Hysteria 2 协议的简单配置记录
status
Published
type
Post
slug
hysteria2-protocol-simple-config
date
Aug 19, 2023
tags
Linux
Shell
Docker
Share
Config
summary
这是一份 Hysteria 2 的简单配置记录,其中包含了协议服务端和 sing-box 客户端的配置信息。配置包括了日志记录、DNS 服务器、路由规则、入站和出站设置等。其中,DNS 服务器配置了三个不同的标签,分别用于代理、直连和屏蔽,根据地理位置进行选择。路由规则根据地理位置和 IP 地址进行选择,分别设置了代理、直连和屏蔽。入站配置了一个 tun 类型的接口和一个 mixed 类型的接口,用于监听和处理网络流量。出站配置了四种类型的出站方式,分别是 hysteria2、direct、block 和 dns。最后,还包含了 ntp 和 experimental 配置信息。
更新:开启端口跳跃
Hysteria 是一个强大、快速、抗审查的代理工具。
Hysteria 2 基于魔改的 QUIC 协议, 即使在最不稳定和容易丢包的网络环境中也能提供无与伦比的性能。
Hysteria 文档:
如下为简单的配置文件,仅用于体验测试。
Hysteria 2 配置
服务端
全部配置文件结构
├── compose.yaml ├── hysteria.yaml ├── ssl │ ├── cert.pem │ └── private.key ├── acl.txt ├── geoip.dat ├── geosite.dat └── update-dat.sh
Docker Compose 配置
compose.yamlservices: hysteria: image: tobyxdd/hysteria container_name: hysteria restart: always network_mode: host volumes: - ./hysteria.yaml:/etc/hysteria/config.yaml:ro - ./acl.txt:/etc/hysteria/acl.txt:ro - ./geoip.dat:/etc/hysteria/geoip.dat:ro - ./geosite.dat:/etc/hysteria/geosite.dat:ro - ./ssl:/etc/ssl:ro environment: TZ: Asia/Shanghai HYSTERIA_DISABLE_UPDATE_CHECK: 1 # HYSTERIA_LOG_LEVEL: debug # HYSTERIA_BRUTAL_DEBUG: 1 command: - server - -c - /etc/hysteria/config.yaml
Hysteria 2 核心配置
hysteria.yamllisten: :8443 tls: cert: /etc/ssl/cert.pem key: /etc/ssl/private.key auth: type: password password: passwd123 masquerade: type: proxy proxy: url: https://bing.com/ rewriteHost: true disableUDP: false udpIdleTimeout: 60s quic: initStreamReceiveWindow: 8388608 maxStreamReceiveWindow: 8388608 initConnReceiveWindow: 20971520 maxConnReceiveWindow: 20971520 maxIdleTimeout: 30s maxIncomingStreams: 1024 disablePathMTUDiscovery: false sniff: enable: true timeout: 2s rewriteDomain: false tcpPorts: 80,443,8000-9000 udpPorts: all # https://github.com/Loyalsoldier/v2ray-rules-dat acl: file: /etc/hysteria/acl.txt geoip: /etc/hysteria/geoip.dat geosite: /etc/hysteria/geosite.dat outbounds: - name: direct type: direct - name: v4_only type: direct direct: mode: 4 - name: v6_only type: direct direct: mode: 6 # WARP SOCKS5 代理 - name: warp type: socks5 socks5: addr: 127.0.0.1:10086
hysteria.yaml 配置说明
TLS 部分使用了自签证书,生成证书命令如下:
openssl ecparam -genkey -name prime256v1 -out ./ssl/private.key && openssl req -new -x509 -days 36500 -key ./ssl/private.key -out ./ssl/cert.pem -subj "/CN=bing.com"
也可以按照原文档使用 acme 搭配自己的域名来签发。
acl.txt# 屏蔽 Ads reject(geosite:category-ads-all) # 屏蔽 cn private reject(geosite:cn) reject(geosite:private) # 使用 warp 出站 warp(ip.gs) warp(geosite:openai) warp(geosite:perplexity) warp(geosite:netflix) # 将 8.8.8.8 劫持到 1.1.1.1 并使用默认(第一个)出站 default(8.8.8.8, *, 1.1.1.1) # 直连所有其他地址 direct(all)
update-dat.sh此处通过 shell 脚本来下载更新 geo data 文件,后续可以依托 hysteria 自带的更新机制进行调整。
rm -rf *.dat curl -O https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat curl -O https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
客户端
Mihomo (Clash Meta)节点配置
- name: "Hysteria2" type: hysteria2 server: server IP port: 8443 password: passwd123 up: "50 Mbps" down: "100 Mbps" sni: bing.com skip-cert-verify: true alpn: - h3
Sing-box 配置示例
sing-box.json
{ "log": { "disabled": false, "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "dns_proxy", "address": "https://1.1.1.1/dns-query", "address_resolver": "dns_resolver", "strategy": "prefer_ipv4", "detour": "proxy" }, { "tag": "dns_direct", "address": "https://223.5.5.5/dns-query", "address_resolver": "dns_resolver", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "dns_block", "address": "rcode://success" }, { "tag": "dns_resolver", "address": "223.5.5.5", "detour": "direct" } ], "rules": [ { "outbound": [ "any" ], "server": "dns_resolver" }, { "geosite": [ "category-ads-all" ], "server": "dns_block", "disable_cache": true }, { "geosite": [ "geolocation-!cn" ], "server": "dns_proxy" }, { "geosite": [ "cn", "private" ], "server": "dns_direct" } ] }, "route": { "geoip": { "download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db", "download_detour": "proxy" }, "geosite": { "download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db", "download_detour": "proxy" }, "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "protocol": [ "quic" ], "outbound": "block" }, { "geosite": [ "category-ads-all" ], "outbound": "block" }, { "type": "logical", "mode": "and", "rules": [ { "geosite": [ "geolocation-!cn" ] }, { "geoip": [ "cn" ], "invert": true } ], "outbound": "proxy" }, { "type": "logical", "mode": "and", "rules": [ { "geosite": [ "cn" ] }, { "geoip": [ "cn" ] } ], "outbound": "direct" }, { "geosite": [ "private" ], "outbound": "direct" }, { "geoip": [ "cn", "private" ], "outbound": "direct" } ], "auto_detect_interface": true }, "inbounds": [ { "type": "tun", "tag": "tun-in", "inet4_address": "172.19.0.1/30", "mtu": 9000, "auto_route": true, "strict_route": false, "sniff": true, "sniff_override_destination": false, "endpoint_independent_nat": false, "stack": "system", "platform": { "http_proxy": { "enabled": true, "server": "127.0.0.1", "server_port": 7890 } } }, { "type": "mixed", "listen": "127.0.0.1", "listen_port": 7890, "sniff": true, "users": [] } ], "outbounds": [ { "type": "hysteria2", "tag": "proxy", "server": "服务器IP", "server_port": 8443, "up_mbps": 100, "down_mbps": 100, "password": "passwd123", "tls": { "enabled": true, "server_name": "bing.com", "insecure": true, "alpn": [ "h3" ] } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "ntp": { "enabled": true, "server": "time.apple.com", "server_port": 123, "interval": "30m", "detour": "direct" }, "experimental": { "clash_api": { "external_controller": "127.0.0.1:9090", "external_ui": "ui", "external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip", "external_ui_download_detour": "PROXY", "secret": "ClashPa$$wd", "default_mode": "rule", "store_mode": true, "store_selected": false, "store_fakeip": true } } }
sing-box-examples
chika0801 • Updated Nov 20, 2024