mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-24 09:31:30 +00:00
212 lines
5.4 KiB
Markdown
212 lines
5.4 KiB
Markdown
---
|
|
icon: material/lightning-bolt
|
|
---
|
|
|
|
# Hysteria 2
|
|
|
|
The most popular Chinese-made simple protocol based on QUIC, the selling point is Brutal,
|
|
a congestion control algorithm that can resist packet loss by manually specifying the required rate by the user.
|
|
|
|
!!! warning
|
|
|
|
Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.
|
|
|
|
| Specification | Binary Characteristics | Active Detect Hiddenness |
|
|
|---------------------------------------------------------------------------|------------------------|--------------------------|
|
|
| [hysteria.network](https://v2.hysteria.network/docs/developers/Protocol/) | :material-alert: | :material-check: |
|
|
|
|
## :material-text-box-check: Password Generator
|
|
|
|
| Generate Password | Action |
|
|
|----------------------------|-----------------------------------------------------------------|
|
|
| <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
|
|
|
|
<script>
|
|
function generate() {
|
|
const array = new Uint8Array(16);
|
|
window.crypto.getRandomValues(array);
|
|
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
|
|
}
|
|
generate();
|
|
</script>
|
|
|
|
## :material-alert: Difference from official Hysteria
|
|
|
|
The official program supports an authentication method called **userpass**,
|
|
which essentially uses a combination of `<username>:<password>` as the actual password,
|
|
while sing-box does not provide this alias.
|
|
To use sing-box with the official program, you need to fill in that combination as the actual password.
|
|
|
|
## :material-server: Server Example
|
|
|
|
!!! info ""
|
|
|
|
Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your server.
|
|
|
|
=== ":material-harddisk: With local certificate"
|
|
|
|
```json
|
|
{
|
|
"inbounds": [
|
|
{
|
|
"type": "hysteria2",
|
|
"listen": "::",
|
|
"listen_port": 8080,
|
|
"up_mbps": 100,
|
|
"down_mbps": 100,
|
|
"users": [
|
|
{
|
|
"name": "sekai",
|
|
"password": "<password>"
|
|
}
|
|
],
|
|
"tls": {
|
|
"enabled": true,
|
|
"server_name": "example.org",
|
|
"key_path": "/path/to/key.pem",
|
|
"certificate_path": "/path/to/certificate.pem"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
=== ":material-auto-fix: With ACME"
|
|
|
|
```json
|
|
{
|
|
"inbounds": [
|
|
{
|
|
"type": "hysteria2",
|
|
"listen": "::",
|
|
"listen_port": 8080,
|
|
"up_mbps": 100,
|
|
"down_mbps": 100,
|
|
"users": [
|
|
{
|
|
"name": "sekai",
|
|
"password": "<password>"
|
|
}
|
|
],
|
|
"tls": {
|
|
"enabled": true,
|
|
"server_name": "example.org",
|
|
"acme": {
|
|
"domain": "example.org",
|
|
"email": "admin@example.org"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
=== ":material-cloud: With ACME and Cloudflare API"
|
|
|
|
```json
|
|
{
|
|
"inbounds": [
|
|
{
|
|
"type": "hysteria2",
|
|
"listen": "::",
|
|
"listen_port": 8080,
|
|
"up_mbps": 100,
|
|
"down_mbps": 100,
|
|
"users": [
|
|
{
|
|
"name": "sekai",
|
|
"password": "<password>"
|
|
}
|
|
],
|
|
"tls": {
|
|
"enabled": true,
|
|
"server_name": "example.org",
|
|
"acme": {
|
|
"domain": "example.org",
|
|
"email": "admin@example.org",
|
|
"dns01_challenge": {
|
|
"provider": "cloudflare",
|
|
"api_token": "my_token"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## :material-cellphone-link: Client Example
|
|
|
|
!!! info ""
|
|
|
|
Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your client.
|
|
|
|
=== ":material-web-check: With valid certificate"
|
|
|
|
```json
|
|
{
|
|
"outbounds": [
|
|
{
|
|
"type": "hysteria2",
|
|
"server": "127.0.0.1",
|
|
"server_port": 8080,
|
|
"up_mbps": 100,
|
|
"down_mbps": 100,
|
|
"password": "<password>",
|
|
"tls": {
|
|
"enabled": true,
|
|
"server_name": "example.org"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
=== ":material-check: With self-sign certificate"
|
|
|
|
!!! info "Tip"
|
|
|
|
Use `sing-box merge` command to merge configuration and certificate into one file.
|
|
|
|
```json
|
|
{
|
|
"outbounds": [
|
|
{
|
|
"type": "hysteria2",
|
|
"server": "127.0.0.1",
|
|
"server_port": 8080,
|
|
"up_mbps": 100,
|
|
"down_mbps": 100,
|
|
"password": "<password>",
|
|
"tls": {
|
|
"enabled": true,
|
|
"server_name": "example.org",
|
|
"certificate_path": "/path/to/certificate.pem"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
=== ":material-alert: Ignore certificate verification"
|
|
|
|
```json
|
|
{
|
|
"outbounds": [
|
|
{
|
|
"type": "hysteria2",
|
|
"server": "127.0.0.1",
|
|
"server_port": 8080,
|
|
"up_mbps": 100,
|
|
"down_mbps": 100,
|
|
"password": "<password>",
|
|
"tls": {
|
|
"enabled": true,
|
|
"server_name": "example.org",
|
|
"insecure": true
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|