From 129fcf3ce7b37af601393fd98ab8ac4ecb43b7f5 Mon Sep 17 00:00:00 2001 From: Larvan2 <78135608+Larvan2@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:50:11 +0800 Subject: [PATCH] Updated Configuring example (markdown) --- Configuring-example.md | 490 +++++++++++++++++++++-------------------- 1 file changed, 248 insertions(+), 242 deletions(-) diff --git a/Configuring-example.md b/Configuring-example.md index c4c86d5..9dd7631 100644 --- a/Configuring-example.md +++ b/Configuring-example.md @@ -1,5 +1,5 @@ -这是一个使用 [Alpha](https: //github.com/MetaCubeX/Clash.Meta/tree/Alpha) 分支的配置文件示例,完整配置见[此处](https: //github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml)。 +这是一个使用 [Alpha](https://github.com/MetaCubeX/Clash.Meta/tree/Alpha) 分支的配置文件示例,完整配置见[此处](https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml)。 @@ -10,14 +10,16 @@ - [tunnels](#tunnels) - [DNS 配置](#dns-配置) - [Proxies](#proxies) + - [Shadowsocks](#shadowsocks) + - [ShadowsocksR](#shadowsocksr) - [vmess](#vmess) - - [Socks \& HTTP](#socks--http) + - [Socks](#socks) + - [HTTP](#http) - [VLESS](#vless) - [Snell](#snell) - [Trojan](#trojan) - [Hysteria](#hysteria) - [Tuic](#tuic) - - [ShadowsocksR](#shadowsocksr) - [Wireguard](#wireguard) - [Proxy-groups](#proxy-groups) - [Providers](#providers) @@ -26,254 +28,254 @@ - [Rules](#rules) - [Listeners](#listeners) - [入口配置](#入口配置) - - [ss-config:](#ss-config) - - [vmess-config:](#vmess-config) + - [ss-config](#ss-config) + - [vmess-config](#vmess-config) - [tuic 服务器入口](#tuic-服务器入口) ## General ```yaml -# port: 7890 # HTTP(S) 代理服务器端口 -# socks-port: 7891 # SOCKS5 代理端口 +# port:7890 # HTTP(S) 代理服务器端口 +# socks-port:7891 # SOCKS5 代理端口 mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口 -# redir-port: 7892 # 透明代理端口,用于 Linux 和 MacOS +# redir-port:7892 # 透明代理端口,用于 Linux 和 MacOS # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) -# tproxy-port: 7893 +# tproxy-port:7893 -allow-lan: true # 允许局域网连接 -bind-address: "*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,'*'表示所有地址 +allow-lan:true # 允许局域网连接 +bind-address:"*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,'*'表示所有地址 -# find-process-mode has 3 values: always, strict, off +# find-process-mode has 3 values:always, strict, off # - always, 开启,强制匹配所有进程 # - strict, 默认,由 clash 判断是否开启 # - off, 不匹配进程,推荐在路由器上使用此模式 -find-process-mode: strict +find-process-mode:strict -mode: rule +mode:rule #自定义 geodata url -geox-url: - geoip: "https: //cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat" - geosite: "https: //cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat" - mmdb: "https: //cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb" +geox-url: + geoip:"https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat" + geosite:"https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat" + mmdb:"https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb" -log-level: debug # 日志等级 silent/error/warning/info/debug +log-level:debug # 日志等级 silent/error/warning/info/debug -ipv6: true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 +ipv6:true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 -tls: - certificate: string # 证书 PEM 格式,或者 证书的路径 - private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径 +tls: + certificate:string # 证书 PEM 格式,或者 证书的路径 + private-key:string # 证书对应的私钥 PEM 格式,或者私钥路径 -external-controller: 0.0.0.0: 9093 # RESTful API 监听地址 -external-controller-tls: 0.0.0.0: 9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件 -# secret: "123456" # `Authorization: Bearer ${secret}` +external-controller:0.0.0.0:9093 # RESTful API 监听地址 +external-controller-tls:0.0.0.0:9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件 +# secret:"123456" # `Authorization:Bearer ${secret}` -# tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP -external-ui: /path/to/ui/folder # 配置 WEB UI 目录,使用 http: //{{external-controller}}/ui 访问 +# tcp-concurrent:true # TCP 并发连接所有 IP, 将使用最快握手的 TCP +external-ui:/path/to/ui/folder # 配置 WEB UI 目录,使用 http://{{external-controller}}/ui 访问 -# interface-name: en0 # 设置出口网卡 +# interface-name:en0 # 设置出口网卡 # global-client-fingerprint: 全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint # accepts "chrome","firefox","safari","ios","random","none" options. # Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. global-client-fingerprint: chrome -# routing-mark: 6666 # 配置 fwmark 仅用于 Linux -experimental: +# routing-mark:6666 # 配置 fwmark 仅用于 Linux +experimental: # 类似于 /etc/hosts, 仅支持配置单个 IP -hosts: -# '*.clash.dev': 127.0.0.1 -# '.dev': 127.0.0.1 -# 'alpha.clash.dev': ': : 1' +hosts: +# '*.clash.dev':127.0.0.1 +# '.dev':127.0.0.1 +# 'alpha.clash.dev':'::1' -profile: +profile: # 存储 select 选择记录 - store-selected: false + store-selected:false # 持久化 fake-ip - store-fake-ip: true + store-fake-ip:true ``` ## Tun Supports macOS, Linux and Windows. -Built-in [Wintun](https: //www.wintun.net) driver. +Built-in [Wintun](https://www.wintun.net) driver. ```yaml -tun: - enable: false - stack: system # gvisor / lwip - dns-hijack: - - 0.0.0.0: 53 # 需要劫持的 DNS - auto-detect-interface: true # 自动识别出口网卡 - auto-route: true # 配置路由表 - # mtu: 9000 # 最大传输单元 - # strict_route: true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 - # inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 +tun: + enable:false + stack:system # gvisor / lwip + dns-hijack: + - 0.0.0.0:53 # 需要劫持的 DNS + auto-detect-interface:true # 自动识别出口网卡 + auto-route:true # 配置路由表 + # mtu:9000 # 最大传输单元 + # strict_route:true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 + # inet4_route_address:# 启用 auto_route 时使用自定义路由而不是默认路由 # - 0.0.0.0/1 # - 128.0.0.0/1 - # inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 - # - ": : /1" - # - "8000: : /1" - # endpoint_independent_nat: false # 启用独立于端点的 NAT - # include_uid: # UID 规则仅在 Linux 下被支持,并且需要 auto_route + # inet6_route_address:# 启用 auto_route 时使用自定义路由而不是默认路由 + # - "::/1" + # - "8000::/1" + # endpoint_independent_nat:false # 启用独立于端点的 NAT + # include_uid:# UID 规则仅在 Linux 下被支持,并且需要 auto_route # - 0 - # include_uid_range: # 限制被路由的的用户范围 + # include_uid_range:# 限制被路由的的用户范围 # - 1000-99999 - # exclude_uid: # 排除路由的的用户 + # exclude_uid:# 排除路由的的用户 #- 1000 - # exclude_uid_range: # 排除路由的的用户范围 + # exclude_uid_range:# 排除路由的的用户范围 # - 1000-99999 # Android 用户和应用规则仅在 Android 下被支持 # 并且需要 auto_route - # include_android_user: # 限制被路由的 Android 用户 + # include_android_user:# 限制被路由的 Android 用户 # - 0 # - 10 - # include_package: # 限制被路由的 Android 应用包名 + # include_package:# 限制被路由的 Android 应用包名 # - com.android.chrome - # exclude_package: # 排除被路由的 Android 应用包名 + # exclude_package:# 排除被路由的 Android 应用包名 # - com.android.captiveportallogin ``` ## ebpf ```yaml -ebpf: - auto-redir: # redirect 模式,仅支持 TCP +ebpf: + auto-redir:# redirect 模式,仅支持 TCP - eth0 - redirect-to-tun: # UDP+TCP 使用该功能请勿启用 auto-route + redirect-to-tun:# UDP+TCP 使用该功能请勿启用 auto-route - eth0 ``` ## sniffer ```yaml -sniffer: - enable: false +sniffer: + enable:false ## 对 redir-host 类型识别的流量进行强制嗅探 ## 如:Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于 - # force-dns-mapping: false + # force-dns-mapping:false ## 对所有未获取到域名的流量进行强制嗅探 - # parse-pure-ip: false + # parse-pure-ip:false # 是否使用嗅探结果作为实际访问,默认 true # 全局配置,优先级低于 sniffer.sniff 实际配置 - override-destination: false - sniff: + override-destination:false + sniff: # TLS 默认如果不配置 ports 默认嗅探 443 - TLS: - # ports: [443, 8443] + TLS: + # ports:[443, 8443] # 默认嗅探 80 - HTTP: + HTTP: # 需要嗅探的端口 - ports: [80, 8080-8880] + ports:[80, 8080-8880] # 可覆盖 sniffer.override-destination - override-destination: true - force-domain: + override-destination:true + force-domain: - +.v2ex.com ## 对嗅探结果进行跳过 - # skip-domain: + # skip-domain: # - Mijia Cloud ``` ## tunnels ```yaml -tunnels: +tunnels: # one line config - - tcp/udp,127.0.0.1: 6553,114.114.114.114: 53,proxy - - tcp,127.0.0.1: 6666,rds.mysql.com: 3306,vpn + - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy + - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn # full yaml config - - network: [tcp, udp] - address: 127.0.0.1: 7777 - target: target.com - proxy: proxy + - network:[tcp, udp] + address:127.0.0.1:7777 + target:target.com + proxy:proxy ``` ## DNS 配置 ```yaml -dns: - enable: false # 关闭将使用系统 DNS - prefer-h3: true # 开启 DoH 支持 HTTP/3,将并发尝试 - listen: 0.0.0.0: 5353 # 开启 DNS 服务器监听 - # ipv6: false # false 将返回 AAAA 的空结果 +dns: + enable:false # 关闭将使用系统 DNS + prefer-h3:true # 开启 DoH 支持 HTTP/3,将并发尝试 + listen:0.0.0.0:5353 # 开启 DNS 服务器监听 + # ipv6:false # false 将返回 AAAA 的空结果 # 用于解析 nameserver,fallback 以及其他 DNS 服务器配置的,DNS 服务域名 # 只能使用纯 IP 地址,可使用加密 DNS - default-nameserver: + default-nameserver: - 114.114.114.114 - - tls: //1.12.12.12: 853 - - tls: //223.5.5.5: 853 + - tls://1.12.12.12:853 + - tls://223.5.5.5:853 - enhanced-mode: redir-host # or fake-ip + enhanced-mode:redir-host # or fake-ip - fake-ip-range: 198.18.0.1/16 # fake-ip 池设置 + fake-ip-range:198.18.0.1/16 # fake-ip 池设置 - # use-hosts: true # 查询 hosts + # use-hosts:true # 查询 hosts # 配置查询域名使用的 DNS 服务器 # nameserver-policy 可以使用 geosite 分流 DNS 解析。 # 将国内域名指定为国内 DOH 进行解析,其余 DNS 使用境外 DOH 解析 - nameserver-policy: - "geosite: cn": [https: //doh.pub/dns-query,https: //dns.alidns.com/dns-query] - # 'www.baidu.com': '114.114.114.114' - # '+.internal.crop.com': '10.0.0.1' + nameserver-policy: + "geosite:cn":[https://doh.pub/dns-query,https://dns.alidns.com/dns-query] + # 'www.baidu.com':'114.114.114.114' + # '+.internal.crop.com':'10.0.0.1' # DNS 主要域名配置 # 支持 UDP,TCP,DoT,DoH,DoQ - nameserver: - - https: //dns.google/dns-query - - https: //dns.cloudflare.com/dns-query - - https: //doh.opendns.com/dns-query - - https: //doh.dns.sb/dns-query - - https: //[2001: 4860: 4860: : 8888]/dns-query - - https: //[2001: 4860: 4860: : 8844]/dns-query - - https: //[2001: 4860: 4860: : 6464]/dns-query - - https: //[2001: 4860: 4860: : 64]/dns-query + nameserver: + - https://dns.google/dns-query + - https://dns.cloudflare.com/dns-query + - https://doh.opendns.com/dns-query + - https://doh.dns.sb/dns-query + - https://[2001:4860:4860::8888]/dns-query + - https://[2001:4860:4860::8844]/dns-query + - https://[2001:4860:4860::6464]/dns-query + - https://[2001:4860:4860::64]/dns-query # - 114.114.114.114 # default value # - 8.8.8.8 # default value - # - tls: //223.5.5.5: 853 # DNS over TLS - # - https: //doh.pub/dns-query # DNS over HTTPS - # - https: //dns.alidns.com/dns-query#h3=true # 强制 HTTP/3,与 perfer-h3 无关,强制开启 DoH 的 HTTP/3 支持,若不支持将无法使用 - # - https: //mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # 指定策略组和使用 HTTP/3 - # - dhcp: //en0 # dns from dhcp - # - quic: //dns.adguard.com: 784 # DNS over QUIC + # - tls://223.5.5.5:853 # DNS over TLS + # - https://doh.pub/dns-query # DNS over HTTPS + # - https://dns.alidns.com/dns-query#h3=true # 强制 HTTP/3,与 perfer-h3 无关,强制开启 DoH 的 HTTP/3 支持,若不支持将无法使用 + # - https://mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # 指定策略组和使用 HTTP/3 + # - dhcp://en0 # dns from dhcp + # - quic://dns.adguard.com:784 # DNS over QUIC # - '8.8.8.8#en0' # 兼容指定 DNS 出口网卡 # 当配置 fallback 时,会查询 nameserver 中返回的 IP 是否为 CN,非必要配置 # 当不是 CN,则使用 fallback 中的 DNS 查询结果 # 确保配置 fallback 时能够正常查询 - # fallback: - # - tcp: //1.1.1.1 - # - 'tcp: //1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询,ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡 + # fallback: + # - tcp://1.1.1.1 + # - 'tcp://1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询,ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡 # 专用于节点域名解析的 DNS 服务器,非必要配置项 # 配置服务器若查询失败将使用 nameserver,非并发查询 - # proxy-server-nameserver: - # - https: //dns.google/dns-query - # - tls: //one.one.one.one + # proxy-server-nameserver: + # - https://dns.google/dns-query + # - tls://one.one.one.one # 配置 fallback 使用条件 - # fallback-filter: - # geoip: true # 配置是否使用 geoip - # geoip-code: CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时,不使用 fallback 中的 DNS 查询结果 + # fallback-filter: + # geoip:true # 配置是否使用 geoip + # geoip-code:CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时,不使用 fallback 中的 DNS 查询结果 # 配置强制 fallback,优先于 IP 判断,具体分类自行查看 geosite 库 - # geosite: + # geosite: # - "geolocation-!cn" # 如果不匹配 ipcidr 则使用 nameservers 中的结果 - # ipcidr: + # ipcidr: # - 240.0.0.0/4 - # domain: + # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # 配置不使用 fake-ip 的域名 - # fake-ip-filter: + # fake-ip-filter: # - "+.lan" # # QQ Loopback # - localhost.sec.qq.com @@ -317,9 +319,10 @@ dns: ``` ## Proxies + +### Shadowsocks ```yaml -proxies: - # Shadowsocks +proxies: # cipher 支持: # aes-128-gcm aes-192-gcm aes-256-gcm # aes-128-cfb aes-192-cfb aes-256-cfb @@ -337,7 +340,7 @@ proxies: # udp-over-tcp: false # ip-version: ipv4 # 设置节点使用 IP 版本,可选:dual,ipv4,ipv6,ipv4-prefer,ipv6-prefer。默认使用 dual # ipv4:仅使用 IPv4 ipv6:仅使用 IPv6 - # ipv4-prefer:优先使用 IPv4 对于 TCP 会进行双栈解析,并发链接但是优先使用 IPv4 链接, + # ipv4-prefer:优先使用 IPv4 对于 TCP 会进行双栈解析,并发链接但是优先使用 IPv4 链接, # UDP 则为双栈解析,获取结果中的第一个 IPv4 # ipv6-prefer 同 ipv4-prefer # 现有协议都支持此参数,TCP 效果仅在开启 tcp-concurrent 生效 @@ -348,7 +351,7 @@ proxies: cipher: chacha20-ietf-poly1305 password: "password" plugin: obfs - plugin-opts: + plugin-opts: mode: tls # or http # host: bing.com @@ -359,7 +362,7 @@ proxies: cipher: chacha20-ietf-poly1305 password: "password" plugin: v2ray-plugin - plugin-opts: + plugin-opts: mode: websocket # no QUIC now # tls: true # wss # 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取 @@ -369,7 +372,7 @@ proxies: # host: bing.com # path: "/" # mux: true - # headers: + # headers: # custom: value - name: "ss4" @@ -379,10 +382,31 @@ proxies: cipher: chacha20-ietf-poly1305 password: "password" plugin: shadow-tls - plugin-opts: + plugin-opts: host: "cloud.tencent.com" password: "shadow_tls_password" ``` +### ShadowsocksR +```yaml + # The supported ciphers (encryption methods): all stream ciphers in ss + # The supported obfses: + # plain http_simple http_post + # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth + # The supported supported protocols: + # origin auth_sha1_v4 auth_aes128_md5 + # auth_aes128_sha1 auth_chain_a auth_chain_b + - name: "ssr" + type: ssr + server: server + port: 443 + cipher: chacha20-ietf + password: "password" + obfs: tls1.2_ticket_auth + protocol: auth_sha1_v4 + # obfs-param: domain.tld + # protocol-param: "#" + # udp: true +``` ### vmess ```yaml @@ -401,9 +425,9 @@ proxies: # skip-cert-verify: true # servername: example.com # priority over wss host # network: ws - # ws-opts: + # ws-opts: # path: /path - # headers: + # headers: # Host: v2ray.com # max-early-data: 2048 # early-data-header-name: Sec-WebSocket-Protocol @@ -418,8 +442,8 @@ proxies: network: h2 tls: true # fingerprint: xxxx - h2-opts: - host: + h2-opts: + host: - http.example.com - http-alt.example.com path: / @@ -433,13 +457,13 @@ proxies: cipher: auto # udp: true # network: http - # http-opts: + # http-opts: # # method: "GET" - # # path: + # # path: # # - '/' # # - '/video' - # # headers: - # # Connection: + # # headers: + # # Connection: # # - keep-alive # ip-version: ipv4 # 设置使用 IP 类型偏好,可选:ipv4,ipv6,dual,默认值:dual @@ -455,13 +479,12 @@ proxies: # fingerprint: xxxx servername: example.com # skip-cert-verify: true - grpc-opts: + grpc-opts: grpc-service-name: "example" # ip-version: ipv4 ``` -### Socks & HTTP +### Socks ``` - # socks5 - name: "socks" type: socks5 server: server @@ -473,8 +496,10 @@ proxies: # skip-cert-verify: true # udp: true # ip-version: ipv6 +``` - # http +### HTTP +```yaml - name: "http" type: http server: server @@ -499,7 +524,7 @@ proxies: # flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS # skip-cert-verify: true # fingerprint: xxxx - # client-fingerprint: random # Available: "chrome","firefox","safari","random" + # client-fingerprint: random # Available: "chrome","firefox","safari","random","none" - name: "vless-ws" type: vless @@ -509,14 +534,15 @@ proxies: udp: true tls: true network: ws - # client-fingerprint: random # Available: "chrome","firefox","safari","random" + # client-fingerprint: random # Available: "chrome","firefox","safari","random","none" servername: example.com # priority over wss host # skip-cert-verify: true # fingerprint: xxxx - ws-opts: + ws-opts: path: "/" - headers: + headers: Host: example.com + ``` ### Snell @@ -528,7 +554,7 @@ proxies: port: 44046 psk: yourpsk # version: 2 - # obfs-opts: + # obfs-opts: # mode: http # or tls # host: bing.com ``` @@ -540,11 +566,11 @@ proxies: server: server port: 443 password: yourpsk - # client-fingerprint: chrome # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan. + # client-fingerprint: chrome # Available:"chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan. # fingerprint: xxxx # udp: true # sni: example.com # aka server name - # alpn: + # alpn: # - h2 # - http/1.1 # skip-cert-verify: true @@ -559,10 +585,10 @@ proxies: # skip-cert-verify: true # fingerprint: xxxx udp: true - grpc-opts: - grpc-service-name: "example" + grpc-opts: + grpc-service-name:"example" - - name: trojan-ws + - name:trojan-ws server: server port: 443 type: trojan @@ -572,10 +598,10 @@ proxies: # skip-cert-verify: true # fingerprint: xxxx udp: true - # ws-opts: + # ws-opts: # path: /path - # headers: - # Host: example.com + # headers: + # Host:example.com - name: "trojan-xtls" type: trojan @@ -599,7 +625,7 @@ proxies: auth_str: yourpassword # 将会在未来某个时候删除 # auth-str: yourpassword # obfs: obfs_str - # alpn: + # alpn: # - h3 protocol: udp # 支持 udp/wechat-video/faketcp up: "30 Mbps" # 若不写单位,默认为 Mbps @@ -639,27 +665,7 @@ proxies: # max-open-streams: 20 # default 100, too many open streams may hurt performance ``` -### ShadowsocksR -``` - # The supported ciphers (encryption methods): all stream ciphers in ss - # The supported obfses: - # plain http_simple http_post - # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth - # The supported supported protocols: - # origin auth_sha1_v4 auth_aes128_md5 - # auth_aes128_sha1 auth_chain_a auth_chain_b - - name: "ssr" - type: ssr - server: server - port: 443 - cipher: chacha20-ietf - password: "password" - obfs: tls1.2_ticket_auth - protocol: auth_sha1_v4 - # obfs-param: domain.tld - # protocol-param: "#" - # udp: true -``` + ### Wireguard ```yaml @@ -668,7 +674,7 @@ proxies: server: 162.159.192.1 port: 2480 ip: 172.16.0.2 - ipv6: fd01: 5ca1: ab1e: 80fa: ab85: 6eea: 213f: f4a5 + ipv6: fd01:5ca1:ab1e:80fa:ab85:6eea:213f:f4a5 private-key: eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU= public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo= udp: true @@ -679,12 +685,12 @@ proxies: Active health detection `urltest / fallback` (based on tcp handshake, multiple failures within a limited time will actively trigger health detection to use the node) ```yaml -proxy-groups: +proxy-groups: # 代理链,若落地协议支持 UDP over TCP 则可支持 UDP - # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet + # Traffic:clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet - name: "relay" type: relay - proxies: + proxies: - http - vmess - ss1 @@ -693,41 +699,41 @@ proxy-groups: # url-test 将按照 url 测试结果使用延迟最低节点 - name: "auto" type: url-test - proxies: + proxies: - ss1 - ss2 - vmess1 # tolerance: 150 # lazy: true - url: "https: //cp.cloudflare.com/generate_204" + url: "https://cp.cloudflare.com/generate_204" interval: 300 # fallback 将按照 url 测试结果按照节点顺序选择 - name: "fallback-auto" type: fallback - proxies: + proxies: - ss1 - ss2 - vmess1 - url: "https: //cp.cloudflare.com/generate_204" + url: "https://cp.cloudflare.com/generate_204" interval: 300 # load-balance 将按照算法随机选择节点 - name: "load-balance" type: load-balance - proxies: + proxies: - ss1 - ss2 - vmess1 - url: "https: //cp.cloudflare.com/generate_204" + url: "https://cp.cloudflare.com/generate_204" interval: 300 # strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions # select 用户自行选择节点 - name: Proxy type: select - # disable-udp: true - proxies: + # disable-udp:true + proxies: - ss1 - ss2 - vmess1 @@ -738,16 +744,16 @@ proxy-groups: type: select interface-name: en1 routing-mark: 6667 - proxies: + proxies: - DIRECT # Support `Policy Group Filter` - name: UseProvider type: select filter: "HK|TW" # 正则表达式,过滤 provider1 中节点名包含 HK 或 TW - use: + use: - provider1 - proxies: + proxies: - Proxy - DIRECT ``` @@ -755,36 +761,36 @@ proxy-groups: ## Providers ### Proxy-providers ``` -proxy-providers: - provider1: +proxy-providers: + provider1: type: http url: "url" interval: 3600 path: ./provider1.yaml - health-check: + health-check: enable: true interval: 600 # lazy: true - url: https: //cp.cloudflare.com/generate_204 - test: + url: https://cp.cloudflare.com/generate_204 + test: type: file path: /test.yaml - health-check: + health-check: enable: true interval: 36000 - url: https: //cp.cloudflare.com/generate_204 + url: https://cp.cloudflare.com/generate_204 ``` ### Rule-providers ```yaml -rule-providers: - rule1: +rule-providers: + rule1: behavior: classical # domain ipcidr interval: 259200 path: /path/to/save/file.yaml type: http url: "url" - rule2: + rule2: behavior: classical interval: 259200 path: /path/to/save/file.yaml @@ -797,22 +803,22 @@ rule-providers: - Support `multiport` condition for rule `SRC-PORT` and `DST-PORT`. - Support `network` condition for all rules. - Support source IPCIDR condition for all rules, just append to the end. -- The `GEOSITE` databases via https: //github.com/Loyalsoldier/v2ray-rules-dat. +- The `GEOSITE` databases via https://github.com/Loyalsoldier/v2ray-rules-dat. ```yaml -rules: +rules: - RULE-SET,rule1,REJECT - DOMAIN-SUFFIX,baidu.com,DIRECT - DOMAIN-KEYWORD,google,ss1 - IP-CIDR,1.1.1.1/32,ss1 - - IP-CIDR6,2409: : /64,DIRECT + - IP-CIDR6,2409::/64,DIRECT - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 当规则集 - SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2 # 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用 # google.com(not match)--> baidu.com(match) # / | # / | -# https: //baidu.com --> rule1 --> rule2 --> sub-rule-name1(match tcp) 使用 DIRECT +# https://baidu.com --> rule1 --> rule2 --> sub-rule-name1(match tcp) 使用 DIRECT # # google.com(not match)--> baidu.com(not match) # / | @@ -822,11 +828,11 @@ rules: # 使用 REJECT <-- 1.1.1.1/32(match) # -sub-rules: - sub-rule-name1: +sub-rules: + sub-rule-name1: - DOMAIN,google.com,ss1 - DOMAIN,baidu.com,DIRECT - sub-rule-name2: + sub-rule-name2: - IP-CIDR,1.1.1.1/32,REJECT - IP-CIDR,8.8.8.8/32,ss1 - DOMAIN,dns.alidns.com,REJECT @@ -835,13 +841,13 @@ sub-rules: ## Listeners ```yaml # 流量入站 -listeners: +listeners: - name: socks5-in-1 type: socks port: 10808 #listen: 0.0.0.0 # 默认监听 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理 # udp: false # 默认 true - name: http-in-1 @@ -849,14 +855,14 @@ listeners: port: 10809 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) - name: mixed-in-1 type: mixed # HTTP(S) 和 SOCKS 代理混合 port: 10810 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) # udp: false # 默认 true - name: reidr-in-1 @@ -864,14 +870,14 @@ listeners: port: 10811 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) - name: tproxy-in-1 type: tproxy port: 10812 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) # udp: false # 默认 true - name: shadowsocks-in-1 @@ -879,7 +885,7 @@ listeners: port: 10813 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) password: vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg= cipher: 2022-blake3-aes-256-gcm @@ -888,8 +894,8 @@ listeners: port: 10814 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - users: + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) + users: - username: 1 uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68 alterId: 1 @@ -899,15 +905,15 @@ listeners: port: 10815 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - # token: + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) + # token: # - TOKEN # certificate: ./server.crt # private-key: ./server.key # congestion-controller: bbr # max-idle-time: 15000 # authentication-timeout: 1000 - # alpn: + # alpn: # - h3 # max-udp-relay-packet-size: 1500 @@ -916,31 +922,31 @@ listeners: port: 10816 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) network: [tcp, udp] target: target.com - name: tun-in-1 type: tun # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) stack: system # gvisor / lwip - dns-hijack: - - 0.0.0.0: 53 # 需要劫持的 DNS + dns-hijack: + - 0.0.0.0:53 # 需要劫持的 DNS # auto-detect-interface: false # 自动识别出口网卡 # auto-route: false # 配置路由表 # mtu: 9000 # 最大传输单元 - inet4-address: # 必须手动设置 ipv4 地址段 + inet4-address: # 必须手动设置ipv4地址段 - 198.19.0.1/30 - inet6-address: # 必须手动设置 ipv6 地址段 - - "fdfe: dcba: 9877: : 1/126" - # strict_route: true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 + inet6-address: # 必须手动设置ipv6地址段 + - "fdfe:dcba:9877::1/126" + # strict_route: true # 将所有连接路由到tun来防止泄漏,但你的设备将无法其他设备被访问 # inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 # - 0.0.0.0/1 # - 128.0.0.0/1 # inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 - # - ": : /1" - # - "8000: : /1" + # - "::/1" + # - "8000::/1" # endpoint_independent_nat: false # 启用独立于端点的 NAT # include_uid: # UID 规则仅在 Linux 下被支持,并且需要 auto_route # - 0 @@ -966,29 +972,29 @@ listeners: ## 入口配置 入口配置与 Listener 等价,传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理 -### ss-config: +### ss-config ```yaml -ss: //2022-blake3-aes-256-gcm: vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@: 23456 +ss-config: ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456 ``` -### vmess-config: +### vmess-config ```yaml -vmess: //1: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@: 12345 +vmess-config: vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345 ``` ### tuic 服务器入口 传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理 ```yaml -tuic-server: +tuic-server: enable: true - listen: 127.0.0.1: 10443 - token: + listen: 127.0.0.1:10443 + token: - TOKEN certificate: ./server.crt private-key: ./server.key congestion-controller: bbr max-idle-time: 15000 authentication-timeout: 1000 - alpn: + alpn: - h3 max-udp-relay-packet-size: 1500 ```