sing-box/docs/manual/proxy-protocol/hysteria2.md
Mingye Wang aae3fded32
documentation: Two updates
* Copyedit documentation

Close #1378

* remove yum, go full on dnf

fixes #2049
2024-08-21 11:32:43 +08:00

5.4 KiB

icon
material/lightning-bolt

Hysteria 2

Hysteria 2 is a simple, Chinese-made protocol based on QUIC. The selling point is Brutal, a congestion control algorithm that tries to achieve a user-defined bandwidth despite packet loss.

!!! warning

Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more obvious characteristics than TCP based proxies.
Specification Resists passive detection Resists active probes
hysteria.network :material-alert: :material-check:

:material-text-box-check: Password Generator

Generate Password Action

:material-alert: Difference from official Hysteria

The official program supports an authentication method called userpass, which essentially uses a combination of <username>:<password> as the actual password, while sing-box does not provide this alias. To use sing-box with the official program, you need to fill in that combination as the actual password.

:material-server: Server Example

!!! info ""

Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your server.

=== ":material-harddisk: With local certificate"

```json
 {
  "inbounds": [
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "users": [
        {
          "name": "sekai",
          "password": "<password>"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "key_path": "/path/to/key.pem",
        "certificate_path": "/path/to/certificate.pem"
      }
    }
  ]
}
```

=== ":material-auto-fix: With ACME"

```json
 {
  "inbounds": [
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "users": [
        {
          "name": "sekai",
          "password": "<password>"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "acme": {
          "domain": "example.org",
          "email": "admin@example.org"
        }
      }
    }
  ]
}
```

=== ":material-cloud: With ACME and Cloudflare API"

```json
 {
  "inbounds": [
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "users": [
        {
          "name": "sekai",
          "password": "<password>"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "acme": {
          "domain": "example.org",
          "email": "admin@example.org",
          "dns01_challenge": {
            "provider": "cloudflare",
            "api_token": "my_token"
          }
        }
      }
    }
  ]
}
```

!!! info ""

Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your client.

=== ":material-web-check: With valid certificate"

```json
{
  "outbounds": [
    {
      "type": "hysteria2",
      "server": "127.0.0.1",
      "server_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "<password>",
      "tls": {
        "enabled": true,
        "server_name": "example.org"
      }
    }
  ]
}
```

=== ":material-check: With self-sign certificate"

!!! info "Tip"
    
    Use `sing-box merge` command to merge configuration and certificate into one file.

```json
{
  "outbounds": [
    {
      "type": "hysteria2",
      "server": "127.0.0.1",
      "server_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "<password>",
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "certificate_path": "/path/to/certificate.pem"
      }
    }
  ]
}
```

=== ":material-alert: Ignore certificate verification"

```json
{
  "outbounds": [
    {
      "type": "hysteria2",
      "server": "127.0.0.1",
      "server_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "<password>",
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "insecure": true
      }
    }
  ]
}
```