diff --git a/sing-box/Makefile b/sing-box/Makefile index 05c28fc11..fa2ac97ef 100644 --- a/sing-box/Makefile +++ b/sing-box/Makefile @@ -1,7 +1,6 @@ +# SPDX-License-Identifier: GPL-3.0-only # -# This is free software, licensed under the GNU General Public License v3. -# See /LICENSE for more information. -# +# Copyright (C) 2022-2023 ImmortalWrt.org include $(TOPDIR)/rules.mk @@ -15,141 +14,140 @@ PKG_HASH:=73a230d04bd2b20198b8fed5df674fe6507719044edffcb6c8859ed63cb02faa PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Tianling Shen + +PKG_CONFIG_DEPENDS:= \ + CONFIG_SING_BOX_BUILD_ACME \ + CONFIG_SING_BOX_BUILD_CLASH_API \ + CONFIG_SING_BOX_BUILD_DHCP \ + CONFIG_SING_BOX_BUILD_ECH \ + CONFIG_SING_BOX_BUILD_EMBEDDED_TOR \ + CONFIG_SING_BOX_BUILD_GRPC \ + CONFIG_SING_BOX_BUILD_GVISOR \ + CONFIG_SING_BOX_BUILD_LWIP \ + CONFIG_SING_BOX_BUILD_QUIC \ + CONFIG_SING_BOX_BUILD_REALITY_SERVER \ + CONFIG_SING_BOX_BUILD_SHADOWSOCKSR \ + CONFIG_SING_BOX_BUILD_UTLS \ + CONFIG_SING_BOX_BUILD_V2RAY_API \ + CONFIG_SING_BOX_BUILD_WIREGUARD PKG_BUILD_DEPENDS:=golang/host PKG_BUILD_PARALLEL:=1 -PKG_USE_MIPS16:=0 PKG_BUILD_FLAGS:=no-mips16 GO_PKG:=github.com/sagernet/sing-box GO_PKG_BUILD_PKG:=$(GO_PKG)/cmd/sing-box -GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=v$(PKG_VERSION) +GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk -define Package/$(PKG_NAME) +define Package/sing-box SECTION:=net CATEGORY:=Network SUBMENU:=Web Servers/Proxies - TITLE:=The universal proxy platform. - URL:=https://sing-box.sagernet.org + TITLE:=The universal proxy platform + URL:=https://sing-box.sagernet.org/ DEPENDS:=$(GO_ARCH_DEPENDS) \ +ca-bundle \ +kmod-inet-diag \ +kmod-netlink-diag \ - +kmod-tun + +(SING_BOX_BUILD_GVISOR||SING_BOX_BUILD_LWIP):kmod-tun + USERID:=sing-box=5566:sing-box=5566 endef -define Package/$(PKG_NAME)/description - Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks, - ShadowsocksR, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on. +define Package/sing-box/config + if PACKAGE_sing-box + config SING_BOX_BUILD_ACME + bool "Build with ACME TLS certificate issuer support" + + config SING_BOX_BUILD_CLASH_API + bool "Build with Clash API support" + default y + + config SING_BOX_BUILD_DHCP + bool "Build with DHCP support" + + config SING_BOX_BUILD_ECH + bool "Build with TLS ECH extension support" + + config SING_BOX_BUILD_EMBEDDED_TOR + bool "Build with embedded Tor support" + + config SING_BOX_BUILD_GRPC + bool "Build with standard gPRC support" + help + Standard gRPC has good compatibility but poor performance. + + config SING_BOX_BUILD_GVISOR + bool "Build with gVisor support" + default y + + config SING_BOX_BUILD_LWIP + bool "Build with LWIP Tun stack support" + + config SING_BOX_BUILD_QUIC + bool "Build with QUIC support" + default y + help + Required by HTTP3 DNS transports, Naive inbound, + Hysteria inbound / outbound, and v2ray QUIC transport. + + config SING_BOX_BUILD_REALITY_SERVER + bool "Build with REALITY TLS server support" + + config SING_BOX_BUILD_SHADOWSOCKSR + bool "Build with ShadowsockR support" + default y + help + It will be marked deprecated in 1.5.0 and removed entirely in 1.6.0. + + config SING_BOX_BUILD_UTLS + bool "Build with uTLS support" + default y + + config SING_BOX_BUILD_V2RAY_API + bool "Build with V2Ray API support" + + config SING_BOX_BUILD_WIREGUARD + bool "Build with WireGuard support" + default y + endif endef -GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=0 - -define Package/$(PKG_NAME)/config - menu "Customizing build tags" - depends on PACKAGE_sing-box - - config SING_BOX_WITH_ACME - bool "Build with ACME TLS certificate issuer support" - default n - - config SING_BOX_WITH_CLASH_API - bool "Build with Clash API support (EXPERIMENTAL!!!)" - default y - - config SING_BOX_WITH_DHCP - bool "Build with DHCP support" - default y - - config SING_BOX_WITH_ECH - bool "Build with TLS ECH extension support" - default y - - config SING_BOX_WITH_GRPC - bool "Build with standard gRPC support" - default n - help - sing-box has better performance gun-lite gRPC built-in by default. - This standard gRPC has better compatibility but poor performance. - - config SING_BOX_WITH_GVISOR - bool "Build with gVisor support" - default n - - config SING_BOX_WITH_QUIC - bool "Build with QUIC support" - default y - help - Required by HTTP3 DNS transports, Naive inbound, - Hysteria inbound / outbound, and v2ray QUIC transport. - - config SING_BOX_WITH_REALITY_SERVER - bool "Build with reality TLS server support" - default n - - config SING_BOX_WITH_SHADOWSOCKSR - bool "Build with ShadowsockR support" - default n - - config SING_BOX_WITH_UTLS - bool "Build with uTLS support" - default y - - config SING_BOX_WITH_V2RAY_API - bool "Build with V2Ray API support (EXPERIMENTAL!!!)" - default n - - config SING_BOX_WITH_WIREGUARD - bool "Build with WireGuard support" - default y - - endmenu -endef - -PKG_CONFIG_DEPENDS:= \ - CONFIG_SING_BOX_WITH_ACME \ - CONFIG_SING_BOX_WITH_CLASH_API \ - CONFIG_SING_BOX_WITH_DHCP \ - CONFIG_SING_BOX_WITH_ECH \ - CONFIG_SING_BOX_WITH_GRPC \ - CONFIG_SING_BOX_WITH_GVISOR \ - CONFIG_SING_BOX_WITH_QUIC \ - CONFIG_SING_BOX_WITH_REALITY_SERVER \ - CONFIG_SING_BOX_WITH_SHADOWSOCKSR \ - CONFIG_SING_BOX_WITH_UTLS \ - CONFIG_SING_BOX_WITH_V2RAY_API \ - CONFIG_SING_BOX_WITH_WIREGUARD - GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ - $(if $(CONFIG_SING_BOX_WITH_ACME),with_acme) \ - $(if $(CONFIG_SING_BOX_WITH_CLASH_API),with_clash_api) \ - $(if $(CONFIG_SING_BOX_WITH_DHCP),with_dhcp) \ - $(if $(CONFIG_SING_BOX_WITH_ECH),with_ech) \ - $(if $(CONFIG_SING_BOX_WITH_GRPC),with_grpc) \ - $(if $(CONFIG_SING_BOX_WITH_GVISOR),with_gvisor) \ - $(if $(CONFIG_SING_BOX_WITH_QUIC),with_quic) \ - $(if $(CONFIG_SING_BOX_WITH_REALITY_SERVER),with_reality_server) \ - $(if $(CONFIG_SING_BOX_WITH_SHADOWSOCKSR),with_shadowsocksr) \ - $(if $(CONFIG_SING_BOX_WITH_UTLS),with_utls) \ - $(if $(CONFIG_SING_BOX_WITH_V2RAY_API),with_v2ray_api) \ - $(if $(CONFIG_SING_BOX_WITH_WIREGUARD),with_wireguard) \ + $(if $(CONFIG_SING_BOX_BUILD_ACME),with_acme) \ + $(if $(CONFIG_SING_BOX_BUILD_CLASH_API),with_clash_api) \ + $(if $(CONFIG_SING_BOX_BUILD_DHCP),with_dhcp) \ + $(if $(CONFIG_SING_BOX_BUILD_ECH),with_ech) \ + $(if $(CONFIG_SING_BOX_BUILD_EMBEDDED_TOR),with_embedded_tor) \ + $(if $(CONFIG_SING_BOX_BUILD_GRPC),with_grpc) \ + $(if $(CONFIG_SING_BOX_BUILD_GVISOR),with_gvisor) \ + $(if $(CONFIG_SING_BOX_BUILD_LWIP),with_lwip) \ + $(if $(CONFIG_SING_BOX_BUILD_QUIC),with_quic) \ + $(if $(CONFIG_SING_BOX_BUILD_REALITY_SERVER),with_reality_server) \ + $(if $(CONFIG_SING_BOX_BUILD_SHADOWSOCKSR),with_shadowsocksr) \ + $(if $(CONFIG_SING_BOX_BUILD_UTLS),with_utls) \ + $(if $(CONFIG_SING_BOX_BUILD_V2RAY_API),with_v2ray_api) \ + $(if $(CONFIG_SING_BOX_BUILD_WIREGUARD),with_wireguard) \ )) -define Package/$(PKG_NAME)/conffiles -/etc/sing-box/config.json +define Package/sing-box/conffiles +/etc/config/sing-box +/etc/sing-box/ endef -define Package/$(PKG_NAME)/install +define Package/sing-box/install $(call GoPackage/Package/Install/Bin,$(1)) - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box - $(INSTALL_DIR) $(1)/etc/sing-box - $(INSTALL_DATA) ./files/config.json.example $(1)/etc/sing-box/config.json.example + $(INSTALL_DATA) $(PKG_BUILD_DIR)/release/config/config.json $(1)/etc/sing-box + + $(INSTALL_DIR) $(1)/etc/config/ + $(INSTALL_CONF) ./files/sing-box.conf $(1)/etc/config/sing-box + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box endef $(eval $(call GoBinPackage,sing-box)) diff --git a/sing-box/files/config.json.example b/sing-box/files/config.json.example deleted file mode 100644 index eb55156c5..000000000 --- a/sing-box/files/config.json.example +++ /dev/null @@ -1,296 +0,0 @@ -{ - "log": { - "disabled": false, - "level": "warn", - "output": "/tmp/sing-box.log", - "timestamp": true - }, - "experimental": { - "clash_api": { - "external_controller": "0.0.0.0:9090", - "external_ui": "", - "secret": "********", - "default_mode": "rule", - "store_selected": true, - "cache_file": "cache.db" - } - }, - "dns": { - "servers": [ - { - "tag": "foreign", - "address": "https://1.1.1.1/dns-query" - }, - { - "tag": "local", - "address": "tls://1.12.12.12", - "detour": "direct" - }, - { - "tag": "block", - "address": "rcode://success" - } - ], - "rules": [ - { - "geosite": "category-ads-all", - "server": "block", - "disable_cache": true - }, - { - "domain": "mydomain.com", - "geosite": "cn", - "server": "local" - } - ], - "strategy": "ipv4_only" - }, - "ntp": { - "enabled": false, - "server": "ntp.aliyun.com", - "server_port": 123, - "interval": "30m", - "detour": "direct" - }, - "inbounds": [ - { - "type": "tun", - "tag": "TUN-in", - "interface_name": "sb-tun0", - "inet4_address": "172.19.0.1/30", - "auto_route": false, - "endpoint_independent_nat": true, - "stack": "system", - "sniff": true - }, - { - "type": "mixed", - "tag": "SOCKS-in", - "listen": "::", - "listen_port": ***** - }, - { - "type": "redirect", - "tag": "REDIRECT-in", - "listen": "::", - "listen_port": *****, - "sniff": true - }, - { - "type": "tproxy", - "tag": "TPROXY-in", - "listen": "::", - "listen_port": *****, - "sniff": true - }, - { - "type": "direct", - "tag": "DNS-in", - "listen": "::", - "listen_port": *****, - "network": "udp", - "sniff": true - }, - { - "type": "shadowsocks", - "tag": "SS-in", - "listen": "::", - "listen_port": *****, - "sniff": true, - "method": "2022-blake3-aes-128-gcm", - "password": "bZzjl2DAXUs02L2Sosgu7A==", - "users": [ - { - "name": "User1", - "password": "SGEFjWc+VgNGBXe1JhoRfg==" - }, - { - "name": "User2", - "password": "XoXhbj4V9cMXfuUXF/C+cg==" - } - ] - } - ], - "outbounds": [ - { - "type": "selector", - "tag": "Proxy-out", - "outbounds": [ - "URL-Test", - "direct", - "Shadowsocks-ShadowTLS-out", - "Trojan-GRPC-out", - "Trojan-WebSocket-out", - "Hysteria-out" - ], - "default": "URL-Test" - }, - { - "type": "urltest", - "tag": "URL-Test", - "outbounds": [ - "Shadowsocks-ShadowTLS-out", - "Trojan-GRPC-out", - "Trojan-WebSocket-out", - "Hysteria-out" - ], - "url": "https://cp.cloudflare.com", - "interval": "1m", - "tolerance": 50 - }, - { - "type": "shadowsocks", - "tag": "Shadowsocks-ShadowTLS-out", - "detour": "Shadowsocks-ShadowTLS", - "method": "2022-blake3-aes-128-gcm", - "password": "F7cx1ASHX/eqQwed+pISzw==:CB8sXcYLzf1P5dUizIzYVg==", - "udp_over_tcp": true, - "multiplex": { - "enabled": false, - "max_connections": 4, - "min_streams": 4, - "max_streams": 0 - } - }, - { - "type": "shadowtls", - "tag": "Shadowsocks-ShadowTLS", - "server": "***.***.***.***", - "server_port": *****, - "version": 3, - "password": "************", - "tls": { - "enabled": true, - "server_name": "something.example.org", - "utls": { - "enabled": true, - "fingerprint": "chrome" - } - } - }, - { - "type": "trojan", - "tag": "Trojan-GRPC-out", - "server": "***.***.***.***", - "server_port": *****, - "password": "************", - "transport": { - "type": "grpc", - "service_name": "************" - }, - "tls": { - "enabled": true, - "disable_sni": false, - "server_name": "yours.example.org", - "utls": { - "enabled": true, - "fingerprint": "chrome" - } - } - }, - { - "type": "trojan", - "tag": "WebSocket-out", - "server": "***.***.***.***", - "server_port": *****, - "password": "************", - "transport": { - "type": "ws", - "path": "/************", - "early_data_header_name": "Sec-WebSocket-Protocol" - }, - "tls": { - "enabled": true, - "disable_sni": false, - "server_name": "yours.example.org", - "utls": { - "enabled": true, - "fingerprint": "chrome" - } - }, - "multiplex": { - "enabled": true, - "max_connections": 4, - "min_streams": 4, - "max_streams": 0 - } - }, - { - "type": "hysteria", - "tag": "Hysteria-out", - "server": "***.***.***.***", - "server_port": *****, - "up_mbps": 100, - "down_mbps": , - "obfs": "************", - "auth_str": "************", - "tls": { - "enabled": true, - "disable_sni": false, - "server_name": "yours.example.org", - "alpn": [ - "h3" - ] - } - }, - { - "type": "direct", - "tag": "direct" - }, - { - "type": "block", - "tag": "block" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "geoip": { - "path": "/tmp/geoip.db", - "download_url": "https://github.com/1715173329/sing-geoip/releases/latest/download/geoip.db", - "download_detour": "" - }, - "geosite": { - "path": "/tmp/geosite.db", - "download_url": "https://github.com/1715173329/sing-geosite/releases/latest/download/geosite.db", - "download_detour": "" - }, - "rules": [ - { - "protocol": "dns", - "outbound": "dns-out" - }, - { - "protocol": "quic", - "outbound": "block" - }, - { - "geosite": "category-ads-all", - "outbound": "block" - }, - { - "geoip": [ - "telegram" - ], - "outbound": "Trojan-GRPC-out" - }, - { - "inbound": [ - "SOCKS-in" - ], - "outbound": "Proxy-out" - }, - { - "geosite": "cn", - "geoip": [ - "cn", - "private" - ], - "outbound": "direct" - } - ], - "auto_detect_interface": true - } -} diff --git a/sing-box/files/sing-box.conf b/sing-box/files/sing-box.conf new file mode 100644 index 000000000..c776790e8 --- /dev/null +++ b/sing-box/files/sing-box.conf @@ -0,0 +1,7 @@ + +config sing-box 'main' + option enabled '0' + option user 'sing-box' + option conffile '/etc/sing-box/config.json' + option workdir '/usr/share/sing-box' + diff --git a/sing-box/files/sing-box.init b/sing-box/files/sing-box.init index f206eebfd..277c9f2ee 100644 --- a/sing-box/files/sing-box.init +++ b/sing-box/files/sing-box.init @@ -1,54 +1,39 @@ #!/bin/sh /etc/rc.common -# -# Copyright (C) 2022 by nekohasekai -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -START=99 USE_PROCD=1 +START=99 -##### ONLY CHANGE THIS BLOCK ###### -PROG=/usr/bin/sing-box # where is sing-box -RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists -CONF=./config.json # where is the config file, it can be a relative path to $RES_DIR -##### ONLY CHANGE THIS BLOCK ###### +NAME="sing-box" +PROG="/usr/bin/sing-box" start_service() { - procd_open_instance - procd_set_param command $PROG run -D $RES_DIR -c $CONF + config_load "$NAME" - procd_set_param user root - procd_set_param limits core="unlimited" - procd_set_param limits nofile="1000000 1000000" - procd_set_param stdout 1 - procd_set_param stderr 1 - procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}" - procd_close_instance - iptables -I FORWARD -o sb-tun+ -j ACCEPT - echo "sing-box is started!" + local enabled user group conffile workdir + config_get_bool enabled "main" "enabled" "0" + [ "$enabled" -eq "1" ] || return 0 + + config_get user "main" "user" "root" + config_get conffile "main" "conffile" + config_get workdir "main" "workdir" "/usr/share/sing-box" + + mkdir -p "$workdir" + local group="$(id -ng $user)" + chown $user:$group "$workdir" + + procd_open_instance "$NAME.main" + procd_set_param command "$PROG" run -c "$conffile" -D "$workdir" + + # Use root user if you want to use the TUN mode. + procd_set_param user "$user" + procd_set_param file "$conffile" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_set_param respawn + + procd_close_instance } -stop_service() { - service_stop $PROG - iptables -D FORWARD -o sb-tun+ -j ACCEPT - echo "sing-box is stopped!" +service_triggers() { + procd_add_reload_trigger "$NAME" } - -reload_service() { - stop - sleep 2s - echo "sing-box is restarted!" - start -} \ No newline at end of file