chore: adjust config.yaml.

This commit is contained in:
Larvan2 2023-02-25 17:20:38 +08:00
parent 22726c1de8
commit e6377eac9b

View file

@ -15,14 +15,9 @@ bind-address: "*" # 绑定IP地址仅作用于 allow-lan 为 true'*'表示
# - off, 不匹配进程,推荐在路由器上使用此模式 # - off, 不匹配进程,推荐在路由器上使用此模式
find-process-mode: strict find-process-mode: strict
# global-client-fingerprint:全局TLS指纹,优先低于proxy内的 client-fingerprint
# accepts "chrome","firefox","safari","ios","random","none" options.
# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome
mode: rule mode: rule
#自定义 geox-url #自定义 geodata url
geox-url: geox-url:
geoip: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat" geoip: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat"
geosite: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat" geosite: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat"
@ -32,6 +27,10 @@ log-level: debug # 日志等级 silent/error/warning/info/debug
ipv6: true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 ipv6: true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
tls:
certificate: string # 证书 PEM 格式,或者 证书的路径
private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径
external-controller: 0.0.0.0:9093 # RESTful API 监听地址 external-controller: 0.0.0.0:9093 # RESTful API 监听地址
external-controller-tls: 0.0.0.0:9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件 external-controller-tls: 0.0.0.0:9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件
# secret: "123456" # `Authorization:Bearer ${secret}` # secret: "123456" # `Authorization:Bearer ${secret}`
@ -41,6 +40,11 @@ external-ui: /path/to/ui/folder # 配置WEB UI目录使用http://{{external-c
# interface-name: en0 # 设置出口网卡 # interface-name: en0 # 设置出口网卡
# 全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint
# 可选: "chrome","firefox","safari","ios","random","none" options.
# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome
# routing-mark:6666 # 配置 fwmark 仅用于 Linux # routing-mark:6666 # 配置 fwmark 仅用于 Linux
experimental: experimental:
@ -50,6 +54,13 @@ hosts:
# '.dev': 127.0.0.1 # '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1' # 'alpha.clash.dev': '::1'
profile:
# 存储 select 选择记录
store-selected: false
# 持久化 fake-ip
store-fake-ip: true
# Tun 配置 # Tun 配置
tun: tun:
enable: false enable: false
@ -105,14 +116,12 @@ sniffer:
# 是否使用嗅探结果作为实际访问,默认 true # 是否使用嗅探结果作为实际访问,默认 true
# 全局配置,优先级低于 sniffer.sniff 实际配置 # 全局配置,优先级低于 sniffer.sniff 实际配置
override-destination: false override-destination: false
sniff: sniff: # TLS 默认如果不配置 ports 默认嗅探 443
# TLS 默认如果不配置 ports 默认嗅探 443
TLS: TLS:
# ports: [443, 8443] # ports: [443, 8443]
# 默认嗅探 80 # 默认嗅探 80
HTTP: HTTP: # 需要嗅探的端口
# 需要嗅探的端口
ports: [80, 8080-8880] ports: [80, 8080-8880]
# 可覆盖 sniffer.override-destination # 可覆盖 sniffer.override-destination
@ -136,27 +145,8 @@ sniffer:
- "443" - "443"
# - 8000-9999 # - 8000-9999
# shadowsocks,vmess 入口配置传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理
# ss-config: ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456
# vmess-config: vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345
# tuic服务器入口传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理 tunnels: # one line config
#tuic-server:
# enable: true
# listen: 127.0.0.1:10443
# token:
# - TOKEN
# certificate: ./server.crt
# private-key: ./server.key
# congestion-controller: bbr
# max-idle-time: 15000
# authentication-timeout: 1000
# alpn:
# - h3
# max-udp-relay-packet-size: 1500
tunnels:
# one line config
- tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy
- tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn
# full yaml config # full yaml config
@ -165,12 +155,6 @@ tunnels:
target: target.com target: target.com
proxy: proxy proxy: proxy
profile:
# 存储select选择记录
store-selected: false
# 持久化fake-ip
store-fake-ip: true
# DNS配置 # DNS配置
dns: dns:
@ -240,12 +224,51 @@ dns:
# - '+.youtube.com' # - '+.youtube.com'
# 配置查询域名使用的 DNS 服务器 # 配置查询域名使用的 DNS 服务器
nameserver-policy: nameserver-policy: # 'www.baidu.com': '114.114.114.114'
# 'www.baidu.com': '114.114.114.114'
# '+.internal.crop.com': '10.0.0.1' # '+.internal.crop.com': '10.0.0.1'
"geosite:cn": "https://doh.pub/dns-query" "geosite:cn":
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
"www.baidu.com": [https://doh.pub/dns-query, https://dns.alidns.com/dns-query] "www.baidu.com": [https://doh.pub/dns-query, https://dns.alidns.com/dns-query]
proxies:
proxies: # socks5
- name: "socks"
type: socks5
server: server
port: 443
# username: username
# password: password
# tls: true
# fingerprint: xxxx
# skip-cert-verify: true
# udp: true
# ip-version: ipv6
# http
- name: "http"
type: http
server: server
port: 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# sni: custom.com
# fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints
# ip-version: dual
# Snell
# Beware that there's currently no UDP support yet
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# version: 2
# obfs-opts:
# mode: http # or tls
# host: bing.com
# Shadowsocks # Shadowsocks
# cipher支持: # cipher支持:
# aes-128-gcm aes-192-gcm aes-256-gcm # aes-128-gcm aes-192-gcm aes-256-gcm
@ -268,6 +291,7 @@ proxies:
# UDP 则为双栈解析,获取结果中的第一个 IPv4 # UDP 则为双栈解析,获取结果中的第一个 IPv4
# ipv6-prefer 同 ipv4-prefer # ipv6-prefer 同 ipv4-prefer
# 现有协议都支持此参数TCP 效果仅在开启 tcp-concurrent 生效 # 现有协议都支持此参数TCP 效果仅在开启 tcp-concurrent 生效
- name: "ss2" - name: "ss2"
type: ss type: ss
server: server server: server
@ -360,13 +384,13 @@ proxies:
# udp: true # udp: true
# network: http # network: http
# http-opts: # http-opts:
# # method: "GET" # method: "GET"
# # path: # path:
# # - '/' # - '/'
# # - '/video' # - '/video'
# # headers: # headers:
# # Connection: # Connection:
# # - keep-alive # - keep-alive
# ip-version: ipv4 # 设置使用 IP 类型偏好可选ipv4ipv6dual默认值dual # ip-version: ipv4 # 设置使用 IP 类型偏好可选ipv4ipv6dual默认值dual
- name: vmess-grpc - name: vmess-grpc
@ -385,43 +409,49 @@ proxies:
grpc-service-name: "example" grpc-service-name: "example"
# ip-version: ipv4 # ip-version: ipv4
# socks5 # vless
- name: "socks" - name: "vless-tcp"
type: socks5 type: vless
server: server server: server
port: 443 port: 443
# username: username uuid: uuid
# password: password network: tcp
# tls: true servername: example.com # AKA SNI
# flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS
# skip-cert-verify: true
# fingerprint: xxxx
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
- name: "vless-vision"
type: vless
server: server
port: 443
uuid: uuid
network: tcp
tls: true
udp: true
xudp: true
flow: xtls-rprx-vision # xtls-rprx-origin # enable XTLS
client-fingerprint: chrome
# fingerprint: xxxx # fingerprint: xxxx
# skip-cert-verify: true # skip-cert-verify: true
# udp: true
# ip-version: ipv6
# http - name: "vless-ws"
- name: "http" type: vless
type: http
server: server server: server
port: 443 port: 443
# username: username uuid: uuid
# password: password udp: true
# tls: true # https tls: true
network: ws
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
servername: example.com # priority over wss host
# skip-cert-verify: true # skip-cert-verify: true
# sni: custom.com # fingerprint: xxxx
# fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints ws-opts:
# ip-version: dual path: "/"
headers:
# Snell Host: example.com
# Beware that there's currently no UDP support yet
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# version: 2
# obfs-opts:
# mode: http # or tls
# host: bing.com
# Trojan # Trojan
- name: "trojan" - name: "trojan"
@ -478,36 +508,6 @@ proxies:
# skip-cert-verify: true # skip-cert-verify: true
# fingerprint: xxxx # fingerprint: xxxx
# vless
- name: "vless-tcp"
type: vless
server: server
port: 443
uuid: uuid
network: tcp
servername: example.com # AKA SNI
# flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS
# skip-cert-verify: true
# fingerprint: xxxx
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
- name: "vless-ws"
type: vless
server: server
port: 443
uuid: uuid
udp: true
tls: true
network: ws
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
servername: example.com # priority over wss host
# skip-cert-verify: true
# fingerprint: xxxx
ws-opts:
path: "/"
headers:
Host: example.com
#hysteria #hysteria
- name: "hysteria" - name: "hysteria"
type: hysteria type: hysteria
@ -534,6 +534,7 @@ proxies:
# fingerprint: xxxx # fingerprint: xxxx
# fast-open: true # 支持 TCP 快速打开,默认为 false # fast-open: true # 支持 TCP 快速打开,默认为 false
# wireguard
- name: "wg" - name: "wg"
type: wireguard type: wireguard
server: 162.159.192.1 server: 162.159.192.1
@ -543,7 +544,9 @@ proxies:
private-key: eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU= private-key: eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU=
public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo= public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo=
udp: true udp: true
# reserved: 'U4An' reserved: "U4An"
# tuic
- name: tuic - name: tuic
server: www.example.com server: www.example.com
port: 10443 port: 10443
@ -552,9 +555,9 @@ proxies:
# ip: 127.0.0.1 # for overwriting the DNS lookup result of the server address set in option 'server' # ip: 127.0.0.1 # for overwriting the DNS lookup result of the server address set in option 'server'
# heartbeat-interval: 10000 # heartbeat-interval: 10000
# alpn: [h3] # alpn: [h3]
# disable-sni: true disable-sni: true
reduce-rtt: true reduce-rtt: true
# request-timeout: 8000 request-timeout: 8000
udp-relay-mode: native # Available: "native", "quic". Default: "native" udp-relay-mode: native # Available: "native", "quic". Default: "native"
# congestion-controller: bbr # Available: "cubic", "new_reno", "bbr". Default: "cubic" # congestion-controller: bbr # Available: "cubic", "new_reno", "bbr". Default: "cubic"
# max-udp-relay-packet-size: 1500 # max-udp-relay-packet-size: 1500
@ -582,8 +585,7 @@ proxies:
# protocol-param: "#" # protocol-param: "#"
# udp: true # udp: true
proxy-groups: proxy-groups: # 代理链,若落地协议支持 UDP over TCP 则可支持 UDP
# 代理链,若落地协议支持 UDP over TCP 则可支持 UDP
# Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
- name: "relay" - name: "relay"
type: relay type: relay
@ -690,7 +692,8 @@ rules:
- DOMAIN-KEYWORD,google,ss1 - DOMAIN-KEYWORD,google,ss1
- IP-CIDR,1.1.1.1/32,ss1 - IP-CIDR,1.1.1.1/32,ss1
- IP-CIDR6,2409::/64,DIRECT - IP-CIDR6,2409::/64,DIRECT
- SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 当规则集 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 的规则集
- SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1
- SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2 - SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2
# 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用 # 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用
# google.com(not match)--> baidu.com(match) # google.com(not match)--> baidu.com(match)
@ -717,15 +720,6 @@ sub-rules:
- IP-CIDR,8.8.8.8/32,ss1 - IP-CIDR,8.8.8.8/32,ss1
- DOMAIN,dns.alidns.com,REJECT - DOMAIN,dns.alidns.com,REJECT
tls:
certificate: string # 证书 PEM 格式,或者 证书的路径
private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径
# 自定义证书验证,将加入 Clash 证书验证中,绝大多数 TLS 相关支持DNS
# 可用于自定义证书的验证
custom-certificates:
- certificate: string # 证书 PEM 格式,或者 证书的路径
private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径
# 流量入站 # 流量入站
listeners: listeners:
- name: socks5-in-1 - name: socks5-in-1
@ -853,3 +847,23 @@ listeners:
# - com.android.chrome # - com.android.chrome
# exclude_package: # 排除被路由的 Android 应用包名 # exclude_package: # 排除被路由的 Android 应用包名
# - com.android.captiveportallogin # - com.android.captiveportallogin
# 入口配置与 Listener 等价,传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理
# shadowsocks,vmess 入口配置传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理
# ss-config: ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456
# vmess-config: vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345
# tuic服务器入口传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理
# tuic-server:
# enable: true
# listen: 127.0.0.1:10443
# token:
# - TOKEN
# certificate: ./server.crt
# private-key: ./server.key
# congestion-controller: bbr
# max-idle-time: 15000
# authentication-timeout: 1000
# alpn:
# - h3
# max-udp-relay-packet-size: 1500