在科学上网生态中,你可能同时使用着多个代理服务、多种协议、多台客户端。配置分散、规则不统一、维护成本高——这是很多进阶用户的痛点。sing-box 正是为解决这些问题而生的下一代网络代理框架。
本文将带你从零开始,理解 sing-box 的设计理念,掌握核心配置,并将其打造为一台统一的全能网关。
🧭 为什么选择 sing-box?
sing-box vs 传统方案
| 特性 | sing-box | Xray / v2ray-core | 传统代理客户端 |
|---|---|---|---|
| 多协议统一 | 支持 VLESS/Trojan/SS2022/HTTP(S)/SOCKS5 等 | 主要支持自建协议 | 依赖第三方订阅 |
| 高性能 | Go 原生 + 系统调优,吞吐可提升 20-40% | 性能良好 | 受限于客户端实现 |
| 规则引擎 | 内置强大的 Route/DNS 分流引擎 | 需要外部工具配合 | 规则功能有限 |
| 部署形态 | 网关/终端/旁路由/透明代理均可 | 多为终端或旁路由 | 主要终端模式 |
| 跨平台 | Linux/Mac/Windows/Android/iOS/FreeBSD 全平台 | 主流平台支持 | 平台覆盖不一 |
核心设计理念
┌─────────────────────────────────────────────────┐
│ sing-box │
│ │
│ [Inbound] ←─ 接收流量 │ VLESS / Trojan │
│ │ │ Shadowsocks │
│ │ │ SOCKS5 / HTTP│
│ ▼ │ │
│ [Router] ←─ 规则匹配 │ 域名/IP/进程 │
│ │ │ │
│ ▼ │ │
│ [DNS] ←─ 智能解析 │ DoH / DoT │
│ │ │ │
│ ▼ │ │
│ [Outbound] ←─ 转发出口 │ 代理 / 直连 │
└─────────────────────────────────────────────────┘┌─────────────────────────────────────────────────┐
│ sing-box │
│ │
│ [Inbound] ←─ 接收流量 │ VLESS / Trojan │
│ │ │ Shadowsocks │
│ │ │ SOCKS5 / HTTP│
│ ▼ │ │
│ [Router] ←─ 规则匹配 │ 域名/IP/进程 │
│ │ │ │
│ ▼ │ │
│ [DNS] ←─ 智能解析 │ DoH / DoT │
│ │ │ │
│ ▼ │ │
│ [Outbound] ←─ 转发出口 │ 代理 / 直连 │
└─────────────────────────────────────────────────┘
三大核心组件:
- Inbound(入站):定义流量如何进入 sing-box
- Router(路由):决定流量是直连、走代理还是拒绝
- Outbound(出站):定义流量如何转发到目标
适合的场景
- 🎯 家庭网关:旁路由模式,局域网所有设备自动分流
- 🎯 开发者终端:精细控制开发环境的网络访问
- 🎯 公司内网穿透:安全访问公司内部服务
- 🎯 多协议机场接入:统一管理多个机场的节点与规则
📦 安装 sing-box
方式一:官方脚本安装(推荐)
bash <(curl -fsSL https://sing-box.app/deb-install.sh)bash <(curl -fsSL https://sing-box.app/deb-install.sh)
方式二:二进制文件安装
访问 sing-box GitHub Releases ,根据你的系统下载对应版本:
# Linux (amd64)
curl -fsSL https://github.com/sagerNet/sing-box/releases/latest/download/sing-box-1.10.1-linux-amd64.tar.gz | tar -xzvf -
cd sing-box-1.10.1-linux-amd64/
sudo install -m 755 sing-box /usr/local/bin/
# 验证安装
sing-box version# Linux (amd64)
curl -fsSL https://github.com/sagerNet/sing-box/releases/latest/download/sing-box-1.10.1-linux-amd64.tar.gz | tar -xzvf -
cd sing-box-1.10.1-linux-amd64/
sudo install -m 755 sing-box /usr/local/bin/
# 验证安装
sing-box version
方式三:Docker 容器化部署
docker run -d \
--name sing-box \
--restart unless-stopped \
--network host \
-v /etc/sing-box/:/etc/sing-box/ \
ghcr.io/sagernet/sing-box:latest run -c /etc/sing-box/config.jsondocker run -d \
--name sing-box \
--restart unless-stopped \
--network host \
-v /etc/sing-box/:/etc/sing-box/ \
ghcr.io/sagernet/sing-box:latest run -c /etc/sing-box/config.json
🔧 核心配置详解
sing-box 使用 JSON 作为配置格式,结构清晰、模块化强。我们从一个最小可用配置开始。
最小可用配置
{
"log": {
"level": "info",
"timestamp": true
},
"inbounds": [
{
"type": "mixed",
"listen": "0.0.0.0",
"listen_port": 7890,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "vless",
"tag": "proxy",
"server": "your-server.example.com",
"server_port": 443,
"uuid": "your-uuid-here",
"flow": "xtls-rprx-vision",
"transport": {
"type": "tcp",
"tls": {
"enabled": true,
"server_name": "www.microsoft.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
}
},
{
"type": "direct",
"tag": "direct"
}
],
"route": {
"rules": [
{
"domain_suffix": [".cn"],
"outbound": "direct"
}
],
"final": "proxy"
}
}{
"log": {
"level": "info",
"timestamp": true
},
"inbounds": [
{
"type": "mixed",
"listen": "0.0.0.0",
"listen_port": 7890,
"set_system_proxy": false
}
],
"outbounds": [
{
"type": "vless",
"tag": "proxy",
"server": "your-server.example.com",
"server_port": 443,
"uuid": "your-uuid-here",
"flow": "xtls-rprx-vision",
"transport": {
"type": "tcp",
"tls": {
"enabled": true,
"server_name": "www.microsoft.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
}
},
{
"type": "direct",
"tag": "direct"
}
],
"route": {
"rules": [
{
"domain_suffix": [".cn"],
"outbound": "direct"
}
],
"final": "proxy"
}
}
保存为 /etc/sing-box/config.json,然后启动:
sing-box run -c /etc/sing-box/config.jsonsing-box run -c /etc/sing-box/config.json
🌐 多协议统一接入
sing-box 最大的魅力在于一个配置文件,多种协议。下面演示如何在同一个 sing-box 中同时支持多种协议。
多出站(Outbounds)组合
{
"outbounds": [
{
"type": "vless",
"tag": "vless-reality",
"server": "reality.example.com",
"server_port": 443,
"uuid": "your-uuid",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "www.apple.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "your-public-key",
"short_id": "your-short-id"
}
}
},
{
"type": "trojan",
"tag": "trojan-aws",
"server": "trojan.aws.example.com",
"server_port": 443,
"password": "your-password",
"tls": {
"enabled": true,
"server_name": "trojan.aws.example.com"
}
},
{
"type": "shadowsocks",
"tag": "ss-jp",
"server": "ss.jp.example.com",
"server_port": 8388,
"method": "2022-blake3-aes-128-gcm",
"password": "your-ss-password"
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "selector",
"tag": "proxy",
"outbounds": ["vless-reality", "trojan-aws", "ss-jp"],
"default": "vless-reality"
}
]
}{
"outbounds": [
{
"type": "vless",
"tag": "vless-reality",
"server": "reality.example.com",
"server_port": 443,
"uuid": "your-uuid",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "www.apple.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "your-public-key",
"short_id": "your-short-id"
}
}
},
{
"type": "trojan",
"tag": "trojan-aws",
"server": "trojan.aws.example.com",
"server_port": 443,
"password": "your-password",
"tls": {
"enabled": true,
"server_name": "trojan.aws.example.com"
}
},
{
"type": "shadowsocks",
"tag": "ss-jp",
"server": "ss.jp.example.com",
"server_port": 8388,
"method": "2022-blake3-aes-128-gcm",
"password": "your-ss-password"
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "selector",
"tag": "proxy",
"outbounds": ["vless-reality", "trojan-aws", "ss-jp"],
"default": "vless-reality"
}
]
}
策略组(Selector)详解
selector 让你在多个 outbound 间灵活切换,搭配 urltest 可以实现自动选最优节点:
{
"outbounds": [
{
"type": "urltest",
"tag": "auto-select",
"outbounds": ["vless-reality", "trojan-aws", "ss-jp"],
"url": "http://www.gstatic.com/generate_204",
"interval": "5m",
"tolerance": 50
}
]
}{
"outbounds": [
{
"type": "urltest",
"tag": "auto-select",
"outbounds": ["vless-reality", "trojan-aws", "ss-jp"],
"url": "http://www.gstatic.com/generate_204",
"interval": "5m",
"tolerance": 50
}
]
}
原理: 定期对指定 URL 发起测试,选择延迟最低的节点作为默认出口。
🎯 路由与分流规则
路由是 sing-box 最强大的功能之一。让我们一步步掌握。
路由规则基础
{
"route": {
"rules": [
{
"geoip": ["private"],
"outbound": "direct"
},
{
"geosite": ["cn"],
"outbound": "direct"
},
{
"domain_suffix": [".google.com", ".youtube.com"],
"outbound": "proxy"
},
{
"ip_cidr": ["10.0.0.0/8", "192.168.0.0/16"],
"outbound": "direct"
},
{
"port": [22, 80, 443],
"outbound": "proxy"
}
],
"final": "proxy"
}
}{
"route": {
"rules": [
{
"geoip": ["private"],
"outbound": "direct"
},
{
"geosite": ["cn"],
"outbound": "direct"
},
{
"domain_suffix": [".google.com", ".youtube.com"],
"outbound": "proxy"
},
{
"ip_cidr": ["10.0.0.0/8", "192.168.0.0/16"],
"outbound": "direct"
},
{
"port": [22, 80, 443],
"outbound": "proxy"
}
],
"final": "proxy"
}
}
常用规则清单
| 匹配方式 | 示例 | 用途 |
|---|---|---|
geoip |
["cn", "private"] |
按地理位置/特殊IP段匹配 |
geosite |
["cn", "category-ads-all"] |
按域名集合匹配 |
domain_suffix |
[".github.io"] |
匹配指定后缀域名 |
domain_keyword |
["git"] |
关键词匹配 |
ip_cidr |
["8.8.8.8/32"] |
匹配指定 CIDR |
port |
[80, 443] |
匹配端口 |
protocol |
["http", "tls", "dns"] |
匹配协议类型 |
process_name |
["chrome", "docker"] |
按进程名匹配 |
GeoIP / GeoSite 资源
sing-box 依赖 MaxMind GeoIP 和 v2fly domain-list-community 数据。启动时会自动下载最新版本,无需手动维护。
实战:广告拦截 + 国内直连
{
"route": {
"rules": [
{
"geosite": ["category-ads-all"],
"outbound": "block"
},
{
"geosite": ["cn"],
"outbound": "direct"
},
{
"geoip": ["cn", "private"],
"outbound": "direct"
}
],
"final": "proxy"
}
}{
"route": {
"rules": [
{
"geosite": ["category-ads-all"],
"outbound": "block"
},
{
"geosite": ["cn"],
"outbound": "direct"
},
{
"geoip": ["cn", "private"],
"outbound": "direct"
}
],
"final": "proxy"
}
}
🔐 DNS 智能配置
sing-box 内置了强大的 DNS 模块,支持 DoH(DNS over HTTPS)、DoT(DNS over TLS),并能与路由规则联动。
基础 DNS 配置
{
"dns": {
"servers": [
{
"tag": "remote-dns",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "local-dns",
"strategy": "ipv4_only",
"detour": "proxy"
},
{
"tag": "local-dns",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"geosite": ["cn"],
"server": "local-dns"
},
{
"geoip": ["cn"],
"server": "local-dns"
}
],
"final": "remote-dns",
"independent_cache": true,
"fakeip": {
"enabled": false
}
}
}{
"dns": {
"servers": [
{
"tag": "remote-dns",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "local-dns",
"strategy": "ipv4_only",
"detour": "proxy"
},
{
"tag": "local-dns",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"geosite": ["cn"],
"server": "local-dns"
},
{
"geoip": ["cn"],
"server": "local-dns"
}
],
"final": "remote-dns",
"independent_cache": true,
"fakeip": {
"enabled": false
}
}
}
DNS 分流原理
DNS 查询请求
│
▼
DNS 规则匹配
├── .cn 域名 → local-dns (223.5.5.5)
├── 国内 IP → local-dns
└── 其他域名 → remote-dns (1.1.1.1 via proxy)
│
▼
智能缓存 + 返回结果 DNS 查询请求
│
▼
DNS 规则匹配
├── .cn 域名 → local-dns (223.5.5.5)
├── 国内 IP → local-dns
└── 其他域名 → remote-dns (1.1.1.1 via proxy)
│
▼
智能缓存 + 返回结果
开启 FakeIP(可选)
FakeIP 可以显著降低首次 DNS 查询延迟,适用于带宽敏感场景:
{
"dns": {
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
}
}
}{
"dns": {
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
}
}
}
🌍 透明代理与旁路由
sing-box 最强大的应用场景是作为家庭网关,让局域网所有设备自动受益。
旁路由模式架构
Internet
│
┌──────▼──────┐
│ 主路由 │ (192.168.1.1)
└──────┬──────┘
│
┌──────▼──────┐
│ sing-box │ (192.168.1.2 - 旁路由)
│ 旁路由模式 │ ← 部分设备网关指向此
└──────┬──────┘
│
┌────────┼────────┐
│ │ │
┌─▼─┐ ┌─▼─┐ ┌─▼─┐
│ PC│ │NAS│ │手机│
└───┘ └───┘ └───┘ Internet
│
┌──────▼──────┐
│ 主路由 │ (192.168.1.1)
└──────┬──────┘
│
┌──────▼──────┐
│ sing-box │ (192.168.1.2 - 旁路由)
│ 旁路由模式 │ ← 部分设备网关指向此
└──────┬──────┘
│
┌────────┼────────┐
│ │ │
┌─▼─┐ ┌─▼─┐ ┌─▼─┐
│ PC│ │NAS│ │手机│
└───┘ └───┘ └───┘
TProxy 透明代理配置
{
"inbounds": [
{
"type": "tproxy",
"listen": "0.0.0.0",
"listen_port": 12345,
"tcp_fast_open": true
}
]
}{
"inbounds": [
{
"type": "tproxy",
"listen": "0.0.0.0",
"listen_port": 12345,
"tcp_fast_open": true
}
]
}
配合 Linux iptables 规则:
# 创建路由表
ip route add local default dev lo table 100
ip rule add fwmark 1 table 100
# IPv4 流量重定向
iptables -t mangle -N SINGBOX
iptables -t mangle -A SINGBOX -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A SINGBOX -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A SINGBOX -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SINGBOX -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A SINGBOX -d 255.255.255.255 -j RETURN
iptables -t mangle -A SINGBOX -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A SINGBOX -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j SINGBOX
# 本机流量重定向
iptables -t mangle -N SINGBOX_LOCAL
iptables -t mangle -A SINGBOX_LOCAL -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SINGBOX_LOCAL -p tcp -j MARK --set-mark 1
iptables -t mangle -A SINGBOX_LOCAL -p udp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -j SINGBOX_LOCAL# 创建路由表
ip route add local default dev lo table 100
ip rule add fwmark 1 table 100
# IPv4 流量重定向
iptables -t mangle -N SINGBOX
iptables -t mangle -A SINGBOX -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A SINGBOX -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A SINGBOX -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SINGBOX -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A SINGBOX -d 255.255.255.255 -j RETURN
iptables -t mangle -A SINGBOX -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A SINGBOX -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j SINGBOX
# 本机流量重定向
iptables -t mangle -N SINGBOX_LOCAL
iptables -t mangle -A SINGBOX_LOCAL -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A SINGBOX_LOCAL -p tcp -j MARK --set-mark 1
iptables -t mangle -A SINGBOX_LOCAL -p udp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -j SINGBOX_LOCAL
⚡ 性能优化建议
1. 启用 TCP Fast Open
{
"inbounds": [{
"tcp_fast_open": true
}],
"outbounds": [{
"tcp_fast_open": true
}]
}{
"inbounds": [{
"tcp_fast_open": true
}],
"outbounds": [{
"tcp_fast_open": true
}]
}
2. 启用 uTLS 指纹伪装
{
"tls": {
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
}{
"tls": {
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
}
可选指纹:chrome、firefox、safari、ios、android、randomized
3. 系统参数调优
编辑 /etc/sysctl.conf:
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 32768
net.core.wmem_default = 32768
net.core.somaxconn = 65535
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 32768
net.core.wmem_default = 32768
net.core.somaxconn = 65535
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
应用修改:sudo sysctl -p
4. 使用 systemd 管理进程
创建 /etc/systemd/system/sing-box.service:
[Unit]
Description=sing-box service
Documentation=https://sing-box.app
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json
Restart=on-failure
RestartSec=10
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target[Unit]
Description=sing-box service
Documentation=https://sing-box.app
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json
Restart=on-failure
RestartSec=10
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
启动与启用:
sudo systemctl daemon-reload
sudo systemctl enable --now sing-box
sudo systemctl status sing-boxsudo systemctl daemon-reload
sudo systemctl enable --now sing-box
sudo systemctl status sing-box
🔍 故障排查
日志级别调整
{
"log": {
"level": "debug",
"output": "/var/log/sing-box.log",
"timestamp": true
}
}{
"log": {
"level": "debug",
"output": "/var/log/sing-box.log",
"timestamp": true
}
}
常见问题
Q1: 连接被拒绝或超时
# 检查 sing-box 是否在运行
systemctl status sing-box
# 检查端口监听
ss -tulnp | grep 7890
# 查看日志
journalctl -u sing-box -f# 检查 sing-box 是否在运行
systemctl status sing-box
# 检查端口监听
ss -tulnp | grep 7890
# 查看日志
journalctl -u sing-box -f
Q2: DNS 解析失败
- 检查
dns.servers配置 - 确保 remote-dns 的
detour设置为正确的 outbound - 尝试将
strategy改为prefer_ipv4
Q3: 规则不生效
- 将
log.level改为debug,观察 match 日志 - 检查规则顺序(第一条匹配优先)
- 使用
sing-box check -c config.json验证配置
Q4: 透明代理不工作
- 确保内核支持 TPROXY
- 检查 iptables 规则是否正确应用
- 确认路由表和 ip rule 设置:
ip rule show
📚 完整配置模板
下面是一份生产可用的完整配置,适合作为家庭网关:
{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "remote",
"address": "https://1.1.1.1/dns-query",
"strategy": "ipv4_only",
"detour": "proxy"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"geosite": ["cn"],
"server": "local"
},
{
"geoip": ["cn"],
"server": "local"
}
],
"final": "remote",
"independent_cache": true
},
"inbounds": [
{
"type": "mixed",
"listen": "0.0.0.0",
"listen_port": 7890,
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "socks",
"listen": "127.0.0.1",
"listen_port": 7891
}
],
"outbounds": [
{
"type": "selector",
"tag": "proxy",
"outbounds": ["reality-1", "trojan-2"],
"default": "reality-1"
},
{
"type": "vless",
"tag": "reality-1",
"server": "reality.example.com",
"server_port": 443,
"uuid": "your-uuid",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "www.apple.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "your-public-key",
"short_id": "your-short-id"
}
}
},
{
"type": "trojan",
"tag": "trojan-2",
"server": "trojan.example.com",
"server_port": 443,
"password": "your-password",
"tls": {
"enabled": true,
"server_name": "trojan.example.com"
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"auto_detect_interface": true,
"rules": [
{
"geosite": ["category-ads-all"],
"outbound": "block"
},
{
"geosite": ["cn"],
"outbound": "direct"
},
{
"geoip": ["cn", "private"],
"outbound": "direct"
}
],
"final": "proxy"
}
}{
"log": {
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "remote",
"address": "https://1.1.1.1/dns-query",
"strategy": "ipv4_only",
"detour": "proxy"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"geosite": ["cn"],
"server": "local"
},
{
"geoip": ["cn"],
"server": "local"
}
],
"final": "remote",
"independent_cache": true
},
"inbounds": [
{
"type": "mixed",
"listen": "0.0.0.0",
"listen_port": 7890,
"tcp_fast_open": true,
"udp_fragment": true
},
{
"type": "socks",
"listen": "127.0.0.1",
"listen_port": 7891
}
],
"outbounds": [
{
"type": "selector",
"tag": "proxy",
"outbounds": ["reality-1", "trojan-2"],
"default": "reality-1"
},
{
"type": "vless",
"tag": "reality-1",
"server": "reality.example.com",
"server_port": 443,
"uuid": "your-uuid",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "www.apple.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "your-public-key",
"short_id": "your-short-id"
}
}
},
{
"type": "trojan",
"tag": "trojan-2",
"server": "trojan.example.com",
"server_port": 443,
"password": "your-password",
"tls": {
"enabled": true,
"server_name": "trojan.example.com"
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"auto_detect_interface": true,
"rules": [
{
"geosite": ["category-ads-all"],
"outbound": "block"
},
{
"geosite": ["cn"],
"outbound": "direct"
},
{
"geoip": ["cn", "private"],
"outbound": "direct"
}
],
"final": "proxy"
}
}
🎓 下一步学习建议
恭喜你掌握了 sing-box 的核心用法!接下来可以继续探索:
- 📖 订阅转换:将现有订阅导入 sing-box
- 📖 可视化 WebUI:搭配 sing-box 的 Control API 自建 Web 管理面板
- 📖 WireGuard 出站:使用 sing-box 作为 WireGuard 客户端
- 📖 Clash Mode 兼容:支持 Clash API,可搭配 GUI 使用
- 📖 Android/iOS 客户端:在移动端运行 sing-box
建议资源:
结语
sing-box 是一款功能强大、配置灵活的下一代代理框架。它不仅能替代传统的 v2ray/Xray 核心,更能承担起网关级别的统一管理职责。
总结要点:
- ✅ 多协议统一管理,告别配置分散
- ✅ 强大的路由与 DNS 引擎,规则随心所欲
- ✅ 高性能 Go 实现,延迟更低、吞吐更高
- ✅ 全平台支持,终端/网关/旁路由均可
- ✅ 透明代理能力,局域网设备零配置受益
掌握 sing-box,你就拥有了一个可编程、可扩展的网络工具箱。无论是个人使用还是团队协作,它都能为你提供坚实的基础。
愿你在网络世界中自由穿行,安全高效!🚀