\u6b63\u5219\u8868\u8fbe\u5f0f\u3002

"},{"location":"zh/configuration/route/rule/#geosite","title":"geosite","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

Geosite \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u5339\u914d Geosite\u3002

"},{"location":"zh/configuration/route/rule/#source_geoip","title":"source_geoip","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

GeoIP \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u5339\u914d\u6e90 GeoIP\u3002

"},{"location":"zh/configuration/route/rule/#geoip","title":"geoip","text":"

\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03

GeoIP \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002

\u5339\u914d GeoIP\u3002

"},{"location":"zh/configuration/route/rule/#source_ip_cidr","title":"source_ip_cidr","text":"

\u5339\u914d\u6e90 IP CIDR\u3002

"},{"location":"zh/configuration/route/rule/#source_ip_is_private","title":"source_ip_is_private","text":"

\u81ea sing-box 1.8.0 \u8d77

\u5339\u914d\u975e\u516c\u5f00\u6e90 IP\u3002

"},{"location":"zh/configuration/route/rule/#ip_cidr","title":"ip_cidr","text":"

\u5339\u914d IP CIDR\u3002

"},{"location":"zh/configuration/route/rule/#ip_is_private","title":"ip_is_private","text":"

\u81ea sing-box 1.8.0 \u8d77

\u5339\u914d\u975e\u516c\u5f00 IP\u3002

"},{"location":"zh/configuration/route/rule/#source_port","title":"source_port","text":"

\u5339\u914d\u6e90\u7aef\u53e3\u3002

"},{"location":"zh/configuration/route/rule/#source_port_range","title":"source_port_range","text":"

\u5339\u914d\u6e90\u7aef\u53e3\u8303\u56f4\u3002

"},{"location":"zh/configuration/route/rule/#port","title":"port","text":"

\u5339\u914d\u7aef\u53e3\u3002

"},{"location":"zh/configuration/route/rule/#port_range","title":"port_range","text":"

\u5339\u914d\u7aef\u53e3\u8303\u56f4\u3002

"},{"location":"zh/configuration/route/rule/#process_name","title":"process_name","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002

\u5339\u914d\u8fdb\u7a0b\u540d\u79f0\u3002

"},{"location":"zh/configuration/route/rule/#process_path","title":"process_path","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002

"},{"location":"zh/configuration/route/rule/#process_path_regex","title":"process_path_regex","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002

"},{"location":"zh/configuration/route/rule/#package_name","title":"package_name","text":"

\u5339\u914d Android \u5e94\u7528\u5305\u540d\u3002

"},{"location":"zh/configuration/route/rule/#user","title":"user","text":"

\u4ec5\u652f\u6301 Linux.

\u5339\u914d\u7528\u6237\u540d\u3002

"},{"location":"zh/configuration/route/rule/#user_id","title":"user_id","text":"

\u4ec5\u652f\u6301 Linux.

\u5339\u914d\u7528\u6237 ID\u3002

"},{"location":"zh/configuration/route/rule/#clash_mode","title":"clash_mode","text":"

\u5339\u914d Clash \u6a21\u5f0f\u3002

"},{"location":"zh/configuration/route/rule/#network_type","title":"network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u7f51\u7edc\u7c7b\u578b\u3002

Available values: wifi, cellular, ethernet and other.

"},{"location":"zh/configuration/route/rule/#network_is_expensive","title":"network_is_expensive","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u5982\u679c\u7f51\u7edc\u88ab\u89c6\u4e3a\u8ba1\u8d39 (\u5728 Android) \u6216\u88ab\u89c6\u4e3a\u6602\u8d35\uff0c \u50cf\u8702\u7a9d\u7f51\u7edc\u6216\u4e2a\u4eba\u70ed\u70b9 (\u5728 Apple \u5e73\u53f0)\u3002

"},{"location":"zh/configuration/route/rule/#network_is_constrained","title":"network_is_constrained","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u5982\u679c\u7f51\u7edc\u5728\u4f4e\u6570\u636e\u6a21\u5f0f\u4e0b\u3002

"},{"location":"zh/configuration/route/rule/#wifi_ssid","title":"wifi_ssid","text":"

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d WiFi SSID\u3002

"},{"location":"zh/configuration/route/rule/#wifi_bssid","title":"wifi_bssid","text":"

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d WiFi BSSID\u3002

"},{"location":"zh/configuration/route/rule/#rule_set","title":"rule_set","text":"

\u81ea sing-box 1.8.0 \u8d77

\u5339\u914d\u89c4\u5219\u96c6\u3002

"},{"location":"zh/configuration/route/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"

\u81ea sing-box 1.8.0 \u8d77

\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03

rule_set_ipcidr_match_source \u5df2\u91cd\u547d\u540d\u4e3a rule_set_ip_cidr_match_source \u4e14\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 ip_cidr \u89c4\u5219\u5339\u914d\u6e90 IP\u3002

"},{"location":"zh/configuration/route/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 ip_cidr \u89c4\u5219\u5339\u914d\u6e90 IP\u3002

"},{"location":"zh/configuration/route/rule/#invert","title":"invert","text":"

\u53cd\u9009\u5339\u914d\u7ed3\u679c\u3002

"},{"location":"zh/configuration/route/rule/#action","title":"action","text":"

\u5fc5\u586b

\u53c2\u9605 \u89c4\u5219\u52a8\u4f5c\u3002

"},{"location":"zh/configuration/route/rule/#outbound","title":"outbound","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5df2\u79fb\u52a8\u5230 \u89c4\u5219\u52a8\u4f5c.

"},{"location":"zh/configuration/route/rule/#_3","title":"\u903b\u8f91\u5b57\u6bb5","text":""},{"location":"zh/configuration/route/rule/#mode","title":"mode","text":"

\u5fc5\u586b

and \u6216 or

"},{"location":"zh/configuration/route/rule/#rules","title":"rules","text":"

\u5fc5\u586b

\u5305\u62ec\u7684\u89c4\u5219\u3002

"},{"location":"zh/configuration/route/rule_action/","title":"\u89c4\u5219\u52a8\u4f5c","text":""},{"location":"zh/configuration/route/rule_action/#_1","title":"\u6700\u7ec8\u52a8\u4f5c","text":""},{"location":"zh/configuration/route/rule_action/#route","title":"route","text":"
{\n  \"action\": \"route\", // \u9ed8\u8ba4\n  \"outbound\": \"\",\n\n  ... // route-options \u5b57\u6bb5\n}\n

route \u7ee7\u627f\u4e86\u5c06\u8fde\u63a5\u8def\u7531\u5230\u6307\u5b9a\u51fa\u7ad9\u7684\u7ecf\u5178\u89c4\u5219\u52a8\u4f5c\u3002

"},{"location":"zh/configuration/route/rule_action/#outbound","title":"outbound","text":"

\u5fc5\u586b

\u76ee\u6807\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/route/rule_action/#route-options","title":"route-options \u5b57\u6bb5","text":"

\u53c2\u9605\u4e0b\u65b9\u7684 route-options \u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/rule_action/#route-options_1","title":"route-options","text":"
{\n  \"action\": \"route-options\",\n  \"override_address\": \"\",\n  \"override_port\": 0,\n  \"network_strategy\": \"\",\n  \"fallback_delay\": \"\",\n  \"udp_disable_domain_unmapping\": false,\n  \"udp_connect\": false,\n  \"udp_timeout\": \"\"\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

route-options \u4e3a\u8def\u7531\u8bbe\u7f6e\u9009\u9879\u3002

"},{"location":"zh/configuration/route/rule_action/#override_address","title":"override_address","text":"

\u8986\u76d6\u76ee\u6807\u5730\u5740\u3002

"},{"location":"zh/configuration/route/rule_action/#override_port","title":"override_port","text":"

\u8986\u76d6\u76ee\u6807\u7aef\u53e3\u3002

"},{"location":"zh/configuration/route/rule_action/#network_strategy","title":"network_strategy","text":"

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

\u4ec5\u5f53\u51fa\u7ad9\u4e3a direct \u4e14 outbound.bind_interface, outbound.inet4_bind_address \u4e14 outbound.inet6_bind_address \u672a\u8bbe\u7f6e\u65f6\u751f\u6548\u3002

"},{"location":"zh/configuration/route/rule_action/#network_type","title":"network_type","text":"

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/rule_action/#fallback_network_type","title":"fallback_network_type","text":"

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/rule_action/#fallback_delay","title":"fallback_delay","text":"

\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/route/rule_action/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"

\u5982\u679c\u542f\u7528\uff0c\u5bf9\u4e8e\u5730\u5740\u4e3a\u57df\u7684 UDP \u4ee3\u7406\u8bf7\u6c42\uff0c\u5c06\u5728\u54cd\u5e94\u4e2d\u53d1\u9001\u539f\u59cb\u5305\u5730\u5740\u800c\u4e0d\u662f\u6620\u5c04\u7684\u57df\u3002

\u6b64\u9009\u9879\u7528\u4e8e\u517c\u5bb9\u4e0d\u652f\u6301\u63a5\u6536\u5e26\u6709\u57df\u5730\u5740\u7684 UDP \u5305\u7684\u5ba2\u6237\u7aef\uff0c\u5982 Surge\u3002

"},{"location":"zh/configuration/route/rule_action/#udp_connect","title":"udp_connect","text":"

\u5982\u679c\u542f\u7528\uff0c\u5c06\u5c1d\u8bd5\u5c06 UDP \u8fde\u63a5 connect \u5230\u76ee\u6807\u800c\u4e0d\u662f listen\u3002

"},{"location":"zh/configuration/route/rule_action/#udp_timeout","title":"udp_timeout","text":"

UDP \u8fde\u63a5\u8d85\u65f6\u65f6\u95f4\u3002

\u8bbe\u7f6e\u6bd4\u5165\u7ad9 UDP \u8d85\u65f6\u66f4\u5927\u7684\u503c\u5c06\u65e0\u6548\u3002

\u5df2\u63a2\u6d4b\u534f\u8bae\u8fde\u63a5\u7684\u9ed8\u8ba4\u503c\uff1a

\u8d85\u65f6 \u534f\u8bae 10s dns, ntp, stun 30s quic, dtls

\u5982\u679c\u6ca1\u6709\u63a2\u6d4b\u5230\u534f\u8bae\uff0c\u4ee5\u4e0b\u7aef\u53e3\u5c06\u9ed8\u8ba4\u8bc6\u522b\u4e3a\u534f\u8bae\uff1a

\u7aef\u53e3 \u534f\u8bae 53 dns 123 ntp 443 quic 3478 stun"},{"location":"zh/configuration/route/rule_action/#reject","title":"reject","text":"
{\n  \"action\": \"reject\",\n  \"method\": \"default\",  // \u9ed8\u8ba4\n  \"no_drop\": false\n}\n

reject \u62d2\u7edd\u8fde\u63a5\u3002

\u5982\u679c\u5c1a\u672a\u6267\u884c sniff \u64cd\u4f5c\uff0c\u5219\u5c06\u4f7f\u7528\u6307\u5b9a\u65b9\u6cd5\u62d2\u7edd tun \u8fde\u63a5\u3002

\u5bf9\u4e8e\u975e tun \u8fde\u63a5\u548c\u5df2\u5efa\u7acb\u7684\u8fde\u63a5\uff0c\u5c06\u76f4\u63a5\u5173\u95ed\u3002

"},{"location":"zh/configuration/route/rule_action/#method","title":"method","text":"
  • default: \u5bf9\u4e8e TCP \u8fde\u63a5\u56de\u590d RST\uff0c\u5bf9\u4e8e UDP \u5305\u56de\u590d ICMP \u7aef\u53e3\u4e0d\u53ef\u8fbe\u3002
  • drop: \u4e22\u5f03\u6570\u636e\u5305\u3002
"},{"location":"zh/configuration/route/rule_action/#no_drop","title":"no_drop","text":"

\u5982\u679c\u672a\u542f\u7528\uff0c\u5219 30 \u79d2\u5185\u89e6\u53d1 50 \u6b21\u540e\uff0cmethod \u5c06\u88ab\u6682\u65f6\u8986\u76d6\u4e3a drop\u3002

\u5f53 method \u8bbe\u4e3a drop \u65f6\u4e0d\u53ef\u7528\u3002

"},{"location":"zh/configuration/route/rule_action/#hijack-dns","title":"hijack-dns","text":"
{\n  \"action\": \"hijack-dns\"\n}\n

hijack-dns \u52ab\u6301 DNS \u8bf7\u6c42\u81f3 sing-box DNS \u6a21\u5757\u3002

"},{"location":"zh/configuration/route/rule_action/#_2","title":"\u975e\u6700\u7ec8\u52a8\u4f5c","text":""},{"location":"zh/configuration/route/rule_action/#sniff","title":"sniff","text":"
{\n  \"action\": \"sniff\",\n  \"sniffer\": [],\n  \"timeout\": \"\"\n}\n

sniff \u5bf9\u8fde\u63a5\u6267\u884c\u534f\u8bae\u55c5\u63a2\u3002

\u5bf9\u4e8e\u5df2\u5f03\u7528\u7684 inbound.sniff \u9009\u9879\uff0c\u88ab\u89c6\u4e3a\u5728\u8def\u7531\u4e4b\u524d\u6267\u884c\u7684 sniff\u3002

"},{"location":"zh/configuration/route/rule_action/#sniffer","title":"sniffer","text":"

\u542f\u7528\u7684\u63a2\u6d4b\u5668\u3002

\u9ed8\u8ba4\u542f\u7528\u6240\u6709\u63a2\u6d4b\u5668\u3002

\u53ef\u7528\u7684\u534f\u8bae\u503c\u53ef\u4ee5\u5728 \u534f\u8bae\u55c5\u63a2 \u4e2d\u627e\u5230\u3002

"},{"location":"zh/configuration/route/rule_action/#timeout","title":"timeout","text":"

\u63a2\u6d4b\u8d85\u65f6\u65f6\u95f4\u3002

\u9ed8\u8ba4\u4f7f\u7528 300ms\u3002

"},{"location":"zh/configuration/route/rule_action/#resolve","title":"resolve","text":"
{\n  \"action\": \"resolve\",\n  \"strategy\": \"\",\n  \"server\": \"\"\n}\n

resolve \u5c06\u8bf7\u6c42\u7684\u76ee\u6807\u4ece\u57df\u540d\u89e3\u6790\u4e3a IP \u5730\u5740\u3002

"},{"location":"zh/configuration/route/rule_action/#strategy","title":"strategy","text":"

DNS \u89e3\u6790\u7b56\u7565\uff0c\u53ef\u7528\u503c\u6709\uff1aprefer_ipv4\u3001prefer_ipv6\u3001ipv4_only\u3001ipv6_only\u3002

\u9ed8\u8ba4\u4f7f\u7528 dns.strategy\u3002

"},{"location":"zh/configuration/route/rule_action/#server","title":"server","text":"

\u6307\u5b9a\u8981\u4f7f\u7528\u7684 DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\uff0c\u800c\u4e0d\u662f\u901a\u8fc7 DNS \u8def\u7531\u8fdb\u884c\u9009\u62e9\u3002

"},{"location":"zh/configuration/route/sniff/","title":"\u534f\u8bae\u63a2\u6d4b","text":"

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

QUIC \u7684 \u5ba2\u6237\u7aef\u7c7b\u578b\u63a2\u6d4b\u652f\u6301 QUIC \u7684 Chromium \u652f\u6301 BitTorrent \u652f\u6301 DTLS \u652f\u6301 SSH \u652f\u6301 RDP \u652f\u6301

\u5982\u679c\u5728\u5165\u7ad9\u4e2d\u542f\u7528\uff0c\u5219\u53ef\u4ee5\u55c5\u63a2\u8fde\u63a5\u7684\u534f\u8bae\u548c\u57df\u540d\uff08\u5982\u679c\u5b58\u5728\uff09\u3002

"},{"location":"zh/configuration/route/sniff/#_1","title":"\u652f\u6301\u7684\u534f\u8bae","text":"\u7f51\u7edc \u534f\u8bae \u57df\u540d \u5ba2\u6237\u7aef TCP http Host / TCP tls Server Name / UDP quic Server Name QUIC \u5ba2\u6237\u7aef\u7c7b\u578b UDP stun / / TCP/UDP dns / / TCP/UDP bittorrent / / UDP dtls / / TCP ssh / SSH \u5ba2\u6237\u7aef\u540d\u79f0 TCP rdp / / QUIC \u5ba2\u6237\u7aef \u7c7b\u578b Chromium/Cronet chrimium Safari/Apple Network API safari Firefox / uquic firefox firefox quic-go / uquic chrome quic-go"},{"location":"zh/configuration/rule-set/","title":"Index","text":"

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

type: inline

"},{"location":"zh/configuration/rule-set/#_1","title":"\u89c4\u5219\u96c6","text":"

\u81ea sing-box 1.8.0 \u8d77

"},{"location":"zh/configuration/rule-set/#_2","title":"\u7ed3\u6784","text":"\u5185\u8054\u672c\u5730\u6587\u4ef6\u8fdc\u7a0b\u6587\u4ef6

\u81ea sing-box 1.10.0 \u8d77

{\n  \"type\": \"inline\", // \u53ef\u9009\n  \"tag\": \"\",\n  \"rules\": []\n}\n
{\n  \"type\": \"local\",\n  \"tag\": \"\",\n  \"format\": \"source\", // or binary\n  \"path\": \"\"\n}\n

\u8fdc\u7a0b\u89c4\u5219\u96c6\u5c06\u88ab\u7f13\u5b58\u5982\u679c experimental.cache_file.enabled \u5df2\u542f\u7528\u3002

{\n  \"type\": \"remote\",\n  \"tag\": \"\",\n  \"format\": \"source\", // or binary\n  \"url\": \"\",\n  \"download_detour\": \"\", // \u53ef\u9009\n  \"update_interval\": \"\" // \u53ef\u9009\n}\n
"},{"location":"zh/configuration/rule-set/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#type","title":"type","text":"

\u5fc5\u586b

\u89c4\u5219\u96c6\u7c7b\u578b\uff0c local \u6216 remote\u3002

"},{"location":"zh/configuration/rule-set/#tag","title":"tag","text":"

\u5fc5\u586b

\u89c4\u5219\u96c6\u7684\u6807\u7b7e\u3002

"},{"location":"zh/configuration/rule-set/#_4","title":"\u5185\u8054\u5b57\u6bb5","text":"

\u81ea sing-box 1.10.0 \u8d77

"},{"location":"zh/configuration/rule-set/#rules","title":"rules","text":"

\u5fc5\u586b

\u4e00\u7ec4 \u65e0\u5934\u89c4\u5219.

"},{"location":"zh/configuration/rule-set/#_5","title":"\u672c\u5730\u6216\u8fdc\u7a0b\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#format","title":"format","text":"

\u5fc5\u586b

\u89c4\u5219\u96c6\u683c\u5f0f\uff0c source \u6216 binary\u3002

"},{"location":"zh/configuration/rule-set/#_6","title":"\u672c\u5730\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#path","title":"path","text":"

\u5fc5\u586b

\u81ea sing-box 1.10.0 \u8d77\uff0c\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002

\u89c4\u5219\u96c6\u7684\u6587\u4ef6\u8def\u5f84\u3002

"},{"location":"zh/configuration/rule-set/#_7","title":"\u8fdc\u7a0b\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#url","title":"url","text":"

\u5fc5\u586b

\u89c4\u5219\u96c6\u7684\u4e0b\u8f7d URL\u3002

"},{"location":"zh/configuration/rule-set/#download_detour","title":"download_detour","text":"

\u7528\u4e8e\u4e0b\u8f7d\u89c4\u5219\u96c6\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002

"},{"location":"zh/configuration/rule-set/#update_interval","title":"update_interval","text":"

\u89c4\u5219\u96c6\u7684\u66f4\u65b0\u95f4\u9694\u3002

\u9ed8\u8ba4\u4f7f\u7528 1d\u3002

"},{"location":"zh/configuration/rule-set/adguard/","title":"AdGuard DNS Filer","text":"

\u81ea sing-box 1.10.0 \u8d77

sing-box \u652f\u6301\u5176\u4ed6\u9879\u76ee\u7684\u4e00\u4e9b\u89c4\u5219\u96c6\u683c\u5f0f\uff0c\u8fd9\u4e9b\u683c\u5f0f\u65e0\u6cd5\u5b8c\u5168\u8f6c\u6362\u4e3a sing-box\uff0c \u76ee\u524d\u53ea\u6709 AdGuard DNS Filter\u3002

\u8fd9\u4e9b\u683c\u5f0f\u4e0d\u76f4\u63a5\u4f5c\u4e3a\u6e90\u683c\u5f0f\u652f\u6301\uff0c \u800c\u662f\u9700\u8981\u5c06\u5b83\u4eec\u8f6c\u6362\u4e3a\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u3002

"},{"location":"zh/configuration/rule-set/adguard/#_1","title":"\u8f6c\u6362","text":"

\u4f7f\u7528 sing-box rule-set convert --type adguard [--output <file-name>.srs] <file-name>.txt \u4ee5\u8f6c\u6362\u4e3a\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u3002

"},{"location":"zh/configuration/rule-set/adguard/#_2","title":"\u6027\u80fd","text":"

AdGuard \u5c06\u6240\u6709\u89c4\u5219\u4fdd\u5b58\u5728\u5185\u5b58\u4e2d\u5e76\u6309\u987a\u5e8f\u5339\u914d\uff0c \u800c sing-box \u9009\u62e9\u9ad8\u6027\u80fd\u548c\u8f83\u5c0f\u7684\u5185\u5b58\u4f7f\u7528\u91cf\u3002 \u4f5c\u4e3a\u6743\u8861\uff0c\u60a8\u65e0\u6cd5\u77e5\u9053\u5339\u914d\u4e86\u54ea\u4e2a\u89c4\u5219\u9879\u3002

"},{"location":"zh/configuration/rule-set/adguard/#_3","title":"\u517c\u5bb9\u6027","text":"

AdGuardSDNSFilter \u4e2d\u7684\u51e0\u4e4e\u6240\u6709\u89c4\u5219\u4ee5\u53ca adguard-filter-list \u4e2d\u5217\u51fa\u7684\u89c4\u5219\u96c6\u4e2d\u7684\u89c4\u5219\u5747\u53d7\u652f\u6301\u3002

"},{"location":"zh/configuration/rule-set/adguard/#_4","title":"\u652f\u6301\u7684\u683c\u5f0f","text":""},{"location":"zh/configuration/rule-set/adguard/#_5","title":"\u57fa\u672c\u89c4\u5219\u8bed\u6cd5","text":"\u8bed\u6cd5 \u652f\u6301 @@ \\|\\| \\| ^ *"},{"location":"zh/configuration/rule-set/adguard/#_6","title":"\u4e3b\u673a\u8bed\u6cd5","text":"\u8bed\u6cd5 \u793a\u4f8b \u652f\u6301 Scheme https:// Ignored Domain Host example.org IP Host 1.1.1.1, 10.0.0. Regexp /regexp/ Port example.org:80 Path example.org/path/ad.js"},{"location":"zh/configuration/rule-set/adguard/#_7","title":"\u63cf\u8ff0\u7b26\u8bed\u6cd5","text":"\u63cf\u8ff0\u7b26 \u652f\u6301 $important $dnsrewrite=0.0.0.0 Ignored \u4efb\u4f55\u5176\u4ed6\u63cf\u8ff0\u7b26"},{"location":"zh/configuration/rule-set/adguard/#hosts","title":"Hosts","text":"

\u53ea\u6709 IP \u5730\u5740\u4e3a 0.0.0.0 \u7684\u6761\u76ee\u5c06\u88ab\u63a5\u53d7\u3002

"},{"location":"zh/configuration/rule-set/adguard/#_8","title":"\u7b80\u6613","text":"

\u5f53\u6240\u6709\u884c\u90fd\u662f\u6709\u6548\u57df\u65f6\uff0c\u5b83\u4eec\u88ab\u89c6\u4e3a\u7b80\u5355\u7684\u9010\u884c\u57df\u89c4\u5219\uff0c \u4e0e hosts \u4e00\u6837\uff0c\u53ea\u5339\u914d\u5b8c\u5168\u76f8\u540c\u7684\u57df\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/","title":"\u65e0\u5934\u89c4\u5219","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

network_type network_is_expensive network_is_constrained

"},{"location":"zh/configuration/rule-set/headless-rule/#_1","title":"\u7ed3\u6784","text":"

\u81ea sing-box 1.8.0 \u8d77

{\n  \"rules\": [\n    {\n      \"query_type\": [\n        \"A\",\n        \"HTTPS\",\n        32768\n      ],\n      \"network\": [\n        \"tcp\"\n      ],\n      \"domain\": [\n        \"test.com\"\n      ],\n      \"domain_suffix\": [\n        \".cn\"\n      ],\n      \"domain_keyword\": [\n        \"test\"\n      ],\n      \"domain_regex\": [\n        \"^stun\\\\..+\"\n      ],\n      \"source_ip_cidr\": [\n        \"10.0.0.0/24\",\n        \"192.168.0.1\"\n      ],\n      \"ip_cidr\": [\n        \"10.0.0.0/24\",\n        \"192.168.0.1\"\n      ],\n      \"source_port\": [\n        12345\n      ],\n      \"source_port_range\": [\n        \"1000:2000\",\n        \":3000\",\n        \"4000:\"\n      ],\n      \"port\": [\n        80,\n        443\n      ],\n      \"port_range\": [\n        \"1000:2000\",\n        \":3000\",\n        \"4000:\"\n      ],\n      \"process_name\": [\n        \"curl\"\n      ],\n      \"process_path\": [\n        \"/usr/bin/curl\"\n      ],\n      \"process_path_regex\": [\n        \"^/usr/bin/.+\"\n      ],\n      \"package_name\": [\n        \"com.termux\"\n      ],\n      \"network_type\": [\n        \"wifi\"\n      ],\n      \"network_is_expensive\": false,\n      \"network_is_constrained\": false,\n      \"wifi_ssid\": [\n        \"My WIFI\"\n      ],\n      \"wifi_bssid\": [\n        \"00:00:00:00:00:00\"\n      ],\n      \"invert\": false\n    },\n    {\n      \"type\": \"logical\",\n      \"mode\": \"and\",\n      \"rules\": [],\n      \"invert\": false\n    }\n  ]\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#default-fields","title":"Default Fields","text":"

\u9ed8\u8ba4\u89c4\u5219\u4f7f\u7528\u4ee5\u4e0b\u5339\u914d\u903b\u8f91: (domain || domain_suffix || domain_keyword || domain_regex || ip_cidr) && (port || port_range) && (source_port || source_port_range) && other fields

"},{"location":"zh/configuration/rule-set/headless-rule/#query_type","title":"query_type","text":"

DNS \u67e5\u8be2\u7c7b\u578b\u3002\u503c\u53ef\u4ee5\u4e3a\u6574\u6570\u6216\u8005\u7c7b\u578b\u540d\u79f0\u5b57\u7b26\u4e32\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#network","title":"network","text":"

tcp \u6216 udp\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#domain","title":"domain","text":"

\u5339\u914d\u5b8c\u6574\u57df\u540d\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#domain_suffix","title":"domain_suffix","text":"

\u5339\u914d\u57df\u540d\u540e\u7f00\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#domain_keyword","title":"domain_keyword","text":"

\u5339\u914d\u57df\u540d\u5173\u952e\u5b57\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#domain_regex","title":"domain_regex","text":"

\u5339\u914d\u57df\u540d\u6b63\u5219\u8868\u8fbe\u5f0f\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#source_ip_cidr","title":"source_ip_cidr","text":"

\u5339\u914d\u6e90 IP CIDR\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#ip_cidr","title":"ip_cidr","text":"

\u5339\u914d IP CIDR\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#source_port","title":"source_port","text":"

\u5339\u914d\u6e90\u7aef\u53e3\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#source_port_range","title":"source_port_range","text":"

\u5339\u914d\u6e90\u7aef\u53e3\u8303\u56f4\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#port","title":"port","text":"

\u5339\u914d\u7aef\u53e3\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#port_range","title":"port_range","text":"

\u5339\u914d\u7aef\u53e3\u8303\u56f4\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#process_name","title":"process_name","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002

\u5339\u914d\u8fdb\u7a0b\u540d\u79f0\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#process_path","title":"process_path","text":"

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#process_path_regex","title":"process_path_regex","text":"

\u81ea sing-box 1.10.0 \u8d77

\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.

\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#package_name","title":"package_name","text":"

\u5339\u914d Android \u5e94\u7528\u5305\u540d\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#network_type","title":"network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u7f51\u7edc\u7c7b\u578b\u3002

Available values: wifi, cellular, ethernet and other.

"},{"location":"zh/configuration/rule-set/headless-rule/#network_is_expensive","title":"network_is_expensive","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u5982\u679c\u7f51\u7edc\u88ab\u89c6\u4e3a\u8ba1\u8d39 (\u5728 Android) \u6216\u88ab\u89c6\u4e3a\u6602\u8d35\uff0c \u50cf\u8702\u7a9d\u7f51\u7edc\u6216\u4e2a\u4eba\u70ed\u70b9 (\u5728 Apple \u5e73\u53f0)\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#network_is_constrained","title":"network_is_constrained","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d\u5982\u679c\u7f51\u7edc\u5728\u4f4e\u6570\u636e\u6a21\u5f0f\u4e0b\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#wifi_ssid","title":"wifi_ssid","text":"

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

\u5339\u914d WiFi SSID\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#wifi_bssid","title":"wifi_bssid","text":"

\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#invert","title":"invert","text":"

\u53cd\u9009\u5339\u914d\u7ed3\u679c\u3002

"},{"location":"zh/configuration/rule-set/headless-rule/#_2","title":"\u903b\u8f91\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/headless-rule/#mode","title":"mode","text":"

\u5fc5\u586b

and \u6216 or

"},{"location":"zh/configuration/rule-set/headless-rule/#rules","title":"rules","text":"

\u5fc5\u586b

\u5305\u62ec\u7684\u89c4\u5219\u3002

"},{"location":"zh/configuration/rule-set/source-format/","title":"\u6e90\u6587\u4ef6\u683c\u5f0f","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

version 3

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

version 2

\u81ea sing-box 1.8.0 \u8d77

"},{"location":"zh/configuration/rule-set/source-format/#_1","title":"\u7ed3\u6784","text":"
{\n  \"version\": 3,\n  \"rules\": []\n}\n
"},{"location":"zh/configuration/rule-set/source-format/#_2","title":"\u7f16\u8bd1","text":"

\u4f7f\u7528 sing-box rule-set compile [--output <file-name>.srs] <file-name>.json \u4ee5\u7f16\u8bd1\u6e90\u6587\u4ef6\u4e3a\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u3002

"},{"location":"zh/configuration/rule-set/source-format/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/source-format/#version","title":"version","text":"

\u5fc5\u586b

\u89c4\u5219\u96c6\u7248\u672c\u3002

  • 1: sing-box 1.8.0: \u521d\u59cb\u89c4\u5219\u96c6\u7248\u672c\u3002
  • 2: sing-box 1.10.0: \u4f18\u5316\u4e86\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u4e2d domain_suffix \u89c4\u5219\u7684\u5185\u5b58\u4f7f\u7528\u3002
  • 3: sing-box 1.11.0: \u6dfb\u52a0\u4e86 network_type\u3001 network_is_expensive \u548c network_is_constrainted \u89c4\u5219\u9879\u3002
"},{"location":"zh/configuration/rule-set/source-format/#rules","title":"rules","text":"

\u5fc5\u586b

\u4e00\u7ec4 \u65e0\u5934\u89c4\u5219.

"},{"location":"zh/configuration/shared/dial/","title":"\u62e8\u53f7\u5b57\u6bb5","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

network_strategy fallback_delay network_type fallback_network_type

"},{"location":"zh/configuration/shared/dial/#_1","title":"\u7ed3\u6784","text":"
{\n  \"detour\": \"upstream-out\",\n  \"bind_interface\": \"en0\",\n  \"inet4_bind_address\": \"0.0.0.0\",\n  \"inet6_bind_address\": \"::\",\n  \"routing_mark\": 1234,\n  \"reuse_addr\": false,\n  \"connect_timeout\": \"5s\",\n  \"tcp_fast_open\": false,\n  \"tcp_multi_path\": false,\n  \"udp_fragment\": false,\n  \"domain_strategy\": \"prefer_ipv6\",\n  \"network_strategy\": \"\",\n  \"network_type\": [],\n  \"fallback_network_type\": [],\n  \"fallback_delay\": \"300ms\"\n}\n

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

"},{"location":"zh/configuration/shared/dial/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/dial/#detour","title":"detour","text":"

\u4e0a\u6e38\u51fa\u7ad9\u7684\u6807\u7b7e\u3002

\u542f\u7528\u65f6\uff0c\u5176\u4ed6\u62e8\u53f7\u5b57\u6bb5\u5c06\u88ab\u5ffd\u7565\u3002

"},{"location":"zh/configuration/shared/dial/#bind_interface","title":"bind_interface","text":"

\u8981\u7ed1\u5b9a\u5230\u7684\u7f51\u7edc\u63a5\u53e3\u3002

"},{"location":"zh/configuration/shared/dial/#inet4_bind_address","title":"inet4_bind_address","text":"

\u8981\u7ed1\u5b9a\u7684 IPv4 \u5730\u5740\u3002

"},{"location":"zh/configuration/shared/dial/#inet6_bind_address","title":"inet6_bind_address","text":"

\u8981\u7ed1\u5b9a\u7684 IPv6 \u5730\u5740\u3002

"},{"location":"zh/configuration/shared/dial/#routing_mark","title":"routing_mark","text":"

\u4ec5\u652f\u6301 Linux\u3002

\u8bbe\u7f6e netfilter \u8def\u7531\u6807\u8bb0\u3002

"},{"location":"zh/configuration/shared/dial/#reuse_addr","title":"reuse_addr","text":"

\u91cd\u7528\u76d1\u542c\u5730\u5740\u3002

"},{"location":"zh/configuration/shared/dial/#tcp_fast_open","title":"tcp_fast_open","text":"

\u542f\u7528 TCP Fast Open\u3002

"},{"location":"zh/configuration/shared/dial/#tcp_multi_path","title":"tcp_multi_path","text":"

\u9700\u8981 Go 1.21\u3002

\u542f\u7528 TCP Multi Path\u3002

"},{"location":"zh/configuration/shared/dial/#udp_fragment","title":"udp_fragment","text":"

\u542f\u7528 UDP \u5206\u6bb5\u3002

"},{"location":"zh/configuration/shared/dial/#connect_timeout","title":"connect_timeout","text":"

\u8fde\u63a5\u8d85\u65f6\uff0c\u91c7\u7528 golang \u7684 Duration \u683c\u5f0f\u3002

\u6301\u7eed\u65f6\u95f4\u5b57\u7b26\u4e32\u662f\u4e00\u4e2a\u53ef\u80fd\u6709\u7b26\u53f7\u7684\u5e8f\u5217\u5341\u8fdb\u5236\u6570\uff0c\u6bcf\u4e2a\u90fd\u6709\u53ef\u9009\u7684\u5206\u6570\u548c\u5355\u4f4d\u540e\u7f00\uff0c \u4f8b\u5982 \"300ms\"\u3001\"-1.5h\" \u6216 \"2h45m\"\u3002 \u6709\u6548\u65f6\u95f4\u5355\u4f4d\u4e3a \"ns\"\u3001\"us\"\uff08\u6216 \"\u00b5s\"\uff09\u3001\"ms\"\u3001\"s\"\u3001\"m\"\u3001\"h\"\u3002

"},{"location":"zh/configuration/shared/dial/#domain_strategy","title":"domain_strategy","text":"

\u53ef\u9009\u503c\uff1aprefer_ipv4 prefer_ipv6 ipv4_only ipv6_only\u3002

\u5982\u679c\u8bbe\u7f6e\uff0c\u57df\u540d\u5c06\u5728\u8bf7\u6c42\u53d1\u51fa\u4e4b\u524d\u89e3\u6790\u4e3a IP\u3002

\u51fa\u7ad9 \u53d7\u5f71\u54cd\u7684\u57df\u540d \u9ed8\u8ba4\u56de\u9000\u503c direct \u8bf7\u6c42\u4e2d\u7684\u57df\u540d inbound.domain_strategy others \u670d\u52a1\u5668\u5730\u5740\u4e2d\u7684\u57df\u540d /"},{"location":"zh/configuration/shared/dial/#network_strategy","title":"network_strategy","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e iOS \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 route.auto_detect_interface\u3002

\u7528\u4e8e\u9009\u62e9\u7f51\u7edc\u63a5\u53e3\u7684\u7b56\u7565\u3002

\u53ef\u7528\u503c\uff1a

  • default\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u6309\u987a\u5e8f\u8fde\u63a5\u9ed8\u8ba4\u7f51\u7edc\u6216 network_type \u4e2d\u6307\u5b9a\u7684\u7f51\u7edc\u3002
  • hybrid\uff1a\u540c\u65f6\u8fde\u63a5\u6240\u6709\u7f51\u7edc\u6216 network_type \u4e2d\u6307\u5b9a\u7684\u7f51\u7edc\u3002
  • fallback\uff1a\u540c\u65f6\u8fde\u63a5\u9ed8\u8ba4\u7f51\u7edc\u6216 network_type \u4e2d\u6307\u5b9a\u7684\u9996\u9009\u7f51\u7edc\uff0c\u5f53\u4e0d\u53ef\u7528\u6216\u8d85\u65f6\u65f6\u5c1d\u8bd5\u56de\u9000\u7f51\u7edc\u3002

\u5bf9\u4e8e\u56de\u9000\u6a21\u5f0f\uff0c\u5f53\u9996\u9009\u63a5\u53e3\u5931\u8d25\u6216\u8d85\u65f6\u65f6\uff0c \u5c06\u8fdb\u516515\u79d2\u7684\u5feb\u901f\u56de\u9000\u72b6\u6001\uff08\u540c\u65f6\u8fde\u63a5\u6240\u6709\u9996\u9009\u548c\u56de\u9000\u7f51\u7edc\uff09\uff0c \u5982\u679c\u9996\u9009\u7f51\u7edc\u6062\u590d\uff0c\u5219\u7acb\u5373\u9000\u51fa\u3002

\u4e0e bind_interface, bind_inet4_address \u548c bind_inet6_address \u51b2\u7a81\u3002

"},{"location":"zh/configuration/shared/dial/#network_type","title":"network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e iOS \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 route.auto_detect_interface\u3002

\u5f53\u4f7f\u7528 default \u6216 hybrid \u7f51\u7edc\u7b56\u7565\u65f6\u8981\u4f7f\u7528\u7684\u7f51\u7edc\u7c7b\u578b\uff0c\u6216\u5f53\u4f7f\u7528 fallback \u7f51\u7edc\u7b56\u7565\u65f6\u8981\u4f7f\u7528\u7684\u9996\u9009\u7f51\u7edc\u7c7b\u578b\u3002

\u53ef\u7528\u503c\uff1awifi, cellular, ethernet, other\u3002

\u9ed8\u8ba4\u4f7f\u7528\u8bbe\u5907\u9ed8\u8ba4\u7f51\u7edc\u3002

"},{"location":"zh/configuration/shared/dial/#fallback_network_type","title":"fallback_network_type","text":"

\u81ea sing-box 1.11.0 \u8d77

\u4ec5\u5728 Android \u4e0e iOS \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 route.auto_detect_interface\u3002

\u5f53\u4f7f\u7528 fallback \u7f51\u7edc\u7b56\u7565\u65f6\uff0c\u5728\u9996\u9009\u7f51\u7edc\u4e0d\u53ef\u7528\u6216\u8d85\u65f6\u7684\u60c5\u51b5\u4e0b\u8981\u4f7f\u7528\u7684\u56de\u9000\u7f51\u7edc\u7c7b\u578b\u3002

\u9ed8\u8ba4\u4f7f\u7528\u9664\u9996\u9009\u7f51\u7edc\u5916\u7684\u6240\u6709\u5176\u4ed6\u7f51\u7edc\u3002

"},{"location":"zh/configuration/shared/dial/#fallback_delay","title":"fallback_delay","text":"

\u5728\u751f\u6210 RFC 6555 \u5feb\u901f\u56de\u9000\u8fde\u63a5\u4e4b\u524d\u7b49\u5f85\u7684\u65f6\u95f4\u957f\u5ea6\u3002

\u5bf9\u4e8e domain_strategy\uff0c\u662f\u5728\u5047\u8bbe\u4e4b\u524d\u7b49\u5f85 IPv6 \u6210\u529f\u7684\u65f6\u95f4\u91cf\u5982\u679c\u8bbe\u7f6e\u4e86 \"prefer_ipv4\"\uff0c\u5219 IPv6 \u914d\u7f6e\u9519\u8bef\u5e76\u56de\u9000\u5230 IPv4\u3002

\u5bf9\u4e8e network_strategy\uff0c\u5bf9\u4e8e network_strategy\uff0c\u662f\u5728\u56de\u9000\u5230\u5176\u4ed6\u63a5\u53e3\u4e4b\u524d\u7b49\u5f85\u8fde\u63a5\u6210\u529f\u7684\u65f6\u95f4\u3002

\u4ec5\u5f53 domain_strategy \u6216 network_strategy \u5df2\u8bbe\u7f6e\u65f6\u751f\u6548\u3002

\u9ed8\u8ba4\u4f7f\u7528 300ms\u3002

"},{"location":"zh/configuration/shared/dns01_challenge/","title":"DNS01 \u9a8c\u8bc1\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/dns01_challenge/#_1","title":"\u7ed3\u6784","text":"
{\n  \"provider\": \"\",\n\n  ... // \u63d0\u4f9b\u5546\u5b57\u6bb5\n}\n
"},{"location":"zh/configuration/shared/dns01_challenge/#_2","title":"\u63d0\u4f9b\u5546\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/listen/","title":"\u76d1\u542c\u5b57\u6bb5","text":"

sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539

sniff sniff_override_destination sniff_timeout domain_strategy udp_disable_domain_unmapping

"},{"location":"zh/configuration/shared/listen/#_1","title":"\u7ed3\u6784","text":"
{\n  \"listen\": \"::\",\n  \"listen_port\": 5353,\n  \"tcp_fast_open\": false,\n  \"tcp_multi_path\": false,\n  \"udp_fragment\": false,\n  \"udp_timeout\": \"5m\",\n  \"detour\": \"another-in\",\n  \"sniff\": false,\n  \"sniff_override_destination\": false,\n  \"sniff_timeout\": \"300ms\",\n  \"domain_strategy\": \"prefer_ipv6\",\n  \"udp_disable_domain_unmapping\": false\n}\n
\u5b57\u6bb5 \u53ef\u7528\u4e0a\u4e0b\u6587 listen \u9700\u8981\u76d1\u542c TCP \u6216 UDP\u3002 listen_port \u9700\u8981\u76d1\u542c TCP \u6216 UDP\u3002 tcp_fast_open \u9700\u8981\u76d1\u542c TCP\u3002 tcp_multi_path \u9700\u8981\u76d1\u542c TCP\u3002 udp_timeout \u9700\u8981\u7ec4\u88c5 UDP \u8fde\u63a5\u3002"},{"location":"zh/configuration/shared/listen/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/listen/#listen","title":"listen","text":"

\u5fc5\u586b

\u76d1\u542c\u5730\u5740\u3002

"},{"location":"zh/configuration/shared/listen/#listen_port","title":"listen_port","text":"

\u76d1\u542c\u7aef\u53e3\u3002

"},{"location":"zh/configuration/shared/listen/#tcp_fast_open","title":"tcp_fast_open","text":"

\u542f\u7528 TCP Fast Open\u3002

"},{"location":"zh/configuration/shared/listen/#tcp_multi_path","title":"tcp_multi_path","text":"

\u9700\u8981 Go 1.21\u3002

\u542f\u7528 TCP Multi Path\u3002

"},{"location":"zh/configuration/shared/listen/#udp_fragment","title":"udp_fragment","text":"

\u542f\u7528 UDP \u5206\u6bb5\u3002

"},{"location":"zh/configuration/shared/listen/#udp_timeout","title":"udp_timeout","text":"

UDP NAT \u8fc7\u671f\u65f6\u95f4\u3002

\u9ed8\u8ba4\u4f7f\u7528 5m\u3002

"},{"location":"zh/configuration/shared/listen/#detour","title":"detour","text":"

\u5982\u679c\u8bbe\u7f6e\uff0c\u8fde\u63a5\u5c06\u88ab\u8f6c\u53d1\u5230\u6307\u5b9a\u7684\u5165\u7ad9\u3002

\u9700\u8981\u76ee\u6807\u5165\u7ad9\u652f\u6301\uff0c\u53c2\u9605 \u6ce8\u5165\u652f\u6301\u3002

"},{"location":"zh/configuration/shared/listen/#sniff","title":"sniff","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.

\u542f\u7528\u534f\u8bae\u63a2\u6d4b\u3002

\u53c2\u9605 \u534f\u8bae\u63a2\u6d4b

"},{"location":"zh/configuration/shared/listen/#sniff_override_destination","title":"sniff_override_destination","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002

\u7528\u63a2\u6d4b\u51fa\u7684\u57df\u540d\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u5730\u5740\u3002

\u5982\u679c\u57df\u540d\u65e0\u6548\uff08\u5982 Tor\uff09\uff0c\u5c06\u4e0d\u751f\u6548\u3002

"},{"location":"zh/configuration/shared/listen/#sniff_timeout","title":"sniff_timeout","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.

\u63a2\u6d4b\u8d85\u65f6\u65f6\u95f4\u3002

\u9ed8\u8ba4\u4f7f\u7528 300ms\u3002

"},{"location":"zh/configuration/shared/listen/#domain_strategy","title":"domain_strategy","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.

\u53ef\u9009\u503c\uff1a prefer_ipv4 prefer_ipv6 ipv4_only ipv6_only\u3002

\u5982\u679c\u8bbe\u7f6e\uff0c\u8bf7\u6c42\u7684\u57df\u540d\u5c06\u5728\u8def\u7531\u4e4b\u524d\u89e3\u6790\u4e3a IP\u3002

\u5982\u679c sniff_override_destination \u751f\u6548\uff0c\u5b83\u7684\u503c\u5c06\u4f5c\u4e3a\u540e\u5907\u3002

"},{"location":"zh/configuration/shared/listen/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"

\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03

\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.

\u5982\u679c\u542f\u7528\uff0c\u5bf9\u4e8e\u5730\u5740\u4e3a\u57df\u7684 UDP \u4ee3\u7406\u8bf7\u6c42\uff0c\u5c06\u5728\u54cd\u5e94\u4e2d\u53d1\u9001\u539f\u59cb\u5305\u5730\u5740\u800c\u4e0d\u662f\u6620\u5c04\u7684\u57df\u3002

\u6b64\u9009\u9879\u7528\u4e8e\u517c\u5bb9\u4e0d\u652f\u6301\u63a5\u6536\u5e26\u6709\u57df\u5730\u5740\u7684 UDP \u5305\u7684\u5ba2\u6237\u7aef\uff0c\u5982 Surge\u3002

"},{"location":"zh/configuration/shared/multiplex/","title":"\u591a\u8def\u590d\u7528","text":""},{"location":"zh/configuration/shared/multiplex/#_1","title":"\u5165\u7ad9","text":"
{\n  \"enabled\": true,\n  \"padding\": false,\n  \"brutal\": {}\n}\n
"},{"location":"zh/configuration/shared/multiplex/#_2","title":"\u51fa\u7ad9","text":"
{\n  \"enabled\": true,\n  \"protocol\": \"smux\",\n  \"max_connections\": 4,\n  \"min_streams\": 4,\n  \"max_streams\": 0,\n  \"padding\": false,\n  \"brutal\": {}\n}\n
"},{"location":"zh/configuration/shared/multiplex/#_3","title":"\u5165\u7ad9\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/multiplex/#enabled","title":"enabled","text":"

\u542f\u7528\u591a\u8def\u590d\u7528\u652f\u6301\u3002

"},{"location":"zh/configuration/shared/multiplex/#padding","title":"padding","text":"

\u5982\u679c\u542f\u7528\uff0c\u5c06\u62d2\u7edd\u975e\u586b\u5145\u8fde\u63a5\u3002

"},{"location":"zh/configuration/shared/multiplex/#brutal","title":"brutal","text":"

\u53c2\u9605 TCP Brutal\u3002

"},{"location":"zh/configuration/shared/multiplex/#_4","title":"\u51fa\u7ad9\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/multiplex/#enabled_1","title":"enabled","text":"

\u542f\u7528\u591a\u8def\u590d\u7528\u3002

"},{"location":"zh/configuration/shared/multiplex/#protocol","title":"protocol","text":"

\u591a\u8def\u590d\u7528\u534f\u8bae

\u534f\u8bae \u63cf\u8ff0 smux https://github.com/xtaci/smux yamux https://github.com/hashicorp/yamux h2mux https://golang.org/x/net/http2

\u9ed8\u8ba4\u4f7f\u7528 h2mux\u3002

"},{"location":"zh/configuration/shared/multiplex/#max_connections","title":"max_connections","text":"

\u6700\u5927\u8fde\u63a5\u6570\u91cf\u3002

\u4e0e max_streams \u51b2\u7a81\u3002

"},{"location":"zh/configuration/shared/multiplex/#min_streams","title":"min_streams","text":"

\u5728\u6253\u5f00\u65b0\u8fde\u63a5\u4e4b\u524d\uff0c\u8fde\u63a5\u4e2d\u7684\u6700\u5c0f\u591a\u8def\u590d\u7528\u6d41\u6570\u91cf\u3002

\u4e0e max_streams \u51b2\u7a81\u3002

"},{"location":"zh/configuration/shared/multiplex/#max_streams","title":"max_streams","text":"

\u5728\u6253\u5f00\u65b0\u8fde\u63a5\u4e4b\u524d\uff0c\u8fde\u63a5\u4e2d\u7684\u6700\u5927\u591a\u8def\u590d\u7528\u6d41\u6570\u91cf\u3002

\u4e0e max_connections \u548c min_streams \u51b2\u7a81\u3002

"},{"location":"zh/configuration/shared/multiplex/#padding_1","title":"padding","text":"

Info

\u9700\u8981 sing-box \u670d\u52a1\u5668\u7248\u672c 1.3-beta9 \u6216\u66f4\u9ad8\u3002

\u542f\u7528\u586b\u5145\u3002

"},{"location":"zh/configuration/shared/multiplex/#brutal_1","title":"brutal","text":"

\u53c2\u9605 TCP Brutal\u3002

"},{"location":"zh/configuration/shared/tcp-brutal/#_1","title":"\u670d\u52a1\u5668\u8981\u6c42","text":"
  • Linux
  • brutal \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u5185\u6838\u6a21\u5757\u5df2\u5b89\u88c5

\u53c2\u9605 tcp-brutal\u3002

"},{"location":"zh/configuration/shared/tcp-brutal/#_2","title":"\u7ed3\u6784","text":"
{\n  \"enabled\": true,\n  \"up_mbps\": 100,\n  \"down_mbps\": 100\n}\n
"},{"location":"zh/configuration/shared/tcp-brutal/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tcp-brutal/#enabled","title":"enabled","text":"

\u542f\u7528 TCP Brutal \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u3002

"},{"location":"zh/configuration/shared/tcp-brutal/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"

\u5fc5\u586b

\u4e0a\u4f20\u548c\u4e0b\u8f7d\u5e26\u5bbd\uff0c\u4ee5 Mbps \u4e3a\u5355\u4f4d\u3002

"},{"location":"zh/configuration/shared/tls/","title":"TLS","text":"

sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539

utls

"},{"location":"zh/configuration/shared/tls/#_1","title":"\u5165\u7ad9","text":"
{\n  \"enabled\": true,\n  \"server_name\": \"\",\n  \"alpn\": [],\n  \"min_version\": \"\",\n  \"max_version\": \"\",\n  \"cipher_suites\": [],\n  \"certificate\": [],\n  \"certificate_path\": \"\",\n  \"key\": [],\n  \"key_path\": \"\",\n  \"acme\": {\n    \"domain\": [],\n    \"data_directory\": \"\",\n    \"default_server_name\": \"\",\n    \"email\": \"\",\n    \"provider\": \"\",\n    \"disable_http_challenge\": false,\n    \"disable_tls_alpn_challenge\": false,\n    \"alternative_http_port\": 0,\n    \"alternative_tls_port\": 0,\n    \"external_account\": {\n      \"key_id\": \"\",\n      \"mac_key\": \"\"\n    },\n    \"dns01_challenge\": {}\n  },\n  \"ech\": {\n    \"enabled\": false,\n    \"pq_signature_schemes_enabled\": false,\n    \"dynamic_record_sizing_disabled\": false,\n    \"key\": [],\n    \"key_path\": \"\"\n  },\n  \"reality\": {\n    \"enabled\": false,\n    \"handshake\": {\n      \"server\": \"google.com\",\n      \"server_port\": 443,\n      ...\n      // \u62e8\u53f7\u5b57\u6bb5\n    },\n    \"private_key\": \"UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc\",\n    \"short_id\": [\n      \"0123456789abcdef\"\n    ],\n    \"max_time_difference\": \"1m\"\n  }\n}\n
"},{"location":"zh/configuration/shared/tls/#_2","title":"\u51fa\u7ad9","text":"
{\n  \"enabled\": true,\n  \"disable_sni\": false,\n  \"server_name\": \"\",\n  \"insecure\": false,\n  \"alpn\": [],\n  \"min_version\": \"\",\n  \"max_version\": \"\",\n  \"cipher_suites\": [],\n  \"certificate\": [],\n  \"certificate_path\": \"\",\n  \"ech\": {\n    \"enabled\": false,\n    \"pq_signature_schemes_enabled\": false,\n    \"dynamic_record_sizing_disabled\": false,\n    \"config\": [],\n    \"config_path\": \"\"\n  },\n  \"utls\": {\n    \"enabled\": false,\n    \"fingerprint\": \"\"\n  },\n  \"reality\": {\n    \"enabled\": false,\n    \"public_key\": \"jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0\",\n    \"short_id\": \"0123456789abcdef\"\n  }\n}\n

TLS \u7248\u672c\u503c\uff1a

  • 1.0
  • 1.1
  • 1.2
  • 1.3

\u5bc6\u7801\u5957\u4ef6\u503c\uff1a

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e

"},{"location":"zh/configuration/shared/tls/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tls/#enabled","title":"enabled","text":"

\u542f\u7528 TLS

"},{"location":"zh/configuration/shared/tls/#disable_sni","title":"disable_sni","text":"

\u4ec5\u5ba2\u6237\u7aef

\u4e0d\u8981\u5728 ClientHello \u4e2d\u53d1\u9001\u670d\u52a1\u5668\u540d\u79f0.

"},{"location":"zh/configuration/shared/tls/#server_name","title":"server_name","text":"

\u7528\u4e8e\u9a8c\u8bc1\u8fd4\u56de\u8bc1\u4e66\u4e0a\u7684\u4e3b\u673a\u540d\uff0c\u9664\u975e\u8bbe\u7f6e\u4e0d\u5b89\u5168\u3002

\u5b83\u8fd8\u5305\u542b\u5728 ClientHello \u4e2d\u4ee5\u652f\u6301\u865a\u62df\u4e3b\u673a\uff0c\u9664\u975e\u5b83\u662f IP \u5730\u5740\u3002

"},{"location":"zh/configuration/shared/tls/#insecure","title":"insecure","text":"

\u4ec5\u5ba2\u6237\u7aef

\u63a5\u53d7\u4efb\u4f55\u670d\u52a1\u5668\u8bc1\u4e66\u3002

"},{"location":"zh/configuration/shared/tls/#alpn","title":"alpn","text":"

\u652f\u6301\u7684\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u5217\u8868\uff0c\u6309\u4f18\u5148\u987a\u5e8f\u6392\u5217\u3002

\u5982\u679c\u4e24\u4e2a\u5bf9\u7b49\u70b9\u90fd\u652f\u6301 ALPN\uff0c\u5219\u9009\u62e9\u7684\u534f\u8bae\u5c06\u662f\u6b64\u5217\u8868\u4e2d\u7684\u4e00\u4e2a\uff0c\u5982\u679c\u6ca1\u6709\u76f8\u4e92\u652f\u6301\u7684\u534f\u8bae\u5219\u8fde\u63a5\u5c06\u5931\u8d25\u3002

\u53c2\u9605 Application-Layer Protocol Negotiation\u3002

"},{"location":"zh/configuration/shared/tls/#min_version","title":"min_version","text":"

\u53ef\u63a5\u53d7\u7684\u6700\u4f4e TLS \u7248\u672c\u3002

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u524d\u4f7f\u7528 TLS 1.2 \u4f5c\u4e3a\u5ba2\u6237\u7aef\u7684\u6700\u4f4e\u8981\u6c42\u3002\u4f5c\u4e3a\u670d\u52a1\u5668\u65f6\u4f7f\u7528 TLS 1.0\u3002

"},{"location":"zh/configuration/shared/tls/#max_version","title":"max_version","text":"

\u53ef\u63a5\u53d7\u7684\u6700\u5927 TLS \u7248\u672c\u3002

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u524d\u6700\u9ad8\u7248\u672c\u4e3a TLS 1.3\u3002

"},{"location":"zh/configuration/shared/tls/#cipher_suites","title":"cipher_suites","text":"

\u542f\u7528\u7684 TLS 1.0-1.2\u5bc6\u7801\u5957\u4ef6\u7684\u5217\u8868\u3002\u5217\u8868\u7684\u987a\u5e8f\u88ab\u5ffd\u7565\u3002\u8bf7\u6ce8\u610f\uff0cTLS 1.3 \u7684\u5bc6\u7801\u5957\u4ef6\u662f\u4e0d\u53ef\u914d\u7f6e\u7684\u3002

\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u4f7f\u7528\u5b89\u5168\u7684\u9ed8\u8ba4\u5217\u8868\u3002\u9ed8\u8ba4\u5bc6\u7801\u5957\u4ef6\u53ef\u80fd\u4f1a\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u800c\u6539\u53d8\u3002

"},{"location":"zh/configuration/shared/tls/#certificate","title":"certificate","text":"

\u670d\u52a1\u5668 PEM \u8bc1\u4e66\u884c\u6570\u7ec4\u3002

"},{"location":"zh/configuration/shared/tls/#certificate_path","title":"certificate_path","text":"

\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002

\u670d\u52a1\u5668 PEM \u8bc1\u4e66\u8def\u5f84\u3002

"},{"location":"zh/configuration/shared/tls/#key","title":"key","text":"

\u4ec5\u670d\u52a1\u5668

\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002

\u670d\u52a1\u5668 PEM \u79c1\u94a5\u884c\u6570\u7ec4\u3002

"},{"location":"zh/configuration/shared/tls/#key_path","title":"key_path","text":"

\u4ec5\u670d\u52a1\u5668

\u670d\u52a1\u5668 PEM \u79c1\u94a5\u8def\u5f84\u3002

"},{"location":"zh/configuration/shared/tls/#utls","title":"utls","text":"

\u4ec5\u5ba2\u6237\u7aef

\u6ca1\u6709\u8bc1\u636e\u8868\u660e GFW \u6839\u636e TLS \u5ba2\u6237\u7aef\u6307\u7eb9\u68c0\u6d4b\u5e76\u963b\u6b62\u670d\u52a1\u5668\uff0c\u5e76\u4e14\uff0c\u4f7f\u7528\u4e00\u4e2a\u672a\u7ecf\u5b89\u5168\u5ba1\u67e5\u7684\u4e0d\u5b8c\u7f8e\u6a21\u62df\u53ef\u80fd\u5e26\u6765\u5b89\u5168\u9690\u60a3\u3002

uTLS \u662f \"crypto/tls\" \u7684\u4e00\u4e2a\u5206\u652f\uff0c\u5b83\u63d0\u4f9b\u4e86 ClientHello \u6307\u7eb9\u8bc6\u522b\u963b\u529b\u3002

\u53ef\u7528\u7684\u6307\u7eb9\u503c\uff1a

\u5df2\u5728 sing-box 1.10.0 \u79fb\u9664

\u4e00\u4e9b\u65e7 chrome \u6307\u7eb9\u5df2\u88ab\u5220\u9664\uff0c\u5e76\u5c06\u4f1a\u9000\u5230 chrome\uff1a

chrome_psk chrome_psk_shuffle chrome_padding_psk_shuffle chrome_pq chrome_pq_psk

  • chrome
  • firefox
  • edge
  • safari
  • 360
  • qq
  • ios
  • android
  • random
  • randomized

\u9ed8\u8ba4\u4f7f\u7528 chrome \u6307\u7eb9\u3002

"},{"location":"zh/configuration/shared/tls/#ech","title":"ECH \u5b57\u6bb5","text":"

ECH (Encrypted Client Hello) \u662f\u4e00\u4e2a TLS \u6269\u5c55\uff0c\u5b83\u5141\u8bb8\u5ba2\u6237\u7aef\u52a0\u5bc6\u5176 ClientHello \u7684\u7b2c\u4e00\u90e8\u5206 \u4fe1\u606f\u3002

ECH \u914d\u7f6e\u548c\u5bc6\u94a5\u53ef\u4ee5\u901a\u8fc7 sing-box generate ech-keypair [--pq-signature-schemes-enabled] \u751f\u6210\u3002

"},{"location":"zh/configuration/shared/tls/#pq_signature_schemes_enabled","title":"pq_signature_schemes_enabled","text":"

\u542f\u7528\u5bf9\u540e\u91cf\u5b50\u5bf9\u7b49\u8bc1\u4e66\u7b7e\u540d\u65b9\u6848\u7684\u652f\u6301\u3002

\u5efa\u8bae\u5339\u914d sing-box generate ech-keypair \u7684\u53c2\u6570\u3002

"},{"location":"zh/configuration/shared/tls/#dynamic_record_sizing_disabled","title":"dynamic_record_sizing_disabled","text":"

\u7981\u7528 TLS \u8bb0\u5f55\u7684\u81ea\u9002\u5e94\u5927\u5c0f\u8c03\u6574\u3002

\u5982\u679c\u4e3a true\uff0c\u5219\u59cb\u7ec8\u4f7f\u7528\u6700\u5927\u53ef\u80fd\u7684 TLS \u8bb0\u5f55\u5927\u5c0f\u3002 \u5982\u679c\u4e3a false\uff0c\u5219\u53ef\u80fd\u4f1a\u8c03\u6574 TLS \u8bb0\u5f55\u7684\u5927\u5c0f\u4ee5\u5c1d\u8bd5\u6539\u5584\u5ef6\u8fdf\u3002

"},{"location":"zh/configuration/shared/tls/#key_1","title":"key","text":"

\u4ec5\u670d\u52a1\u5668

ECH PEM \u5bc6\u94a5\u884c\u6570\u7ec4

"},{"location":"zh/configuration/shared/tls/#key_path_1","title":"key_path","text":"

\u4ec5\u670d\u52a1\u5668

\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002

ECH PEM \u5bc6\u94a5\u8def\u5f84

"},{"location":"zh/configuration/shared/tls/#config","title":"config","text":"

\u4ec5\u5ba2\u6237\u7aef

ECH PEM \u914d\u7f6e\u884c\u6570\u7ec4

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u5c1d\u8bd5\u4ece DNS \u52a0\u8f7d\u3002

"},{"location":"zh/configuration/shared/tls/#config_path","title":"config_path","text":"

\u4ec5\u5ba2\u6237\u7aef

ECH PEM \u914d\u7f6e\u8def\u5f84

\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u5c1d\u8bd5\u4ece DNS \u52a0\u8f7d\u3002

"},{"location":"zh/configuration/shared/tls/#acme","title":"ACME \u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tls/#domain","title":"domain","text":"

\u4e00\u7ec4\u57df\u540d\u3002

\u9ed8\u8ba4\u7981\u7528 ACME\u3002

"},{"location":"zh/configuration/shared/tls/#data_directory","title":"data_directory","text":"

ACME \u6570\u636e\u76ee\u5f55\u3002

\u9ed8\u8ba4\u4f7f\u7528 $XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic\u3002

"},{"location":"zh/configuration/shared/tls/#default_server_name","title":"default_server_name","text":"

\u5982\u679c ClientHello \u7684 ServerName \u5b57\u6bb5\u4e3a\u7a7a\uff0c\u5219\u9009\u62e9\u8bc1\u4e66\u65f6\u8981\u4f7f\u7528\u7684\u670d\u52a1\u5668\u540d\u79f0\u3002

"},{"location":"zh/configuration/shared/tls/#email","title":"email","text":"

\u521b\u5efa\u6216\u9009\u62e9\u73b0\u6709 ACME \u670d\u52a1\u5668\u5e10\u6237\u65f6\u4f7f\u7528\u7684\u7535\u5b50\u90ae\u4ef6\u5730\u5740\u3002

"},{"location":"zh/configuration/shared/tls/#provider","title":"provider","text":"

\u8981\u4f7f\u7528\u7684 ACME CA \u4f9b\u5e94\u5546\u3002

\u503c \u4f9b\u5e94\u5546 letsencrypt (\u9ed8\u8ba4) Let's Encrypt zerossl ZeroSSL https://... \u81ea\u5b9a\u4e49"},{"location":"zh/configuration/shared/tls/#disable_http_challenge","title":"disable_http_challenge","text":"

\u7981\u7528\u6240\u6709 HTTP \u8d28\u8be2\u3002

"},{"location":"zh/configuration/shared/tls/#disable_tls_alpn_challenge","title":"disable_tls_alpn_challenge","text":"

\u7981\u7528\u6240\u6709 TLS-ALPN \u8d28\u8be2\u3002

"},{"location":"zh/configuration/shared/tls/#alternative_http_port","title":"alternative_http_port","text":"

\u7528\u4e8e ACME HTTP \u8d28\u8be2\u7684\u5907\u7528\u7aef\u53e3\uff1b\u5982\u679c\u975e\u7a7a\uff0c\u5c06\u4f7f\u7528\u6b64\u7aef\u53e3\u800c\u4e0d\u662f 80 \u6765\u542f\u52a8 HTTP \u8d28\u8be2\u7684\u4fa6\u542c\u5668\u3002

"},{"location":"zh/configuration/shared/tls/#alternative_tls_port","title":"alternative_tls_port","text":"

\u7528\u4e8e ACME TLS-ALPN \u8d28\u8be2\u7684\u5907\u7528\u7aef\u53e3\uff1b \u7cfb\u7edf\u5fc5\u987b\u5c06 443 \u8f6c\u53d1\u5230\u6b64\u7aef\u53e3\u4ee5\u4f7f\u8d28\u8be2\u6210\u529f\u3002

"},{"location":"zh/configuration/shared/tls/#external_account","title":"external_account","text":"

EAB\uff08\u5916\u90e8\u5e10\u6237\u7ed1\u5b9a\uff09\u5305\u542b\u5c06 ACME \u5e10\u6237\u7ed1\u5b9a\u6216\u6620\u5c04\u5230\u5176\u4ed6\u5df2\u77e5\u5e10\u6237\u6240\u9700\u7684\u4fe1\u606f\u7531 CA\u3002

\u5916\u90e8\u5e10\u6237\u7ed1\u5b9a\u201c\u7528\u4e8e\u5c06 ACME \u5e10\u6237\u4e0e\u975e ACME \u7cfb\u7edf\u4e2d\u7684\u73b0\u6709\u5e10\u6237\u76f8\u5173\u8054\uff0c\u4f8b\u5982 CA \u5ba2\u6237\u6570\u636e\u5e93\u3002

\u4e3a\u4e86\u542f\u7528 ACME \u5e10\u6237\u7ed1\u5b9a\uff0c\u8fd0\u884c ACME \u670d\u52a1\u5668\u7684 CA \u9700\u8981\u5411 ACME \u5ba2\u6237\u7aef\u63d0\u4f9b MAC \u5bc6\u94a5\u548c\u5bc6\u94a5\u6807\u8bc6\u7b26\uff0c\u4f7f\u7528 ACME \u4e4b\u5916\u7684\u4e00\u4e9b\u673a\u5236\u3002 \u00a77.3.4

"},{"location":"zh/configuration/shared/tls/#external_accountkey_id","title":"external_account.key_id","text":"

\u5bc6\u94a5\u6807\u8bc6\u7b26\u3002

"},{"location":"zh/configuration/shared/tls/#external_accountmac_key","title":"external_account.mac_key","text":"

MAC \u5bc6\u94a5\u3002

"},{"location":"zh/configuration/shared/tls/#dns01_challenge","title":"dns01_challenge","text":"

ACME DNS01 \u9a8c\u8bc1\u5b57\u6bb5\u3002\u5982\u679c\u914d\u7f6e\uff0c\u5c06\u7981\u7528\u5176\u4ed6\u9a8c\u8bc1\u65b9\u6cd5\u3002

\u53c2\u9605 DNS01 \u9a8c\u8bc1\u5b57\u6bb5\u3002

"},{"location":"zh/configuration/shared/tls/#reality","title":"Reality \u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tls/#handshake","title":"handshake","text":"

\u4ec5\u670d\u52a1\u5668

\u5fc5\u586b

\u63e1\u624b\u670d\u52a1\u5668\u5730\u5740\u548c \u62e8\u53f7\u53c2\u6570\u3002

"},{"location":"zh/configuration/shared/tls/#private_key","title":"private_key","text":"

\u4ec5\u670d\u52a1\u5668

\u5fc5\u586b

\u79c1\u94a5\uff0c\u7531 sing-box generate reality-keypair \u751f\u6210\u3002

"},{"location":"zh/configuration/shared/tls/#public_key","title":"public_key","text":"

\u4ec5\u5ba2\u6237\u7aef

\u5fc5\u586b

\u516c\u94a5\uff0c\u7531 sing-box generate reality-keypair \u751f\u6210\u3002

"},{"location":"zh/configuration/shared/tls/#short_id","title":"short_id","text":"

\u5fc5\u586b

\u4e00\u4e2a\u96f6\u5230\u516b\u4f4d\u7684\u5341\u516d\u8fdb\u5236\u5b57\u7b26\u4e32\u3002

"},{"location":"zh/configuration/shared/tls/#max_time_difference","title":"max_time_difference","text":"

\u670d\u52a1\u5668\u4e0e\u548c\u5ba2\u6237\u7aef\u4e4b\u95f4\u5141\u8bb8\u7684\u6700\u5927\u65f6\u95f4\u5dee\u3002

\u9ed8\u8ba4\u7981\u7528\u68c0\u67e5\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/","title":"V2Ray \u4f20\u8f93\u5c42","text":"

V2Ray Transport \u662f v2ray \u53d1\u660e\u7684\u4e00\u7ec4\u79c1\u6709\u534f\u8bae\uff0c\u5e76\u6c61\u67d3\u4e86\u5176\u4ed6\u534f\u8bae\u7684\u540d\u79f0\uff0c\u5982 clash \u4e2d\u7684 trojan-grpc\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#_1","title":"\u7ed3\u6784","text":"
{\n  \"type\": \"\"\n}\n

\u53ef\u7528\u7684\u4f20\u8f93\u534f\u8bae\uff1a

  • HTTP
  • WebSocket
  • QUIC
  • gRPC
  • HTTPUpgrade

\u4e0e v2ray-core \u7684\u533a\u522b

  • \u6ca1\u6709 TCP \u4f20\u8f93\u5c42, \u7eaf HTTP \u5df2\u5408\u5e76\u5230 HTTP \u4f20\u8f93\u5c42\u3002
  • \u6ca1\u6709 mKCP \u4f20\u8f93\u5c42\u3002
  • \u6ca1\u6709 DomainSocket \u4f20\u8f93\u5c42\u3002

\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#http","title":"HTTP","text":"
{\n  \"type\": \"http\",\n  \"host\": [],\n  \"path\": \"\",\n  \"method\": \"\",\n  \"headers\": {},\n  \"idle_timeout\": \"15s\",\n  \"ping_timeout\": \"15s\"\n}\n

\u4e0e v2ray-core \u7684\u533a\u522b

\u4e0d\u5f3a\u5236\u6267\u884c TLS\u3002\u5982\u679c\u672a\u914d\u7f6e TLS\uff0c\u5c06\u4f7f\u7528\u7eaf HTTP 1.1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#host","title":"host","text":"

\u4e3b\u673a\u57df\u540d\u5217\u8868\u3002

\u5982\u679c\u8bbe\u7f6e\uff0c\u5ba2\u6237\u7aef\u5c06\u968f\u673a\u9009\u62e9\uff0c\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#path","title":"path","text":"

Warning

V2Ray \u6587\u6863\u79f0\u670d\u52a1\u7aef\u548c\u5ba2\u6237\u7aef\u7684\u8def\u5f84\u5fc5\u987b\u4e00\u81f4\uff0c\u4f46\u5b9e\u9645\u4ee3\u7801\u5141\u8bb8\u5ba2\u6237\u7aef\u5411\u8def\u5f84\u6dfb\u52a0\u4efb\u4f55\u540e\u7f00\u3002 sing-box \u4f7f\u7528\u4e0e V2Ray \u76f8\u540c\u7684\u884c\u4e3a\uff0c\u4f46\u8bf7\u6ce8\u610f\uff0c\u8be5\u884c\u4e3a\u5728 WebSocket \u548c HTTPUpgrade \u4f20\u8f93\u5c42\u4e2d\u4e0d\u5b58\u5728\u3002

HTTP \u8bf7\u6c42\u8def\u5f84

\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#method","title":"method","text":"

HTTP \u8bf7\u6c42\u65b9\u6cd5

\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#headers","title":"headers","text":"

HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934

\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u5199\u5165\u54cd\u5e94\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#idle_timeout","title":"idle_timeout","text":"

\u5728 HTTP2 \u670d\u52a1\u5668\u4e2d\uff1a

\u6307\u5b9a\u95f2\u7f6e\u5ba2\u6237\u7aef\u5e94\u5728\u591a\u957f\u65f6\u95f4\u5185\u4f7f\u7528 GOAWAY \u5e27\u5173\u95ed\u3002PING \u5e27\u4e0d\u88ab\u89c6\u4e3a\u6d3b\u52a8\u3002

\u5728 HTTP2 \u5ba2\u6237\u7aef\u4e2d\uff1a

\u5982\u679c\u8fde\u63a5\u4e0a\u6ca1\u6709\u6536\u5230\u4efb\u4f55\u5e27\uff0c\u6307\u5b9a\u4e00\u6bb5\u65f6\u95f4\u540e\u5c06\u4f7f\u7528 PING \u5e27\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cPING \u54cd\u5e94\u88ab\u89c6\u4e3a\u5df2\u63a5\u6536\u7684\u5e27\uff0c\u56e0\u6b64\u5982\u679c\u8fde\u63a5\u4e0a\u6ca1\u6709\u5176\u4ed6\u6d41\u91cf\uff0c\u5219\u5065\u5eb7\u68c0\u67e5\u5c06\u5728\u6bcf\u4e2a\u95f4\u9694\u6267\u884c\u4e00\u6b21\u3002\u5982\u679c\u503c\u4e3a\u96f6\uff0c\u5219\u4e0d\u4f1a\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u3002

\u9ed8\u8ba4\u4f7f\u7528\u96f6\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#ping_timeout","title":"ping_timeout","text":"

\u5728 HTTP2 \u5ba2\u6237\u7aef\u4e2d\uff1a

\u6307\u5b9a\u53d1\u9001 PING \u5e27\u540e\uff0c\u5728\u6307\u5b9a\u7684\u8d85\u65f6\u65f6\u95f4\u5185\u5fc5\u987b\u63a5\u6536\u5230\u54cd\u5e94\u3002\u5982\u679c\u5728\u6307\u5b9a\u7684\u8d85\u65f6\u65f6\u95f4\u5185\u6ca1\u6709\u6536\u5230 PING \u5e27\u7684\u54cd\u5e94\uff0c\u5219\u8fde\u63a5\u5c06\u5173\u95ed\u3002\u9ed8\u8ba4\u8d85\u65f6\u6301\u7eed\u65f6\u95f4\u4e3a 15 \u79d2\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#path_1","title":"path","text":"

HTTP \u8bf7\u6c42\u8def\u5f84

\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#headers_1","title":"headers","text":"

HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934

\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u5199\u5165\u54cd\u5e94\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#max_early_data","title":"max_early_data","text":"

\u8bf7\u6c42\u4e2d\u5141\u8bb8\u7684\u6700\u5927\u6709\u6548\u8d1f\u8f7d\u5927\u5c0f\u3002\u9ed8\u8ba4\u542f\u7528\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#early_data_header_name","title":"early_data_header_name","text":"

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u65e9\u671f\u6570\u636e\u5728\u8def\u5f84\u800c\u4e0d\u662f\u6807\u5934\u4e2d\u53d1\u9001\u3002

\u8981\u4e0e Xray-core \u517c\u5bb9\uff0c\u8bf7\u5c06\u5176\u8bbe\u7f6e\u4e3a Sec-WebSocket-Protocol\u3002

\u5b83\u9700\u8981\u4e0e\u670d\u52a1\u5668\u4fdd\u6301\u4e00\u81f4\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#quic","title":"QUIC","text":"
{\n  \"type\": \"quic\"\n}\n

\u4e0e v2ray-core \u7684\u533a\u522b

\u6ca1\u6709\u989d\u5916\u7684\u52a0\u5bc6\u652f\u6301\uff1a \u5b83\u57fa\u672c\u4e0a\u662f\u91cd\u590d\u52a0\u5bc6\u3002 \u5e76\u4e14 Xray-core \u5728\u8fd9\u91cc\u4e0e v2ray-core \u4e0d\u517c\u5bb9\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#grpc","title":"gRPC","text":"

\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u542b\u6807\u51c6 gRPC (\u517c\u5bb9\u6027\u597d\uff0c\u4f46\u6027\u80fd\u8f83\u5dee), \u53c2\u9605 \u5b89\u88c5\u3002

{\n  \"type\": \"grpc\",\n  \"service_name\": \"TunService\",\n  \"idle_timeout\": \"15s\",\n  \"ping_timeout\": \"15s\",\n  \"permit_without_stream\": false\n}\n
"},{"location":"zh/configuration/shared/v2ray-transport/#service_name","title":"service_name","text":"

gRPC \u670d\u52a1\u540d\u79f0\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#idle_timeout_1","title":"idle_timeout","text":"

\u5728\u6807\u51c6 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a

\u5982\u679c\u4f20\u8f93\u5728\u6b64\u65f6\u95f4\u6bb5\u540e\u6ca1\u6709\u770b\u5230\u4efb\u4f55\u6d3b\u52a8\uff0c\u5b83\u4f1a\u5411\u5ba2\u6237\u7aef\u53d1\u9001 ping \u8bf7\u6c42\u4ee5\u68c0\u67e5\u8fde\u63a5\u662f\u5426\u4ecd\u7136\u6d3b\u52a8\u3002

\u5728\u9ed8\u8ba4 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a

\u5b83\u7684\u884c\u4e3a\u4e0e HTTP \u4f20\u8f93\u5c42\u4e2d\u7684\u76f8\u5e94\u8bbe\u7f6e\u76f8\u540c\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#ping_timeout_1","title":"ping_timeout","text":"

\u5728\u6807\u51c6 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a

\u7ecf\u8fc7\u4e00\u6bb5\u65f6\u95f4\u4e4b\u540e\uff0c\u5ba2\u6237\u7aef\u5c06\u6267\u884c keepalive \u68c0\u67e5\u5e76\u7b49\u5f85\u6d3b\u52a8\u3002\u5982\u679c\u6ca1\u6709\u68c0\u6d4b\u5230\u4efb\u4f55\u6d3b\u52a8\uff0c\u5219\u4f1a\u5173\u95ed\u8fde\u63a5\u3002

\u5728\u9ed8\u8ba4 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a

\u5b83\u7684\u884c\u4e3a\u4e0e HTTP \u4f20\u8f93\u5c42\u4e2d\u7684\u76f8\u5e94\u8bbe\u7f6e\u76f8\u540c\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#permit_without_stream","title":"permit_without_stream","text":"

\u5728\u6807\u51c6 gRPC \u5ba2\u6237\u7aef\uff1a

\u5982\u679c\u542f\u7528\uff0c\u5ba2\u6237\u7aef\u4f20\u8f93\u5373\u4f7f\u6ca1\u6709\u6d3b\u52a8\u8fde\u63a5\u4e5f\u4f1a\u53d1\u9001 keepalive ping\u3002\u5982\u679c\u7981\u7528\uff0c\u5219\u5728\u6ca1\u6709\u6d3b\u52a8\u8fde\u63a5\u65f6\uff0c\u5c06\u5ffd\u7565 idle_timeout \u548c ping_timeout\uff0c\u5e76\u4e14\u4e0d\u4f1a\u53d1\u9001 keepalive ping\u3002

\u9ed8\u8ba4\u7981\u7528\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#host_1","title":"host","text":"

\u4e3b\u673a\u57df\u540d\u3002

\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#path_2","title":"path","text":"

HTTP \u8bf7\u6c42\u8def\u5f84

\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002

"},{"location":"zh/configuration/shared/v2ray-transport/#headers_2","title":"headers","text":"

HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934\u3002

\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u5199\u5165\u54cd\u5e94\u3002

"},{"location":"zh/installation/build-from-source/","title":"\u4ece\u6e90\u4ee3\u7801\u6784\u5efa","text":""},{"location":"zh/installation/build-from-source/#_2","title":"\u8981\u6c42","text":""},{"location":"zh/installation/build-from-source/#sing-box-19","title":"sing-box 1.9","text":"
  • Go 1.18.5 - 1.22.x
  • Go 1.20.0 - 1.22.x with tag with_quic, or with_utls enabled
  • Go 1.21.0 - 1.22.x with tag with_ech enabled

\u60a8\u53ef\u4ee5\u4ece https://go.dev/doc/install \u4e0b\u8f7d\u5e76\u5b89\u88c5 Go\uff0c\u63a8\u8350\u4f7f\u7528\u6700\u65b0\u7248\u672c\u3002

"},{"location":"zh/installation/build-from-source/#_3","title":"\u5feb\u901f\u5f00\u59cb","text":"
make\n

\u6216\u8005\u6784\u5efa\u4e8c\u8fdb\u5236\u6587\u4ef6\u5e76\u5c06\u5176\u5b89\u88c5\u5230 $GOBIN\uff1a

make install\n
"},{"location":"zh/installation/build-from-source/#_4","title":"\u81ea\u5b9a\u4e49\u6784\u5efa","text":"
TAGS=\"tag_a tag_b\" make\n

or

go build -tags \"tag_a tag_b\" ./cmd/sing-box\n
"},{"location":"zh/installation/build-from-source/#_5","title":"\u6784\u5efa\u6807\u8bb0","text":"\u6784\u5efa\u6807\u8bb0 \u9ed8\u8ba4\u542f\u52a8 \u8bf4\u660e with_quic Build with QUIC support, see QUIC and HTTP3 DNS transports, Naive inbound, Hysteria Inbound, Hysteria Outbound and V2Ray Transport#QUIC. with_grpc \ufe0f Build with standard gRPC support, see V2Ray Transport#gRPC. with_dhcp Build with DHCP support, see DHCP DNS transport. with_wireguard Build with WireGuard support, see WireGuard outbound. with_ech Build with TLS ECH extension support for TLS outbound, see TLS. with_utls Build with uTLS support for TLS outbound, see TLS. with_reality_server Build with reality TLS server support, see TLS. with_acme Build with ACME TLS certificate issuer support, see TLS. with_clash_api Build with Clash API support, see Experimental. with_v2ray_api \ufe0f Build with V2Ray API support, see Experimental. with_gvisor Build with gVisor support, see Tun inbound and WireGuard outbound. with_embedded_tor (CGO required) \ufe0f Build with embedded Tor support, see Tor outbound.

\u9664\u975e\u60a8\u786e\u5b9e\u77e5\u9053\u60a8\u6b63\u5728\u542f\u7528\u4ec0\u4e48\uff0c\u5426\u5219\u4e0d\u5efa\u8bae\u66f4\u6539\u9ed8\u8ba4\u6784\u5efa\u6807\u7b7e\u5217\u8868\u3002

"},{"location":"zh/installation/docker/#_1","title":"\u547d\u4ee4","text":"
docker run -d \\\n  -v /etc/sing-box:/etc/sing-box/ \\\n  --name=sing-box \\\n  --restart=always \\\n  ghcr.io/sagernet/sing-box \\\n  -D /var/lib/sing-box \\\n  -C /etc/sing-box/ run\n
"},{"location":"zh/installation/package-manager/","title":"\u5305\u7ba1\u7406\u5668","text":""},{"location":"zh/installation/package-manager/#_2","title":"\u4ed3\u5e93\u5b89\u88c5","text":"Debian / APT Redhat / DNF
sudo curl -fsSL https://sing-box.app/gpg.key -o /etc/apt/keyrings/sagernet.asc\nsudo chmod a+r /etc/apt/keyrings/sagernet.asc\necho \"deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/sagernet.asc] https://deb.sagernet.org/ * *\" | \\\n  sudo tee /etc/apt/sources.list.d/sagernet.list > /dev/null\nsudo apt-get update\nsudo apt-get install sing-box # or sing-box-beta\n

sudo dnf -y install dnf-plugins-core\nsudo dnf config-manager --add-repo https://sing-box.app/sing-box.repo\nsudo dnf install sing-box # or sing-box-beta\n
\uff08\u8fd9\u9002\u7528\u4e8e\u4efb\u4f55\u4f7f\u7528 dnf \u4f5c\u4e3a\u5305\u7ba1\u7406\u5668\u7684\u53d1\u884c\u7248\uff1aFedora\u3001CentOS\uff0c\u751a\u81f3\u5b89\u88c5\u4e86 DNF \u7684 OpenSUSE\u3002\uff09

"},{"location":"zh/installation/package-manager/#_3","title":"\u624b\u52a8\u5b89\u88c5","text":"Debian / DEB Redhat / RPM Archlinux / PKG
bash <(curl -fsSL https://sing-box.app/deb-install.sh)\n

bash <(curl -fsSL https://sing-box.app/rpm-install.sh)\n
\uff08\u8fd9\u9002\u7528\u4e8e\u4efb\u4f55\u4f7f\u7528 rpm \u548c systemd \u7684\u53d1\u884c\u7248\u3002\u7531\u4e8e rpm \u5b9a\u4e49\u4f9d\u8d56\u5173\u7cfb\u7684\u65b9\u5f0f\uff0c\u5982\u679c\u5b89\u88c5\u6210\u529f\uff0c\u5c31\u591a\u534a\u80fd\u7528\u3002\uff09

bash <(curl -fsSL https://sing-box.app/arch-install.sh)\n
"},{"location":"zh/installation/package-manager/#_4","title":"\u6258\u7ba1\u5b89\u88c5","text":"Linux macOS Windows Android FreeBSD \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 AUR Arch Linux ? -S sing-box nixpkgs NixOS nix-env -iA nixos.sing-box Homebrew macOS / Linux brew install sing-box APK Alpine apk add sing-box DEB AOSC apt install sing-box \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 Homebrew macOS brew install sing-box \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 Scoop Windows scoop install sing-box Chocolatey Windows choco install sing-box winget Windows winget install sing-box \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 Termux Android pkg add sing-box \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 FreshPorts FreeBSD pkg install sing-box"},{"location":"zh/installation/package-manager/#_5","title":"\u5b58\u5728\u95ee\u9898\u7684\u6e90","text":"\u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u539f\u56e0 DEB AOSC aosc-os-abbs \u5b58\u5728\u95ee\u9898\u7684\u6784\u5efa\u6807\u5fd7\u5217\u8868\u4fee\u6539 Homebrew / homebrew-core \u5b58\u5728\u95ee\u9898\u7684\u6784\u5efa\u6807\u5fd7\u5217\u8868\u4fee\u6539 Termux Android termux-packages \u5b58\u5728\u95ee\u9898\u7684\u6784\u5efa\u6807\u5fd7\u5217\u8868\u4fee\u6539 FreshPorts FreeBSD FreeBSD ports \u592a\u65e7\u7684 Go (go1.20)

\u5982\u679c\u60a8\u662f\u5176\u7528\u6237\uff0c\u8bf7\u5411\u4ed6\u4eec\u62a5\u544a\u95ee\u9898\uff1a

  1. \u5728\u672a\u5b8c\u5168\u4e86\u89e3\u76f8\u5173\u529f\u80fd\u7684\u60c5\u51b5\u4e0b\uff0c\u8bf7\u52ff\u4fee\u6539\u53d1\u5e03\u7248\u672c\u6807\u7b7e\uff1a\u542f\u7528\u975e\u9ed8\u8ba4\u6807\u7b7e\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6027\u80fd\u4e0b\u964d\uff1b\u7f3a\u5c11\u9ed8\u8ba4\u6807\u7b7e\u53ef\u80fd\u4f1a\u5f15\u8d77\u7528\u6237\u6df7\u6dc6\u3002
  2. sing-box \u652f\u6301\u4f7f\u7528\u4e00\u4e9b\u8f83\u65e7\u7684 Go \u7248\u672c\u8fdb\u884c\u7f16\u8bd1\uff0c\u4f46\u4e0d\u63a8\u8350\u4f7f\u7528\uff08\u7279\u522b\u662f\u5df2\u4e0d\u518d\u53d7 Go \u652f\u6301\u7684\u7248\u672c\uff09\u3002
"},{"location":"zh/installation/package-manager/#_6","title":"\u670d\u52a1\u7ba1\u7406","text":"

\u5bf9\u4e8e\u5e26\u6709 systemd \u7684 Linux \u7cfb\u7edf\uff0c\u901a\u5e38\u5b89\u88c5\u5df2\u7ecf\u5305\u542b sing-box \u670d\u52a1\uff0c \u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u7ba1\u7406\u670d\u52a1\uff1a

\u884c\u52a8 \u547d\u4ee4 \u542f\u7528 sudo systemctl enable sing-box \u7981\u7528 sudo systemctl disable sing-box \u542f\u52a8 sudo systemctl start sing-box \u505c\u6b62 sudo systemctl stop sing-box \u5f3a\u884c\u505c\u6b62 sudo systemctl kill sing-box \u91cd\u65b0\u542f\u52a8 sudo systemctl restart sing-box \u67e5\u770b\u65e5\u5fd7 sudo journalctl -u sing-box --output cat -e \u5b9e\u65f6\u65e5\u5fd7 sudo journalctl -u sing-box --output cat -f"}]}