Clash.Meta/docs/config.yaml

598 lines
16 KiB
YAML
Raw Normal View History

2022-07-02 13:44:04 +08:00
# port: 7890 # HTTP(S) 代理服务器端口
# socks-port: 7891 # SOCKS5 代理端口
mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口
2022-08-28 13:41:19 +08:00
# redir-port: 7892 # 透明代理端口,用于 Linux 和 MacOS
2022-07-02 13:44:04 +08:00
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
# tproxy-port: 7893
allow-lan: true # 允许局域网连接
2022-08-28 13:41:19 +08:00
bind-address: "*" # 绑定IP地址仅作用于 allow-lan 为 true'*'表示所有地址
2022-07-02 13:44:04 +08:00
mode: rule
2022-08-28 13:41:19 +08:00
log-level: debug # 日志等级 silent/error/warning/info/debug
2022-07-02 13:44:04 +08:00
2022-08-28 13:41:19 +08:00
ipv6: true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
2022-07-02 13:44:04 +08:00
external-controller: 0.0.0.0:9093 # RESTful API 监听地址
# secret: "123456" # `Authorization: Bearer ${secret}`
# tcp-concurrent: true # TCP并发连接所有IP, 将使用最快握手的TCP
external-ui: /path/to/ui/folder # 配置WEB UI目录使用http://{{external-controller}}/ui 访问
# interface-name: en0 # 设置出口网卡
2022-08-28 13:41:19 +08:00
# routing-mark: 6666 # 配置 fwmark 仅用于Linux
2022-07-10 20:44:24 +08:00
experimental:
# 具体配置待定
# 证书指纹,SHA256格式,补充校验TLS证书
# 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
fingerprints:
2022-07-11 13:44:27 +08:00
- "8F111FA9AD3CD8E917A118522CAC39EA33741B3BBE73F91CECE548D5CCB0E5E8" # 忽略大小写
2022-08-28 13:41:19 +08:00
# 类似于 /etc/hosts, 仅支持配置单个 IP
2022-07-02 13:44:04 +08:00
hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
2022-08-28 13:41:19 +08:00
# Tun 配置
2022-07-02 13:44:04 +08:00
tun:
enable: false
stack: system # gvisor / lwip
2022-07-02 13:44:04 +08:00
dns-hijack:
2022-08-28 13:41:19 +08:00
- 198.18.0.2:53 # 需要劫持的 DNS
# auto-detect-interface: true # 自动识别出口网卡
# auto-route: true # 配置路由表
# mtu: 9000 # 最大传输单元
# strict_route: true # 将所有连接路由到tun来防止泄漏但你的设备将无法其他设备被访问
inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由
- 0.0.0.0/1
- 128.0.0.0/1
inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由
- '::/1'
- '8000::/1'
# endpoint_independent_nat: false # 启用独立于端点的 NAT
# include_uid: # UID 规则仅在 Linux 下被支持,并且需要 auto_route
# - 0
# include_uid_range: # 限制被路由的的用户范围
# - 1000-99999
# exclude_uid: # 排除路由的的用户
#- 1000
# exclude_uid_range: # 排除路由的的用户范围
# - 1000-99999
# Android 用户和应用规则仅在 Android 下被支持
# 并且需要 auto_route
# include_android_user: # 限制被路由的 Android 用户
# - 0
# - 10
# include_package: # 限制被路由的 Android 应用包名
# - com.android.chrome
# exclude_package: # 排除被路由的 Android 应用包名
# - com.android.captiveportallogin
2022-07-29 09:08:35 +08:00
#ebpf配置
ebpf:
2022-08-28 13:41:19 +08:00
auto-redir: # redirect 模式,仅支持 TCP
2022-07-29 09:08:35 +08:00
- eth0
2022-08-28 13:41:19 +08:00
redirect-to-tun: # UDP+TCP 使用该功能请勿启用 auto-route
2022-07-29 09:08:35 +08:00
- eth0
2022-07-02 13:44:04 +08:00
# 嗅探域名 可选配置
sniffer:
enable: false
# 需要嗅探协议
sniffing:
- tls
- http
# 强制对此域名进行嗅探
force-domain:
- +.v2ex.com
2022-08-28 13:41:19 +08:00
# 仅对白名单中的端口进行嗅探,默认为 44380
2022-07-02 13:44:04 +08:00
port-whitelist:
- "80"
- "443"
# - 8000-9999
profile:
# 存储select选择记录
store-selected: false
# 持久化fake-ip
store-fake-ip: true
# DNS配置
dns:
2022-08-28 13:41:19 +08:00
enable: false # 关闭将使用系统 DNS
listen: 0.0.0.0:53 # 开启 DNS 服务器监听
# ipv6: false # false 将返回 AAAA 的空结果
2022-07-02 13:44:04 +08:00
2022-08-28 13:41:19 +08:00
# 用于解析 nameserverfallback 以及其他DNS服务器配置的DNS 服务域名
# 只能使用纯 IP 地址,可使用加密 DNS
2022-07-02 13:44:04 +08:00
default-nameserver:
- 114.114.114.114
- 8.8.8.8
- tls://1.12.12.12:853
- tls://223.5.5.5:853
enhanced-mode: fake-ip # or redir-host
fake-ip-range: 198.18.0.1/16 # fake-ip 池设置
2022-08-28 13:41:19 +08:00
# use-hosts: true # 查询 hosts
2022-07-02 13:44:04 +08:00
# 配置不使用fake-ip的域名
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com
# DNS主要域名配置
2022-08-28 13:41:19 +08:00
# 支持 UDPTCPDoTDoHDoQ
# 这部分为主要 DNS 配置,影响所有直连,确保使用对大陆解析精准的 DNS
2022-07-02 13:44:04 +08:00
nameserver:
- 114.114.114.114 # default value
- 8.8.8.8 # default value
- tls://223.5.5.5:853 # DNS over TLS
- https://doh.pub/dns-query # DNS over HTTPS
- https://dns.alidns.com/dns-query#h3=true # 强制HTTP/3
2022-08-28 13:41:19 +08:00
- https://mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # 指定策略组和使用 HTTP/3
2022-07-02 13:44:04 +08:00
- dhcp://en0 # dns from dhcp
- quic://dns.adguard.com:784 # DNS over QUIC
# - '8.8.8.8#en0' # 兼容指定DNS出口网卡
2022-08-28 13:41:19 +08:00
# 当配置 fallback 时,会查询 nameserver 中返回的 IP 是否为 CN非必要配置
# 当不是 CN则使用 fallback 中的 DNS 查询结果
# 确保配置 fallback 时能够正常查询
2022-07-02 13:44:04 +08:00
# fallback:
# - tcp://1.1.1.1
2022-08-28 13:41:19 +08:00
# - 'tcp://1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡
2022-07-02 13:44:04 +08:00
2022-08-28 13:41:19 +08:00
# 专用于节点域名解析的 DNS 服务器,非必要配置项
# 配置服务器若查询失败将使用 nameserver非并发查询
2022-07-02 13:44:04 +08:00
# proxy-server-nameserver:
# - https://dns.google/dns-query
# - tls://one.one.one.one
2022-08-28 13:41:19 +08:00
# 配置 fallback 使用条件
2022-07-02 13:44:04 +08:00
# fallback-filter:
2022-08-28 13:41:19 +08:00
# geoip: true # 配置是否使用 geoip
# geoip-code: CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时,不使用 fallback 中的 DNS 查询结果
# 配置强制 fallback优先于 IP 判断,具体分类自行查看 geosite 库
2022-07-02 13:44:04 +08:00
# geosite:
# - gfw
2022-08-30 15:59:52 +08:00
# 如果不匹配 ipcidr 则使用 nameservers 中的结果
2022-07-02 13:44:04 +08:00
# ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
2022-08-28 13:41:19 +08:00
# 配置查询域名使用的 DNS 服务器
2022-07-02 13:44:04 +08:00
# nameserver-policy:
# 'www.baidu.com': '114.114.114.114'
# '+.internal.crop.com': '10.0.0.1'
proxies:
# Shadowsocks
# cipher支持:
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
# 2022-blake3-aes-128-gcm 2022-blake3-aes-256-gcm 2022-blake3-chacha20-poly1305
- name: "ss1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
2022-10-02 20:47:43 +08:00
# udp: true
# udp-over-tcp: false
# ip-version: ipv4 # 设置节点使用 IP 版本可选dualipv4ipv6ipv4-preferipv6-prefer。默认使用 dual
# ipv4仅使用 IPv4 ipv6仅使用 IPv6
# ipv4-prefer优先使用 IPv4 对于 TCP 会进行双栈解析,并发链接但是优先使用 IPv4 链接,
# UDP 则为双栈解析,获取结果中的第一个 IPv4
# ipv6-prefer 同 ipv4-prefer
# 现有协议都支持此参数TCP 效果仅在开启 tcp-concurrent 生效
2022-07-02 13:44:04 +08:00
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
- name: "ss3"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: value
# vmess
# cipher支持 auto/aes-128-gcm/chacha20-poly1305/none
- name: "vmess"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# skip-cert-verify: true
# servername: example.com # priority over wss host
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
- name: "vmess-h2"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: h2
tls: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
h2-opts:
host:
- http.example.com
- http-alt.example.com
path: /
- name: "vmess-http"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive
2022-08-28 13:41:19 +08:00
# ip-version: ipv4 # 设置使用 IP 类型偏好可选ipv4ipv6dual默认值dual
2022-07-02 13:44:04 +08:00
- name: vmess-grpc
server: server
port: 443
type: vmess
uuid: uuid
alterId: 32
cipher: auto
network: grpc
tls: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
servername: example.com
# skip-cert-verify: true
grpc-opts:
grpc-service-name: "example"
2022-08-28 13:41:19 +08:00
# ip-version: ipv4
2022-07-02 13:44:04 +08:00
# socks5
- name: "socks"
type: socks5
server: server
port: 443
# username: username
# password: password
# tls: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# skip-cert-verify: true
# udp: true
2022-08-28 13:41:19 +08:00
# ip-version: ipv6
2022-07-02 13:44:04 +08:00
# http
- name: "http"
type: http
server: server
port: 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# sni: custom.com
2022-07-25 09:27:31 +08:00
# fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints
2022-08-28 13:41:19 +08:00
# ip-version: dual
2022-07-02 13:44:04 +08:00
# Snell
# Beware that there's currently no UDP support yet
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# version: 2
# obfs-opts:
# mode: http # or tls
# host: bing.com
# Trojan
- name: "trojan"
type: trojan
server: server
port: 443
password: yourpsk
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
- name: trojan-grpc
server: server
port: 443
type: trojan
password: "example"
network: grpc
sni: example.com
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
udp: true
grpc-opts:
grpc-service-name: "example"
- name: trojan-ws
server: server
port: 443
type: trojan
password: "example"
network: ws
sni: example.com
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
udp: true
# ws-opts:
# path: /path
# headers:
# Host: example.com
- name: "trojan-xtls"
type: trojan
server: server
port: 443
password: yourpsk
flow: "xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct
flow-show: true
# udp: true
# sni: example.com # aka server name
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# vless
- name: "vless-tcp"
type: vless
server: server
port: 443
uuid: uuid
network: tcp
servername: example.com # AKA SNI
# flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
- name: "vless-ws"
type: vless
server: server
port: 443
uuid: uuid
udp: true
tls: true
network: ws
servername: example.com # priority over wss host
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
ws-opts:
path: "/"
headers:
Host: example.com
2022-10-21 01:21:15 +08:00
#hysteria
2022-07-02 13:44:04 +08:00
- name: "hysteria"
type: hysteria
server: server.com
port: 443
auth_str: yourpassword
# obfs: obfs_str
2022-10-21 01:21:15 +08:00
# alpn:
# - h3
2022-08-28 13:41:19 +08:00
protocol: udp # 支持 udp/wechat-video/faketcp
up: "30 Mbps" # 若不写单位,默认为 Mbps
down: "200 Mbps" # 若不写单位,默认为 Mbps
2022-07-02 13:44:04 +08:00
#sni: server.com
#skip-cert-verify: false
#recv_window_conn: 12582912
#recv_window: 52428800
#ca: "./my.ca"
#ca_str: "xyz"
#disable_mtu_discovery: false
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# ShadowsocksR
# The supported ciphers (encryption methods): all stream ciphers in ss
# The supported obfses:
# plain http_simple http_post
# random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
# The supported supported protocols:
# origin auth_sha1_v4 auth_aes128_md5
# auth_aes128_sha1 auth_chain_a auth_chain_b
- name: "ssr"
type: ssr
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
proxy-groups:
2022-08-28 13:41:19 +08:00
# 代理链,若落地协议支持 UDP over TCP 则可支持 UDP
2022-07-02 13:44:04 +08:00
# Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
- name: "relay"
type: relay
proxies:
- http
- vmess
- ss1
- ss2
2022-08-28 13:41:19 +08:00
# url-test 将按照 url 测试结果使用延迟最低节点
2022-07-02 13:44:04 +08:00
- name: "auto"
type: url-test
proxies:
- ss1
- ss2
- vmess1
# tolerance: 150
# lazy: true
url: "http://www.gstatic.com/generate_204"
interval: 300
2022-08-28 13:41:19 +08:00
# fallback 将按照 url 测试结果按照节点顺序选择
2022-07-02 13:44:04 +08:00
- name: "fallback-auto"
type: fallback
proxies:
- ss1
- ss2
- vmess1
url: "http://www.gstatic.com/generate_204"
interval: 300
# load-balance 将按照算法随机选择节点
- name: "load-balance"
type: load-balance
proxies:
- ss1
- ss2
- vmess1
url: "http://www.gstatic.com/generate_204"
interval: 300
# strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions
# select 用户自行选择节点
- name: Proxy
type: select
# disable-udp: true
proxies:
- ss1
- ss2
- vmess1
- auto
2022-08-28 13:41:19 +08:00
# 配置指定 interface-name 和 fwmark 的 DIRECT
2022-07-02 13:44:04 +08:00
- name: en1
type: select
interface-name: en1
routing-mark: 6667
proxies:
- DIRECT
- name: UseProvider
type: select
2022-08-28 13:41:19 +08:00
filter: "HK|TW" # 正则表达式,过滤 provider1 中节点名包含 HK 或 TW
2022-07-02 13:44:04 +08:00
use:
- provider1
proxies:
- Proxy
- DIRECT
2022-08-28 13:41:19 +08:00
# Clash 格式的节点或支持 *ray 的分享格式
2022-07-02 13:44:04 +08:00
proxy-providers:
provider1:
type: http
url: "url"
interval: 3600
path: ./provider1.yaml
health-check:
enable: true
interval: 600
# lazy: true
url: http://www.gstatic.com/generate_204
test:
type: file
path: /test.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
rule-providers:
rule1:
behavior: classical # domain ipcidr
interval: 259200
path: /path/to/save/file.yaml
type: http
url: "url"
rule2:
behavior: classical
interval: 259200
path: /path/to/save/file.yaml
type: file
rules:
- RULE-SET,rule1,REJECT
- DOMAIN-SUFFIX,baidu.com,DIRECT
- DOMAIN-KEYWORD,google,ss1
- IP-CIDR,1.1.1.1/32,ss1
- IP-CIDR6,2409::/64,DIRECT
2022-10-23 16:54:50 +08:00
- SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 当规则集
- SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2
2022-10-02 20:47:43 +08:00
# 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用
2022-10-02 20:48:50 +08:00
# google.com(not match)--> baidu.com(match)
# /
# /
# https://baidu.com --> rule1 --> rule2 --> sub-rule-name1(match tcp) 使用 DIRECT
2022-10-02 20:47:43 +08:00
#
2022-10-02 20:53:52 +08:00
#
# google.com(not match)--> baidu.com(not match)
# /
# /
# dns 1.1.1.1 --> rule1 --> rule2 --> sub-rule-name1(match udp) sub-rule-name2(match udp)
#
#
# 使用 REJECT <-- 1.1.1.1/32(match)
#
2022-10-02 20:47:43 +08:00
sub-rules:
sub-rule-name1:
- DOMAIN,google.com,ss1
- DOMAIN,baidu.com,DIRECT
sub-rule-name2:
- IP-CIDR,1.1.1.1/32,REJECT
- IP-CIDR,8.8.8.8/32,ss1
2022-10-21 01:21:15 +08:00
- DOMAIN,dns.alidns.com,REJECT