diff --git a/docs/config.yaml b/docs/config.yaml new file mode 100644 index 00000000..ea2149be --- /dev/null +++ b/docs/config.yaml @@ -0,0 +1,505 @@ +# port: 7890 # HTTP(S) 代理服务器端口 +# socks-port: 7891 # SOCKS5 代理端口 +mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口 +# redir-port: 7892 # 透明代理端口 用于Linux和 + +# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) +# tproxy-port: 7893 + +allow-lan: true # 允许局域网连接 +bind-address: "*" # 绑定IP地址,仅作用于 allow-lan 为true, '*'表示所有地址 + +mode: rule + +log-level: debug #日志等级 silent/error/warning/info/debug + +ipv6: true #开启IPv6总开关 关闭阻断所有IPv6和屏蔽DNS请求AAAA记录 + +external-controller: 0.0.0.0:9093 # RESTful API 监听地址 + +# secret: "123456" # `Authorization: Bearer ${secret}` + +# tcp-concurrent: true # TCP并发连接所有IP, 将使用最快握手的TCP +external-ui: /path/to/ui/folder # 配置WEB UI目录,使用http://{{external-controller}}/ui 访问 + +# interface-name: en0 # 设置出口网卡 + +# routing-mark: 6666 # 配置fwmark 仅用于Linux + +# 类似于/etc/hosts, 仅支持配置单个IP +hosts: +# '*.clash.dev': 127.0.0.1 +# '.dev': 127.0.0.1 +# 'alpha.clash.dev': '::1' + +# Tun配置 +tun: + enable: false + stack: system # gvisor + dns-hijack: + - 198.18.0.2:53 # 需要劫持的DNS + # auto-detect-interface: true # 自动识别interface + # auto-route: true # 配置 + +# 嗅探域名 可选配置 +sniffer: + enable: false + # 需要嗅探协议 + sniffing: + - tls + - http + # 强制对此域名进行嗅探 + force-domain: + - +.v2ex.com + # 仅对白名单中的端口进行嗅探,默认为0-65535,推荐只对需要嗅探写的的常见端口嗅探 + port-whitelist: + - "80" + - "443" + # - 8000-9999 + +profile: + # 存储select选择记录 + store-selected: false + + # 持久化fake-ip + store-fake-ip: true + +# DNS配置 +dns: + enable: false # 关闭将使用系统DNS + listen: 0.0.0.0:53 # 开启DNS服务器监听 + + # ipv6: false # false将返回AAAA的空结果 + + # 用于解析nameserver,fallbacky以及其他DNS服务器配置的,DNS服务域名 + # 只能使用纯IP地址,可使用加密DNS + default-nameserver: + - 114.114.114.114 + - 8.8.8.8 + - tls://1.12.12.12:853 + - tls://223.5.5.5:853 + enhanced-mode: fake-ip # or redir-host + + fake-ip-range: 198.18.0.1/16 # fake-ip 池设置 + + # use-hosts: true # 查询hosts + + # 配置不使用fake-ip的域名 + # fake-ip-filter: + # - '*.lan' + # - localhost.ptlogin2.qq.com + + # DNS主要域名配置 + # 支持 UDP,TCP,DOT,DOH,DOQ + # 这部分为主要DNS配置,影响所有直连,确保使用对大陆解析精准的DNS + nameserver: + - 114.114.114.114 # default value + - 8.8.8.8 # default value + - tls://223.5.5.5:853 # DNS over TLS + - https://1.1.1.1/dns-query # DNS over HTTPS + - dhcp://en0 # dns from dhcp + - quic://dns.adguard.com:784 # DNS over QUIC + # - '8.8.8.8#en0' # 兼容指定DNS出口网卡 + + # 当配置fallback时,会查询nameserver中返回的IP是否为CN,非必要配置 + # 当不是CN,则使用fallback中的DNS查询结果 + # 确保配置fallback时能够正常查询 + # fallback: + # - tcp://1.1.1.1 + # - 'tcp://1.1.1.1#ProxyGroupName' # 指定DNS过代理查询,ProxyGroupName为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡 + + # 专用于节点域名解析的DNS服务器,非必要配置项 + # 配置服务器若查询失败将使用nameserver,非并发查询 + # proxy-server-nameserver: + # - https://dns.google/dns-query + # - tls://one.one.one.one + + # 配置fallback使用条件 + # fallback-filter: + # geoip: true # 配置是否使用geoip + # geoip-code: CN # 当nameserver域名的IP查询geoip库为CN时,不使用fallback + # 配置强制fallback,优先于IP判断,具体分类自行查看geosite库 + # geosite: + # - gfw + # 配置不需要使用fallback的IP CIDR + # ipcidr: + # - 240.0.0.0/4 + # domain: + # - '+.google.com' + # - '+.facebook.com' + # - '+.youtube.com' + + # 配置查询域名使用的DNS服务器 + # nameserver-policy: + # 'www.baidu.com': '114.114.114.114' + # '+.internal.crop.com': '10.0.0.1' + +proxies: + # Shadowsocks + # cipher支持: + # aes-128-gcm aes-192-gcm aes-256-gcm + # aes-128-cfb aes-192-cfb aes-256-cfb + # aes-128-ctr aes-192-ctr aes-256-ctr + # rc4-md5 chacha20-ietf xchacha20 + # chacha20-ietf-poly1305 xchacha20-ietf-poly1305 + # 2022-blake3-aes-128-gcm 2022-blake3-aes-256-gcm 2022-blake3-chacha20-poly1305 + - name: "ss1" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + # udp: true + # udp-over-tcp: false + + - name: "ss2" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + plugin: obfs + plugin-opts: + mode: tls # or http + # host: bing.com + + - name: "ss3" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + plugin: v2ray-plugin + plugin-opts: + mode: websocket # no QUIC now + # tls: true # wss + # skip-cert-verify: true + # host: bing.com + # path: "/" + # mux: true + # headers: + # custom: value + + # vmess + # cipher支持 auto/aes-128-gcm/chacha20-poly1305/none + - name: "vmess" + type: vmess + server: server + port: 443 + uuid: uuid + alterId: 32 + cipher: auto + # udp: true + # tls: true + # skip-cert-verify: true + # servername: example.com # priority over wss host + # network: ws + # ws-opts: + # path: /path + # headers: + # Host: v2ray.com + # max-early-data: 2048 + # early-data-header-name: Sec-WebSocket-Protocol + + - name: "vmess-h2" + type: vmess + server: server + port: 443 + uuid: uuid + alterId: 32 + cipher: auto + network: h2 + tls: true + h2-opts: + host: + - http.example.com + - http-alt.example.com + path: / + + - name: "vmess-http" + type: vmess + server: server + port: 443 + uuid: uuid + alterId: 32 + cipher: auto + # udp: true + # network: http + # http-opts: + # # method: "GET" + # # path: + # # - '/' + # # - '/video' + # # headers: + # # Connection: + # # - keep-alive + + - name: vmess-grpc + server: server + port: 443 + type: vmess + uuid: uuid + alterId: 32 + cipher: auto + network: grpc + tls: true + servername: example.com + # skip-cert-verify: true + grpc-opts: + grpc-service-name: "example" + + # socks5 + - name: "socks" + type: socks5 + server: server + port: 443 + # username: username + # password: password + # tls: true + # skip-cert-verify: true + # udp: true + + # http + - name: "http" + type: http + server: server + port: 443 + # username: username + # password: password + # tls: true # https + # skip-cert-verify: true + # sni: custom.com + + # Snell + # Beware that there's currently no UDP support yet + - name: "snell" + type: snell + server: server + port: 44046 + psk: yourpsk + # version: 2 + # obfs-opts: + # mode: http # or tls + # host: bing.com + + # Trojan + - name: "trojan" + type: trojan + server: server + port: 443 + password: yourpsk + # udp: true + # sni: example.com # aka server name + # alpn: + # - h2 + # - http/1.1 + # skip-cert-verify: true + + - name: trojan-grpc + server: server + port: 443 + type: trojan + password: "example" + network: grpc + sni: example.com + # skip-cert-verify: true + udp: true + grpc-opts: + grpc-service-name: "example" + + - name: trojan-ws + server: server + port: 443 + type: trojan + password: "example" + network: ws + sni: example.com + # skip-cert-verify: true + udp: true + # ws-opts: + # path: /path + # headers: + # Host: example.com + + - name: "trojan-xtls" + type: trojan + server: server + port: 443 + password: yourpsk + flow: "xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct + flow-show: true + # udp: true + # sni: example.com # aka server name + # skip-cert-verify: true + + # vless + - name: "vless-tcp" + type: vless + server: server + port: 443 + uuid: uuid + network: tcp + servername: example.com # AKA SNI + # flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS + # skip-cert-verify: true + + - name: "vless-ws" + type: vless + server: server + port: 443 + uuid: uuid + udp: true + tls: true + network: ws + servername: example.com # priority over wss host + # skip-cert-verify: true + ws-opts: + path: "/" + headers: + Host: example.com + - name: "hysteria" + type: hysteria + server: server.com + port: 443 + auth_str: yourpassword + # obfs: obfs_str + # alpn: h3 + protocol: udp #支持udp/wechat-video/faketcp + up: "30 Mbps" #若不写单位,默认为Mbps + down: "200 Mbps" #若不写单位,默认为Mbps + #sni: server.com + #skip-cert-verify: false + #recv_window_conn: 12582912 + #recv_window: 52428800 + #ca: "./my.ca" + #ca_str: "xyz" + #disable_mtu_discovery: false + + # ShadowsocksR + # The supported ciphers (encryption methods): all stream ciphers in ss + # The supported obfses: + # plain http_simple http_post + # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth + # The supported supported protocols: + # origin auth_sha1_v4 auth_aes128_md5 + # auth_aes128_sha1 auth_chain_a auth_chain_b + - name: "ssr" + type: ssr + server: server + port: 443 + cipher: chacha20-ietf + password: "password" + obfs: tls1.2_ticket_auth + protocol: auth_sha1_v4 + # obfs-param: domain.tld + # protocol-param: "#" + # udp: true + +proxy-groups: + # 代理链,若落地协议支持UDP over TCP则可支持UDP + # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet + - name: "relay" + type: relay + proxies: + - http + - vmess + - ss1 + - ss2 + + # url-test 将按照url测试结果使用延迟最低节点 + - name: "auto" + type: url-test + proxies: + - ss1 + - ss2 + - vmess1 + # tolerance: 150 + # lazy: true + url: "http://www.gstatic.com/generate_204" + interval: 300 + + # fallback 将按照url测试结果按照节点顺序选择 + - name: "fallback-auto" + type: fallback + proxies: + - ss1 + - ss2 + - vmess1 + url: "http://www.gstatic.com/generate_204" + interval: 300 + + # load-balance 将按照算法随机选择节点 + - name: "load-balance" + type: load-balance + proxies: + - ss1 + - ss2 + - vmess1 + url: "http://www.gstatic.com/generate_204" + interval: 300 + # strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions + + # select 用户自行选择节点 + - name: Proxy + type: select + # disable-udp: true + proxies: + - ss1 + - ss2 + - vmess1 + - auto + + # 配置指定interface-name和fwmark的DIRECT + - name: en1 + type: select + interface-name: en1 + routing-mark: 6667 + proxies: + - DIRECT + + - name: UseProvider + type: select + filter: "HK|TW" # 正则表达式,过滤provider1中节点名包含HK或TW + use: + - provider1 + proxies: + - Proxy + - DIRECT + +# Clash格式的节点或支持*ray的分享格式 +proxy-providers: + provider1: + type: http + url: "url" + interval: 3600 + path: ./provider1.yaml + health-check: + enable: true + interval: 600 + # lazy: true + url: http://www.gstatic.com/generate_204 + test: + type: file + path: /test.yaml + health-check: + enable: true + interval: 36000 + url: http://www.gstatic.com/generate_204 +rule-providers: + rule1: + behavior: classical # domain ipcidr + interval: 259200 + path: /path/to/save/file.yaml + type: http + url: "url" + rule2: + behavior: classical + interval: 259200 + path: /path/to/save/file.yaml + type: file +rules: + - RULE-SET,rule1,REJECT + - DOMAIN-SUFFIX,baidu.com,DIRECT + - DOMAIN-KEYWORD,google,ss1 + - IP-CIDR,1.1.1.1/32,ss1 + - IP-CIDR6,2409::/64,DIRECT