diff --git a/Configuring-example.md b/Configuring-example.md index 4b4c5c0..c4c86d5 100644 --- a/Configuring-example.md +++ b/Configuring-example.md @@ -1,5 +1,5 @@ -这是一个使用 [Alpha](https://github.com/MetaCubeX/Clash.Meta/tree/Alpha) 分支的配置文件示例,完整配置见[此处](https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml)。 +这是一个使用 [Alpha](https: //github.com/MetaCubeX/Clash.Meta/tree/Alpha) 分支的配置文件示例,完整配置见[此处](https: //github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml)。 @@ -32,248 +32,248 @@ ## General ```yaml -# port:7890 # HTTP(S) 代理服务器端口 -# socks-port:7891 # SOCKS5 代理端口 -mixed-port:10801 # HTTP(S) 和 SOCKS 代理混合端口 -# redir-port:7892 # 透明代理端口,用于 Linux 和 MacOS +# port: 7890 # HTTP(S) 代理服务器端口 +# socks-port: 7891 # SOCKS5 代理端口 +mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口 +# redir-port: 7892 # 透明代理端口,用于 Linux 和 MacOS # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) -# tproxy-port:7893 +# tproxy-port: 7893 -allow-lan:true # 允许局域网连接 -bind-address:"*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,'*'表示所有地址 +allow-lan: true # 允许局域网连接 +bind-address: "*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,'*'表示所有地址 -# find-process-mode has 3 values:always, strict, off +# find-process-mode has 3 values: always, strict, off # - always, 开启,强制匹配所有进程 # - strict, 默认,由 clash 判断是否开启 # - off, 不匹配进程,推荐在路由器上使用此模式 -find-process-mode:strict +find-process-mode: strict -mode:rule +mode: rule #自定义 geodata url -geox-url: - geoip:"https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat" - geosite:"https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat" - mmdb:"https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb" +geox-url: + geoip: "https: //cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat" + geosite: "https: //cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat" + mmdb: "https: //cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb" -log-level:debug # 日志等级 silent/error/warning/info/debug +log-level: debug # 日志等级 silent/error/warning/info/debug -ipv6:true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 +ipv6: true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 -tls: - certificate:string # 证书 PEM 格式,或者 证书的路径 - private-key:string # 证书对应的私钥 PEM 格式,或者私钥路径 +tls: + certificate: string # 证书 PEM 格式,或者 证书的路径 + private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径 -external-controller:0.0.0.0:9093 # RESTful API 监听地址 -external-controller-tls:0.0.0.0:9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件 -# secret:"123456" # `Authorization:Bearer ${secret}` +external-controller: 0.0.0.0: 9093 # RESTful API 监听地址 +external-controller-tls: 0.0.0.0: 9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件 +# secret: "123456" # `Authorization: Bearer ${secret}` -# tcp-concurrent:true # TCP 并发连接所有 IP, 将使用最快握手的 TCP -external-ui:/path/to/ui/folder # 配置 WEB UI 目录,使用 http://{{external-controller}}/ui 访问 +# tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP +external-ui: /path/to/ui/folder # 配置 WEB UI 目录,使用 http: //{{external-controller}}/ui 访问 -# interface-name:en0 # 设置出口网卡 +# interface-name: en0 # 设置出口网卡 # global-client-fingerprint: 全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint # accepts "chrome","firefox","safari","ios","random","none" options. # Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. global-client-fingerprint: chrome -# routing-mark:6666 # 配置 fwmark 仅用于 Linux -experimental: +# routing-mark: 6666 # 配置 fwmark 仅用于 Linux +experimental: # 类似于 /etc/hosts, 仅支持配置单个 IP -hosts: -# '*.clash.dev':127.0.0.1 -# '.dev':127.0.0.1 -# 'alpha.clash.dev':'::1' +hosts: +# '*.clash.dev': 127.0.0.1 +# '.dev': 127.0.0.1 +# 'alpha.clash.dev': ': : 1' -profile: +profile: # 存储 select 选择记录 - store-selected:false + store-selected: false # 持久化 fake-ip - store-fake-ip:true + store-fake-ip: true ``` ## Tun Supports macOS, Linux and Windows. -Built-in [Wintun](https://www.wintun.net) driver. +Built-in [Wintun](https: //www.wintun.net) driver. ```yaml -tun: - enable:false - stack:system # gvisor / lwip - dns-hijack: - - 0.0.0.0:53 # 需要劫持的 DNS - auto-detect-interface:true # 自动识别出口网卡 - auto-route:true # 配置路由表 - # mtu:9000 # 最大传输单元 - # strict_route:true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 - # inet4_route_address:# 启用 auto_route 时使用自定义路由而不是默认路由 +tun: + enable: false + stack: system # gvisor / lwip + dns-hijack: + - 0.0.0.0: 53 # 需要劫持的 DNS + auto-detect-interface: true # 自动识别出口网卡 + auto-route: true # 配置路由表 + # mtu: 9000 # 最大传输单元 + # strict_route: true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 + # inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 # - 0.0.0.0/1 # - 128.0.0.0/1 - # inet6_route_address:# 启用 auto_route 时使用自定义路由而不是默认路由 - # - "::/1" - # - "8000::/1" - # endpoint_independent_nat:false # 启用独立于端点的 NAT - # include_uid:# UID 规则仅在 Linux 下被支持,并且需要 auto_route + # inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 + # - ": : /1" + # - "8000: : /1" + # endpoint_independent_nat: false # 启用独立于端点的 NAT + # include_uid: # UID 规则仅在 Linux 下被支持,并且需要 auto_route # - 0 - # include_uid_range:# 限制被路由的的用户范围 + # include_uid_range: # 限制被路由的的用户范围 # - 1000-99999 - # exclude_uid:# 排除路由的的用户 + # exclude_uid: # 排除路由的的用户 #- 1000 - # exclude_uid_range:# 排除路由的的用户范围 + # exclude_uid_range: # 排除路由的的用户范围 # - 1000-99999 # Android 用户和应用规则仅在 Android 下被支持 # 并且需要 auto_route - # include_android_user:# 限制被路由的 Android 用户 + # include_android_user: # 限制被路由的 Android 用户 # - 0 # - 10 - # include_package:# 限制被路由的 Android 应用包名 + # include_package: # 限制被路由的 Android 应用包名 # - com.android.chrome - # exclude_package:# 排除被路由的 Android 应用包名 + # exclude_package: # 排除被路由的 Android 应用包名 # - com.android.captiveportallogin ``` ## ebpf ```yaml -ebpf: - auto-redir:# redirect 模式,仅支持 TCP +ebpf: + auto-redir: # redirect 模式,仅支持 TCP - eth0 - redirect-to-tun:# UDP+TCP 使用该功能请勿启用 auto-route + redirect-to-tun: # UDP+TCP 使用该功能请勿启用 auto-route - eth0 ``` ## sniffer ```yaml -sniffer: - enable:false +sniffer: + enable: false ## 对 redir-host 类型识别的流量进行强制嗅探 ## 如:Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于 - # force-dns-mapping:false + # force-dns-mapping: false ## 对所有未获取到域名的流量进行强制嗅探 - # parse-pure-ip:false + # parse-pure-ip: false # 是否使用嗅探结果作为实际访问,默认 true # 全局配置,优先级低于 sniffer.sniff 实际配置 - override-destination:false - sniff: + override-destination: false + sniff: # TLS 默认如果不配置 ports 默认嗅探 443 - TLS: - # ports:[443, 8443] + TLS: + # ports: [443, 8443] # 默认嗅探 80 - HTTP: + HTTP: # 需要嗅探的端口 - ports:[80, 8080-8880] + ports: [80, 8080-8880] # 可覆盖 sniffer.override-destination - override-destination:true - force-domain: + override-destination: true + force-domain: - +.v2ex.com ## 对嗅探结果进行跳过 - # skip-domain: + # skip-domain: # - Mijia Cloud ``` ## tunnels ```yaml -tunnels: +tunnels: # one line config - - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy - - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn + - tcp/udp,127.0.0.1: 6553,114.114.114.114: 53,proxy + - tcp,127.0.0.1: 6666,rds.mysql.com: 3306,vpn # full yaml config - - network:[tcp, udp] - address:127.0.0.1:7777 - target:target.com - proxy:proxy + - network: [tcp, udp] + address: 127.0.0.1: 7777 + target: target.com + proxy: proxy ``` ## DNS 配置 ```yaml -dns: - enable:false # 关闭将使用系统 DNS - prefer-h3:true # 开启 DoH 支持 HTTP/3,将并发尝试 - listen:0.0.0.0:5353 # 开启 DNS 服务器监听 - # ipv6:false # false 将返回 AAAA 的空结果 +dns: + enable: false # 关闭将使用系统 DNS + prefer-h3: true # 开启 DoH 支持 HTTP/3,将并发尝试 + listen: 0.0.0.0: 5353 # 开启 DNS 服务器监听 + # ipv6: false # false 将返回 AAAA 的空结果 # 用于解析 nameserver,fallback 以及其他 DNS 服务器配置的,DNS 服务域名 # 只能使用纯 IP 地址,可使用加密 DNS - default-nameserver: + default-nameserver: - 114.114.114.114 - - tls://1.12.12.12:853 - - tls://223.5.5.5:853 + - tls: //1.12.12.12: 853 + - tls: //223.5.5.5: 853 - enhanced-mode:redir-host # or fake-ip + enhanced-mode: redir-host # or fake-ip - fake-ip-range:198.18.0.1/16 # fake-ip 池设置 + fake-ip-range: 198.18.0.1/16 # fake-ip 池设置 - # use-hosts:true # 查询 hosts + # use-hosts: true # 查询 hosts # 配置查询域名使用的 DNS 服务器 # nameserver-policy 可以使用 geosite 分流 DNS 解析。 # 将国内域名指定为国内 DOH 进行解析,其余 DNS 使用境外 DOH 解析 - nameserver-policy: - "geosite:cn":[https://doh.pub/dns-query,https://dns.alidns.com/dns-query] - # 'www.baidu.com':'114.114.114.114' - # '+.internal.crop.com':'10.0.0.1' + nameserver-policy: + "geosite: cn": [https: //doh.pub/dns-query,https: //dns.alidns.com/dns-query] + # 'www.baidu.com': '114.114.114.114' + # '+.internal.crop.com': '10.0.0.1' # DNS 主要域名配置 # 支持 UDP,TCP,DoT,DoH,DoQ - nameserver: - - https://dns.google/dns-query - - https://dns.cloudflare.com/dns-query - - https://doh.opendns.com/dns-query - - https://doh.dns.sb/dns-query - - https://[2001:4860:4860::8888]/dns-query - - https://[2001:4860:4860::8844]/dns-query - - https://[2001:4860:4860::6464]/dns-query - - https://[2001:4860:4860::64]/dns-query + nameserver: + - https: //dns.google/dns-query + - https: //dns.cloudflare.com/dns-query + - https: //doh.opendns.com/dns-query + - https: //doh.dns.sb/dns-query + - https: //[2001: 4860: 4860: : 8888]/dns-query + - https: //[2001: 4860: 4860: : 8844]/dns-query + - https: //[2001: 4860: 4860: : 6464]/dns-query + - https: //[2001: 4860: 4860: : 64]/dns-query # - 114.114.114.114 # default value # - 8.8.8.8 # default value - # - tls://223.5.5.5:853 # DNS over TLS - # - https://doh.pub/dns-query # DNS over HTTPS - # - https://dns.alidns.com/dns-query#h3=true # 强制 HTTP/3,与 perfer-h3 无关,强制开启 DoH 的 HTTP/3 支持,若不支持将无法使用 - # - https://mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # 指定策略组和使用 HTTP/3 - # - dhcp://en0 # dns from dhcp - # - quic://dns.adguard.com:784 # DNS over QUIC + # - tls: //223.5.5.5: 853 # DNS over TLS + # - https: //doh.pub/dns-query # DNS over HTTPS + # - https: //dns.alidns.com/dns-query#h3=true # 强制 HTTP/3,与 perfer-h3 无关,强制开启 DoH 的 HTTP/3 支持,若不支持将无法使用 + # - https: //mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # 指定策略组和使用 HTTP/3 + # - dhcp: //en0 # dns from dhcp + # - quic: //dns.adguard.com: 784 # DNS over QUIC # - '8.8.8.8#en0' # 兼容指定 DNS 出口网卡 # 当配置 fallback 时,会查询 nameserver 中返回的 IP 是否为 CN,非必要配置 # 当不是 CN,则使用 fallback 中的 DNS 查询结果 # 确保配置 fallback 时能够正常查询 - # fallback: - # - tcp://1.1.1.1 - # - 'tcp://1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询,ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡 + # fallback: + # - tcp: //1.1.1.1 + # - 'tcp: //1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询,ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡 # 专用于节点域名解析的 DNS 服务器,非必要配置项 # 配置服务器若查询失败将使用 nameserver,非并发查询 - # proxy-server-nameserver: - # - https://dns.google/dns-query - # - tls://one.one.one.one + # proxy-server-nameserver: + # - https: //dns.google/dns-query + # - tls: //one.one.one.one # 配置 fallback 使用条件 - # fallback-filter: - # geoip:true # 配置是否使用 geoip - # geoip-code:CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时,不使用 fallback 中的 DNS 查询结果 + # fallback-filter: + # geoip: true # 配置是否使用 geoip + # geoip-code: CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时,不使用 fallback 中的 DNS 查询结果 # 配置强制 fallback,优先于 IP 判断,具体分类自行查看 geosite 库 - # geosite: + # geosite: # - "geolocation-!cn" # 如果不匹配 ipcidr 则使用 nameservers 中的结果 - # ipcidr: + # ipcidr: # - 240.0.0.0/4 - # domain: + # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # 配置不使用 fake-ip 的域名 - # fake-ip-filter: + # fake-ip-filter: # - "+.lan" # # QQ Loopback # - localhost.sec.qq.com @@ -318,7 +318,7 @@ dns: ## Proxies ```yaml -proxies: +proxies: # Shadowsocks # cipher 支持: # aes-128-gcm aes-192-gcm aes-256-gcm @@ -327,427 +327,427 @@ proxies: # rc4-md5 chacha20-ietf xchacha20 # chacha20-ietf-poly1305 xchacha20-ietf-poly1305 # 2022-blake3-aes-128-gcm 2022-blake3-aes-256-gcm 2022-blake3-chacha20-poly1305 - - name:"ss1" - type:ss - server:server - port:443 - cipher:chacha20-ietf-poly1305 - password:"password" - # udp:true - # udp-over-tcp:false - # ip-version:ipv4 # 设置节点使用 IP 版本,可选:dual,ipv4,ipv6,ipv4-prefer,ipv6-prefer。默认使用 dual + - name: "ss1" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + # udp: true + # udp-over-tcp: false + # ip-version: ipv4 # 设置节点使用 IP 版本,可选:dual,ipv4,ipv6,ipv4-prefer,ipv6-prefer。默认使用 dual # ipv4:仅使用 IPv4 ipv6:仅使用 IPv6 # ipv4-prefer:优先使用 IPv4 对于 TCP 会进行双栈解析,并发链接但是优先使用 IPv4 链接, # UDP 则为双栈解析,获取结果中的第一个 IPv4 # ipv6-prefer 同 ipv4-prefer # 现有协议都支持此参数,TCP 效果仅在开启 tcp-concurrent 生效 - - name:"ss2" - type:ss - server:server - port:443 - cipher:chacha20-ietf-poly1305 - password:"password" - plugin:obfs - plugin-opts: - mode:tls # or http - # host:bing.com + - name: "ss2" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + plugin: obfs + plugin-opts: + mode: tls # or http + # host: bing.com - - name:"ss3" - type:ss - server:server - port:443 - cipher:chacha20-ietf-poly1305 - password:"password" - plugin:v2ray-plugin - plugin-opts: - mode:websocket # no QUIC now - # tls:true # wss + - name: "ss3" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + plugin: v2ray-plugin + plugin-opts: + mode: websocket # no QUIC now + # tls: true # wss # 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取 # 配置指纹将实现 SSL Pining 效果 - # fingerprint:xxxx - # skip-cert-verify:true - # host:bing.com - # path:"/" - # mux:true - # headers: - # custom:value + # fingerprint: xxxx + # skip-cert-verify: true + # host: bing.com + # path: "/" + # mux: true + # headers: + # custom: value - - name:"ss4" - type:ss - server:server - port:443 - cipher:chacha20-ietf-poly1305 - password:"password" - plugin:shadow-tls - plugin-opts: - host:"cloud.tencent.com" - password:"shadow_tls_password" + - name: "ss4" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + plugin: shadow-tls + plugin-opts: + host: "cloud.tencent.com" + password: "shadow_tls_password" ``` ### vmess ```yaml # cipher 支持 auto/aes-128-gcm/chacha20-poly1305/none - - name:"vmess" - type:vmess - server:server - port:443 - uuid:uuid - alterId:32 - cipher:auto - # udp:true - # tls:true - # fingerprint:xxxx - # client-fingerprint:chrome # Available:"chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan. - # skip-cert-verify:true - # servername:example.com # priority over wss host - # network:ws - # ws-opts: - # path:/path - # headers: - # Host:v2ray.com - # max-early-data:2048 - # early-data-header-name:Sec-WebSocket-Protocol + - name: "vmess" + type: vmess + server: server + port: 443 + uuid: uuid + alterId: 32 + cipher: auto + # udp: true + # tls: true + # fingerprint: xxxx + # client-fingerprint: chrome # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan. + # skip-cert-verify: true + # servername: example.com # priority over wss host + # network: ws + # ws-opts: + # path: /path + # headers: + # Host: v2ray.com + # max-early-data: 2048 + # early-data-header-name: Sec-WebSocket-Protocol - - name:"vmess-h2" - type:vmess - server:server - port:443 - uuid:uuid - alterId:32 - cipher:auto - network:h2 - tls:true - # fingerprint:xxxx - h2-opts: - host: + - name: "vmess-h2" + type: vmess + server: server + port: 443 + uuid: uuid + alterId: 32 + cipher: auto + network: h2 + tls: true + # fingerprint: xxxx + h2-opts: + host: - http.example.com - http-alt.example.com - path:/ + path: / - - name:"vmess-http" - type:vmess - server:server - port:443 - uuid:uuid - alterId:32 - cipher:auto - # udp:true - # network:http - # http-opts: - # # method:"GET" - # # path: + - name: "vmess-http" + type: vmess + server: server + port: 443 + uuid: uuid + alterId: 32 + cipher: auto + # udp: true + # network: http + # http-opts: + # # method: "GET" + # # path: # # - '/' # # - '/video' - # # headers: - # # Connection: + # # headers: + # # Connection: # # - keep-alive - # ip-version:ipv4 # 设置使用 IP 类型偏好,可选:ipv4,ipv6,dual,默认值:dual + # ip-version: ipv4 # 设置使用 IP 类型偏好,可选:ipv4,ipv6,dual,默认值:dual - - name:vmess-grpc - server:server - port:443 - type:vmess - uuid:uuid - alterId:32 - cipher:auto - network:grpc - tls:true - # fingerprint:xxxx - servername:example.com - # skip-cert-verify:true - grpc-opts: - grpc-service-name:"example" - # ip-version:ipv4 + - name: vmess-grpc + server: server + port: 443 + type: vmess + uuid: uuid + alterId: 32 + cipher: auto + network: grpc + tls: true + # fingerprint: xxxx + servername: example.com + # skip-cert-verify: true + grpc-opts: + grpc-service-name: "example" + # ip-version: ipv4 ``` ### Socks & HTTP ``` # socks5 - - name:"socks" - type:socks5 - server:server - port:443 - # username:username - # password:password - # tls:true - # fingerprint:xxxx - # skip-cert-verify:true - # udp:true - # ip-version:ipv6 + - name: "socks" + type: socks5 + server: server + port: 443 + # username: username + # password: password + # tls: true + # fingerprint: xxxx + # skip-cert-verify: true + # udp: true + # ip-version: ipv6 # http - - name:"http" - type:http - server:server - port:443 - # username:username - # password:password - # tls:true # https - # skip-cert-verify:true - # sni:custom.com - # fingerprint:xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints - # ip-version:dual + - name: "http" + type: http + server: server + port: 443 + # username: username + # password: password + # tls: true # https + # skip-cert-verify: true + # sni: custom.com + # fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints + # ip-version: dual ``` ### VLESS ```yaml - - name:"vless-tcp" - type:vless - server:server - port:443 - uuid:uuid - network:tcp - servername:example.com # AKA SNI - # flow:xtls-rprx-direct # xtls-rprx-origin # enable XTLS - # skip-cert-verify:true - # fingerprint:xxxx - # client-fingerprint:random # Available:"chrome","firefox","safari","random" + - name: "vless-tcp" + type: vless + server: server + port: 443 + uuid: uuid + network: tcp + servername: example.com # AKA SNI + # flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS + # skip-cert-verify: true + # fingerprint: xxxx + # client-fingerprint: random # Available: "chrome","firefox","safari","random" - - name:"vless-ws" - type:vless - server:server - port:443 - uuid:uuid - udp:true - tls:true - network:ws - # client-fingerprint:random # Available:"chrome","firefox","safari","random" - servername:example.com # priority over wss host - # skip-cert-verify:true - # fingerprint:xxxx - ws-opts: - path:"/" - headers: - Host:example.com + - name: "vless-ws" + type: vless + server: server + port: 443 + uuid: uuid + udp: true + tls: true + network: ws + # client-fingerprint: random # Available: "chrome","firefox","safari","random" + servername: example.com # priority over wss host + # skip-cert-verify: true + # fingerprint: xxxx + ws-opts: + path: "/" + headers: + Host: example.com ``` ### Snell ```yaml # Beware that there's currently no UDP support yet - - name:"snell" - type:snell - server:server - port:44046 - psk:yourpsk - # version:2 - # obfs-opts: - # mode:http # or tls - # host:bing.com + - name: "snell" + type: snell + server: server + port: 44046 + psk: yourpsk + # version: 2 + # obfs-opts: + # mode: http # or tls + # host: bing.com ``` ### Trojan ```yaml - - name:"trojan" - type:trojan - server:server - port:443 - password:yourpsk - # client-fingerprint:chrome # Available:"chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan. - # fingerprint:xxxx - # udp:true - # sni:example.com # aka server name - # alpn: + - name: "trojan" + type: trojan + server: server + port: 443 + password: yourpsk + # client-fingerprint: chrome # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan. + # fingerprint: xxxx + # udp: true + # sni: example.com # aka server name + # alpn: # - h2 # - http/1.1 - # skip-cert-verify:true + # skip-cert-verify: true - - name:trojan-grpc - server:server - port:443 - type:trojan - password:"example" - network:grpc - sni:example.com - # skip-cert-verify:true - # fingerprint:xxxx - udp:true - grpc-opts: - grpc-service-name:"example" + - name: trojan-grpc + server: server + port: 443 + type: trojan + password: "example" + network: grpc + sni: example.com + # skip-cert-verify: true + # fingerprint: xxxx + udp: true + grpc-opts: + grpc-service-name: "example" - - name:trojan-ws - server:server - port:443 - type:trojan - password:"example" - network:ws - sni:example.com - # skip-cert-verify:true - # fingerprint:xxxx - udp:true - # ws-opts: - # path:/path - # headers: - # Host:example.com + - name: trojan-ws + server: server + port: 443 + type: trojan + password: "example" + network: ws + sni: example.com + # skip-cert-verify: true + # fingerprint: xxxx + udp: true + # ws-opts: + # path: /path + # headers: + # Host: example.com - - name:"trojan-xtls" - type:trojan - server:server - port:443 - password:yourpsk - flow:"xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct - flow-show:true - # udp:true - # sni:example.com # aka server name - # skip-cert-verify:true - # fingerprint:xxxx + - name: "trojan-xtls" + type: trojan + server: server + port: 443 + password: yourpsk + flow: "xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct + flow-show: true + # udp: true + # sni: example.com # aka server name + # skip-cert-verify: true + # fingerprint: xxxx ``` ### Hysteria ```yaml - - name:"hysteria" - type:hysteria - server:server.com - port:443 - auth_str:yourpassword # 将会在未来某个时候删除 - # auth-str:yourpassword - # obfs:obfs_str - # alpn: + - name: "hysteria" + type: hysteria + server: server.com + port: 443 + auth_str: yourpassword # 将会在未来某个时候删除 + # auth-str: yourpassword + # obfs: obfs_str + # alpn: # - h3 - protocol:udp # 支持 udp/wechat-video/faketcp - up:"30 Mbps" # 若不写单位,默认为 Mbps - down:"200 Mbps" # 若不写单位,默认为 Mbps - # sni:server.com - # skip-cert-verify:false - # recv_window_conn:12582912 # 将会在未来某个时候删除 - # recv-window-conn:12582912 - # recv_window:52428800 # 将会在未来某个时候删除 - # recv-window:52428800 - # ca:"./my.ca" - # ca_str:"xyz" # 将会在未来某个时候删除 - # ca-str:"xyz" - # disable_mtu_discovery:false - # fingerprint:xxxx - # fast-open:true # 支持 TCP 快速打开,默认为 false + protocol: udp # 支持 udp/wechat-video/faketcp + up: "30 Mbps" # 若不写单位,默认为 Mbps + down: "200 Mbps" # 若不写单位,默认为 Mbps + # sni: server.com + # skip-cert-verify: false + # recv_window_conn: 12582912 # 将会在未来某个时候删除 + # recv-window-conn: 12582912 + # recv_window: 52428800 # 将会在未来某个时候删除 + # recv-window: 52428800 + # ca: "./my.ca" + # ca_str: "xyz" # 将会在未来某个时候删除 + # ca-str: "xyz" + # disable_mtu_discovery: false + # fingerprint: xxxx + # fast-open: true # 支持 TCP 快速打开,默认为 false ``` ### Tuic ```yaml - - name:tuic - server:www.example.com - port:10443 - type:tuic - token:TOKEN - # ip:127.0.0.1 # for overwriting the DNS lookup result of the server address set in option 'server' - # heartbeat-interval:10000 - # alpn:[h3] - # disable-sni:true - reduce-rtt:true - # request-timeout:8000 - udp-relay-mode:native # Available:"native", "quic". Default:"native" - # congestion-controller:bbr # Available:"cubic", "new_reno", "bbr". Default:"cubic" - # max-udp-relay-packet-size:1500 - # fast-open:true - # skip-cert-verify:true - # max-open-streams:20 # default 100, too many open streams may hurt performance + - name: tuic + server: www.example.com + port: 10443 + type: tuic + token: TOKEN + # ip: 127.0.0.1 # for overwriting the DNS lookup result of the server address set in option 'server' + # heartbeat-interval: 10000 + # alpn: [h3] + # disable-sni: true + reduce-rtt: true + # request-timeout: 8000 + udp-relay-mode: native # Available: "native", "quic". Default: "native" + # congestion-controller: bbr # Available: "cubic", "new_reno", "bbr". Default: "cubic" + # max-udp-relay-packet-size: 1500 + # fast-open: true + # skip-cert-verify: true + # max-open-streams: 20 # default 100, too many open streams may hurt performance ``` ### ShadowsocksR ``` - # The supported ciphers (encryption methods):all stream ciphers in ss - # The supported obfses: + # The supported ciphers (encryption methods): all stream ciphers in ss + # The supported obfses: # plain http_simple http_post # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth - # The supported supported protocols: + # The supported supported protocols: # origin auth_sha1_v4 auth_aes128_md5 # auth_aes128_sha1 auth_chain_a auth_chain_b - - name:"ssr" - type:ssr - server:server - port:443 - cipher:chacha20-ietf - password:"password" - obfs:tls1.2_ticket_auth - protocol:auth_sha1_v4 - # obfs-param:domain.tld - # protocol-param:"#" - # udp:true + - name: "ssr" + type: ssr + server: server + port: 443 + cipher: chacha20-ietf + password: "password" + obfs: tls1.2_ticket_auth + protocol: auth_sha1_v4 + # obfs-param: domain.tld + # protocol-param: "#" + # udp: true ``` ### Wireguard ```yaml - - name:"wg" - type:wireguard - server:162.159.192.1 - port:2480 - ip:172.16.0.2 - ipv6:fd01:5ca1:ab1e:80fa:ab85:6eea:213f:f4a5 - private-key:eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU= - public-key:Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo= - udp:true - # reserved:'U4An' + - name: "wg" + type: wireguard + server: 162.159.192.1 + port: 2480 + ip: 172.16.0.2 + ipv6: fd01: 5ca1: ab1e: 80fa: ab85: 6eea: 213f: f4a5 + private-key: eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU= + public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo= + udp: true + # reserved: 'U4An' ``` ## Proxy-groups Active health detection `urltest / fallback` (based on tcp handshake, multiple failures within a limited time will actively trigger health detection to use the node) ```yaml -proxy-groups: +proxy-groups: # 代理链,若落地协议支持 UDP over TCP 则可支持 UDP - # Traffic:clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet - - name:"relay" - type:relay - proxies: + # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet + - name: "relay" + type: relay + proxies: - http - vmess - ss1 - ss2 # url-test 将按照 url 测试结果使用延迟最低节点 - - name:"auto" - type:url-test - proxies: + - name: "auto" + type: url-test + proxies: - ss1 - ss2 - vmess1 - # tolerance:150 - # lazy:true - url:"https://cp.cloudflare.com/generate_204" - interval:300 + # tolerance: 150 + # lazy: true + url: "https: //cp.cloudflare.com/generate_204" + interval: 300 # fallback 将按照 url 测试结果按照节点顺序选择 - - name:"fallback-auto" - type:fallback - proxies: + - name: "fallback-auto" + type: fallback + proxies: - ss1 - ss2 - vmess1 - url:"https://cp.cloudflare.com/generate_204" - interval:300 + url: "https: //cp.cloudflare.com/generate_204" + interval: 300 # load-balance 将按照算法随机选择节点 - - name:"load-balance" - type:load-balance - proxies: + - name: "load-balance" + type: load-balance + proxies: - ss1 - ss2 - vmess1 - url:"https://cp.cloudflare.com/generate_204" - interval:300 - # strategy:consistent-hashing # 可选 round-robin 和 sticky-sessions + url: "https: //cp.cloudflare.com/generate_204" + interval: 300 + # strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions # select 用户自行选择节点 - - name:Proxy - type:select - # disable-udp:true - proxies: + - name: Proxy + type: select + # disable-udp: true + proxies: - ss1 - ss2 - vmess1 - auto # 配置指定 interface-name 和 fwmark 的 DIRECT - - name:en1 - type:select - interface-name:en1 - routing-mark:6667 - proxies: + - name: en1 + type: select + interface-name: en1 + routing-mark: 6667 + proxies: - DIRECT # Support `Policy Group Filter` - - name:UseProvider - type:select - filter:"HK|TW" # 正则表达式,过滤 provider1 中节点名包含 HK 或 TW - use: + - name: UseProvider + type: select + filter: "HK|TW" # 正则表达式,过滤 provider1 中节点名包含 HK 或 TW + use: - provider1 - proxies: + proxies: - Proxy - DIRECT ``` @@ -755,40 +755,40 @@ proxy-groups: ## Providers ### Proxy-providers ``` -proxy-providers: - provider1: - type:http - url:"url" - interval:3600 - path:./provider1.yaml - health-check: - enable:true - interval:600 - # lazy:true - url:https://cp.cloudflare.com/generate_204 - test: - type:file - path:/test.yaml - health-check: - enable:true - interval:36000 - url:https://cp.cloudflare.com/generate_204 +proxy-providers: + provider1: + type: http + url: "url" + interval: 3600 + path: ./provider1.yaml + health-check: + enable: true + interval: 600 + # lazy: true + url: https: //cp.cloudflare.com/generate_204 + test: + type: file + path: /test.yaml + health-check: + enable: true + interval: 36000 + url: https: //cp.cloudflare.com/generate_204 ``` ### Rule-providers ```yaml -rule-providers: - rule1: - behavior:classical # domain ipcidr - interval:259200 - path:/path/to/save/file.yaml - type:http - url:"url" - rule2: - behavior:classical - interval:259200 - path:/path/to/save/file.yaml - type:file +rule-providers: + rule1: + behavior: classical # domain ipcidr + interval: 259200 + path: /path/to/save/file.yaml + type: http + url: "url" + rule2: + behavior: classical + interval: 259200 + path: /path/to/save/file.yaml + type: file ``` ## Rules @@ -797,22 +797,22 @@ rule-providers: - Support `multiport` condition for rule `SRC-PORT` and `DST-PORT`. - Support `network` condition for all rules. - Support source IPCIDR condition for all rules, just append to the end. -- The `GEOSITE` databases via https://github.com/Loyalsoldier/v2ray-rules-dat. +- The `GEOSITE` databases via https: //github.com/Loyalsoldier/v2ray-rules-dat. ```yaml -rules: +rules: - RULE-SET,rule1,REJECT - DOMAIN-SUFFIX,baidu.com,DIRECT - DOMAIN-KEYWORD,google,ss1 - IP-CIDR,1.1.1.1/32,ss1 - - IP-CIDR6,2409::/64,DIRECT + - IP-CIDR6,2409: : /64,DIRECT - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 当规则集 - SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2 # 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用 # google.com(not match)--> baidu.com(match) # / | # / | -# https://baidu.com --> rule1 --> rule2 --> sub-rule-name1(match tcp) 使用 DIRECT +# https: //baidu.com --> rule1 --> rule2 --> sub-rule-name1(match tcp) 使用 DIRECT # # google.com(not match)--> baidu.com(not match) # / | @@ -822,11 +822,11 @@ rules: # 使用 REJECT <-- 1.1.1.1/32(match) # -sub-rules: - sub-rule-name1: +sub-rules: + sub-rule-name1: - DOMAIN,google.com,ss1 - DOMAIN,baidu.com,DIRECT - sub-rule-name2: + sub-rule-name2: - IP-CIDR,1.1.1.1/32,REJECT - IP-CIDR,8.8.8.8/32,ss1 - DOMAIN,dns.alidns.com,REJECT @@ -835,160 +835,160 @@ sub-rules: ## Listeners ```yaml # 流量入站 -listeners: - - name:socks5-in-1 - type:socks - port:10808 - #listen:0.0.0.0 # 默认监听 0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 - # udp:false # 默认 true +listeners: + - name: socks5-in-1 + type: socks + port: 10808 + #listen: 0.0.0.0 # 默认监听 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 + # udp: false # 默认 true - - name:http-in-1 - type:http - port:10809 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + - name: http-in-1 + type: http + port: 10809 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - - name:mixed-in-1 - type:mixed # HTTP(S) 和 SOCKS 代理混合 - port:10810 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - # udp:false # 默认 true + - name: mixed-in-1 + type: mixed # HTTP(S) 和 SOCKS 代理混合 + port: 10810 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # udp: false # 默认 true - - name:reidr-in-1 - type:redir - port:10811 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + - name: reidr-in-1 + type: redir + port: 10811 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - - name:tproxy-in-1 - type:tproxy - port:10812 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - # udp:false # 默认 true + - name: tproxy-in-1 + type: tproxy + port: 10812 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # udp: false # 默认 true - - name:shadowsocks-in-1 - type:shadowsocks - port:10813 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - password:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg= - cipher:2022-blake3-aes-256-gcm + - name: shadowsocks-in-1 + type: shadowsocks + port: 10813 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + password: vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg= + cipher: 2022-blake3-aes-256-gcm - - name:vmess-in-1 - type:vmess - port:10814 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - users: - - username:1 - uuid:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68 - alterId:1 + - name: vmess-in-1 + type: vmess + port: 10814 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + users: + - username: 1 + uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68 + alterId: 1 - - name:tuic-in-1 - type:tuic - port:10815 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - # token: + - name: tuic-in-1 + type: tuic + port: 10815 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + # token: # - TOKEN - # certificate:./server.crt - # private-key:./server.key - # congestion-controller:bbr - # max-idle-time:15000 - # authentication-timeout:1000 - # alpn: + # certificate: ./server.crt + # private-key: ./server.key + # congestion-controller: bbr + # max-idle-time: 15000 + # authentication-timeout: 1000 + # alpn: # - h3 - # max-udp-relay-packet-size:1500 + # max-udp-relay-packet-size: 1500 - - name:tunnel-in-1 - type:tunnel - port:10816 - listen:0.0.0.0 - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - network:[tcp, udp] - target:target.com + - name: tunnel-in-1 + type: tunnel + port: 10816 + listen: 0.0.0.0 + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + network: [tcp, udp] + target: target.com - - name:tun-in-1 - type:tun - # rule:sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules - # proxy:proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) - stack:system # gvisor / lwip - dns-hijack: - - 0.0.0.0:53 # 需要劫持的 DNS - # auto-detect-interface:false # 自动识别出口网卡 - # auto-route:false # 配置路由表 - # mtu:9000 # 最大传输单元 - inet4-address:# 必须手动设置 ipv4 地址段 + - name: tun-in-1 + type: tun + # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules + # proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理(当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错) + stack: system # gvisor / lwip + dns-hijack: + - 0.0.0.0: 53 # 需要劫持的 DNS + # auto-detect-interface: false # 自动识别出口网卡 + # auto-route: false # 配置路由表 + # mtu: 9000 # 最大传输单元 + inet4-address: # 必须手动设置 ipv4 地址段 - 198.19.0.1/30 - inet6-address:# 必须手动设置 ipv6 地址段 - - "fdfe:dcba:9877::1/126" - # strict_route:true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 - # inet4_route_address:# 启用 auto_route 时使用自定义路由而不是默认路由 + inet6-address: # 必须手动设置 ipv6 地址段 + - "fdfe: dcba: 9877: : 1/126" + # strict_route: true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问 + # inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 # - 0.0.0.0/1 # - 128.0.0.0/1 - # inet6_route_address:# 启用 auto_route 时使用自定义路由而不是默认路由 - # - "::/1" - # - "8000::/1" - # endpoint_independent_nat:false # 启用独立于端点的 NAT - # include_uid:# UID 规则仅在 Linux 下被支持,并且需要 auto_route + # inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 + # - ": : /1" + # - "8000: : /1" + # endpoint_independent_nat: false # 启用独立于端点的 NAT + # include_uid: # UID 规则仅在 Linux 下被支持,并且需要 auto_route # - 0 - # include_uid_range:# 限制被路由的的用户范围 + # include_uid_range: # 限制被路由的的用户范围 # - 1000-99999 - # exclude_uid:# 排除路由的的用户 + # exclude_uid: # 排除路由的的用户 #- 1000 - # exclude_uid_range:# 排除路由的的用户范围 + # exclude_uid_range: # 排除路由的的用户范围 # - 1000-99999 # Android 用户和应用规则仅在 Android 下被支持 # 并且需要 auto_route - # include_android_user:# 限制被路由的 Android 用户 + # include_android_user: # 限制被路由的 Android 用户 # - 0 # - 10 - # include_package:# 限制被路由的 Android 应用包名 + # include_package: # 限制被路由的 Android 应用包名 # - com.android.chrome - # exclude_package:# 排除被路由的 Android 应用包名 + # exclude_package: # 排除被路由的 Android 应用包名 # - com.android.captiveportallogin ``` ## 入口配置 入口配置与 Listener 等价,传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理 -### ss-config: +### ss-config: ```yaml -ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456 +ss: //2022-blake3-aes-256-gcm: vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@: 23456 ``` -### vmess-config: +### vmess-config: ```yaml -vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345 +vmess: //1: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@: 12345 ``` ### tuic 服务器入口 传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理 ```yaml -tuic-server: +tuic-server: enable: true - listen: 127.0.0.1:10443 - token: + listen: 127.0.0.1: 10443 + token: - TOKEN certificate: ./server.crt private-key: ./server.key congestion-controller: bbr max-idle-time: 15000 authentication-timeout: 1000 - alpn: + alpn: - h3 max-udp-relay-packet-size: 1500 ```