Hysteria 2

The most popular Chinese-made simple protocol based on QUIC, the selling point is Brutal, a congestion control algorithm that can resist packet loss by manually specifying the required rate by the user.

Warning

Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.

Specification	Binary Characteristics	Active Detect Hiddenness
hysteria.network

Password Generator

Generate Password	Action

Difference from official Hysteria

The official program supports an authentication method called userpass, which essentially uses a combination of <username>:<password> as the actual password, while sing-box does not provide this alias. To use sing-box with the official program, you need to fill in that combination as the actual password.

Server Example

Replace up_mbps and down_mbps values with the actual bandwidth of your server.

With local certificate With ACME With ACME and Cloudflare API

 {
  "inbounds": [
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "users": [
        {
          "name": "sekai",
          "password": "<password>"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "key_path": "/path/to/key.pem",
        "certificate_path": "/path/to/certificate.pem"
      }
    }
  ]
}

 {
  "inbounds": [
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "users": [
        {
          "name": "sekai",
          "password": "<password>"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "acme": {
          "domain": "example.org",
          "email": "[email protected]"
        }
      }
    }
  ]
}

 {
  "inbounds": [
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "users": [
        {
          "name": "sekai",
          "password": "<password>"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "acme": {
          "domain": "example.org",
          "email": "[email protected]",
          "dns01_challenge": {
            "provider": "cloudflare",
            "api_token": "my_token"
          }
        }
      }
    }
  ]
}

Client Example

Replace up_mbps and down_mbps values with the actual bandwidth of your client.

With valid certificate With self-sign certificate Ignore certificate verification

{
  "outbounds": [
    {
      "type": "hysteria2",
      "server": "127.0.0.1",
      "server_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "<password>",
      "tls": {
        "enabled": true,
        "server_name": "example.org"
      }
    }
  ]
}

Tip

Use sing-box merge command to merge configuration and certificate into one file.

{
  "outbounds": [
    {
      "type": "hysteria2",
      "server": "127.0.0.1",
      "server_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "<password>",
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "certificate_path": "/path/to/certificate.pem"
      }
    }
  ]
}

{
  "outbounds": [
    {
      "type": "hysteria2",
      "server": "127.0.0.1",
      "server_port": 8080,
      "up_mbps": 100,
      "down_mbps": 100,
      "password": "<password>",
      "tls": {
        "enabled": true,
        "server_name": "example.org",
        "insecure": true
      }
    }
  ]
}