diff --git a/sing-box/Makefile b/sing-box/Makefile new file mode 100644 index 000000000..5f9feeb34 --- /dev/null +++ b/sing-box/Makefile @@ -0,0 +1,156 @@ +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=sing-box +PKG_VERSION:=1.4.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=5b8a576639e24640b76f5ee175aa83a54bf9a68f3a6de1650c3067f0f0405e7d + +PKG_LICENSE:=GPL-3.0-or-later +PKG_LICENSE_FILES:=LICENSE + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 +PKG_BUILD_FLAGS:=no-mips16 + +GO_PKG:=github.com/sagernet/sing-box +GO_PKG_BUILD_PKG:=$(GO_PKG)/cmd/sing-box +GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=v$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk + +define Package/$(PKG_NAME) + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=The universal proxy platform. + URL:=https://sing-box.sagernet.org + DEPENDS:=$(GO_ARCH_DEPENDS) \ + +ca-bundle \ + +kmod-inet-diag \ + +kmod-netlink-diag \ + +kmod-tun +endef + +define Package/$(PKG_NAME)/description + Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks, + ShadowsocksR, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on. +endef + +GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=0 + +define Package/$(PKG_NAME)/config + menu "Customizing build tags" + depends on PACKAGE_sing-box + + config SING_BOX_WITH_ACME + bool "Build with ACME TLS certificate issuer support" + default n + + config SING_BOX_WITH_CLASH_API + bool "Build with Clash API support (EXPERIMENTAL!!!)" + default y + + config SING_BOX_WITH_DHCP + bool "Build with DHCP support" + default y + + config SING_BOX_WITH_ECH + bool "Build with TLS ECH extension support" + default n + + config SING_BOX_WITH_GRPC + bool "Build with standard gRPC support" + default n + help + sing-box has better performance gun-lite gRPC built-in by default. + This standard gRPC has better compatibility but poor performance. + + config SING_BOX_WITH_GVISOR + bool "Build with gVisor support" + default n + + config SING_BOX_WITH_QUIC + bool "Build with QUIC support" + default y + help + Required by HTTP3 DNS transports, Naive inbound, + Hysteria inbound / outbound, and v2ray QUIC transport. + + config SING_BOX_WITH_REALITY_SERVER + bool "Build with reality TLS server support" + default n + + config SING_BOX_WITH_SHADOWSOCKSR + bool "Build with ShadowsockR support" + default n + + config SING_BOX_WITH_UTLS + bool "Build with uTLS support" + default y + + config SING_BOX_WITH_V2RAY_API + bool "Build with V2Ray API support (EXPERIMENTAL!!!)" + default n + + config SING_BOX_WITH_WIREGUARD + bool "Build with WireGuard support" + default y + + endmenu +endef + +PKG_CONFIG_DEPENDS:= \ + CONFIG_SING_BOX_WITH_ACME \ + CONFIG_SING_BOX_WITH_CLASH_API \ + CONFIG_SING_BOX_WITH_DHCP \ + CONFIG_SING_BOX_WITH_ECH \ + CONFIG_SING_BOX_WITH_GRPC \ + CONFIG_SING_BOX_WITH_GVISOR \ + CONFIG_SING_BOX_WITH_QUIC \ + CONFIG_SING_BOX_WITH_REALITY_SERVER \ + CONFIG_SING_BOX_WITH_SHADOWSOCKSR \ + CONFIG_SING_BOX_WITH_UTLS \ + CONFIG_SING_BOX_WITH_V2RAY_API \ + CONFIG_SING_BOX_WITH_WIREGUARD + +GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ + $(if $(CONFIG_SING_BOX_WITH_ACME),with_acme) \ + $(if $(CONFIG_SING_BOX_WITH_CLASH_API),with_clash_api) \ + $(if $(CONFIG_SING_BOX_WITH_DHCP),with_dhcp) \ + $(if $(CONFIG_SING_BOX_WITH_ECH),with_ech) \ + $(if $(CONFIG_SING_BOX_WITH_GRPC),with_grpc) \ + $(if $(CONFIG_SING_BOX_WITH_GVISOR),with_gvisor) \ + $(if $(CONFIG_SING_BOX_WITH_QUIC),with_quic) \ + $(if $(CONFIG_SING_BOX_WITH_REALITY_SERVER),with_reality_server) \ + $(if $(CONFIG_SING_BOX_WITH_SHADOWSOCKSR),with_shadowsocksr) \ + $(if $(CONFIG_SING_BOX_WITH_UTLS),with_utls) \ + $(if $(CONFIG_SING_BOX_WITH_V2RAY_API),with_v2ray_api) \ + $(if $(CONFIG_SING_BOX_WITH_WIREGUARD),with_wireguard) \ +)) + +define Package/$(PKG_NAME)/conffiles +/etc/sing-box/config.json +endef + +define Package/$(PKG_NAME)/install + $(call GoPackage/Package/Install/Bin,$(1)) + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box + + $(INSTALL_DIR) $(1)/etc/sing-box + $(INSTALL_DATA) ./files/config.json.example $(1)/etc/sing-box/config.json.example +endef + +$(eval $(call GoBinPackage,sing-box)) +$(eval $(call BuildPackage,sing-box)) diff --git a/sing-box/files/config.json.example b/sing-box/files/config.json.example new file mode 100644 index 000000000..eb55156c5 --- /dev/null +++ b/sing-box/files/config.json.example @@ -0,0 +1,296 @@ +{ + "log": { + "disabled": false, + "level": "warn", + "output": "/tmp/sing-box.log", + "timestamp": true + }, + "experimental": { + "clash_api": { + "external_controller": "0.0.0.0:9090", + "external_ui": "", + "secret": "********", + "default_mode": "rule", + "store_selected": true, + "cache_file": "cache.db" + } + }, + "dns": { + "servers": [ + { + "tag": "foreign", + "address": "https://1.1.1.1/dns-query" + }, + { + "tag": "local", + "address": "tls://1.12.12.12", + "detour": "direct" + }, + { + "tag": "block", + "address": "rcode://success" + } + ], + "rules": [ + { + "geosite": "category-ads-all", + "server": "block", + "disable_cache": true + }, + { + "domain": "mydomain.com", + "geosite": "cn", + "server": "local" + } + ], + "strategy": "ipv4_only" + }, + "ntp": { + "enabled": false, + "server": "ntp.aliyun.com", + "server_port": 123, + "interval": "30m", + "detour": "direct" + }, + "inbounds": [ + { + "type": "tun", + "tag": "TUN-in", + "interface_name": "sb-tun0", + "inet4_address": "172.19.0.1/30", + "auto_route": false, + "endpoint_independent_nat": true, + "stack": "system", + "sniff": true + }, + { + "type": "mixed", + "tag": "SOCKS-in", + "listen": "::", + "listen_port": ***** + }, + { + "type": "redirect", + "tag": "REDIRECT-in", + "listen": "::", + "listen_port": *****, + "sniff": true + }, + { + "type": "tproxy", + "tag": "TPROXY-in", + "listen": "::", + "listen_port": *****, + "sniff": true + }, + { + "type": "direct", + "tag": "DNS-in", + "listen": "::", + "listen_port": *****, + "network": "udp", + "sniff": true + }, + { + "type": "shadowsocks", + "tag": "SS-in", + "listen": "::", + "listen_port": *****, + "sniff": true, + "method": "2022-blake3-aes-128-gcm", + "password": "bZzjl2DAXUs02L2Sosgu7A==", + "users": [ + { + "name": "User1", + "password": "SGEFjWc+VgNGBXe1JhoRfg==" + }, + { + "name": "User2", + "password": "XoXhbj4V9cMXfuUXF/C+cg==" + } + ] + } + ], + "outbounds": [ + { + "type": "selector", + "tag": "Proxy-out", + "outbounds": [ + "URL-Test", + "direct", + "Shadowsocks-ShadowTLS-out", + "Trojan-GRPC-out", + "Trojan-WebSocket-out", + "Hysteria-out" + ], + "default": "URL-Test" + }, + { + "type": "urltest", + "tag": "URL-Test", + "outbounds": [ + "Shadowsocks-ShadowTLS-out", + "Trojan-GRPC-out", + "Trojan-WebSocket-out", + "Hysteria-out" + ], + "url": "https://cp.cloudflare.com", + "interval": "1m", + "tolerance": 50 + }, + { + "type": "shadowsocks", + "tag": "Shadowsocks-ShadowTLS-out", + "detour": "Shadowsocks-ShadowTLS", + "method": "2022-blake3-aes-128-gcm", + "password": "F7cx1ASHX/eqQwed+pISzw==:CB8sXcYLzf1P5dUizIzYVg==", + "udp_over_tcp": true, + "multiplex": { + "enabled": false, + "max_connections": 4, + "min_streams": 4, + "max_streams": 0 + } + }, + { + "type": "shadowtls", + "tag": "Shadowsocks-ShadowTLS", + "server": "***.***.***.***", + "server_port": *****, + "version": 3, + "password": "************", + "tls": { + "enabled": true, + "server_name": "something.example.org", + "utls": { + "enabled": true, + "fingerprint": "chrome" + } + } + }, + { + "type": "trojan", + "tag": "Trojan-GRPC-out", + "server": "***.***.***.***", + "server_port": *****, + "password": "************", + "transport": { + "type": "grpc", + "service_name": "************" + }, + "tls": { + "enabled": true, + "disable_sni": false, + "server_name": "yours.example.org", + "utls": { + "enabled": true, + "fingerprint": "chrome" + } + } + }, + { + "type": "trojan", + "tag": "WebSocket-out", + "server": "***.***.***.***", + "server_port": *****, + "password": "************", + "transport": { + "type": "ws", + "path": "/************", + "early_data_header_name": "Sec-WebSocket-Protocol" + }, + "tls": { + "enabled": true, + "disable_sni": false, + "server_name": "yours.example.org", + "utls": { + "enabled": true, + "fingerprint": "chrome" + } + }, + "multiplex": { + "enabled": true, + "max_connections": 4, + "min_streams": 4, + "max_streams": 0 + } + }, + { + "type": "hysteria", + "tag": "Hysteria-out", + "server": "***.***.***.***", + "server_port": *****, + "up_mbps": 100, + "down_mbps": , + "obfs": "************", + "auth_str": "************", + "tls": { + "enabled": true, + "disable_sni": false, + "server_name": "yours.example.org", + "alpn": [ + "h3" + ] + } + }, + { + "type": "direct", + "tag": "direct" + }, + { + "type": "block", + "tag": "block" + }, + { + "type": "dns", + "tag": "dns-out" + } + ], + "route": { + "geoip": { + "path": "/tmp/geoip.db", + "download_url": "https://github.com/1715173329/sing-geoip/releases/latest/download/geoip.db", + "download_detour": "" + }, + "geosite": { + "path": "/tmp/geosite.db", + "download_url": "https://github.com/1715173329/sing-geosite/releases/latest/download/geosite.db", + "download_detour": "" + }, + "rules": [ + { + "protocol": "dns", + "outbound": "dns-out" + }, + { + "protocol": "quic", + "outbound": "block" + }, + { + "geosite": "category-ads-all", + "outbound": "block" + }, + { + "geoip": [ + "telegram" + ], + "outbound": "Trojan-GRPC-out" + }, + { + "inbound": [ + "SOCKS-in" + ], + "outbound": "Proxy-out" + }, + { + "geosite": "cn", + "geoip": [ + "cn", + "private" + ], + "outbound": "direct" + } + ], + "auto_detect_interface": true + } +} diff --git a/sing-box/files/sing-box.init b/sing-box/files/sing-box.init new file mode 100644 index 000000000..f206eebfd --- /dev/null +++ b/sing-box/files/sing-box.init @@ -0,0 +1,54 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (C) 2022 by nekohasekai +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +START=99 +USE_PROCD=1 + +##### ONLY CHANGE THIS BLOCK ###### +PROG=/usr/bin/sing-box # where is sing-box +RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists +CONF=./config.json # where is the config file, it can be a relative path to $RES_DIR +##### ONLY CHANGE THIS BLOCK ###### + +start_service() { + procd_open_instance + procd_set_param command $PROG run -D $RES_DIR -c $CONF + + procd_set_param user root + procd_set_param limits core="unlimited" + procd_set_param limits nofile="1000000 1000000" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}" + procd_close_instance + iptables -I FORWARD -o sb-tun+ -j ACCEPT + echo "sing-box is started!" +} + +stop_service() { + service_stop $PROG + iptables -D FORWARD -o sb-tun+ -j ACCEPT + echo "sing-box is stopped!" +} + +reload_service() { + stop + sleep 2s + echo "sing-box is restarted!" + start +} \ No newline at end of file