yum install epel-release -y yum install nginx -y yum install nginx-mod-stream -y
2.1 新建目录
mkdir /etc/nginx/tcp.d
2.2 增加如下文件内容到 /etc/nginx/tcp.d/stream.conf
stream { map $ssl_preread_server_name $singbox { trojan.example.com trojan; ws.example.com trojan-websocket; } upstream trojan { server 127.0.0.1:52000; } upstream trojan-websocket { server 127.0.0.1:52001; } server { listen 443 reuseport; listen [::]:443 reuseport; proxy_pass $singbox; ssl_preread on; proxy_protocol on; } }
2.3 编辑 /etc/nginx/nginx.conf, 在文件末尾添加如下一行
include /etc/nginx/tcp.d/*.conf;
2.4 编辑回流配置 /etc/nginx/conf.d/fallback.conf
server { listen 80; server_name trojan.example.com; index index.html; root /data/app/web/hy; }
2.5 运行 nginx
systemctl start nginx
wget https://go.dev/dl/go1.20.linux-amd64.tar.gz tar xzf go1.20.linux-amd64.tar.gz mv go /opt/ ln -s /opt/go/bin/go /usr/local/bin/go
如果没有 wget 命令, 使用 yum install wget 安装
go install -v github.com/sagernet/sing-box/cmd/sing-box@lates mv ~/go/bin/sing-box /opt/go/bin/ ln -s /opt/go/bin/sing-box /usr/local/bin/sing-box
{ "log": { "level": "info" }, "inbounds": [ { "type": "trojan", "tag": "trojan-in", "listen": "127.0.0.1", "listen_port": 52001, "tcp_fast_open": true, "udp_fragment": true, "sniff": true, "sniff_override_destination": false, "udp_timeout": 300, "proxy_protocol": true, "proxy_protocol_accept_no_header": false, "users": [ { "name": "whatever", "password": "YOUPASSWORD" } ], "tls": { "enabled": true, "server_name": "trojan.example.com", "alpn": [ "http/1.1" ], "min_version": "1.2", "max_version": "1.3", "certificate_path": "/etc/certs/cert.pem", "key_path": "/etc/certs/key.pem" }, "transport": { "type": "ws", "path": "/wss", "max_early_data": 0, "early_data_header_name": "Sec-WebSocket-Protocol" } } ], "outbounds": [ { "type": "direct", "tag": "direct" } ] }
6.1 新建证书目录
mkdir /etc/certs
6.2 去 cloudflare 上生成证书, 分别命名为 cert.pem 和 key.pem, 然后上传到 /etc/certs/目录下
mkdir -p /data/logs nohup sing-box run -c /etc/sing-box.conf > /data/logs/sing.log 2>&1 &
![]() | 1 jtsang 2023-02-27 06:16:47 +08:00 这里 Cloudflare 只是提供了证书吧? |