Created
March 24, 2023 15:18
-
-
Save EkkoG/20a52db0169c4a4769689521b1c5500e to your computer and use it in GitHub Desktop.
clash_example.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Port of HTTP(S) proxy server on the local end | |
| port: 7890 | |
| # Port of SOCKS5 proxy server on the local end | |
| socks-port: 7891 | |
| # Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) | |
| # redir-port: 7892 | |
| # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) | |
| # tproxy-port: 7893 | |
| # HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port | |
| # mixed-port: 7890 | |
| # authentication of local SOCKS5/HTTP(S) server | |
| # authentication: | |
| # - "user1:pass1" | |
| # - "user2:pass2" | |
| # Set to true to allow connections to the local-end server from | |
| # other LAN IP addresses | |
| allow-lan: false | |
| # This is only applicable when `allow-lan` is `true` | |
| # '*': bind all IP addresses | |
| # 192.168.122.11: bind a single IPv4 address | |
| # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address | |
| bind-address: '*' | |
| # Clash router working mode | |
| # rule: rule-based packet routing | |
| # global: all packets will be forwarded to a single endpoint | |
| # direct: directly forward the packets to the Internet | |
| mode: rule | |
| # Clash by default prints logs to STDOUT | |
| # info / warning / error / debug / silent | |
| log-level: info | |
| # When set to false, resolver won't translate hostnames to IPv6 addresses | |
| ipv6: false | |
| # RESTful web API listening address | |
| external-controller: 127.0.0.1:9090 | |
| # A relative path to the configuration directory or an absolute path to a | |
| # directory in which you put some static web resource. Clash core will then | |
| # serve it at `http://{{external-controller}}/ui`. | |
| external-ui: folder | |
| # Secret for the RESTful API (optional) | |
| # Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}` | |
| # ALWAYS set a secret if RESTful API is listening on 0.0.0.0 | |
| # secret: "" | |
| # Outbound interface name | |
| interface-name: en0 | |
| # fwmark on Linux only | |
| routing-mark: 6666 | |
| # Static hosts for DNS server and connection establishment (like /etc/hosts) | |
| # | |
| # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) | |
| # Non-wildcard domain names have a higher priority than wildcard domain names | |
| # e.g. foo.example.com > *.example.com > .example.com | |
| # P.S. +.foo.com equals to .foo.com and foo.com | |
| hosts: | |
| # '*.clash.dev': 127.0.0.1 | |
| # '.dev': 127.0.0.1 | |
| # 'alpha.clash.dev': '::1' | |
| profile: | |
| # Store the `select` results in $HOME/.config/clash/.cache | |
| # set false If you don't want this behavior | |
| # when two different configurations have groups with the same name, the selected values are shared | |
| store-selected: false | |
| # persistence fakeip | |
| store-fake-ip: true | |
| # DNS server settings | |
| # This section is optional. When not present, the DNS server will be disabled. | |
| dns: | |
| enable: false | |
| listen: 0.0.0.0:53 | |
| # ipv6: false # when the false, response to AAAA questions will be empty | |
| # These nameservers are used to resolve the DNS nameserver hostnames below. | |
| # Specify IP addresses only | |
| default-nameserver: | |
| - 114.114.114.114 | |
| - 8.8.8.8 | |
| enhanced-mode: fake-ip # or redir-host (not recommended) | |
| fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR | |
| # use-hosts: true # lookup hosts and return IP record | |
| # Hostnames in this list will not be resolved with fake IPs | |
| # i.e. questions to these domain names will always be answered with their | |
| # real IP addresses | |
| # fake-ip-filter: | |
| # - '*.lan' | |
| # - localhost.ptlogin2.qq.com | |
| # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. | |
| # All DNS questions are sent directly to the nameserver, without proxies | |
| # involved. Clash answers the DNS question with the first result gathered. | |
| nameserver: | |
| - 114.114.114.114 # default value | |
| - 8.8.8.8 # default value | |
| - tls://dns.rubyfish.cn:853 # DNS over TLS | |
| - https://1.1.1.1/dns-query # DNS over HTTPS | |
| - dhcp://en0 # dns from dhcp | |
| # - '8.8.8.8#en0' | |
| # When `fallback` is present, the DNS server will send concurrent requests | |
| # to the servers in this section along with servers in `nameservers`. | |
| # The answers from fallback servers are used when the GEOIP country | |
| # is not `CN`. | |
| # fallback: | |
| # - tcp://1.1.1.1 | |
| # - 'tcp://1.1.1.1#en0' | |
| # If IP addresses resolved with servers in `nameservers` are in the specified | |
| # subnets below, they are considered invalid and results from `fallback` | |
| # servers are used instead. | |
| # | |
| # IP address resolved with servers in `nameserver` is used when | |
| # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. | |
| # | |
| # If `fallback-filter.geoip` is false, results from `nameserver` nameservers | |
| # are always used if not match `fallback-filter.ipcidr`. | |
| # | |
| # This is a countermeasure against DNS pollution attacks. | |
| # fallback-filter: | |
| # geoip: true | |
| # geoip-code: CN | |
| # ipcidr: | |
| # - 240.0.0.0/4 | |
| # domain: | |
| # - '+.google.com' | |
| # - '+.facebook.com' | |
| # - '+.youtube.com' | |
| # Lookup domains via specific nameservers | |
| # nameserver-policy: | |
| # 'www.baidu.com': '114.114.114.114' | |
| # '+.internal.crop.com': '10.0.0.1' | |
| proxies: | |
| # Shadowsocks | |
| # The supported ciphers (encryption methods): | |
| # aes-128-gcm aes-192-gcm aes-256-gcm | |
| # aes-128-cfb aes-192-cfb aes-256-cfb | |
| # aes-128-ctr aes-192-ctr aes-256-ctr | |
| # rc4-md5 chacha20-ietf xchacha20 | |
| # chacha20-ietf-poly1305 xchacha20-ietf-poly1305 | |
| - name: "ss1" | |
| type: ss | |
| server: server | |
| port: 443 | |
| cipher: chacha20-ietf-poly1305 | |
| password: "password" | |
| # udp: true | |
| - name: "ss2" | |
| type: ss | |
| server: server | |
| port: 443 | |
| cipher: chacha20-ietf-poly1305 | |
| password: "password" | |
| plugin: obfs | |
| plugin-opts: | |
| mode: tls # or http | |
| # host: bing.com | |
| - name: "ss3" | |
| type: ss | |
| server: server | |
| port: 443 | |
| cipher: chacha20-ietf-poly1305 | |
| password: "password" | |
| plugin: v2ray-plugin | |
| plugin-opts: | |
| mode: websocket # no QUIC now | |
| # tls: true # wss | |
| # skip-cert-verify: true | |
| # host: bing.com | |
| # path: "/" | |
| # mux: true | |
| # headers: | |
| # custom: value | |
| # vmess | |
| # cipher support auto/aes-128-gcm/chacha20-poly1305/none | |
| - name: "vmess" | |
| type: vmess | |
| server: server | |
| port: 443 | |
| uuid: uuid | |
| alterId: 32 | |
| cipher: auto | |
| # udp: true | |
| # tls: true | |
| # skip-cert-verify: true | |
| # servername: example.com # priority over wss host | |
| # network: ws | |
| # ws-opts: | |
| # path: /path | |
| # headers: | |
| # Host: v2ray.com | |
| # max-early-data: 2048 | |
| # early-data-header-name: Sec-WebSocket-Protocol | |
| - name: "vmess-h2" | |
| type: vmess | |
| server: server | |
| port: 443 | |
| uuid: uuid | |
| alterId: 32 | |
| cipher: auto | |
| network: h2 | |
| tls: true | |
| h2-opts: | |
| host: | |
| - http.example.com | |
| - http-alt.example.com | |
| path: / | |
| - name: "vmess-http" | |
| type: vmess | |
| server: server | |
| port: 443 | |
| uuid: uuid | |
| alterId: 32 | |
| cipher: auto | |
| # udp: true | |
| # network: http | |
| # http-opts: | |
| # # method: "GET" | |
| # # path: | |
| # # - '/' | |
| # # - '/video' | |
| # # headers: | |
| # # Connection: | |
| # # - keep-alive | |
| - name: vmess-grpc | |
| server: server | |
| port: 443 | |
| type: vmess | |
| uuid: uuid | |
| alterId: 32 | |
| cipher: auto | |
| network: grpc | |
| tls: true | |
| servername: example.com | |
| # skip-cert-verify: true | |
| grpc-opts: | |
| grpc-service-name: "example" | |
| # socks5 | |
| - name: "socks" | |
| type: socks5 | |
| server: server | |
| port: 443 | |
| # username: username | |
| # password: password | |
| # tls: true | |
| # skip-cert-verify: true | |
| # udp: true | |
| # http | |
| - name: "http" | |
| type: http | |
| server: server | |
| port: 443 | |
| # username: username | |
| # password: password | |
| # tls: true # https | |
| # skip-cert-verify: true | |
| # sni: custom.com | |
| # Snell | |
| # Beware that there's currently no UDP support yet | |
| - name: "snell" | |
| type: snell | |
| server: server | |
| port: 44046 | |
| psk: yourpsk | |
| # version: 2 | |
| # obfs-opts: | |
| # mode: http # or tls | |
| # host: bing.com | |
| # Trojan | |
| - name: "trojan" | |
| type: trojan | |
| server: server | |
| port: 443 | |
| password: yourpsk | |
| # udp: true | |
| # sni: example.com # aka server name | |
| # alpn: | |
| # - h2 | |
| # - http/1.1 | |
| # skip-cert-verify: true | |
| - name: trojan-grpc | |
| server: server | |
| port: 443 | |
| type: trojan | |
| password: "example" | |
| network: grpc | |
| sni: example.com | |
| # skip-cert-verify: true | |
| udp: true | |
| grpc-opts: | |
| grpc-service-name: "example" | |
| - name: trojan-ws | |
| server: server | |
| port: 443 | |
| type: trojan | |
| password: "example" | |
| network: ws | |
| sni: example.com | |
| # skip-cert-verify: true | |
| udp: true | |
| # ws-opts: | |
| # path: /path | |
| # headers: | |
| # Host: example.com | |
| # ShadowsocksR | |
| # The supported ciphers (encryption methods): all stream ciphers in ss | |
| # The supported obfses: | |
| # plain http_simple http_post | |
| # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth | |
| # The supported supported protocols: | |
| # origin auth_sha1_v4 auth_aes128_md5 | |
| # auth_aes128_sha1 auth_chain_a auth_chain_b | |
| - name: "ssr" | |
| type: ssr | |
| server: server | |
| port: 443 | |
| cipher: chacha20-ietf | |
| password: "password" | |
| obfs: tls1.2_ticket_auth | |
| protocol: auth_sha1_v4 | |
| # obfs-param: domain.tld | |
| # protocol-param: "#" | |
| # udp: true | |
| proxy-groups: | |
| # relay chains the proxies. proxies shall not contain a relay. No UDP support. | |
| # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet | |
| - name: "relay" | |
| type: relay | |
| proxies: | |
| - http | |
| - vmess | |
| - ss1 | |
| - ss2 | |
| # url-test select which proxy will be used by benchmarking speed to a URL. | |
| - name: "auto" | |
| type: url-test | |
| proxies: | |
| - ss1 | |
| - ss2 | |
| - vmess1 | |
| # tolerance: 150 | |
| # lazy: true | |
| url: 'http://www.gstatic.com/generate_204' | |
| interval: 300 | |
| # fallback selects an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group. | |
| - name: "fallback-auto" | |
| type: fallback | |
| proxies: | |
| - ss1 | |
| - ss2 | |
| - vmess1 | |
| url: 'http://www.gstatic.com/generate_204' | |
| interval: 300 | |
| # load-balance: The request of the same eTLD+1 will be dial to the same proxy. | |
| - name: "load-balance" | |
| type: load-balance | |
| proxies: | |
| - ss1 | |
| - ss2 | |
| - vmess1 | |
| url: 'http://www.gstatic.com/generate_204' | |
| interval: 300 | |
| # strategy: consistent-hashing # or round-robin | |
| # select is used for selecting proxy or proxy group | |
| # you can use RESTful API to switch proxy is recommended for use in GUI. | |
| - name: Proxy | |
| type: select | |
| # disable-udp: true | |
| proxies: | |
| - ss1 | |
| - ss2 | |
| - vmess1 | |
| - auto | |
| # direct to another infacename or fwmark, also supported on proxy | |
| - name: en1 | |
| type: select | |
| interface-name: en1 | |
| routing-mark: 6667 | |
| proxies: | |
| - DIRECT | |
| - name: UseProvider | |
| type: select | |
| use: | |
| - provider1 | |
| proxies: | |
| - Proxy | |
| - DIRECT | |
| proxy-providers: | |
| provider1: | |
| type: http | |
| url: "url" | |
| interval: 3600 | |
| path: ./provider1.yaml | |
| health-check: | |
| enable: true | |
| interval: 600 | |
| # lazy: true | |
| url: http://www.gstatic.com/generate_204 | |
| test: | |
| type: file | |
| path: /test.yaml | |
| health-check: | |
| enable: true | |
| interval: 36000 | |
| url: http://www.gstatic.com/generate_204 | |
| tunnels: | |
| # one line config | |
| - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy | |
| - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn | |
| # full yaml config | |
| - network: [tcp, udp] | |
| address: 127.0.0.1:7777 | |
| target: target.com | |
| proxy: proxy | |
| rules: | |
| - DOMAIN-SUFFIX,google.com,auto | |
| - DOMAIN-KEYWORD,google,auto | |
| - DOMAIN,google.com,auto | |
| - DOMAIN-SUFFIX,ad.com,REJECT | |
| - SRC-IP-CIDR,192.168.1.201/32,DIRECT | |
| # optional param "no-resolve" for IP rules (GEOIP, IP-CIDR, IP-CIDR6) | |
| - IP-CIDR,127.0.0.0/8,DIRECT | |
| - GEOIP,CN,DIRECT | |
| - DST-PORT,80,DIRECT | |
| - SRC-PORT,7777,DIRECT | |
| - RULE-SET,apple,REJECT # Premium only | |
| - MATCH,auto |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment