2022-07-02 13:44:04 +08:00
# port: 7890 # HTTP(S) 代理服务器端口
# socks-port: 7891 # SOCKS5 代理端口
mixed-port : 10801 # HTTP(S) 和 SOCKS 代理混合端口
2022-08-28 13:41:19 +08:00
# redir-port: 7892 # 透明代理端口,用于 Linux 和 MacOS
2022-07-02 13:44:04 +08:00
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
# tproxy-port: 7893
allow-lan : true # 允许局域网连接
2023-02-25 17:20:38 +08:00
bind-address : "*" # 绑定 IP 地址,仅作用于 allow-lan 为 true, '*'表示所有地址
2024-04-07 05:28:22 +08:00
authentication : # http,socks 入口的验证用户名,密码
2023-10-10 19:43:26 +08:00
- "username:password"
2024-04-07 05:28:22 +08:00
skip-auth-prefixes : # 设置跳过验证的 IP 段
2023-10-10 19:43:26 +08:00
- 127.0 .0 .1 /8
- : : 1 /128
2024-04-07 05:28:22 +08:00
lan-allowed-ips : # 允许连接的 IP 地址段,仅作用于 allow-lan 为 true, 默认值为 0.0.0.0/0 和::/0
2023-12-12 20:39:11 +08:00
- 0.0 .0 .0 /0
- : : /0
2024-04-07 05:28:22 +08:00
lan-disallowed-ips : # 禁止连接的 IP 地址段,黑名单优先级高于白名单,默认值为空
2023-12-12 20:39:11 +08:00
- 192.168 .0 .3 /32
2022-07-02 13:44:04 +08:00
2023-02-25 17:20:38 +08:00
# find-process-mode has 3 values:always, strict, off
2023-01-20 16:29:08 +08:00
# - always, 开启,强制匹配所有进程
2023-11-03 21:01:45 +08:00
# - strict, 默认,由 mihomo 判断是否开启
2023-01-20 16:29:08 +08:00
# - off, 不匹配进程,推荐在路由器上使用此模式
find-process-mode : strict
2022-07-02 13:44:04 +08:00
mode : rule
2023-02-25 17:20:38 +08:00
#自定义 geodata url
2023-01-27 13:27:39 +08:00
geox-url :
2023-07-20 23:24:48 +08:00
geoip : "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
geosite : "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
mmdb : "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb"
2023-01-27 13:27:39 +08:00
2023-12-03 23:10:09 +08:00
geo-auto-update : false # 是否自动更新 geodata
geo-update-interval : 24 # 更新间隔,单位:小时
2023-12-17 00:00:35 +08:00
# Matcher implementation used by GeoSite, available implementations:
# - succinct (default, same as rule-set)
# - mph (from V2Ray, also `hybrid` in Xray)
# geosite-matcher: succinct
2022-08-28 13:41:19 +08:00
log-level : debug # 日志等级 silent/error/warning/info/debug
2022-07-02 13:44:04 +08:00
2022-08-28 13:41:19 +08:00
ipv6 : true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
2022-07-02 13:44:04 +08:00
2023-02-25 17:20:38 +08:00
tls :
certificate : string # 证书 PEM 格式,或者 证书的路径
private-key : string # 证书对应的私钥 PEM 格式,或者私钥路径
2023-02-25 22:01:20 +08:00
custom-certifactes :
- |
-----BEGIN CERTIFICATE-----
format/pem...
-----END CERTIFICATE-----
2023-02-25 17:20:38 +08:00
2022-07-02 13:44:04 +08:00
external-controller : 0.0 .0 .0 : 9093 # RESTful API 监听地址
2022-12-03 14:14:15 +08:00
external-controller-tls : 0.0 .0 .0 : 9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件
2023-02-25 17:20:38 +08:00
# secret: "123456" # `Authorization:Bearer ${secret}`
2022-07-02 13:44:04 +08:00
2024-04-17 09:39:00 +08:00
# RESTful API Unix socket 监听地址( windows版本大于17063也可以使用, 即大于等于1803/RS4版本即可使用 )
# !!!注意: 从Unix socket访问api接口不会验证secret, 如果开启请自行保证安全问题 ! ! !
# 测试方法: curl -v --unix-socket "mihomo.sock" http://localhost/
external-controller-unix : mihomo.sock
2023-02-25 17:20:38 +08:00
# tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP
2023-09-18 19:21:30 +08:00
# 配置 WEB UI 目录,使用 http://{{external-controller}}/ui 访问
external-ui : /path/to/ui/folder/
external-ui-name : xd
external-ui-url : "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"
2022-07-02 13:44:04 +08:00
# interface-name: en0 # 设置出口网卡
2023-02-25 17:20:38 +08:00
# 全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint
# 可选: "chrome","firefox","safari","ios","random","none" options.
# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint : chrome
2023-09-03 20:42:54 +08:00
# TCP keep alive interval
keep-alive-interval : 15
2023-09-02 16:25:55 +08:00
2023-02-25 17:20:38 +08:00
# routing-mark:6666 # 配置 fwmark 仅用于 Linux
2022-07-10 20:44:24 +08:00
experimental :
2023-09-08 22:58:59 +08:00
# Disable quic-go GSO support. This may result in reduced performance on Linux.
# This is not recommended for most users.
# Only users encountering issues with quic-go's internal implementation should enable this,
# and they should disable it as soon as the issue is resolved.
# This field will be removed when quic-go fixes all their issues in GSO.
# This equivalent to the environment variable QUIC_GO_DISABLE_GSO=1.
#quic-go-disable-gso: true
2023-01-14 21:34:26 +08:00
2022-08-28 13:41:19 +08:00
# 类似于 /etc/hosts, 仅支持配置单个 IP
2022-07-02 13:44:04 +08:00
hosts :
2023-11-03 21:01:45 +08:00
# '*.mihomo.dev': 127.0.0.1
2022-07-02 13:44:04 +08:00
# '.dev': 127.0.0.1
2023-11-03 21:01:45 +08:00
# 'alpha.mihomo.dev': '::1'
2023-03-12 15:00:59 +08:00
# test.com: [1.1.1.1, 2.2.2.2]
2023-11-30 21:12:30 +08:00
# home.lan: lan # lan 为特别字段,将加入本地所有网卡的地址
2023-03-12 15:00:59 +08:00
# baidu.com: google.com # 只允许配置一个别名
2022-07-02 13:44:04 +08:00
2023-03-10 13:42:09 +08:00
profile : # 存储 select 选择记录
2023-02-25 17:20:38 +08:00
store-selected : false
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
# 持久化 fake-ip
store-fake-ip : true
2022-08-28 13:41:19 +08:00
# Tun 配置
2022-07-02 13:44:04 +08:00
tun :
enable : false
2023-12-10 08:32:54 +08:00
stack : system # gvisor/mixed
2022-07-02 13:44:04 +08:00
dns-hijack :
2022-11-09 22:55:32 +08:00
- 0.0 .0 .0 : 53 # 需要劫持的 DNS
2022-08-28 13:41:19 +08:00
# auto-detect-interface: true # 自动识别出口网卡
# auto-route: true # 配置路由表
2022-11-07 18:08:33 +08:00
# mtu: 9000 # 最大传输单元
2024-04-07 05:28:22 +08:00
# gso: false # 启用通用分段卸载,仅支持 Linux
2023-12-10 08:32:54 +08:00
# gso-max-size: 65536 # 通用分段卸载包的最大大小
2024-04-07 05:28:22 +08:00
# strict-route: true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问
2023-12-31 03:22:01 +08:00
inet4-route-address : # 启用 auto-route 时使用自定义路由而不是默认路由
2022-11-07 18:08:33 +08:00
- 0.0 .0 .0 /1
- 128.0 .0 .0 /1
2023-12-31 03:22:01 +08:00
inet6-route-address : # 启用 auto-route 时使用自定义路由而不是默认路由
2022-12-03 14:14:15 +08:00
- "::/1"
- "8000::/1"
2023-05-11 21:24:38 +08:00
# endpoint-independent-nat: false # 启用独立于端点的 NAT
2024-04-07 05:28:22 +08:00
# include-interface: # 限制被路由的接口。默认不限制,与 `exclude-interface` 冲突
2023-12-10 08:32:54 +08:00
# - "lan0"
2024-04-07 05:28:22 +08:00
# exclude-interface: # 排除路由的接口,与 `include-interface` 冲突
2023-12-10 08:32:54 +08:00
# - "lan1"
2023-12-31 03:22:01 +08:00
# include-uid: # UID 规则仅在 Linux 下被支持,并且需要 auto-route
2022-12-03 14:14:15 +08:00
# - 0
2023-05-11 21:24:38 +08:00
# include-uid-range: # 限制被路由的的用户范围
2023-12-31 03:22:01 +08:00
# - 1000:9999
2023-05-11 21:24:38 +08:00
# exclude-uid: # 排除路由的的用户
2022-12-03 14:14:15 +08:00
#- 1000
2023-05-11 21:24:38 +08:00
# exclude-uid-range: # 排除路由的的用户范围
2023-12-31 03:22:01 +08:00
# - 1000:9999
2023-06-18 00:47:26 +08:00
2022-11-07 18:08:33 +08:00
# Android 用户和应用规则仅在 Android 下被支持
2023-05-11 21:24:38 +08:00
# 并且需要 auto-route
2023-06-18 00:47:26 +08:00
2023-05-11 21:24:38 +08:00
# include-android-user: # 限制被路由的 Android 用户
2022-12-03 14:14:15 +08:00
# - 0
# - 10
2023-05-11 21:24:38 +08:00
# include-package: # 限制被路由的 Android 应用包名
2022-12-03 14:14:15 +08:00
# - com.android.chrome
2023-05-11 21:24:38 +08:00
# exclude-package: # 排除被路由的 Android 应用包名
2022-12-03 14:14:15 +08:00
# - com.android.captiveportallogin
2024-04-07 05:28:22 +08:00
#ebpf 配置
2022-07-29 09:08:35 +08:00
ebpf :
2022-08-28 13:41:19 +08:00
auto-redir : # redirect 模式,仅支持 TCP
2022-07-29 09:08:35 +08:00
- eth0
2022-08-28 13:41:19 +08:00
redirect-to-tun : # UDP+TCP 使用该功能请勿启用 auto-route
2022-07-29 09:08:35 +08:00
- eth0
2022-07-02 13:44:04 +08:00
# 嗅探域名 可选配置
sniffer :
enable : false
2023-01-23 14:51:25 +08:00
## 对 redir-host 类型识别的流量进行强制嗅探
## 如: Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于
# force-dns-mapping: false
## 对所有未获取到域名的流量进行强制嗅探
# parse-pure-ip: false
2023-02-07 13:19:19 +08:00
# 是否使用嗅探结果作为实际访问,默认 true
2023-01-23 14:19:13 +08:00
# 全局配置,优先级低于 sniffer.sniff 实际配置
2023-01-23 14:12:53 +08:00
override-destination : false
2023-10-19 19:09:13 +08:00
sniff : # TLS 和 QUIC 默认如果不配置 ports 默认嗅探 443
QUIC :
# ports: [ 443 ]
2023-01-23 14:12:53 +08:00
TLS :
# ports: [443, 8443]
2023-06-18 00:47:26 +08:00
2023-01-23 14:12:53 +08:00
# 默认嗅探 80
2023-02-25 17:20:38 +08:00
HTTP : # 需要嗅探的端口
2023-02-05 17:31:58 +08:00
ports : [ 80 , 8080 -8880 ]
2023-01-23 14:12:53 +08:00
# 可覆盖 sniffer.override-destination
override-destination : true
force-domain :
- +.v2ex.com
2023-01-23 14:51:25 +08:00
## 对嗅探结果进行跳过
# skip-domain:
# - Mijia Cloud
2022-07-02 13:44:04 +08:00
# 需要嗅探协议
2023-01-23 14:14:18 +08:00
# 已废弃,若 sniffer.sniff 配置则此项无效
2022-07-02 13:44:04 +08:00
sniffing :
- tls
- http
# 强制对此域名进行嗅探
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# 仅对白名单中的端口进行嗅探,默认为 443, 80
2023-01-23 14:14:18 +08:00
# 已废弃,若 sniffer.sniff 配置则此项无效
2022-07-02 13:44:04 +08:00
port-whitelist :
- "80"
- "443"
# - 8000-9999
2023-02-25 17:20:38 +08:00
tunnels : # one line config
2022-11-28 20:12:09 +08:00
- tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy
- tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn
# full yaml config
2023-02-05 17:31:58 +08:00
- network : [ tcp, udp]
2022-11-28 20:12:09 +08:00
address : 127.0 .0 .1 : 7777
target : target.com
proxy : proxy
2024-04-07 05:28:22 +08:00
# DNS 配置
2022-07-02 13:44:04 +08:00
dns :
2023-12-02 17:07:36 +08:00
cache-algorithm : arc
2022-08-28 13:41:19 +08:00
enable : false # 关闭将使用系统 DNS
2022-12-08 09:59:04 +08:00
prefer-h3 : true # 开启 DoH 支持 HTTP/3, 将并发尝试
2022-08-28 13:41:19 +08:00
listen : 0.0 .0 .0 : 53 # 开启 DNS 服务器监听
# ipv6: false # false 将返回 AAAA 的空结果
2023-03-10 23:38:16 +08:00
# ipv6-timeout: 300 # 单位: ms, 内部双栈并发时, 向上游查询 AAAA 时,等待 AAAA 的时间,默认 100ms
2024-04-07 05:28:22 +08:00
# 用于解析 nameserver, fallback 以及其他 DNS 服务器配置的, DNS 服务域名
2022-08-28 13:41:19 +08:00
# 只能使用纯 IP 地址,可使用加密 DNS
2022-07-02 13:44:04 +08:00
default-nameserver :
- 114.114 .114 .114
- 8.8 .8 .8
- tls://1.12.12.12:853
- tls://223.5.5.5:853
2023-06-18 00:47:26 +08:00
- system # append DNS server from system configuration. If not found, it would print an error log and skip.
2022-07-02 13:44:04 +08:00
enhanced-mode : fake-ip # or redir-host
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
fake-ip-range : 198.18 .0 .1 /16 # fake-ip 池设置
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# use-hosts: true # 查询 hosts
2023-06-18 00:47:26 +08:00
2024-04-07 05:28:22 +08:00
# 配置不使用 fake-ip 的域名
2022-07-02 13:44:04 +08:00
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com
2023-06-18 00:47:26 +08:00
2024-04-07 05:28:22 +08:00
# DNS 主要域名配置
2022-08-28 13:41:19 +08:00
# 支持 UDP, TCP, DoT, DoH, DoQ
# 这部分为主要 DNS 配置,影响所有直连,确保使用对大陆解析精准的 DNS
2022-07-02 13:44:04 +08:00
nameserver :
- 114.114 .114 .114 # default value
- 8.8 .8 .8 # default value
- tls://223.5.5.5:853 # DNS over TLS
2022-07-21 14:03:49 +08:00
- https://doh.pub/dns-query # DNS over HTTPS
2022-11-12 12:12:31 +08:00
- https://dns.alidns.com/dns-query#h3=true # 强制 HTTP/3, 与 perfer-h3 无关,强制开启 DoH 的 HTTP/3 支持,若不支持将无法使用
2022-08-28 13:41:19 +08:00
- https://mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # 指定策略组和使用 HTTP/3
2022-07-02 13:44:04 +08:00
- dhcp://en0 # dns from dhcp
- quic://dns.adguard.com:784 # DNS over QUIC
2024-04-07 05:28:22 +08:00
# - '8.8.8.8#en0' # 兼容指定 DNS 出口网卡
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# 当配置 fallback 时,会查询 nameserver 中返回的 IP 是否为 CN, 非必要配置
# 当不是 CN, 则使用 fallback 中的 DNS 查询结果
# 确保配置 fallback 时能够正常查询
2022-07-02 13:44:04 +08:00
# fallback:
# - tcp://1.1.1.1
2022-08-28 13:41:19 +08:00
# - 'tcp://1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询, ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# 专用于节点域名解析的 DNS 服务器,非必要配置项
2022-07-02 13:44:04 +08:00
# proxy-server-nameserver:
# - https://dns.google/dns-query
# - tls://one.one.one.one
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# 配置 fallback 使用条件
2022-07-02 13:44:04 +08:00
# fallback-filter:
2022-08-28 13:41:19 +08:00
# geoip: true # 配置是否使用 geoip
# geoip-code: CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时,不使用 fallback 中的 DNS 查询结果
# 配置强制 fallback, 优先于 IP 判断,具体分类自行查看 geosite 库
2022-07-02 13:44:04 +08:00
# geosite:
# - gfw
2022-08-30 15:59:52 +08:00
# 如果不匹配 ipcidr 则使用 nameservers 中的结果
2022-07-02 13:44:04 +08:00
# ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# 配置查询域名使用的 DNS 服务器
2023-03-12 16:42:41 +08:00
nameserver-policy :
# 'www.baidu.com': '114.114.114.114'
2023-02-01 22:16:06 +08:00
# '+.internal.crop.com': '10.0.0.1'
2023-03-12 16:42:41 +08:00
"geosite:cn,private,apple" :
2023-02-25 17:20:38 +08:00
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
2023-06-11 23:01:45 +08:00
"geosite:category-ads-all": rcode://success
2023-03-12 16:42:41 +08:00
"www.baidu.com,+.google.cn": [ 223.5 .5 .5 , https://dns.alidns.com/dns-query]
2023-04-03 09:06:04 +08:00
## global, dns 为 rule-providers 中的名为 global 和 dns 规则订阅,
2023-06-18 00:47:26 +08:00
## 且 behavior 必须为 domain/classical, 当为 classical 时仅会生效域名类规则
2023-04-03 09:06:04 +08:00
# "rule-set:global,dns": 8.8.8.8
2023-02-25 17:20:38 +08:00
proxies : # socks5
- name : "socks"
type : socks5
server : server
port : 443
# username: username
# password: password
# tls: true
# fingerprint: xxxx
# skip-cert-verify: true
# udp: true
# ip-version: ipv6
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
# http
- name : "http"
type : http
server : server
port : 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# sni: custom.com
# fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints
# ip-version: dual
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
# Snell
# Beware that there's currently no UDP support yet
- name : "snell"
type : snell
server : server
port : 44046
psk : yourpsk
# version: 2
# obfs-opts:
# mode: http # or tls
# host: bing.com
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
# Shadowsocks
# cipher支持:
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
# 2022-blake3-aes-128-gcm 2022-blake3-aes-256-gcm 2022-blake3-chacha20-poly1305
- name : "ss1"
type : ss
server : server
port : 443
cipher : chacha20-ietf-poly1305
2023-02-01 22:16:06 +08:00
password : "password"
# udp: true
2023-01-27 13:41:23 +08:00
# udp-over-tcp: false
# ip-version: ipv4 # 设置节点使用 IP 版本, 可选: dual, ipv4, ipv6, ipv4-prefer, ipv6-prefer。默认使用 dual
2023-01-27 13:27:39 +08:00
# ipv4: 仅使用 IPv4 ipv6: 仅使用 IPv6
2024-04-07 05:28:22 +08:00
# ipv4-prefer: 优先使用 IPv4 对于 TCP 会进行双栈解析,并发链接但是优先使用 IPv4 链接,
2023-01-27 13:27:39 +08:00
# UDP 则为双栈解析,获取结果中的第一个 IPv4
# ipv6-prefer 同 ipv4-prefer
2022-10-02 20:47:43 +08:00
# 现有协议都支持此参数, TCP 效果仅在开启 tcp-concurrent 生效
2023-04-23 20:10:58 +08:00
smux :
enabled : false
protocol : smux # smux/yamux/h2mux
# max-connections: 4 # Maximum connections. Conflict with max-streams.
# min-streams: 4 # Minimum multiplexed streams in a connection before opening a new connection. Conflict with max-streams.
# max-streams: 0 # Maximum multiplexed streams in a connection before opening a new connection. Conflict with max-connections and min-streams.
# padding: false # Enable padding. Requires sing-box server version 1.3-beta9 or later.
2023-04-24 10:30:12 +08:00
# statistic: false # 控制是否将底层连接显示在面板中,方便打断底层连接
2024-04-07 05:28:22 +08:00
# only-tcp: false # 如果设置为 true, smux 的设置将不会对 udp 生效, udp 连接会直接走底层协议
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : "ss2"
type : ss
server : server
port : 443
cipher : chacha20-ietf-poly1305
password : "password"
plugin : obfs
plugin-opts :
mode : tls # or http
# host: bing.com
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : "ss3"
type : ss
server : server
port : 443
cipher : chacha20-ietf-poly1305
password : "password"
plugin : v2ray-plugin
plugin-opts :
mode : websocket # no QUIC now
2023-11-02 11:11:19 +08:00
# tls: true # wss
# 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# 配置指纹将实现 SSL Pining 效果
# fingerprint: xxxx
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: value
# v2ray-http-upgrade: false
2024-03-30 18:19:40 +08:00
# v2ray-http-upgrade-fast-open: false
2023-06-18 00:47:26 +08:00
2023-03-14 13:33:24 +08:00
- name : "ss4-shadow-tls"
2023-01-11 00:28:21 +08:00
type : ss
server : server
port : 443
cipher : chacha20-ietf-poly1305
password : "password"
plugin : shadow-tls
2023-03-14 13:33:24 +08:00
client-fingerprint : chrome
2023-01-11 00:28:21 +08:00
plugin-opts :
host : "cloud.tencent.com"
password : "shadow_tls_password"
2023-02-25 15:05:24 +08:00
version : 2 # support 1/2/3
2023-03-14 13:33:24 +08:00
- name : "ss-restls-tls13"
type : ss
server : [ YOUR_SERVER_IP]
port : 443
cipher : chacha20-ietf-poly1305
password : [ YOUR_SS_PASSWORD]
2023-06-18 00:47:26 +08:00
client-fingerprint :
chrome # One of : chrome, ios, firefox or safari
2024-04-07 05:28:22 +08:00
# 可以是 chrome, ios, firefox, safari 中的一个
2023-03-14 13:33:24 +08:00
plugin : restls
plugin-opts :
2023-06-18 00:47:26 +08:00
host :
"www.microsoft.com" # Must be a TLS 1.3 server
2024-04-07 05:28:22 +08:00
# 应当是一个 TLS 1.3 服务器
2023-06-18 00:47:26 +08:00
password : [ YOUR_RESTLS_PASSWORD]
version-hint : "tls13"
# Control your post-handshake traffic through restls-script
# Hide proxy behaviors like "tls in tls".
# see https://github.com/3andne/restls/blob/main/Restls-Script:%20Hide%20Your%20Proxy%20Traffic%20Behavior.md
2024-04-07 05:28:22 +08:00
# 用 restls 剧本来控制握手后的行为,隐藏"tls in tls"等特征
2023-06-18 00:47:26 +08:00
# 详情: https://github.com/3andne/restls/blob/main/Restls-Script:%20%E9%9A%90%E8%97%8F%E4%BD%A0%E7%9A%84%E4%BB%A3%E7%90%86%E8%A1%8C%E4%B8%BA.md
restls-script : "300?100<1,400~100,350~100,600~100,300~200,300~100"
2023-03-14 13:33:24 +08:00
- name : "ss-restls-tls12"
type : ss
server : [ YOUR_SERVER_IP]
port : 443
cipher : chacha20-ietf-poly1305
password : [ YOUR_SS_PASSWORD]
2023-06-18 00:47:26 +08:00
client-fingerprint :
chrome # One of : chrome, ios, firefox or safari
2024-04-07 05:28:22 +08:00
# 可以是 chrome, ios, firefox, safari 中的一个
2023-03-14 13:33:24 +08:00
plugin : restls
plugin-opts :
2023-06-18 00:47:26 +08:00
host :
"vscode.dev" # Must be a TLS 1.2 server
2024-04-07 05:28:22 +08:00
# 应当是一个 TLS 1.2 服务器
2023-06-18 00:47:26 +08:00
password : [ YOUR_RESTLS_PASSWORD]
version-hint : "tls12"
restls-script : "1000?100<1,500~100,350~100,600~100,400~200"
2022-07-02 13:44:04 +08:00
# vmess
2024-04-07 05:28:22 +08:00
# cipher 支持 auto/aes-128-gcm/chacha20-poly1305/none
2022-07-02 13:44:04 +08:00
- name : "vmess"
type : vmess
server : server
port : 443
uuid : uuid
alterId : 32
cipher : auto
# udp: true
# tls: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2023-02-05 17:31:58 +08:00
# client-fingerprint: chrome # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan.
2022-07-02 13:44:04 +08:00
# skip-cert-verify: true
# servername: example.com # priority over wss host
# network: ws
# ws-opts:
2023-11-02 11:11:19 +08:00
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
# v2ray-http-upgrade: false
2024-03-30 18:19:40 +08:00
# v2ray-http-upgrade-fast-open: false
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : "vmess-h2"
type : vmess
server : server
port : 443
uuid : uuid
alterId : 32
cipher : auto
network : h2
tls : true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
h2-opts :
host :
- http.example.com
- http-alt.example.com
path : /
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : "vmess-http"
type : vmess
server : server
port : 443
uuid : uuid
alterId : 32
cipher : auto
# udp: true
# network: http
# http-opts:
2023-02-25 17:20:38 +08:00
# method: "GET"
# path:
# - '/'
# - '/video'
# headers:
# Connection:
# - keep-alive
2022-08-28 13:41:19 +08:00
# ip-version: ipv4 # 设置使用 IP 类型偏好, 可选: ipv4, ipv6, dual, 默认值: dual
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : vmess-grpc
server : server
port : 443
type : vmess
uuid : uuid
alterId : 32
cipher : auto
network : grpc
tls : true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
servername : example.com
# skip-cert-verify: true
grpc-opts :
grpc-service-name : "example"
2022-08-28 13:41:19 +08:00
# ip-version: ipv4
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
# vless
- name : "vless-tcp"
type : vless
2022-07-02 13:44:04 +08:00
server : server
port : 443
2023-02-25 17:20:38 +08:00
uuid : uuid
network : tcp
servername : example.com # AKA SNI
# flow: xtls-rprx-direct # xtls-rprx-origin # enable XTLS
2022-07-02 13:44:04 +08:00
# skip-cert-verify: true
2023-02-25 17:20:38 +08:00
# fingerprint: xxxx
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
- name : "vless-vision"
type : vless
2022-07-02 13:44:04 +08:00
server : server
port : 443
2023-02-25 17:20:38 +08:00
uuid : uuid
network : tcp
tls : true
udp : true
2023-03-10 13:42:09 +08:00
flow : xtls-rprx-vision
2023-02-25 17:20:38 +08:00
client-fingerprint : chrome
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# skip-cert-verify: true
2023-06-18 00:47:26 +08:00
2023-03-08 19:12:51 +08:00
- name : "vless-reality-vision"
type : vless
server : server
port : 443
uuid : uuid
network : tcp
tls : true
udp : true
flow : xtls-rprx-vision
2023-03-08 20:28:12 +08:00
servername : www.microsoft.com # REALITY servername
2023-03-08 19:12:51 +08:00
reality-opts :
public-key : xxx
2023-03-08 20:28:12 +08:00
short-id : xxx # optional
client-fingerprint : chrome # cannot be empty
2023-06-18 00:47:26 +08:00
2023-03-10 13:42:09 +08:00
- name : "vless-reality-grpc"
type : vless
server : server
port : 443
uuid : uuid
network : grpc
tls : true
udp : true
flow :
# skip-cert-verify: true
client-fingerprint : chrome
servername : testingcf.jsdelivr.net
grpc-opts :
grpc-service-name : "grpc"
reality-opts :
public-key : CrrQSjAG_YkHLwvM2M-7XkKJilgL5upBKCp0od0tLhE
short-id : 10f897e26c4b9478
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
- name : "vless-ws"
type : vless
2022-07-02 13:44:04 +08:00
server : server
2023-02-25 17:20:38 +08:00
port : 443
uuid : uuid
udp : true
tls : true
network : ws
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
servername : example.com # priority over wss host
# skip-cert-verify: true
# fingerprint: xxxx
ws-opts :
path : "/"
headers :
Host : example.com
2023-11-02 11:11:19 +08:00
# v2ray-http-upgrade: false
2024-03-30 18:19:40 +08:00
# v2ray-http-upgrade-fast-open: false
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
# Trojan
- name : "trojan"
type : trojan
server : server
port : 443
password : yourpsk
2023-02-07 01:26:08 +08:00
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : trojan-grpc
server : server
port : 443
type : trojan
password : "example"
network : grpc
sni : example.com
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
udp : true
grpc-opts :
grpc-service-name : "example"
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : trojan-ws
server : server
port : 443
type : trojan
password : "example"
network : ws
sni : example.com
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-07-02 13:44:04 +08:00
udp : true
# ws-opts:
2023-11-02 11:11:19 +08:00
# path: /path
# headers:
# Host: example.com
# v2ray-http-upgrade: false
2024-03-30 18:19:40 +08:00
# v2ray-http-upgrade-fast-open: false
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : "trojan-xtls"
type : trojan
server : server
port : 443
password : yourpsk
flow : "xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct
flow-show : true
# udp: true
# sni: example.com # aka server name
# skip-cert-verify: true
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2023-06-18 00:47:26 +08:00
2022-10-21 01:21:15 +08:00
#hysteria
2022-07-02 13:44:04 +08:00
- name : "hysteria"
type : hysteria
server : server.com
port : 443
2023-12-31 03:22:01 +08:00
# ports: 1000,2000-3000,5000 # port 不可省略
auth-str : yourpassword
2022-07-02 13:44:04 +08:00
# obfs: obfs_str
2022-10-21 01:21:15 +08:00
# alpn:
# - h3
2022-08-28 13:41:19 +08:00
protocol : udp # 支持 udp/wechat-video/faketcp
up : "30 Mbps" # 若不写单位,默认为 Mbps
down : "200 Mbps" # 若不写单位,默认为 Mbps
2022-11-26 19:48:16 +08:00
# sni: server.com
# skip-cert-verify: false
# recv-window-conn: 12582912
2022-12-03 14:14:15 +08:00
# recv-window: 52428800
2022-11-26 19:48:16 +08:00
# ca: "./my.ca"
# ca-str: "xyz"
2023-12-31 03:22:01 +08:00
# disable-mtu-discovery: false
2022-07-11 13:42:28 +08:00
# fingerprint: xxxx
2022-11-26 19:48:16 +08:00
# fast-open: true # 支持 TCP 快速打开,默认为 false
2023-06-18 00:47:26 +08:00
2023-09-21 10:43:45 +08:00
#hysteria2
- name : "hysteria2"
type : hysteria2
server : server.com
port : 443
2024-03-12 03:14:25 +08:00
# ports: 1000,2000-3000,5000 # port 不可省略
# hop-interval: 15
2024-04-07 05:28:22 +08:00
# up 和 down 均不写或为 0 则使用 BBR 流控
2023-09-21 10:43:45 +08:00
# up: "30 Mbps" # 若不写单位,默认为 Mbps
# down: "200 Mbps" # 若不写单位,默认为 Mbps
password : yourpassword
2024-04-07 05:28:22 +08:00
# obfs: salamander # 默认为空,如果填写则开启 obfs, 目前仅支持 salamander
2023-09-21 10:43:45 +08:00
# obfs-password: yourpassword
# sni: server.com
# skip-cert-verify: false
# fingerprint: xxxx
# alpn:
# - h3
# ca: "./my.ca"
# ca-str: "xyz"
2023-02-25 17:20:38 +08:00
# wireguard
2022-11-09 22:55:32 +08:00
- name : "wg"
type : wireguard
server : 162.159 .192 .1
port : 2480
ip : 172.16 .0 .2
ipv6 : fd01:5ca1:ab1e:80fa:ab85:6eea:213f:f4a5
public-key : Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo=
2023-04-03 08:54:28 +08:00
# pre-shared-key: 31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=
private-key : eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU=
2022-11-09 22:55:32 +08:00
udp : true
2023-02-25 17:20:38 +08:00
reserved : "U4An"
2023-03-06 12:59:53 +08:00
# 数组格式也是合法的
# reserved: [209,98,59]
2023-04-10 08:54:10 +08:00
# 一个出站代理的标识。当值不为空时,将使用指定的 proxy 发出连接
# dialer-proxy: "ss1"
2024-04-07 05:28:22 +08:00
# remote-dns-resolve: true # 强制 dns 远程解析,默认值为 false
# dns: [ 1.1.1.1, 8.8.8.8 ] # 仅在 remote-dns-resolve 为 true 时生效
# 如果 peers 不为空,该段落中的 allowed-ips 不可为空;前面段落的 server,port,public-key,pre-shared-key 均会被忽略,但 private-key 会被保留且只能在顶层指定
2023-04-03 08:54:28 +08:00
# peers:
# - server: 162.159.192.1
# port: 2480
# public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo=
# # pre-shared-key: 31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=
2023-12-31 03:22:01 +08:00
# allowed-ips: ['0.0.0.0/0']
2023-04-03 08:54:28 +08:00
# reserved: [209,98,59]
2023-06-18 00:47:26 +08:00
2023-02-25 17:20:38 +08:00
# tuic
2022-11-25 08:08:14 +08:00
- name : tuic
server : www.example.com
port : 10443
type : tuic
2024-04-07 05:28:22 +08:00
# tuicV4 必须填写 token( 不可同时填写 uuid 和 password)
2022-11-25 08:08:14 +08:00
token : TOKEN
2024-04-07 05:28:22 +08:00
# tuicV5 必须填写 uuid 和 password( 不可同时填写 token)
2023-06-12 17:44:22 +08:00
uuid : 00000000 -0000 -0000 -0000 -000000000001
password : PASSWORD_1
2022-11-25 10:45:06 +08:00
# ip: 127.0.0.1 # for overwriting the DNS lookup result of the server address set in option 'server'
2022-11-26 21:35:47 +08:00
# heartbeat-interval: 10000
2022-11-25 08:08:14 +08:00
# alpn: [h3]
2023-02-25 17:20:38 +08:00
disable-sni : true
2022-11-26 21:35:47 +08:00
reduce-rtt : true
2023-02-25 17:20:38 +08:00
request-timeout : 8000
2022-11-26 21:35:47 +08:00
udp-relay-mode: native # Available : "native" , "quic" . Default : "native"
# congestion-controller: bbr # Available: "cubic", "new_reno", "bbr". Default: "cubic"
2023-06-18 00:47:26 +08:00
# cwnd: 10 # default: 32
2022-11-26 21:35:47 +08:00
# max-udp-relay-packet-size: 1500
# fast-open: true
2022-11-25 08:08:14 +08:00
# skip-cert-verify: true
2023-01-26 23:19:33 +08:00
# max-open-streams: 20 # default 100, too many open streams may hurt performance
2023-03-04 09:44:36 +08:00
# sni: example.com
2023-08-21 12:37:39 +08:00
#
2024-04-07 05:28:22 +08:00
# meta 和 sing-box 私有扩展,将 ss-uot 用于 udp 中继,开启此选项后 udp-relay-mode 将失效
# 警告,与原版 tuic 不兼容!!!
2023-08-21 12:37:39 +08:00
# udp-over-stream: false
# udp-over-stream-version: 1
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
# ShadowsocksR
# The supported ciphers (encryption methods): all stream ciphers in ss
# The supported obfses:
# plain http_simple http_post
# random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
2023-12-05 13:27:59 +08:00
# The supported protocols:
2022-07-02 13:44:04 +08:00
# origin auth_sha1_v4 auth_aes128_md5
# auth_aes128_sha1 auth_chain_a auth_chain_b
- name : "ssr"
type : ssr
server : server
port : 443
cipher : chacha20-ietf
password : "password"
obfs : tls1.2_ticket_auth
protocol : auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
2024-03-12 03:14:25 +08:00
- name : "ssh-out"
type : ssh
server : 127.0 .0 .1
port : 22
username : root
password : password
privateKey : path
2024-04-07 05:28:22 +08:00
# dns 出站会将请求劫持到内部 dns 模块,所有请求均在内部处理
2024-03-12 03:14:25 +08:00
- name : "dns-out"
type : dns
2023-04-07 22:37:01 +08:00
proxy-groups :
2024-04-07 05:28:22 +08:00
# 代理链,目前 relay 可以支持 udp 的只有 vmess/vless/trojan/ss/ssr/tuic
# wireguard 目前不支持在 relay 中使用,请使用 proxy 中的 dialer-proxy 配置项
2023-11-03 21:01:45 +08:00
# Traffic: mihomo <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
2022-07-02 13:44:04 +08:00
- name : "relay"
type : relay
proxies :
- http
- vmess
- ss1
- ss2
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# url-test 将按照 url 测试结果使用延迟最低节点
2022-07-02 13:44:04 +08:00
- name : "auto"
type : url-test
proxies :
- ss1
- ss2
- vmess1
# tolerance: 150
# lazy: true
2024-01-30 15:51:12 +08:00
# expected-status: 204 # 当健康检查返回状态码与期望值不符时,认为节点不可用
2023-01-27 13:41:23 +08:00
url : "https://cp.cloudflare.com/generate_204"
2022-07-02 13:44:04 +08:00
interval : 300
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# fallback 将按照 url 测试结果按照节点顺序选择
2022-07-02 13:44:04 +08:00
- name : "fallback-auto"
type : fallback
proxies :
- ss1
- ss2
- vmess1
2023-01-27 13:41:23 +08:00
url : "https://cp.cloudflare.com/generate_204"
2022-07-02 13:44:04 +08:00
interval : 300
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
# load-balance 将按照算法随机选择节点
- name : "load-balance"
type : load-balance
proxies :
- ss1
- ss2
- vmess1
2023-01-27 13:41:23 +08:00
url : "https://cp.cloudflare.com/generate_204"
2022-07-02 13:44:04 +08:00
interval : 300
2023-02-25 17:20:38 +08:00
# strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
# select 用户自行选择节点
- name : Proxy
type : select
# disable-udp: true
proxies :
- ss1
- ss2
- vmess1
- auto
2023-06-18 00:47:26 +08:00
2022-08-28 13:41:19 +08:00
# 配置指定 interface-name 和 fwmark 的 DIRECT
2022-07-02 13:44:04 +08:00
- name : en1
type : select
interface-name : en1
routing-mark : 6667
proxies :
- DIRECT
2023-06-18 00:47:26 +08:00
2022-07-02 13:44:04 +08:00
- name : UseProvider
type : select
2022-08-28 13:41:19 +08:00
filter : "HK|TW" # 正则表达式,过滤 provider1 中节点名包含 HK 或 TW
2022-07-02 13:44:04 +08:00
use :
- provider1
proxies :
- Proxy
- DIRECT
2023-11-03 21:01:45 +08:00
# Mihomo 格式的节点或支持 *ray 的分享格式
2022-07-02 13:44:04 +08:00
proxy-providers :
provider1 :
2024-04-07 05:28:22 +08:00
type : http # http 的 path 可空置,默认储存路径为 homedir 的 proxies 文件夹,文件名为 url 的 md5
2022-07-02 13:44:04 +08:00
url : "url"
interval : 3600
2023-11-03 21:01:45 +08:00
path : ./provider1.yaml # 默认只允许存储在 mihomo 的 Home Dir, 如果想存储到任意位置, 添加环境变量 SKIP_SAFE_PATH_CHECK=1
2024-04-07 05:28:22 +08:00
proxy : DIRECT
header :
User-Agent :
- "Clash/v1.18.0"
- "mihomo/1.18.3"
# Accept:
# - 'application/vnd.github.v3.raw'
# Authorization:
# - 'token 1231231'
2022-07-02 13:44:04 +08:00
health-check :
enable : true
interval : 600
# lazy: true
2023-01-27 13:41:23 +08:00
url : https://cp.cloudflare.com/generate_204
2024-01-30 15:51:12 +08:00
# expected-status: 204 # 当健康检查返回状态码与期望值不符时,认为节点不可用
2023-12-26 01:45:32 +08:00
override : # 覆写节点加载时的一些配置项
skip-cert-verify : true
udp : true
# down: "50 Mbps"
# up: "10 Mbps"
# dialer-proxy: proxy
# interface-name: tailscale0
# routing-mark: 233
# ip-version: ipv4-prefer
2024-02-20 15:15:22 +08:00
# additional-prefix: "[provider1]"
# additional-suffix: "test"
2022-07-02 13:44:04 +08:00
test :
type : file
path : /test.yaml
health-check :
enable : true
interval : 36000
2023-01-27 13:41:23 +08:00
url : https://cp.cloudflare.com/generate_204
2022-07-02 13:44:04 +08:00
rule-providers :
rule1 :
behavior : classical # domain ipcidr
interval : 259200
2023-11-03 21:01:45 +08:00
path : /path/to/save/file.yaml # 默认只允许存储在 mihomo 的 Home Dir, 如果想存储到任意位置, 添加环境变量 SKIP_SAFE_PATH_CHECK=1
2024-04-07 05:28:22 +08:00
type : http # http 的 path 可空置,默认储存路径为 homedir 的 rules 文件夹,文件名为 url 的 md5
2022-07-02 13:44:04 +08:00
url : "url"
2024-04-07 05:28:22 +08:00
proxy : DIRECT
2022-07-02 13:44:04 +08:00
rule2 :
behavior : classical
interval : 259200
path : /path/to/save/file.yaml
type : file
rules :
- RULE-SET,rule1,REJECT
2024-03-12 03:14:25 +08:00
- IP-ASN,1,PROXY
- DOMAIN-REGEX,^abc,DIRECT
2022-07-02 13:44:04 +08:00
- DOMAIN-SUFFIX,baidu.com,DIRECT
- DOMAIN-KEYWORD,google,ss1
- IP-CIDR,1.1.1.1/32,ss1
- IP-CIDR6,2409::/64,DIRECT
2023-02-25 17:20:38 +08:00
# 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 的规则集
2023-03-10 13:42:09 +08:00
- SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1
2022-10-23 16:54:50 +08:00
- SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2
2022-10-02 20:47:43 +08:00
# 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用
2022-10-02 20:48:50 +08:00
# google.com(not match)--> baidu.com(match)
# / |
# / |
# https://baidu.com --> rule1 --> rule2 --> sub-rule-name1(match tcp) 使用 DIRECT
2022-10-02 20:47:43 +08:00
#
2022-10-02 20:53:52 +08:00
#
# google.com(not match)--> baidu.com(not match)
# / |
# / |
# dns 1.1.1.1 --> rule1 --> rule2 --> sub-rule-name1(match udp) sub-rule-name2(match udp)
# |
# |
# 使用 REJECT <-- 1.1.1.1/32(match)
#
2022-10-02 20:47:43 +08:00
sub-rules :
sub-rule-name1 :
- DOMAIN,google.com,ss1
- DOMAIN,baidu.com,DIRECT
sub-rule-name2 :
- IP-CIDR,1.1.1.1/32,REJECT
- IP-CIDR,8.8.8.8/32,ss1
2022-10-21 01:21:15 +08:00
- DOMAIN,dns.alidns.com,REJECT
2022-12-03 14:14:15 +08:00
2022-12-04 13:37:14 +08:00
# 流量入站
listeners :
- name : socks5-in-1
type : socks
port : 10808
#listen: 0.0.0.0 # 默认监听 0.0.0.0
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理
2022-12-04 13:37:14 +08:00
# udp: false # 默认 true
2023-06-18 00:47:26 +08:00
2022-12-04 13:37:14 +08:00
- name : http-in-1
type : http
port : 10809
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2023-06-18 00:47:26 +08:00
2022-12-04 13:37:14 +08:00
- name : mixed-in-1
type : mixed # HTTP(S) 和 SOCKS 代理混合
port : 10810
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2022-12-04 13:37:14 +08:00
# udp: false # 默认 true
2023-06-18 00:47:26 +08:00
2022-12-04 13:37:14 +08:00
- name : reidr-in-1
type : redir
port : 10811
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2023-06-18 00:47:26 +08:00
2022-12-04 13:37:14 +08:00
- name : tproxy-in-1
type : tproxy
port : 10812
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2022-12-04 13:37:14 +08:00
# udp: false # 默认 true
2023-06-18 00:47:26 +08:00
2022-12-05 10:12:53 +08:00
- name : shadowsocks-in-1
type : shadowsocks
port : 10813
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2022-12-05 10:12:53 +08:00
password : vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=
cipher : 2022 -blake3-aes-256-gcm
2023-06-18 00:47:26 +08:00
2022-12-05 10:12:53 +08:00
- name : vmess-in-1
type : vmess
port : 10814
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2022-12-05 10:12:53 +08:00
users :
- username : 1
uuid : 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68
alterId : 1
2024-04-07 05:28:22 +08:00
# ws-path: "/" # 如果不为空则开启 websocket 传输层
# 下面两项如果填写则开启 tls( 需要同时填写)
2023-10-07 17:08:54 +08:00
# certificate: ./server.crt
# private-key: ./server.key
2023-06-18 00:47:26 +08:00
2022-12-04 23:05:13 +08:00
- name : tuic-in-1
type : tuic
2022-12-05 10:12:53 +08:00
port : 10815
2022-12-04 23:05:13 +08:00
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
# token: # tuicV4 填写(可以同时填写 users)
2023-06-12 17:44:22 +08:00
# - TOKEN
2024-04-07 05:28:22 +08:00
# users: # tuicV5 填写(可以同时填写 token)
2023-06-12 17:44:22 +08:00
# 00000000-0000-0000-0000-000000000000: PASSWORD_0
# 00000000-0000-0000-0000-000000000001: PASSWORD_1
2022-12-04 23:05:13 +08:00
# certificate: ./server.crt
# private-key: ./server.key
# congestion-controller: bbr
# max-idle-time: 15000
# authentication-timeout: 1000
# alpn:
# - h3
# max-udp-relay-packet-size: 1500
2023-06-18 00:47:26 +08:00
2022-12-05 17:03:12 +08:00
- name : tunnel-in-1
type : tunnel
port : 10816
listen : 0.0 .0 .0
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2023-02-05 17:31:58 +08:00
network : [ tcp, udp]
2022-12-05 17:03:12 +08:00
target : target.com
2023-06-18 00:47:26 +08:00
2022-12-05 17:43:50 +08:00
- name : tun-in-1
type : tun
2022-12-05 17:53:54 +08:00
# rule: sub-rule-name1 # 默认使用 rules, 如果未找到 sub-rule 则直接使用 rules
2024-04-07 05:28:22 +08:00
# proxy: proxy # 如果不为空则直接将该入站流量交由指定 proxy 处理 (当 proxy 不为空时,这里的 proxy 名称必须合法,否则会出错)
2023-12-31 03:22:01 +08:00
stack : system # gvisor / mixed
2022-12-05 17:43:50 +08:00
dns-hijack :
2023-12-31 03:22:01 +08:00
- 0.0 .0 .0 : 53 # 需要劫持的 DNS
2022-12-05 17:43:50 +08:00
# auto-detect-interface: false # 自动识别出口网卡
# auto-route: false # 配置路由表
# mtu: 9000 # 最大传输单元
2024-04-07 05:28:22 +08:00
inet4-address : # 必须手动设置 ipv4 地址段
2023-12-31 03:22:01 +08:00
- 198.19 .0 .1 /30
2024-04-07 05:28:22 +08:00
inet6-address : # 必须手动设置 ipv6 地址段
2023-12-31 03:22:01 +08:00
- "fdfe:dcba:9877::1/126"
2024-04-07 05:28:22 +08:00
# strict-route: true # 将所有连接路由到 tun 来防止泄漏,但你的设备将无法其他设备被访问
2023-12-31 03:22:01 +08:00
# inet4-route-address: # 启用 auto-route 时使用自定义路由而不是默认路由
# - 0.0.0.0/1
# - 128.0.0.0/1
# inet6-route-address: # 启用 auto-route 时使用自定义路由而不是默认路由
# - "::/1"
# - "8000::/1"
# endpoint-independent-nat: false # 启用独立于端点的 NAT
# include-uid: # UID 规则仅在 Linux 下被支持,并且需要 auto-route
2022-12-05 17:43:50 +08:00
# - 0
2023-12-31 03:22:01 +08:00
# include-uid-range: # 限制被路由的的用户范围
# - 1000:99999
# exclude-uid: # 排除路由的的用户
2023-02-25 17:20:38 +08:00
# - 1000
2023-12-31 03:22:01 +08:00
# exclude-uid-range: # 排除路由的的用户范围
# - 1000:99999
2023-06-18 00:47:26 +08:00
2022-12-05 17:43:50 +08:00
# Android 用户和应用规则仅在 Android 下被支持
2023-12-31 03:22:01 +08:00
# 并且需要 auto-route
2023-06-18 00:47:26 +08:00
2023-12-31 03:22:01 +08:00
# include-android-user: # 限制被路由的 Android 用户
2022-12-05 17:43:50 +08:00
# - 0
# - 10
2023-12-31 03:22:01 +08:00
# include-package: # 限制被路由的 Android 应用包名
2022-12-05 17:43:50 +08:00
# - com.android.chrome
2023-12-31 03:22:01 +08:00
# exclude-package: # 排除被路由的 Android 应用包名
2022-12-05 17:43:50 +08:00
# - com.android.captiveportallogin
2023-02-25 17:20:38 +08:00
# 入口配置与 Listener 等价,传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理
2024-04-07 05:28:22 +08:00
# shadowsocks,vmess 入口配置(传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理)
2023-02-25 17:20:38 +08:00
# ss-config: ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456
# vmess-config: vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345
2024-04-07 05:28:22 +08:00
# tuic 服务器入口(传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理)
2023-02-25 17:20:38 +08:00
# tuic-server:
# enable: true
# listen: 127.0.0.1:10443
2024-04-07 05:28:22 +08:00
# token: # tuicV4 填写(可以同时填写 users)
2023-02-25 17:20:38 +08:00
# - TOKEN
2024-04-07 05:28:22 +08:00
# users: # tuicV5 填写(可以同时填写 token)
2023-06-12 17:44:22 +08:00
# 00000000-0000-0000-0000-000000000000: PASSWORD_0
# 00000000-0000-0000-0000-000000000001: PASSWORD_1
2023-02-25 17:20:38 +08:00
# certificate: ./server.crt
# private-key: ./server.key
# congestion-controller: bbr
# max-idle-time: 15000
# authentication-timeout: 1000
# alpn:
# - h3
2024-01-30 15:51:12 +08:00
# max-udp-relay-packet-size: 1500