github.com/sagernet/sing-box@v1.9.0-rc.20/docs/manual/proxy-protocol/hysteria2.md

github.com/sagernet/sing-box@v1.9.0-rc.20/docs/manual/proxy-protocol/hysteria2.md (about)

     1  ---
     2  icon: material/lightning-bolt
     3  ---
     4  
     5  # Hysteria 2
     6  
     7  The most popular Chinese-made simple protocol based on QUIC, the selling point is Brutal,
     8  a congestion control algorithm that can resist packet loss by manually specifying the required rate by the user.
     9  
    10  !!! warning
    11  
    12      Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.
    13  
    14  | Specification                                                             | Binary Characteristics | Active Detect Hiddenness |
    15  |---------------------------------------------------------------------------|------------------------|--------------------------|
    16  | [hysteria.network](https://v2.hysteria.network/docs/developers/Protocol/) | :material-alert:       | :material-check:         |
    17  
    18  ## :material-text-box-check: Password Generator
    19  
    20  | Generate Password          | Action                                                          |
    21  |----------------------------|-----------------------------------------------------------------|
    22  | <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
    23  
    24  <script>
    25      function generate() {
    26          const array = new Uint8Array(16);
    27          window.crypto.getRandomValues(array);
    28          document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
    29      }
    30      generate();
    31  </script>
    32  
    33  ## :material-alert: Difference from official Hysteria
    34  
    35  The official program supports an authentication method called **userpass**,
    36  which essentially uses a combination of `<username>:<password>` as the actual password,
    37  while sing-box does not provide this alias.
    38  To use sing-box with the official program, you need to fill in that combination as the actual password.
    39  
    40  ## :material-server: Server Example
    41  
    42  !!! info ""
    43  
    44      Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your server.
    45  
    46  === ":material-harddisk: With local certificate"
    47      
    48      ```json
    49       {
    50        "inbounds": [
    51          {
    52            "type": "hysteria2",
    53            "listen": "::",
    54            "listen_port": 8080,
    55            "up_mbps": 100,
    56            "down_mbps": 100,
    57            "users": [
    58              {
    59                "name": "sekai",
    60                "password": "<password>"
    61              }
    62            ],
    63            "tls": {
    64              "enabled": true,
    65              "server_name": "example.org",
    66              "key_path": "/path/to/key.pem",
    67              "certificate_path": "/path/to/certificate.pem"
    68            }
    69          }
    70        ]
    71      }
    72      ```
    73  
    74  === ":material-auto-fix: With ACME"
    75  
    76      ```json
    77       {
    78        "inbounds": [
    79          {
    80            "type": "hysteria2",
    81            "listen": "::",
    82            "listen_port": 8080,
    83            "up_mbps": 100,
    84            "down_mbps": 100,
    85            "users": [
    86              {
    87                "name": "sekai",
    88                "password": "<password>"
    89              }
    90            ],
    91            "tls": {
    92              "enabled": true,
    93              "server_name": "example.org",
    94              "acme": {
    95                "domain": "example.org",
    96                "email": "admin@example.org"
    97              }
    98            }
    99          }
   100        ]
   101      }
   102      ```
   103  
   104  === ":material-cloud: With ACME and Cloudflare API"
   105  
   106      ```json
   107       {
   108        "inbounds": [
   109          {
   110            "type": "hysteria2",
   111            "listen": "::",
   112            "listen_port": 8080,
   113            "up_mbps": 100,
   114            "down_mbps": 100,
   115            "users": [
   116              {
   117                "name": "sekai",
   118                "password": "<password>"
   119              }
   120            ],
   121            "tls": {
   122              "enabled": true,
   123              "server_name": "example.org",
   124              "acme": {
   125                "domain": "example.org",
   126                "email": "admin@example.org",
   127                "dns01_challenge": {
   128                  "provider": "cloudflare",
   129                  "api_token": "my_token"
   130                }
   131              }
   132            }
   133          }
   134        ]
   135      }
   136      ```
   137  
   138  ## :material-cellphone-link: Client Example
   139  
   140  !!! info ""
   141  
   142      Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your client.
   143  
   144  === ":material-web-check: With valid certificate"
   145  
   146      ```json
   147      {
   148        "outbounds": [
   149          {
   150            "type": "hysteria2",
   151            "server": "127.0.0.1",
   152            "server_port": 8080,
   153            "up_mbps": 100,
   154            "down_mbps": 100,
   155            "password": "<password>",
   156            "tls": {
   157              "enabled": true,
   158              "server_name": "example.org"
   159            }
   160          }
   161        ]
   162      }
   163      ```
   164  
   165  === ":material-check: With self-sign certificate"
   166  
   167      !!! info "Tip"
   168          
   169          Use `sing-box merge` command to merge configuration and certificate into one file.
   170  
   171      ```json
   172      {
   173        "outbounds": [
   174          {
   175            "type": "hysteria2",
   176            "server": "127.0.0.1",
   177            "server_port": 8080,
   178            "up_mbps": 100,
   179            "down_mbps": 100,
   180            "password": "<password>",
   181            "tls": {
   182              "enabled": true,
   183              "server_name": "example.org",
   184              "certificate_path": "/path/to/certificate.pem"
   185            }
   186          }
   187        ]
   188      }
   189      ```
   190  
   191  === ":material-alert: Ignore certificate verification"
   192  
   193      ```json
   194      {
   195        "outbounds": [
   196          {
   197            "type": "hysteria2",
   198            "server": "127.0.0.1",
   199            "server_port": 8080,
   200            "up_mbps": 100,
   201            "down_mbps": 100,
   202            "password": "<password>",
   203            "tls": {
   204              "enabled": true,
   205              "server_name": "example.org",
   206              "insecure": true
   207            }
   208          }
   209        ]
   210      }
   211      ```