双飞singbox和mosdns | 林师傅的贼窝

首先配置系统环境

首先要安装必要的软件以及系统的配置

安装必要的软件

apt-get update
# 安装必要的软件
apt-get install -y sudo vim tar unzip resolvconf

开启 ipv4 转发

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

修改 dns 服务器为本机 ip

# ****为你的本机 ip
echo "nameserver ****" >> /etc/resolvconf/resolv.conf.d/head
# 让配置文件生效
resolvconf -u

创建文件夹

mkdir /opt/mosdns
mkdir -p /opt/singbox/lib

下载软件

首先去网站下载对应的软件

sing-box 链接

mosdns 链接

# 上传压缩包到 root 目录下,非 root 用户改为绝对路径
unzip mosdns-*.zip "mosdns" -d /opt/mosdns/
tar -zxvf sing-box-*.tar.gz --strip-components=1 -C /opt/singbox/
chmod +x /opt/singbox/sing-box
chmod +x /opt/mosdns/mosdns
# singbox的默认运行配置
cat > /opt/singbox/config.json << EOF
{
  "log": {
    "level": "info"
  },
  "dns": {
    "servers": [
      {
        "address": "tls://8.8.8.8"
      }
    ]
  },
  "inbounds": [
    {
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 8080,
      "sniff": true,
      "network": "tcp",
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ]
  }
}
EOF
cat > /opt/mosdns/config.yaml << EOF
log:
  level: info
  file: "/opt/mosdns/mosdns.log"

api:
  http: "0.0.0.0:9091"

include: []

plugins:
  - tag: hosts
    type: hosts
    args:
      entries:
        - "woshiwo.com 192.168.234.4"
        - "shibuyiyangdeyanhuo.com 192.168.234.2"

  - tag: forward_dns
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: 1.1.1.1
          bootstrap: 119.29.29.29
          enable_pipeline: false
          max_conns: 2
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false

  - tag: dns_sequence
    type: sequence
    args:
      - exec: prefer_ipv4
      - exec: \$forward_dns

  - tag: dns_query
    type: sequence
    args:
      - exec: \$dns_sequence

  - tag: fallback
    type: fallback
    args:
      primary: dns_query
      secondary: dns_query
      threshold: 500
      always_standby: true

  - tag: main_sequence
    type: sequence
    args:
      - exec: \$hosts
      - matches:
        - has_resp
        exec: accept
      - exec: \$fallback

  - tag: udp_server
    type: udp_server
    args:
      entry: main_sequence
      listen: "0.0.0.0:53"

  - tag: tcp_server
    type: tcp_server
    args:
      entry: main_sequence
      listen: "0.0.0.0:53"
EOF

配置辣种服务,方便开机坐上来自己动

cat > /usr/lib/systemd/system/sing-box.service << EOF
[Unit]
Description=sing-box service
Documentation=https://sing-box.sagernet.org
After=network.target nss-lookup.target network-online.target

[Service]
# 这些是systemctl权限控制的一部分,这里sing-box主要用于设置网络管理器

CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
ExecStart=/opt/singbox/sing-box -D /opt/singbox/lib -c /opt/singbox/config.json run
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=10s
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

EOF

singbox 还提供了一种模板 systemctl 配置服务,可以根据配置文件运行多个 singbox 实例

cat > /usr/lib/systemd/system/sing-box@.service << EOF
[Unit]
Description=sing-box service
Documentation=https://sing-box.sagernet.org
After=network.target nss-lookup.target network-online.target

[Service]
# 这些是systemctl权限控制的一部分,这里sing-box主要用于设置网络管理器

CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
# 此处的"%i"接受的就是"@"后面的参数
ExecStart=/opt/singbox/sing-box -D /opt/singbox-%i/lib -c /opt/singbox/%i.json run
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=10s
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

EOF
# 使用方法
cp /usr/lib/systemd/system/sing-box@.service /usr/lib/systemd/system/sing-box@instance1.service
systemctl daemon-reload
systemctl start sing-box@instance.service
# 此时就会启用/opt/singbox/instance.json配置文件

cat > /usr/lib/systemd/system/mosdns.service << EOF
[Unit]
Description=A DNS forwarder
ConditionFileIsExecutable=/opt/mosdns/mosdns

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/opt/mosdns/mosdns "start" "--as-service" "-d" "/opt/mosdns" "-c" "/opt/mosdns/config.yaml"

Restart=always
RestartSec=120
EnvironmentFile=-/etc/sysconfig/mosdns

[Install]
WantedBy=multi-user.target

EOF
systemctl daemon-reload
systemctl enable sing-box.service
systemctl enable mosdns.service
systemctl start sing-box.service
systemctl start mosdns.service

yua 和 eimi 的一番赛高使用方式

由于 singbox 的似乎不具备 host 劫持的能力,反正我没看到,所以在此引入了 mosdns 作为 host 劫持的服务,内网设备将 dns 服务器指向本方案主机,由于是内网的 ip 段,singbox 不会劫持该 dns 请求,而 mosdns 则正常监听 53 端口,所以会接收到 dns 请求,之后 mosdns 根据 host 列表决定是否向上级 dns 查询,如果命中 host 列表,则返回 host 对应的 ip,否则向上级查询 dns,但是发出的 dns 请求是像公网请求的,此时会被 sing-box 的 dns 模块劫持,之后会根据 sing-box 的配置,将请求转发到指定的服务器,mosdns 在这个方案中只是补全了 sing-box 没有的 host 劫持能力

结束

这样就可以愉快的让 yua 和 eimi 坐上来自己动了