Diazepam/将 forward_proxy 与 sing-box 结合实现远程分流

Created Sat, 01 Apr 2023 14:00:00 +0800 Modified Fri, 05 Apr 2024 13:57:05 +0000
328 Words
network

无感知的远程分流。

由于 New Bing 和 ChatGPT 将越来越多的 IDC IP 屏蔽,我们很难通过其本身 IP 正常访问。而 WARP 提供的 IP 大多是可以正常访问的。但是 WARP 全局又会导致速度较慢和另一些 IP 歧视。因此我萌生了使用 forward_proxy 与 sing-box 结合,实现使用 naive 进行无感远程分流的想法。

原理

naive -> caddy (forward_proxy) -> socks5h://127.0.0.1:10000 (inbound) sing-box (outbound) WARP (socks5h://127.0.0.1:40000) OR Direct

其中,需要使用官方工具或者脚本使用 WARP 在 socks5h://127.0.0.1:40000 开端口。例如:

请注意:使用官方工具 + warp(默认 wireguard)会导致小鸡失联,且无法挽回。

配置文件

Caddyfile

{
  order forward_proxy before file_server
}
:443, example.com {
  tls [email protected]
  forward_proxy {
    basic_auth user pass
    hide_ip
    hide_via
    probe_resistance
    upstream socks5h://127.0.0.1:10000
  }
  file_server {
    root /var/www/html
  }
}

sing-box

{
  "log": {
    "level": "info"
  },
  "dns": {
    "servers": [
      {
        "address": "tls://1.1.1.1"
      }
    ]
  },
  "inbounds": [
    {
      "type": "shadowsocks",
      "tag": "ss-in",
      "listen": "::",
      "listen_port": 8080,
      "sniff": true,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    },
    {
      "type": "socks",
      "tag": "socks-in",
      "listen": "127.0.0.1",
      "listen_port": 10000,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "socks",
      "tag": "cf_out",
      "server": "127.0.0.1",
      "server_port": 40000
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "domain_suffix": [
          "bing.com",
          "openai.com"
        ],
        "outbound": "cf_out"
      }
    ]
  }
}

Enjoy!