杜绝节点信息泄露，部署自己的 sing-box 订阅转换

前言

• sing-box 虽然直接改 config.json 很方便，但是节点大批量变化的时候，手改就显得太傻逼了
• 用别人的订阅转换怕泄露节点信息，不如直接自建

部署

Ref: https://github.com/Toperlock/sing-box-subscribe

Docker

Ref: https://github.com/hestudy-blog/sing-box-subscribe-docker

这次依然用 Docker 部署，相关容器部署可以参看之前写过的用 Docker 搭建 LNMP 大型攻略

version: '3'

services:
  sbs:
    image: hestudy/sing-box-subscribe:latest
    container_name: sub
    networks:
      - reverse-network # 和 Nginx 在同一网桥
    restart: unless-stopped
    volumes:
      - ./config_template:/sing-box-subscribe/config_template

networks:
  reverse-network:
    external: true

• 然后用 NPM 反代 sub:5000 即可

• 模版丢在 ./config_template 下

• 支持直链订阅，假设我的机场订阅链接为 https://a.com，该订阅转换服务的域名为 b.com，那么我们的最终订阅链接为：https://b.com/config/https://a.com。该订阅链接指向我们自定义的首个模版，如果要指向其他模版要在后面加上 &file=<服务器本地模版对应的数字或者第三方模版直链>，譬如 https://b.com/config/https://a.com&file=2 或者 https://github.com/Toperlock/sing-box-subscribe/raw/main/config_template/config_template_groups_rule_set_tun.json

• 如果要用 sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName 导入远程 profile 的话，我们得把 &file= 中的 & 改成成 %26

  sing-box web parser

  Use the website you built to achieve real-time configuration updates, which can serve as the remote link of sing-box

  For example, the website I built https://sing-box-subscribe.vercel.app, add /config/URL_LINK after the website, here URL_LINK refers to the subscription link

  https://xxxxxxx.vercel.app/config/https://xxxxxxsubscribe?token=123456&file=https://github.com/Toperlock/sing-box-subscribe/raw/main/config_template/config_template_groups_rule_set_tun.json

  2024.2.16 Update: Support adding emoji, tag, prefix, ua, file, eps , enn parameters after the link. Use & to connect multiple parameters. The usage is the same as the parameters in providers.json

  /config/URL_LINK&emoji=1&prefix=♥&ua=v2rayng&eps=vmess,hy2&enn=网站,剩余流量&file=https://xxxxxxxxx.json

  The above example shows: enable emoji, add ♥ before the node name, use v2rayng user agent, and use https://xxxxxxxxx.json as the generated sing-box configuration template

  Example: https://sing-box-subscribe.vercel.app/config/https://gist.githubusercontent.com/Toperlock/b1ca381c32820e8c79669cbbd85b68ac/raw/dafae92fbe48ff36dae6e5172caa1cfd7914cda4/gistfile1.txt&file=https://github.com/Toperlock/sing-box-subscribe/raw/main/config_template/config_template_groups_rule_set_tun.json

  2023.11.04 Update: Two sub links can be processed, the format is: /config/URL encoding, emoji, tag, prefix, UA parameters cannot be written (supports 3 sub links by 2024.1.1)

  Use | to connect the two sub links and then URL encode and put them after config/, as shown in the figure:

  Example: https://sing-box-subscribe.vercel.app/config/https%3A%2F%2Fgist.githubusercontent.com%2FToperlock%2Fb1ca381c32820e8c79669cbbd85b68ac%2Fraw%2Fdafae92fbe48ff36dae6e5172caa1cfd7914cda4%2Fgistfile1.txt%7Chttps%3A%2F%2Fgist.githubusercontent.com%2FToperlock%2Ffa2fdc5f827ff7d288c23d568db75412%2Fraw%2F6c3b725da347f57b0021b806dfca5f51e1660746%2F1.yaml

  2023.11.10 Update: The file parameter can be simplified and written as a number 1, 2 represents the use of the template serial number provided in the github repository

  Example: https://sing-box-subscribe.vercel.app/config/https://gist.githubusercontent.com/Toperlock/b1ca381c32820e8c79669cbbd85b68ac/raw/dafae92fbe48ff36dae6e5172caa1cfd7914cda4/gistfile1.txt&file=2

本地安装

1. 安装 Python 3.10 及以上版本，并确保添加到环境变量中

2. 在终端中，输入以下命令来安装依赖项（在 Mac 上，替换 pip 为 pip3）

   pip install -r requirements.txt

3. 下载 sing-box-subscribe，并打开终端导航到项目目录（可以直接在文件路径输入 cmd ）

4. 将订阅链接放入 providers.json，在 config_template 文件夹中编辑模版，或者直接使用默认模版，使用以下命令运行订阅转换脚本

   python main.py

5. 其余具体还是看官方说明吧，下面会贴一下。这里顺便提一下注意的点

   1. providers.json 中一般需要改的只有 url，User-Agent 一般默认为 v2rayng 即可，如果你的机场只有 Clash 订阅或者 sing-box 订阅，请相应修改为 clashmeta 或者 sing-box
   2. 默认不支持 SSR，不过都 2024 年了，谁还在用这个协议啊

   Put your subscription links in providers.json, edit config_template_groups_tun.json file and use the following command to run the script after editing the template:

   python main.py

   or you can directly select the template with the template_index, 0 means the first template

   python main.py --template_index=0

   For Windows systems, it’s recommended to add the commands to a batch program for execution.

   Before using, make sure to edit the providers.json file and the .json template files in the config_template directory.

   A lazy configuration config_template_groups_rule_set_tun file is included, which allows filtering nodes based on different categories:

   • Implement Openai routing rules
   • Implement Youtube routing rules
   • Implement Google routing rules
   • Implement Github routing rules
   • Implement Telegram routing rules
   • Implement Twitter routing rules
   • Implement Facebook routing rules
   • Implement Instagram routing rules
   • Implement Bilibili routing rules
   • Implement Bahamut routing rules
   • Implement Spotify routing rules
   • Implement TikTok routing rules
   • Implement Netflix routing rules
   • Implement Disney+ routing rules
   • Implement Apple routing rules
   • Implement Amazon routing rules
   • Implement Microsoft routing rules
   • Implement Game routing rules
   • Implement Hbo routing rules
   • Implement Prime Video routing rules

   providers.json File

   In this file, you can add subscription links and basic settings.

   {
       "subscribes":[
           {
               "url": "https://4gviet.com/api/v1/client/subscribe?token=xx",
               "tag": "airport1_tag", //You can keep the default without modification
               "enabled": true, //Enable conversion of this link
               "emoji": 1, //Add flag emoji
               "subgroup": "",
               "prefix": "", //Do not add node name prefix
               "ex-node-name": "网站|流量|过期", //Filter nodes containing keywords
               "User-Agent":"clashmeta" //Set browser UA
           },
           {
               "url": "https://5gtocdocao.com/api/v1/client/subscribe?token=xx",
               "tag": "airport2_tag", //You can keep the default without modification
               "enabled": false, //Disable conversion of this link
               "emoji": 0, //Do not add flag emoji
               "subgroup": "named", //Name the subscription link
               "prefix": "❤️node_name prefix - ", //Add node name prefix
               "User-Agent":"clashmeta" //Set browser UA
           }
       ],
       "auto_set_outbounds_dns":{
           "proxy": "",
           "direct": ""
       },
       "save_config_path": "./config.json",
       "auto_backup": false,
       "exclude_protocol": "ssr", //Not parsing ssr nodes!!!
       "config_template": "", //Customize the correct web page json configuration template link
       "Only-nodes": false //Output the complete sing-box configuration
   }

   • url: Required.

   Supports setting up a regular V2 subscription link (content in base64 encoding)

   Supports setting up a clash subscription link

   Supports setting up a sing-box subscription link

   Supports setting up a local file paths (content as standard URI links or Clash field)

   Local files with `.txt` suffix need to add single node share links one per line in the file, e.g. `ss://` at the beginning (non-subscription links).
   
   Local files with `.yaml` suffix, with the correct clash proxies fields filled in.
   
   Local files need to be saved on the same drive. Local path formats: `/Desktop/sing-box-subscribe/xx.txt` or relative path formats in the same folder as `main.py`: `./xx.txt`.

   • tag: Required. Just keep the default.

   Fill in this tag in the config template to add this subscription. The “airport1_tag” here corresponds to “{机场1}” in the config template. Specific usage can be found in the config template section below.

   tag screenshot reference

   

   • enabled: Optional. Set it to false, and the subscription will be ignored.
   • emoji: Optional. Set it to false or 0, and the node name will not have a country flag emoji.
   • subgroup: Optional. Name the subscription link and generate an outbound.
   • prefix: Optional. Set a custom prefix that will be added to the beginning of the node names. If not set, no prefix will be added.
   • ex-node-name: Optional. Filter nodes containing keywords. Multiple keywords are separated by “|”
   • User-Agent: Optional. You can customize UA, such as setting UA to “clash.meta” or “sing-box”

   prefix effect reference

   

   • auto_set_outbounds_dns: Optional.

   Includes proxy and direct settings.

   proxy and direct should be set to the tag of the dns server in the config template file.

   With this option set, the script will automatically adapt routing rules to DNS rules.

   DNS servers for outbound rules with direct setting in the routing rules will be set to the specified direct outbound.

   Outbound rules that need to be proxied in the routing rules will be set to the corresponding proxy outbound, and the script will automatically create a corresponding dns server for the proxy outbound, using the dns server specified in the proxy setting.

   • save_config_path: Required. Set the path for the generated configuration file.
   • auto_backup: Optional.

   When set to true, the script will rename the currently used sing-box configuration file to original_filename.current_time.bak for backup purposes, in case an incorrect configuration file is generated and needs to be restored.

   • exclude_protocol: Optional.

   Set the protocols to exclude, separated by commas, e.g., ssr, vmess.

   Sharing links using protocols in this setting will be ignored.

   The sing-box release program does not support ssr (needs additional parameters to build), so this setting might be useful.

   • config_template：Optional. Enter a correct webpage json configuration template link to generate sing-box configuration from this template.
   • Only-nodes: Optional.

   When it is set to true or 1, only the node information in sing-box format of the subscription link is output.

   config Template Files

   The script will search for JSON template files in the config_template directory, and you can select which template file to use when the script runs.

   For example, if there are tun.json and socks.json template files in the directory.

   

   The script does not validate the correctness of the template files. If the template file is incorrect, errors will occur, and the script won’t run.

   The template files are similar to sing-box configs, but with some new parameters like {all}, {机场tag} (translated as {airport_tag}), filter, which only work with clash_mode in urltest and selector outbounds.

     >{
     "tag":"proxy",
     "type":"selector",
     "outbounds":[
       "auto",
       "{all}"//All nodes of all subscriptions are added to the location of this tag
     ],
     "filter":[
       //This filter will remove nodes containing ˣ² in airport1_tag
       {"action":"exclude","keywords":["ˣ²"],"for":["机场1"]}
     ]
   },
   {
     "tag":"netflix",
     "type":"selector",
     "outbounds":[
       "{机场1}",//Tag with the airport1_tag will be added to this tagged location
       "{机场2}"//Tag with the airport2_tag will be added to this tagged location
     ],
     "filter":[
       //If airport1_tag and airport2_tag have nodes with these names 'sg','新加坡','tw','台湾' they collectively form the netflix group
       {"action":"include","keywords":["sg|新加坡|tw|台湾"]},
       //The "for" is set to airport1_tag, which means that this rule only works on airport1_tag
       {"action":"exclude","keywords":["ˣ²"],"for":["机场1"]}
       //This filter will remove nodes containing ˣ² in airport1_tag
     ]
   }

   • {all}: Represents all nodes in all subscriptions. The script will add all nodes to the outbounds with this identifier.
   • {机场tag} (translated as {airport_tag}): The airport tag set in providers.json can be used here, representing all nodes in this subscription.
   • filter: Optional. Node filtering, an array object where you can add any number of rules, formatted as:

   "filter": [
       {"action": "include", "keywords": ["keyword1|keyword2"]},
      {"action": "exclude", "keywords": ["keyword1|keyword2"], "for": ["airport1_tag", "airport2_tag"]}
     ]

   • Keyword case-sensitive
   • include: Add the keywords to be retained, use ‘|’ to connect multiple keywords. Nodes with names containing these keywords will be retained, and other nodes will be deleted.
   • exclude: Add the keywords to be excluded, use ‘|’ to connect multiple keywords. Nodes with names containing these keywords will be deleted, and other nodes will be retained.
   • for: Optional. Set the airport tag, can be multiple. This rule will only apply to the specified airports, and other airports will ignore this rule.

   Multiple rules will be executed in order.

Github 部署

细看官方文档吧，我用不到，不再赘述

结语

• 通过 Docker 和 Github 在服务端部署我们都能拿到订阅直链，而本地的话我们只能拿到一个 config.json，当然把这个文件利用 Nginx 等工具放出去也是可以的
• 我主推还是在服务器上用 Docker 部署，拿到直链全平台都能用，就是改配置稍微有些麻烦
• 我的配置就不放了，还在持续完善中，贴一下作者的

坑 V1.0

模版的名称里不要带URL需要转义的特殊符号，比如 +

坑 V2.0

• 改名好像也没用，总会莫名其妙有什么缓存问题，在某个时间点后，所有的直链拿到的 json 文件都是同一份，看了下日志也没啥问题，容器内部的 config.json 也是正常生成的，但直链拿到的就是不对

• 用 Docker 部署的还是不要映射 config_template 了吧，我尝试修改它的权限也没有解决，目前想改配置文件只能去 Docker 内部改了，稍微麻烦点。虽然没映射文件了，但是外部还是再改一次吧，不然备份都不好备份的

坑 V3.0

原因

找到问题源头了，是反代的问题，不知道为什么会造成类似缓存的情况

解决

改成 host 或者 bridge 即可，记得防火墙把 5000 端口关掉

坑 V4.0

1. 不是反代的问题，我即使改成 host 模式也仍然会有缓存的情况，在我尝试映射容器内部根目录的 config.json 后，我发现它即使是空白的也不影响直链获取到的内容，也就是说，直链拿到的内容压根不是根目录 config.json的内容

2. 作者的代码看不太明白，我觉得就是直接拿到的啊

3. 曲线救国吧，设个自动任务，每天自动重建容器，曲线解决缓存问题

   crontab -e # 编辑 crontab 文件
   
   30 5 * * * cd <sub 容器根目录> && sudo docker compose down && sudo docker compose up -d # 每天早上五点半自动重置容器