前提:
一台干净的vps,系统为debian12,x86_64(arm64),无端口占用,ip正常
从开始到最后,请不要断开会话连接

安装golang

下载压缩包

curl -sLo go.tar.gz https://go.dev/dl/$(curl -sL https://golang.org/VERSION?m=text|head -1).linux-amd64.tar.gz

删除原golang程序

rm -rf /usr/local/go

解压压缩包

tar -C /usr/local/ -xzf go.tar.gz

删除压缩包

rm go.tar.gz

添加临时会话变量

export PATH=$PATH:/usr/local/go/bin

验证安装

go version

编译内核

写入环境变量

go env -w CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOAMD64=v2

编译内核

go install -v -tags with_wireguard,with_quic,with_ech,with_reality_server github.com/sagernet/sing-box/cmd/sing-box@dev-next

移动内核至标准位置

cp -f go/bin/sing-box /usr/local/bin/
chmod +x /usr/local/bin/sing-box

创建systemd服务文件

安装nano

sudo apt install nano
sudo nano /etc/systemd/system/sing-box.service

写入以下配置

[Unit]
After=network.target nss-lookup.target

[Service]
User=root
WorkingDirectory=/root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
ExecStart=/usr/local/bin/sing-box run -c /root/sing-box_config.json
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=10
LimitNPROC=512
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

Ctrl+O加回车保存,再按Ctrl+X退出

重新加载systemd服务配置

sudo systemctl daemon-reload

创建日志文件

sudo mkdir -p /var/log/sing-box
sudo touch /var/log/sing-box/sing-box.log
sudo chown -R root:root /var/log/sing-box
sudo chmod 644 /var/log/sing-box/sing-box.log

创建配置文件

前置准备

记录uuid

sing-box generate uuid

private_key

sing-box generate reality-keypair

short_id

sing-box generate rand 8 --hex

创建json文件

sudo nano /root/sing-box_config.json

写入配置文件

{
  "log": {
    "level": "warning",
    "output": "/var/log/sing-box/sing-box.log"
  },
  "dns": {
    "servers": [
      {
        "address": "8.8.8.8"
      }
    ]
  },
  "route": {
    "rules": [
      {
        "rule_set": "geoip-cn",
        "outbound": "block"
      },
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "inbound": ["vless"],
        "outbound": "direct"
      }
    ],
    "rule_set": [
      {
        "tag": "geoip-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs"
      }
    ]
  },
  "experimental": {
    "cache_file": {
      "enabled": true
    }
  },
    "inbounds": [
        {
            "type": "vless",
            "listen": "0.0.0.0",
            "listen_port": 443,
            "users": [
                {
                    "uuid": "", // 必填,执行 sing-box generate uuid 生成
                    "flow": "xtls-rprx-vision"
                }
            ],
            "tls": {
                "enabled": true,
                "server_name": "", // 不支持 * 通配符
                "reality": {
                    "enabled": true,
                    "handshake": {
                        "server": "", // 要求网站支持 TLS 1.3、X25519 与 H2,域名非跳转用
                        "server_port": 443
                    },
                    "private_key": "", // 执行 sing-box generate reality-keypair 生成
                    "short_id": [
                        "" // 0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 sing-box generate rand 8 --hex 生成
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct",
            "tag": "direct"
        },
        {
            "type": "block",
            "tag": "block"
        }
    ]
}

启动程序

systemctl enable --now sing-box

关闭程序

systemctl stop sing-box

重启程序

systemctl restart sing-box

查看状态

systemctl status sing-box

查看实时日志

journalctl -u sing-box -o cat -f

卸载程序

systemctl disable --now sing-box && rm -f /usr/local/bin/sing-box /root/sing-box_config.json /etc/systemd/system/sing-box.service