Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Yet another config for Surge.app

Install

  1. Modify index.txt with your output path and proxy info
  2. Use Text Builder to build configuration for Surge: $ text-builder -index /path/to/index.txt Or run $ sh build-all to build all your index files.
  3. Import configuration via AirDrop/iTunes/Dropbox/iCloud

本人不提供任何保证和技术支持,使用者自负风险。
There are no guarantees, no any support. Use it at your own risk.

#!/usr/bin/env sh
# Written by janlay, janlay@gmail.com
for file in ./index-*.txt
do
echo "Building file $file..."
text-builder -index $file
done
[General]
# used by Surge for Mac
interface = 127.0.0.1
port = 8800
loglevel = warning
bypass-tun = 192.168.0.0/16, 10.0.0.0/8, 172.0.0.0/8, 100.64.0.0/10
skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.0.0.0/8, 100.64.0.0/10, localhost, *.local, e.crashlytics.com
dns-server = system, 223.5.5.5, 8.8.8.8, 8.8.4.4
[Host]
api.smoot.apple.com.cn = api.smoot.apple.com
[URL Rewrite]
^http://www.google.cn http://www.google.com
^http://mp.weixin.qq.com/mp/report reject
[Proxy]
#include proxy.txt
# Surge config index file for iOS 9+
#output 🚦 Auto.conf
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/config.txt
[Rule]
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/rules-app-blockers.txt
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/rules-main.txt
# Surge config index file for Mac OS X 10.11+
# !Use your username here
#output /Users/janlay/.surge.conf
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/config.txt
[Rule]
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/rules-intranet.txt
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/rules-mac-blockers.txt
#include https://gist.github.com/janlay/b57476c72a93b7e622a6/raw/rules-main.txt
💊 Play with GFW = direct
🇯🇵 SSLedge TYO1 = custom <<<
[Proxy Group]
Proxy = select, 💊 Play with GFW, 🇯🇵 SSLedge TYO1
# Block privacy tracker within apps
DOMAIN, ads.mopub.com, REJECT
DOMAIN, cpro.baidu.com, REJECT
DOMAIN, hm.baidu.com, REJECT
DOMAIN, hmma.baidu.com, REJECT
DOMAIN, monitor.uu.qq.com, REJECT
DOMAIN, graph.facebook.com, REJECT
DOMAIN, pagead2.googlesyndication.com, REJECT
DOMAIN, pgdt.gtimg.cn, REJECT
DOMAIN, pingma.qq.com, REJECT
DOMAIN, stat.m.jd.com, REJECT
DOMAIN-KEYWORD, analytics, REJECT
DOMAIN-KEYWORD, cnzz, REJECT
DOMAIN-KEYWORD, domob, REJECT
DOMAIN-KEYWORD, flurry.co, REJECT
DOMAIN-KEYWORD, umeng.co, REJECT
DOMAIN-SUFFIX, 127.net, REJECT
DOMAIN-SUFFIX, amazon-adsystem.com, REJECT
DOMAIN-SUFFIX, applovin.com, REJECT
DOMAIN-SUFFIX, beacon.qq.com, REJECT
DOMAIN-SUFFIX, doubleclick.net, REJECT
DOMAIN-SUFFIX, duomeng.cn, REJECT
DOMAIN-SUFFIX, mmstat.com, REJECT
DOMAIN-SUFFIX, mob.com, REJECT
DOMAIN-SUFFIX, sponsorpay.com, REJECT
DOMAIN-SUFFIX, youmi.net, REJECT
# Prevent stream services from displaying ads
DOMAIN, ad.api.3g.youku.com, REJECT
DOMAIN, agn.aty.sohu.com, REJECT
DOMAIN, ark.letv.com, REJECT
DOMAIN, asimgs.pplive.cn, REJECT
DOMAIN, atm.youku.com, REJECT
DOMAIN, lives.l.qq.com, REJECT
# Disable customized fonts
DOMAIN, fonts.googleapis.com, REJECT
# Awful ads served by China Telecom
DOMAIN-KEYWORD, 61.160.200, REJECT
# Prevent sniffer from a public WiFi
DOMAIN, init.icloud-analysis.com, REJECT
# Update certificates on iOS
USER-AGENT, com.apple.trustd/*, DIRECT
# Special rules for your intranet
DOMAIN, order.mi.com, Proxy
DOMAIN, pan.baidu.com, Proxy
DOMAIN-SUFFIX, 115.com, Proxy
# Block privacy tracker within apps
DOMAIN, ads.mopub.com, REJECT
DOMAIN, cpro.baidu.com, REJECT
DOMAIN, hm.baidu.com, REJECT
DOMAIN, hmma.baidu.com, REJECT
DOMAIN, monitor.uu.qq.com, REJECT
DOMAIN, graph.facebook.com, REJECT
DOMAIN, pagead2.googlesyndication.com, REJECT
DOMAIN, pgdt.gtimg.cn, REJECT
DOMAIN, pingma.qq.com, REJECT
DOMAIN, stat.m.jd.com, REJECT
DOMAIN-KEYWORD, analytics, REJECT
DOMAIN-KEYWORD, cnzz, REJECT
DOMAIN-KEYWORD, flurry.co, REJECT
DOMAIN-KEYWORD, umeng.co, REJECT
DOMAIN-SUFFIX, 127.net, REJECT
DOMAIN-SUFFIX, amazon-adsystem.com, REJECT
DOMAIN-SUFFIX, applovin.com, REJECT
DOMAIN-SUFFIX, beacon.qq.com, REJECT
DOMAIN-SUFFIX, doubleclick.net, REJECT
DOMAIN-SUFFIX, duomeng.cn, REJECT
DOMAIN-SUFFIX, mmstat.com, REJECT
DOMAIN-SUFFIX, mob.com, REJECT
DOMAIN-SUFFIX, sponsorpay.com, REJECT
DOMAIN-SUFFIX, youmi.net, REJECT
# Prevent stream services from displaying ads
DOMAIN, ad.api.3g.youku.com, REJECT
DOMAIN, agn.aty.sohu.com, REJECT
DOMAIN, ark.letv.com, REJECT
DOMAIN, asimgs.pplive.cn, REJECT
DOMAIN, atm.youku.com, REJECT
DOMAIN, lives.l.qq.com, REJECT
# Disable customized fonts
DOMAIN, fonts.googleapis.com, REJECT
# Awful ads served by China Telecom
DOMAIN, 61.160.200.252, REJECT
# Prevent sniffer from a public WiFi
DOMAIN, init.icloud-analysis.com, REJECT
# Direct rules
DOMAIN-SUFFIX, cn, DIRECT
DOMAIN-KEYWORD, zj, DIRECT
DOMAIN-KEYWORD, hz, DIRECT
DOMAIN-KEYWORD, ali, DIRECT
DOMAIN-KEYWORD, taobao, DIRECT
DOMAIN-KEYWORD, 360, DIRECT
DOMAIN-KEYWORD, baidu, DIRECT
DOMAIN-SUFFIX, 126.net, DIRECT
DOMAIN-SUFFIX, 163.com, DIRECT
DOMAIN-SUFFIX, gtimg.com, DIRECT
DOMAIN-SUFFIX, jd.com, DIRECT
DOMAIN-SUFFIX, netease.com, DIRECT
DOMAIN-SUFFIX, qq.com, DIRECT
# Wi-Fi Authentication
DOMAIN, captive.apple.com, DIRECT
# Some services are available locally
DOMAIN-SUFFIX, ls.apple.com, DIRECT
# Apple services
DOMAIN-SUFFIX, apple.com, Proxy
DOMAIN-SUFFIX, icloud.com, Proxy
DOMAIN-SUFFIX, mzstatic.com, Proxy
DOMAIN-KEYWORD, aka, Proxy
# Streaming services, comment out if you don't need
DOMAIN-KEYWORD, qiyi, DIRECT
DOMAIN-KEYWORD, sohu, DIRECT
# Mac apps
PROCESS-NAME, trustd, DIRECT
PROCESS-NAME, Speedtest, DIRECT
PROCESS-NAME, WeChat, DIRECT
PROCESS-NAME, Tweetbot, Proxy
PROCESS-NAME, Dropbox, Proxy
PROCESS-NAME, Telegram, Proxy
PROCESS-NAME, Thunder, DIRECT
PROCESS-NAME, Jietu, REJECT
# Force some domains which are fucked by GFW while resolving DNS
DOMAIN-KEYWORD, facebook, Proxy, force-remote-dns
DOMAIN-KEYWORD, gmail, Proxy, force-remote-dns
DOMAIN-KEYWORD, google, Proxy, force-remote-dns
DOMAIN-KEYWORD, youtube, Proxy, force-remote-dns
DOMAIN-SUFFIX, fbcdn.net, Proxy, force-remote-dns
DOMAIN-SUFFIX, twitter.com, Proxy, force-remote-dns
DOMAIN-SUFFIX, twimg.com, Proxy, force-remote-dns
DOMAIN-SUFFIX, github.com, Proxy, force-remote-dns
# Workaround for some apps
# Instagram
DOMAIN-KEYWORD, instagram, Proxy, force-remote-dns
# SeekingAlpha
DOMAIN-SUFFIX, seekingalpha.com, DIRECT
# Reserved networks, debugging rules should place above this line
IP-CIDR, 10.0.0.0/8, DIRECT
IP-CIDR, 100.64.0.0/10, DIRECT
IP-CIDR, 127.0.0.0/8, DIRECT
IP-CIDR, 172.0.0.0/8, DIRECT
IP-CIDR, 192.168.0.0/16, DIRECT
# Detect local network
GEOIP, CN, DIRECT
# Use proxy for all others
FINAL, Proxy

jostyee commented Oct 5, 2015

应该可以加条 腾讯分析 的规则 DOMAIN-SUFFIX,tajs.qq.com,REJECT

Owner

janlay commented Oct 5, 2015

这些规则主要针对 apps 的隐私收集,浏览器页面上的,交给 Content Blocking 插件搞定就好啦。

你好,我想配合我的shadowsocks帐号密码使用该怎么修改配置文件了,我试了修改proxy那里不行。。

bviews commented Oct 14, 2015

使用这个Rule时,微信的语音聊天似乎没有办法成功连接

kuyapp commented Oct 15, 2015

有了skip-proxy后边的LAN可以省掉了

现在的问题是等surge正式上架

Owner

janlay commented Oct 26, 2015

@kuyapp: 不能省,skip-proxy 只能处理用 IP 访问的情况,后边的还可以处理域名指向 LAN 地址的 case.

这个配置,对下载app store的速度有提升吗?

作者建议的bypass-tun是这样的:
bypass-tun = 0.0.0.0/8, 1.0.0.0/9, 1.160.0.0/11, 1.192.0.0/11, 10.0.0.0/8, 14.0.0.0/11, 14.96.0.0/11, 14.128.0.0/11, 14.192.0.0/11, 27.0.0.0/10, 27.96.0.0/11, 27.128.0.0/9, 36.0.0.0/10, 36.96.0.0/11, 36.128.0.0/9, 39.0.0.0/11, 39.64.0.0/10, 39.128.0.0/10, 42.0.0.0/8, 43.224.0.0/11, 45.64.0.0/10, 47.64.0.0/10, 49.0.0.0/9, 49.128.0.0/11, 49.192.0.0/10, 54.192.0.0/11, 58.0.0.0/9, 58.128.0.0/11, 58.192.0.0/10, 59.32.0.0/11, 59.64.0.0/10, 59.128.0.0/9, 60.0.0.0/10, 60.160.0.0/11, 60.192.0.0/10, 61.0.0.0/10, 61.64.0.0/11, 61.128.0.0/10, 61.224.0.0/11, 100.64.0.0/10, 101.0.0.0/9, 101.128.0.0/11, 101.192.0.0/10, 103.0.0.0/10, 103.192.0.0/10, 106.0.0.0/9, 106.224.0.0/11, 110.0.0.0/7, 112.0.0.0/9, 112.128.0.0/11, 112.192.0.0/10, 113.0.0.0/9, 113.128.0.0/11, 113.192.0.0/10, 114.0.0.0/9, 114.128.0.0/11, 114.192.0.0/10, 115.0.0.0/8, 116.0.0.0/8, 117.0.0.0/9, 117.128.0.0/10, 118.0.0.0/11, 118.64.0.0/10, 118.128.0.0/9, 119.0.0.0/9, 119.128.0.0/10, 119.224.0.0/11, 120.0.0.0/10, 120.64.0.0/11, 120.128.0.0/11, 120.192.0.0/10, 121.0.0.0/9, 121.192.0.0/10, 122.0.0.0/7, 124.0.0.0/8, 125.0.0.0/9, 125.160.0.0/11, 125.192.0.0/10, 127.0.0.0/8, 139.0.0.0/11, 139.128.0.0/9, 140.64.0.0/11, 140.128.0.0/11, 140.192.0.0/10, 144.0.0.0/10, 144.96.0.0/11, 144.224.0.0/11, 150.0.0.0/11, 150.96.0.0/11, 150.128.0.0/11, 150.192.0.0/10, 152.96.0.0/11, 153.0.0.0/10, 153.96.0.0/11, 157.0.0.0/10, 157.96.0.0/11, 157.128.0.0/11, 157.224.0.0/11, 159.224.0.0/11, 161.192.0.0/11, 162.96.0.0/11, 163.0.0.0/10, 163.96.0.0/11, 163.128.0.0/10, 163.192.0.0/11, 166.96.0.0/11, 167.128.0.0/10, 167.192.0.0/11, 168.160.0.0/11, 169.254.0.0/16, 171.0.0.0/9, 171.192.0.0/11, 172.16.0.0/12, 175.0.0.0/9, 175.128.0.0/10, 180.64.0.0/10, 180.128.0.0/9, 182.0.0.0/8, 183.0.0.0/10, 183.64.0.0/11, 183.128.0.0/9, 192.0.0.0/24, 192.0.2.0/24, 192.88.99.0/24, 192.96.0.0/11, 192.160.0.0/11, 198.18.0.0/15, 198.51.100.0/24, 202.0.0.0/9, 202.128.0.0/10, 202.192.0.0/11, 203.0.0.0/9, 203.128.0.0/10, 203.192.0.0/11, 210.0.0.0/10, 210.64.0.0/11, 210.160.0.0/11, 210.192.0.0/11, 211.64.0.0/10, 211.128.0.0/10, 218.0.0.0/9, 218.160.0.0/11, 218.192.0.0/10, 219.64.0.0/11, 219.128.0.0/11, 219.192.0.0/10, 220.96.0.0/11, 220.128.0.0/9, 221.0.0.0/11, 221.96.0.0/11, 221.128.0.0/9, 222.0.0.0/8, 223.0.0.0/11, 223.64.0.0/10, 223.128.0.0/9

Owner

janlay commented Nov 8, 2015

这个略难看… 待我找到微信的网段再单独加进去

IP-CIDR,183.128.0.0/10,REJECT,no-resolve
这个规则不能加,加了之后微信群里面的图片打不开。

vvtommy commented Nov 23, 2015

star 一个先。

赞一个

赞一个

rollcn commented Apr 11, 2016

多谢作者。想问下,keyword规则可以单独使用吗?

Owner

janlay commented Apr 19, 2016

@rollcn 可以按需提取规则。

想问下作者,配置的ss在移动4g网络下测试连接时总是unavailable,wifi下都正常,是不是针对蜂窝网络需要有什么特别的配置(配置文件用的是这个https://gist.github.com/scomper/b0c6129840272c136a82 …)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment