Add SSH inbound, log level. Update MTPROXY. Fixes

2026-06-08 12:14:54 +03:00 · 2026-06-07 07:59:43 +03:00
parent 6f6af8e902
commit 9f5ccf43d4
115 changed files with 2742 additions and 527 deletions
--- a/examples/admin_panel-manager-node/manager.json
+++ b/examples/admin_panel-manager-node/manager.json
@@ -32,7 +32,7 @@
      "tag": "my-manager",
      "database": {
        "driver": "sqlite",
-        "dsn": "file:manager.db?_pragma=foreign_keys(on)&_pragma=journal_mode(wal)&_pragma=busy_timeout(5000)" // also supported Postgresql
+        "dsn": "file:manager.db?_pragma=foreign_keys(on)&_pragma=journal_mode(wal)&_pragma=busy_timeout(5000)&_time_format=sqlite" // also supported Postgresql
      }
    },
    {
--- a/examples/masque/client.json
+++ b/examples/masque/client.json
@@ -25,6 +25,8 @@
    {
      "type": "masque",
      "tag": "masque-out",
+      "system": false,
+      "name": "masque0",
      "use_http2": false,
      "use_ipv6": false,
      "profile": {
--- a/examples/mieru/server.json
+++ b/examples/mieru/server.json
@@ -7,6 +7,9 @@
      "type": "mieru",
      "tag": "mieru-in",
      "listen_port": 27017,
+      "listen_ports": [
+        "27017-27019"
+      ],
      "transport": "TCP",
      "users": [
        {
--- a/examples/mkcp/client.json
+++ b/examples/mkcp/client.json
@@ -31,7 +31,15 @@
      "packet_encoding": "",
      "transport": {
        "type": "mkcp",
-        "mtu": 1500
+        "mtu": 1350, // 576-1460
+        "tti": 50, // 10-100, ms
+        "uplink_capacity": 12, // MB/s
+        "downlink_capacity": 100, // MB/s
+        "congestion": false,
+        "read_buffer_size": 1, // MB
+        "write_buffer_size": 1, // MB
+        "header_type": "none", // none, srtp, utp, wechat-video, dtls, wireguard
+        "seed": "password"
      }
    }
  ],
--- a/examples/mkcp/server.json
+++ b/examples/mkcp/server.json
@@ -24,7 +24,15 @@
      ],
      "transport": {
        "type": "mkcp",
-        "mtu": 1500
+        "mtu": 1350, // 576-1460
+        "tti": 50, // 10-100, ms
+        "uplink_capacity": 12, // MB/s
+        "downlink_capacity": 100, // MB/s
+        "congestion": false,
+        "read_buffer_size": 1, // MB
+        "write_buffer_size": 1, // MB
+        "header_type": "none", // none, srtp, utp, wechat-video, dtls, wireguard
+        "seed": "password"
      }
    }
  ],
--- a/examples/mtproxy/server.json
+++ b/examples/mtproxy/server.json
@@ -26,9 +26,9 @@
      "concurrency": 8192,
      // domain_fronting_port is a port we use to connect to a fronting domain.
      "domain_fronting_port": 443,
-      // domain_fronting_ip is an IP address to use when connecting to the fronting
-      // domain instead of resolving the hostname from the secret via DNS.
-      "domain_fronting_ip": "",
+      // domain_fronting_host is the address (IP or hostname) to use when connecting
+      // to the fronting domain instead of resolving the hostname from the secret via DNS.
+      "domain_fronting_host": "",
      // domain_fronting_proxy_protocol is used if communication between upstream
      // endpoint and sing-box supports proxy protocol. 
      "domain_fronting_proxy_protocol": false,
--- a/examples/openvpn/auth-user-pass.json
+++ b/examples/openvpn/auth-user-pass.json
@@ -13,6 +13,8 @@
    {
      "type": "openvpn",
      "tag": "openvpn-out",
+      "system": false,
+      "name": "openvpn0",
      "servers": [
        {
          "server": "vpn.example.com",
--- a/examples/openvpn/tls-auth.json
+++ b/examples/openvpn/tls-auth.json
@@ -13,6 +13,8 @@
    {
      "type": "openvpn",
      "tag": "openvpn-out",
+      "system": false,
+      "name": "openvpn0",
      "servers": [
        {
          "server": "vpn.example.com",
--- a/examples/openvpn/tls-crypt-v2.json
+++ b/examples/openvpn/tls-crypt-v2.json
@@ -13,6 +13,8 @@
    {
      "type": "openvpn",
      "tag": "openvpn-out",
+      "system": false,
+      "name": "openvpn0",
      "servers": [
        {
          "server": "vpn.example.com",
--- a/examples/openvpn/tls-crypt.json
+++ b/examples/openvpn/tls-crypt.json
@@ -13,6 +13,8 @@
    {
      "type": "openvpn",
      "tag": "openvpn-out",
+      "system": false,
+      "name": "openvpn0",
      "servers": [
        {
          "server": "vpn.example.com",
--- a/examples/ssh/client.json
+++ b/examples/ssh/client.json
@@ -0,0 +1,52 @@
+{
+  "log": {
+    "level": "error"
+  },
+  "dns": {
+    "servers": [
+      {
+        "type": "local",
+        "tag": "default"
+      }
+    ]
+  },
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen_port": 7897
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct",
+      "tag": "direct"
+    },
+    {
+      "type": "ssh",
+      "tag": "ssh-out",
+      "server": "example.com",
+      "server_port": 2222,
+      "user": "user",
+      // Authentication: password or private key
+      "password": "password",
+      "private_key": [
+        "-----BEGIN OPENSSH PRIVATE KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----"
+      ],
+      // or: "private_key_path": "/path/to/id_ed25519",
+      "private_key_passphrase": "",
+      // Pin server host key (optional)
+      "host_key": [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA..."
+      ],
+      "host_key_algorithms": ["ssh-ed25519"],
+      "client_version": "SSH-2.0-OpenSSH_9.6"
+      // Dial Fields
+    }
+  ],
+  "route": {
+    "final": "ssh-out",
+    "default_domain_resolver": "default",
+    "auto_detect_interface": true
+  }
+}
--- a/examples/ssh/server.json
+++ b/examples/ssh/server.json
@@ -0,0 +1,76 @@
+{
+  "log": {
+    "level": "info"
+  },
+  "dns": {
+    "servers": [
+      {
+        "type": "local",
+        "tag": "default"
+      }
+    ]
+  },
+  "inbounds": [
+    {
+      "type": "ssh",
+      "tag": "ssh-in",
+      "listen": "0.0.0.0",
+      "listen_port": 2222,
+      "host_key": [
+        "-----BEGIN OPENSSH PRIVATE KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----"
+      ],
+      // or: "host_key_path": ["/etc/sing-box/ssh_host_ed25519_key"],
+      "server_version": "SSH-2.0-OpenSSH_9.6",
+      "max_auth_tries": 3,
+      "users": [
+        {
+          "name": "user1",
+          "password": "password1"
+        },
+        {
+          "name": "user2",
+          "authorized_keys": [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... user2@host"
+          ]
+        }
+      ],
+      "fallback": {
+        "server": "10.0.0.2",
+        "server_port": 22,
+        "ca": {
+          "private_key": [
+            "-----BEGIN OPENSSH PRIVATE KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----"
+          ],
+          // or: "private_key_path": "/etc/sing-box/ca_key",
+          "private_key_passphrase": ""
+        },
+        // Optional: separate CA for issuing upstream certs (defaults to ca)
+        "issue_ca": {
+          "private_key": [
+            "-----BEGIN OPENSSH PRIVATE KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----"
+          ],
+          // or: "private_key_path": "/etc/sing-box/issue_ca_key",
+          "private_key_passphrase": ""
+        },
+        "host_key": [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... upstream-host-key"
+        ],
+        // or: "host_key_path": ["/etc/sing-box/upstream_host_key.pub"],
+        "host_key_algorithms": ["ssh-ed25519"],
+        "client_version": "SSH-2.0-OpenSSH_9.6"
+        // Dial Fields
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct",
+      "tag": "direct"
+    }
+  ],
+  "route": {
+    "final": "direct",
+    "default_domain_resolver": "default",
+    "auto_detect_interface": true
+  }
+}