frely.github.io/local-search.xml at main · frely/frely.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?xml version="1.0" encoding="utf-8"?>
<search>


  <entry>
    <title>ESXI下Ubuntu安装GPU驱动</title>
    <link href="/2024/06/08/ESXI%E4%B8%8BUbuntu%E5%AE%89%E8%A3%85GPU%E9%A9%B1%E5%8A%A8/"/>
    <url>/2024/06/08/ESXI%E4%B8%8BUbuntu%E5%AE%89%E8%A3%85GPU%E9%A9%B1%E5%8A%A8/</url>

    <content type="html"><![CDATA[<p>AI大模型在如今越来越多的接触到，其基础GPU卡的使用也接触的越来越多。</p><p>以下命令已在 <code>ESXI8</code> <code>Ubuntu 22.04</code> 上正常运行。</p><h1 id="ESXI虚拟机配置"><a href="#ESXI虚拟机配置" class="headerlink" title="ESXI虚拟机配置"></a>ESXI虚拟机配置</h1><p>1、登录ESXi主机，管理，硬件，PCI设备，勾选GPU卡，切换直通</p><p>2、按常规方式新建虚拟机，添加PCI设备，选中对应GPU卡。注意，内存注意一定要勾选预留，否则开机后报错</p><p>3、编辑虚拟机选项，关闭UEFI安全引导。</p><p>4、编辑虚拟机选项，高级 – 配置参数 – 编辑配置：添加以下参数：</p><ul><li><p><code>hypervisor.cpuid.v0 = FALSE</code></p></li><li><p><code>pciPassthru.use64bitMMIO = TRUE</code></p></li><li><p><code>pciPassthru.64bitMMIOSizeGB = 64</code></p><blockquote><p>MMIOSize设置为虚拟机分配的所有GPU显存大小的两倍</p></blockquote></li></ul><h1 id="禁用nouveau"><a href="#禁用nouveau" class="headerlink" title="禁用nouveau"></a>禁用nouveau</h1><p>更新系统到最新：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><code class="hljs shell">apt update<br>apt full-upgrade -y<br></code></pre></td></tr></table></figure><p>禁用 nouveau：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><code class="hljs shell">touch /etc/modprobe.d/blacklist-nvidia-nouveau.conf<br><br>cat &gt;&gt; /etc/modprobe.d/blacklist-nvidia-nouveau.conf &lt;&lt; EOF<br>blacklist nouveau<br>options nouveau modeset=0<br>EOF<br><br>touch /etc/modprobe.d/nvidia.conf<br><br>cat &gt;&gt; /etc/modprobe.d/nvidia.conf &lt;&lt; EOF<br>options nvidia NVreg_OpenRmEnableUnsupportedGpus=1<br>EOF<br></code></pre></td></tr></table></figure><p>更新 initramfs：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">update-initramfs -u<br></code></pre></td></tr></table></figure><p>重启系统：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">reboot<br></code></pre></td></tr></table></figure><p>验证不包含 nouveau：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">lsmod | grep nouveau<br></code></pre></td></tr></table></figure><h1 id="安装GPU驱动"><a href="#安装GPU驱动" class="headerlink" title="安装GPU驱动"></a>安装GPU驱动</h1><p>安装依赖包：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">apt install build-essential gcc make pkg-config libglvnd-dev libvulkan1 -y<br></code></pre></td></tr></table></figure><p>安装显卡驱动：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><code class="hljs shell">chmod +x NVIDIA-Linux-x86_64-525.89.02.run<br><br>./NVIDIA-Linux-x86_64-525.89.02.run -m=kernel-open<br></code></pre></td></tr></table></figure><blockquote><p>注意必须使用 <code>-m=kernel-open</code> </p></blockquote><p>重启系统：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">reboot<br></code></pre></td></tr></table></figure><p>验证：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">nvidia-smi<br></code></pre></td></tr></table></figure>]]></content>


    <tags>

      <tag>虚拟化</tag>

      <tag>ai</tag>

      <tag>esxi</tag>

      <tag>linux</tag>

      <tag>gpu</tag>

      <tag>NVIDIA</tag>

    </tags>

  </entry>


  <entry>
    <title>状态监控软件Gatus</title>
    <link href="/2024/04/02/%E7%8A%B6%E6%80%81%E7%9B%91%E6%8E%A7%E8%BD%AF%E4%BB%B6gatus/"/>
    <url>/2024/04/02/%E7%8A%B6%E6%80%81%E7%9B%91%E6%8E%A7%E8%BD%AF%E4%BB%B6gatus/</url>

    <content type="html"><![CDATA[<p>简约而不简单的状态监控软件：<a href="https://github.com/TwiN/gatus">Gatus</a></p><p>最近需要监控一些接口的在线状态，于是在程序员之友 github 上筛选到了基于 Go 语言的 Gatus。</p><p>Gatus 是一个面向开发人员的运行状况仪表板，使您能够使用 HTTP、ICMP、TCP 甚至 DNS 查询来监控您的服务，并通过使用状态代码等值的条件列表来评估所述查询的结果，响应时间、证书过期、正文等等。最重要的是，这些运行状况检查中的每一项都可以与通过 Slack、Teams、PagerDuty、Discord、Twilio 等发出的警报配对。</p><img src="/2024/04/02/%E7%8A%B6%E6%80%81%E7%9B%91%E6%8E%A7%E8%BD%AF%E4%BB%B6gatus/dashboard-dark.png" class=""><h1 id="部署"><a href="#部署" class="headerlink" title="部署"></a>部署</h1><p>快速启动：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">docker run -p 8080:8080 --name gatus twinproduction/gatus<br></code></pre></td></tr></table></figure><p>使用配置文件：</p><p>新建配置文件 <code>config.yaml</code> 内容如下：</p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><code class="hljs yaml"><span class="hljs-comment"># 保存数据(默认是内存)</span><br><span class="hljs-attr">storage:</span><br>  <span class="hljs-attr">type:</span> <span class="hljs-string">sqlite</span><br>  <span class="hljs-attr">path:</span> <span class="hljs-string">/config/data.db</span><br><br><span class="hljs-comment"># 监控列表</span><br><span class="hljs-attr">endpoints:</span><br>  <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">tms-driverapi</span><br>    <span class="hljs-attr">url:</span> <span class="hljs-string">&quot;https://tms.truking.com:8443/driverapi/train/getconfirmtrain&quot;</span><br>    <span class="hljs-attr">interval:</span> <span class="hljs-string">60s</span><br>    <span class="hljs-attr">conditions:</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[STATUS] == 500&quot;</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[RESPONSE_TIME] &lt; 3000&quot;</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[BODY].OperationDesc == HTTP 405 Method Not Allowed&quot;</span><br><br>  <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">tms-web</span><br>    <span class="hljs-attr">url:</span> <span class="hljs-string">&quot;https://tms.truking.com:8443/login&quot;</span><br>    <span class="hljs-attr">interval:</span> <span class="hljs-string">60s</span><br>    <span class="hljs-attr">conditions:</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[STATUS] == 200&quot;</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[RESPONSE_TIME] &lt; 3000&quot;</span><br><br>  <span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">baidu.com</span><br>    <span class="hljs-attr">url:</span> <span class="hljs-string">&quot;https://www.baidu.com&quot;</span><br>    <span class="hljs-attr">interval:</span> <span class="hljs-string">60s</span><br>    <span class="hljs-attr">conditions:</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[STATUS] == 200&quot;</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">&quot;[RESPONSE_TIME] &lt; 3000&quot;</span><br></code></pre></td></tr></table></figure><p>新建 <code>docker-compose</code> 文件：</p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><code class="hljs yaml"><span class="hljs-attr">version:</span> <span class="hljs-string">&quot;3.9&quot;</span><br><span class="hljs-attr">services:</span><br>  <span class="hljs-attr">homepage:</span><br>    <span class="hljs-attr">image:</span> <span class="hljs-string">docker.io/twinproduction/gatus</span><br>    <span class="hljs-attr">container_name:</span> <span class="hljs-string">gatus</span><br>    <span class="hljs-attr">network_mode:</span> <span class="hljs-string">bridge</span><br>    <span class="hljs-attr">ports:</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-number">8088</span><span class="hljs-string">:8080</span><br>    <span class="hljs-attr">volumes:</span><br>      <span class="hljs-bullet">-</span> <span class="hljs-string">./data:/config</span><br>    <span class="hljs-attr">restart:</span> <span class="hljs-string">unless-stopped</span><br></code></pre></td></tr></table></figure><p>启动服务：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">docker compose up -d<br></code></pre></td></tr></table></figure>]]></content>


    <tags>

      <tag>仪表板</tag>

      <tag>监控</tag>

      <tag>devops</tag>

    </tags>

  </entry>


  <entry>
    <title>部署sing-box</title>
    <link href="/2024/03/16/%E9%83%A8%E7%BD%B2sing-box/"/>
    <url>/2024/03/16/%E9%83%A8%E7%BD%B2sing-box/</url>

    <content type="html"><![CDATA[<p>sing-box 是一款新兴的通用代理平台，提供了丰富的协议支持和灵活的配置选项。</p><p>使用的 OpenWrt 版本：23.05</p><p>文章内容参考了以下来源：</p><ul><li><p><a href="https://github.com/ffuqiangg/build_openwrt/blob/main/docs/sing-box.md">https://github.com/ffuqiangg/build_openwrt/blob/main/docs/sing-box.md</a></p></li><li><p><a href="https://github.com/rezconf/Sing-box/wiki/How-to-Run">https://github.com/rezconf/Sing-box/wiki/How-to-Run</a></p></li><li><p><a href="https://pfchina.org/?p=11850">https://pfchina.org/?p=11850</a></p></li></ul><h1 id="安装sing-box"><a href="#安装sing-box" class="headerlink" title="安装sing-box"></a>安装sing-box</h1><p>更新软件包列表</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">opkg update<br></code></pre></td></tr></table></figure><p>安装内核模块和依赖包</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">opkg install kmod-inet-diag kmod-netlink-diag kmod-tun iptables-nft<br></code></pre></td></tr></table></figure><p>安装sing-box</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">opkg install sing-box<br></code></pre></td></tr></table></figure><p>常用命令：</p><ul><li><code>/etc/init.d/sing-box enable</code> 启用 sing-box 服务，作用等效于开启 sing-box 开机自启。固件为了避免和其它代理插件冲突默认禁用 sing-box 服务，使用 sing-box 前请先用此命令启用 sing-box 服务。</li><li><code>/etc/init.d/sing-box disable</code> 禁用 sing-box 服务，作用为关闭 sing-box 开机自启。在你尝试过 sing-box 后要切换到其它代理插件时应使用此命令禁用 sing-box 服务，避免机器重启后 sing-box 自动启动造成两个代理插件同时运行发生冲突。</li><li><code>/etc/init.d/sing-box start</code> 启动 sing-box，配置文件准备好后使用此命令启动 sing-box。</li><li><code>/etc/init.d/sing-box stop</code> 关闭 sing-box，停止 sing-box 运行。</li><li><code>/etc/init.d/sing-box reload</code> 重新读取配置文件，当 sing-box 正在运行过程中配置文件发生变化时使用此命令重新读取配置文件。</li></ul><p>修改配置 <code>/etc/init.d/sing-box</code> 添加以下内容：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br></pre></td><td class="code"><pre><code class="hljs shell"><span class="hljs-meta prompt_">#</span><span class="language-bash">!/bin/sh /etc/rc.common</span><br><br>START=99<br>USE_PROCD=1<br><span class="hljs-meta prompt_"></span><br><span class="hljs-meta prompt_">#</span><span class="language-bash"><span class="hljs-comment">####  ONLY CHANGE THIS BLOCK  ######</span></span><br>PROG=/usr/bin/sing-box <br>RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists<br>CONF=./config.json   # where is the config file, it can be a relative path to $RES_DIR<br><span class="hljs-meta prompt_">#</span><span class="language-bash"><span class="hljs-comment">####  ONLY CHANGE THIS BLOCK  ######</span></span><br><br>start_service() &#123;<br>  sleep 10 <br>  procd_open_instance<br>  procd_set_param command $PROG run -D $RES_DIR -c $CONF<br><br>  procd_set_param user root<br>  procd_set_param limits core=&quot;unlimited&quot;<br>  procd_set_param limits nofile=&quot;1000000 1000000&quot;<br>  procd_set_param stdout 1<br>  procd_set_param stderr 1<br>  procd_set_param respawn &quot;$&#123;respawn_threshold:-3600&#125;&quot; &quot;$&#123;respawn_timeout:-5&#125;&quot; &quot;$&#123;respawn_retry:-5&#125;&quot;<br>  procd_close_instance<br>  echo &quot;sing-box is started!&quot;<br>&#125;<br><br>stop_service() &#123;<br>  service_stop $PROG<br>  echo &quot;sing-box is stopped!&quot;<br>&#125;<br><br>reload_service() &#123;<br>  stop<br>  sleep 5s<br>  echo &quot;sing-box is restarted!&quot;<br>  start<br>&#125;<br></code></pre></td></tr></table></figure><p>添加权限</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">chmod +x /etc/init.d/sing-box<br></code></pre></td></tr></table></figure><h2 id="配置"><a href="#配置" class="headerlink" title="配置"></a>配置</h2><h3 id="准备配置文件"><a href="#准备配置文件" class="headerlink" title="准备配置文件"></a>准备配置文件</h3><p>如果你有订阅链接直接将配置文件下载到 &#x2F;etc&#x2F;sing-box 目录。</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><code class="hljs shell">mkdir /etc/sing-box<br>wget -U &quot;sing-box&quot; &quot;订阅地址&quot; -O /etc/sing-box/config.json<br></code></pre></td></tr></table></figure><blockquote><p>可以保存多个订阅的配置文件，注意从文件名进行区分。sing-box 运行时只会读取 config.json ，所以要使用的配置文件修改好后须重命名或者复制一份为 config.json 。</p></blockquote><p>对配置文件 <code>/etc/sing-box/config.json</code> 进行一些修改，添加clash-ui。</p><figure class="highlight json"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><code class="hljs json"><span class="hljs-attr">&quot;experimental&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">&#123;</span><br>  <span class="hljs-attr">&quot;clash_api&quot;</span><span class="hljs-punctuation">:</span><span class="hljs-punctuation">&#123;</span> <br>    <span class="hljs-attr">&quot;external_controller&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;0.0.0.0:9090&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;external_ui&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;ui&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;secret&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;passwd&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;external_ui_download_url&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/gh-pages.zip&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;external_ui_download_detour&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;direct&quot;</span><br>  <span class="hljs-punctuation">&#125;</span><br><span class="hljs-punctuation">&#125;</span><span class="hljs-punctuation">,</span><br></code></pre></td></tr></table></figure><ul><li><strong>external_controller</strong> 影响 clash 面板的访问地址。作为 网关&#x2F;路由 这里的地址必须修改为 0.0.0.0，端口可随意设置只要不与系统本身及其它插件冲突即可。面板访问地址为 <a href="http://xn--ip-tf7es78f:自定义端口/ui">http:&#x2F;&#x2F;路由IP:自定义端口&#x2F;ui</a></li><li><strong>external_ui</strong> clash 面板源码目录，可随意设置。</li><li><strong>external_ui_download_url</strong> clash 面板静态网页资源的 ZIP 下载地址，当 external_ui 设置的目录不存在或是空目录会按这里设置的地址下载面板文件。实例为 metacubexd 面板，要使用 yacd 面板修改为 “<a href="https://mirror.ghproxy.com/https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip">https://mirror.ghproxy.com/https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip</a>“</li><li><strong>external_ui_download_detour</strong> 用于下载静态网页资源的出站的标签。如果为空，将使用默认出站。此项可省略。</li><li><strong>secret</strong> clash 面板的登录密码，推荐始终设置一个密码。</li></ul><p>检查配置文件：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">sing-box check -c /etc/sing-box/config.json<br></code></pre></td></tr></table></figure><h3 id="使用Tproxy模式"><a href="#使用Tproxy模式" class="headerlink" title="使用Tproxy模式"></a>使用Tproxy模式</h3><p>默认情况下 sing-box 是 Tun 模式，Tproxy 模式性能会更好。</p><p>找到配置文件 <code>/etc/sing-box/config.json</code> 中的 inbounds 部分对照示例然后将其中包含 <code>&quot;type&quot;: &quot;tun&quot;</code> 的整个 {} 中的内容替换为示例代码。这步的作用是将代理模式由 tun 换为 tproxy。</p><figure class="highlight json"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><code class="hljs json"><span class="hljs-punctuation">&#123;</span><br>    <span class="hljs-attr">&quot;type&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;tproxy&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;tag&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;tproxy-in&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;listen&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-string">&quot;::&quot;</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;listen_port&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-number">10105</span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;tcp_fast_open&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-literal"><span class="hljs-keyword">true</span></span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;udp_fragment&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-literal"><span class="hljs-keyword">true</span></span><span class="hljs-punctuation">,</span><br>    <span class="hljs-attr">&quot;sniff&quot;</span><span class="hljs-punctuation">:</span> <span class="hljs-literal"><span class="hljs-keyword">true</span></span><br><span class="hljs-punctuation">&#125;</span><span class="hljs-punctuation">,</span><br></code></pre></td></tr></table></figure><p>检查配置文件：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs shell">sing-box check -c /etc/sing-box/config.json<br></code></pre></td></tr></table></figure><p>创建转发规则，注意替换文件中的内网网段 <code>192.168.8.0/24</code> 改为你的内网网段，例如 <code>192.168.1.0/24</code></p><p>创建文件 <code>/etc/sing-box/nftables.rules</code> 添加以下内容：</p><figure class="highlight stata"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br></pre></td><td class="code"><pre><code class="hljs stata">#!/usr/sbin/nft -f<br><br>flush ruleset<br><br>define RESERVED_IP = &#123;<br>    100.64.0.0/10,<br>    127.0.0.0/8,<br>    169.254.0.0/16,<br>    172.16.0.0/12,<br>    192.0.0.0/24,<br>    224.0.0.0/4,<br>    240.0.0.0/4,<br>    255.255.255.255/32<br>&#125;<br><br><span class="hljs-keyword">table</span> inet xray &#123;<br>    chain prerouting &#123;<br>        <span class="hljs-keyword">type</span> filter hook prerouting priority filter; policy accept;<br>        ip daddr <span class="hljs-variable">$RESERVED_IP</span> <span class="hljs-keyword">return</span><br>        # 修改为你的内网网段<br>        <span class="hljs-keyword">meta</span> l4proto tcp ip daddr 192.168.8.0/24 <span class="hljs-keyword">return</span><br>        ip daddr 192.168.8.0/24 udp dport != 53 <span class="hljs-keyword">return</span><br>        <span class="hljs-keyword">meta</span> <span class="hljs-keyword">mark</span> 0x000000ff <span class="hljs-keyword">return</span><br>        # 修改为你的透明代理程序的端口<br>        <span class="hljs-keyword">meta</span> l4proto &#123; tcp, udp &#125; <span class="hljs-keyword">meta</span> <span class="hljs-keyword">mark</span> <span class="hljs-keyword">set</span> 0x00000001 tproxy ip to 127.0.0.1:10105 accept<br>    &#125;<br><br>    chain output &#123;<br>        <span class="hljs-keyword">type</span> route hook output priority filter; policy accept;<br>        ip daddr <span class="hljs-variable">$RESERVED_IP</span> <span class="hljs-keyword">return</span><br>        # 修改为你的内网网段<br>        <span class="hljs-keyword">meta</span> l4proto tcp ip daddr 192.168.8.0/24 <span class="hljs-keyword">return</span><br>        ip daddr 192.168.8.0/24 udp dport != 53 <span class="hljs-keyword">return</span><br>        <span class="hljs-keyword">meta</span> <span class="hljs-keyword">mark</span> 0x000000ff <span class="hljs-keyword">return</span><br>        <span class="hljs-keyword">meta</span> l4proto &#123; tcp, udp &#125; <span class="hljs-keyword">meta</span> <span class="hljs-keyword">mark</span> <span class="hljs-keyword">set</span> 0x00000001 accept<br>    &#125;<br><br>    chain divert &#123;<br>        <span class="hljs-keyword">type</span> filter hook prerouting priority mangle; policy accept;<br>        <span class="hljs-keyword">meta</span> l4proto tcp socket transparent 1 <span class="hljs-keyword">meta</span> <span class="hljs-keyword">mark</span> <span class="hljs-keyword">set</span> 0x00000001 accept<br>    &#125;<br>&#125;<br></code></pre></td></tr></table></figure><p>修改启动配置 <code>/etc/init.d/sing-box</code> 修改为以下内容：</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><code class="hljs bash">  ...<br>  procd_set_param respawn <span class="hljs-string">&quot;<span class="hljs-variable">$&#123;respawn_threshold:-3600&#125;</span>&quot;</span> <span class="hljs-string">&quot;<span class="hljs-variable">$&#123;respawn_timeout:-5&#125;</span>&quot;</span> <span class="hljs-string">&quot;<span class="hljs-variable">$&#123;respawn_retry:-5&#125;</span>&quot;</span><br>  procd_close_instance<br>  ip rule add fwmark 1 table 100<br>  ip route add <span class="hljs-built_in">local</span> 0.0.0.0/0 dev lo table 100<br>  nft -f /etc/sing-box/nftables.rules<br>  <span class="hljs-built_in">echo</span> <span class="hljs-string">&quot;sing-box is started!&quot;</span><br>&#125;<br><br><span class="hljs-function"><span class="hljs-title">stop_service</span></span>() &#123;<br>  service_stop <span class="hljs-variable">$PROG</span><br>  ip rule del fwmark 1 table 100<br>  ip route del <span class="hljs-built_in">local</span> 0.0.0.0/0 dev lo table 100<br>  nft flush ruleset<br>  <span class="hljs-built_in">echo</span> <span class="hljs-string">&quot;sing-box is stopped!&quot;</span><br>&#125;<br></code></pre></td></tr></table></figure><p>启动 sing-box ：</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><code class="hljs shell">/etc/init.d/sing-box enable<br>/etc/init.d/sing-box start<br></code></pre></td></tr></table></figure><h1 id="遇到的问题"><a href="#遇到的问题" class="headerlink" title="遇到的问题"></a>遇到的问题</h1><ul><li>目前与 Dnsmasq 不兼容，会导致相关功能失效。</li></ul>]]></content>


    <tags>

      <tag>openwrt</tag>

      <tag>sing-box</tag>

    </tags>

  </entry>


</search>