Debian系统中手动配置运行Singbox

Tnnd2026-01-062026-01-10

一、下载安装

1、下载您指定的版本,去github上找自己需要的版本替换目标

1	wget https://github.com/SagerNet/sing-box/releases/download/v1.12.15/sing-box-1.12.15-linux-amd64.tar.gz

Sing-box-1.10.7下载，支持geosite分流版本

1	wget https://github.com/SagerNet/sing-box/releases/download/v1.10.7/sing-box-1.10.7-linux-amd64.tar.gz

2、解压文件

1	tar -zxvf sing-box-1.12.15-linux-amd64.tar.gz

1	cd sing-box-1.12.15-linux-amd64

4、将核心程序移动到系统路径 (并重命名为 sing-box)

1	sudo mv sing-box /usr/local/bin/sing-box

5、赋予执行权限

1	sudo chmod +x /usr/local/bin/sing-box

6、验证安装是否成功 (应该输出 sing-box version 1.12.15 …)

1	sing-box version

二、创建配置文件

1、创建配置文件运行目录，位置为/etc/sing-box

1	sudo mkdir -p /etc/sing-box

2、配置协议证书
一键生成证书放到/etc/sing-box下，证书有效期 10 年，域名伪装为 apple.com

1	openssl req -x509 -newkey rsa:2048 -nodes -sha256 -keyout /etc/sing-box/private.key -out /etc/sing-box/cert.pem -days 3650 -subj "/CN=apple.com"

3、创建/编辑配置文件，配置文件位置为/etc/sing-box/config.json

1	sudo nano /etc/sing-box/config.json

4、将节点配置粘贴进去,支持以下协议：
vless-reality-vison需要在vps上运行脚本，获取公钥和私钥，服务器端填的是 private_key（私钥）。客户端填的是对应的 public_key（公钥）。

1	/usr/local/bin/sing-box generate reality-keypair

anytls
ss2022
sosck5
hy2
tuic5

{
  "log": {
    "disabled": false,
    "level": "info",
    "timestamp": true
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "vless-sb",
      "listen": "::",
      "listen_port": 10001,
      "users": [
        {
          "uuid": "bdc76da4-c07c-4bb1-b368-1321e68eeb39",
          "flow": "xtls-rprx-vision"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "apple.com",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "apple.com",
            "server_port": 443
          },
          "private_key": "",
          "short_id": ["a123456"]
        }
      }
    },
    {
      "type":"anytls",
      "tag":"anytls-sb",
      "listen":"::",
      "listen_port":10002,
      "users":[
        {
          "password":"bdc76da4-c07c-4bb1-b368-1321e68eeb39"
        }
              ],
      "padding_scheme":[],
      "tls":{
      "enabled": true,
      "certificate_path": "/etc/sing-box/cert.pem",
      "key_path": "/etc/sing-box/private.key"
        }
    },
    {
      "type":"shadowsocks",     
      "tag": "SS2022-sb",
      "listen": "::",
      "listen_port": 10003,
      "method": "2022-blake3-aes-256-gcm",
      "password": "",
      "multiplex": 
        {
          "enabled": false
        }
     },
    {
      "type": "socks",
      "tag": "socks-sb",
      "listen": "::",
      "listen_port": 10004,
      "sniff": true,
      "sniff_override_destination": true,
      "users": [
        {
          "username": "",
          "password": ""
        }
      ]
    },
    {
      "type": "hysteria2",
      "tag": "hy2-sb",
      "listen": "::",
      "listen_port": 10005,
      "users": [
        {
          "password": "bdc76da4-c07c-4bb1-b368-1321e68eeb39"
        }
      ],
      "ignore_client_bandwidth": false,
      "tls": {
        "enabled": true,
        "alpn": [
          "h3"
        ],
        "certificate_path": "/etc/sing-box/cert.pem",
        "key_path": "/etc/sing-box/private.key"
      }
    },
    {
      "type": "tuic",
      "tag": "tuic5-sb",
      "listen": "::",
      "listen_port": 10006,
      "users": [
        {
          "uuid": "bdc76da4-c07c-4bb1-b368-1321e68eeb39",
          "password": "bdc76da4-c07c-4bb1-b368-1321e68eeb39"
        }
      ],
      "congestion_control": "bbr",
      "tls": {
        "enabled": true,
        "alpn": [
          "h3"
        ],
        "certificate_path": "/etc/sing-box/cert.pem",
        "key_path": "/etc/sing-box/private.key"
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct",
      "domain_strategy": "prefer_ipv4"
    },
    {
      "type": "direct",
      "tag": "vps-outbound-v4",
      "domain_strategy": "prefer_ipv4"
    },
    {
      "type": "direct",
      "tag": "vps-outbound-v6",
      "domain_strategy": "prefer_ipv6"
    },
    {
      "type": "socks", 
      "tag": "socks-proxy-out",
      "server": "127.0.0.1",
      "server_port": 1080,
      "version": "5",
      "username": "myuser",
      "password": "mypassword"
    }
  ],
  "route": {
    "rules": [
      {
        "action": "sniff"
      },
      {
        "ip_version": 6,
        "outbound": "vps-outbound-v6"
      },
      {
        "ip_version": 4,
        "outbound": "vps-outbound-v4"
      },
      {
        "outbound": "socks-proxy-out",
        "network": "udp,tcp"
      }
    ]
  }
}

三、运行Singbox，并配置 Systemd 守护进程 (实现后台运行与开机自启)

1、创建服务文件

1	sudo nano /etc/systemd/system/sing-box.service

2、粘贴以下内容

TOML

[Unit]
Description=sing-box service
Documentation=https://sing-box.sagernet.org
After=network.target nss-lookup.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
# 指定二进制文件路径 和 配置文件路径
ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json
Restart=on-failure
RestartSec=10
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

3、启动服务
重载系统服务配置

1	sudo systemctl daemon-reload

设置开机自启

1	sudo systemctl enable sing-box

立即启动

1	sudo systemctl start sing-box

查看运行状态

1	sudo systemctl status sing-box

查看最近的日志。

1	journalctl -u sing-box -n 20

排错后重启singbox

1	sudo systemctl restart sing-box

四、Singbox配置分流，以youtube走ipv6示例，新版本已经不支持geosite，只能使用域名规则分流。

{
        "domain_suffix": [
          "youtube.com",
          "googlevideo.com",
          "ytimg.com",
          "youtu.be",
          "youtube-nocookie.com",
          "ggpht.com"
        ],
        "outbound": "vps-outbound-v6"
      },

五、Singbox配置文件隐藏功能

切换ipv4或者ipv6优先

找到配置文件”outbounds”字段，第一个prefer_ipv4，修改这里为prefer_ipv6可以实现ipv6网络优先。

为自己的纯ipv6机器配置socks出口实现ipv4访问

找到配置文件”outbounds”字段下面的socks，填写好正确的socks配置(纯ipv6只能使用ipv6的socks节点)，将配置文件”route”字段下面的vps-outbound-v4修改为socks-proxy-out后保存重启即可实现ipv4走socks代理访问。

[up主专用，视频内嵌代码贴在这]