Skip to content

Instantly share code, notes, and snippets.

@malikshi

malikshi/sing-box.schema.json

Forked from artiga033/sing-box.schema.json
Last active March 13, 2023 07:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save malikshi/a13ba46d42a26975002e4dd4747a434b to your computer and use it in GitHub Desktop.
Save malikshi/a13ba46d42a26975002e4dd4747a434b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sing-box.schema.json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://example.com/product.schema.json",
"title": "sing-box config schema",
"type": "object",
"$defs": {
"listableString": {
"$comments": "ref:https://github.com/SagerNet/sing-box/blob/b0db869b052aa32ec1716e43f7c1f50d7e491057/option/types.go#L77",
"description": "allow not hava to be an array when there's single item",
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
},
"portNumber": {
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"durationStringPattern": {
"pattern": "^([+-])?(\\d+(\\.\\d+)?(ns|us|µs|ms|s|m|h))+"
},
"listenFields": {
"properties": {
"listen": {
"type": "string",
"description": "Listen address."
},
"listen_port": {
"type": "integer",
"description": "Listen port."
},
"tcp_fast_open": {
"type": "boolean",
"description": "Enable TCP Fast Open."
},
"udp_fragment": {
"type": "boolean",
"description": "Enable UDP fragmentation."
},
"sniff": {
"type": "boolean",
"description": "Enable sniffing. See Protocol Sniff for details."
},
"sniff_override_destination": {
"type": "boolean",
"description": ""
},
"sniff_timeout": {
"type": "string",
"description": "Timeout for sniffing. 300ms is used by default.",
"$ref": "#/$defs/durationStringPattern"
},
"domain_strategy": {
"type": "string",
"enum": [
"prefer_ipv4",
"prefer_ipv6",
"ipv4_only",
"ipv6_only"
],
"description": "If set, the requested domain name will be resolved to IP before routing. If sniff_override_destination is in effect, its value will be taken as a fallback."
},
"udp_timeout": {
"type": "number",
"description": "UDP NAT expiration time in seconds, default is 300 (5 minutes)."
},
"proxy_protocol": {
"type": "boolean",
"description": "Parse Proxy Protocol in the connection header."
},
"proxy_protocol_accept_no_header": {
"type": "boolean",
"description": "Accept connections without Proxy Protocol header."
},
"detour": {
"type": "string",
"description": "If set, connections will be forwarded to the specified inbound. Requires target inbound support, see Injectable."
}
},
"required": [
"listen"
]
},
"dialFieldsWhenDetourNotSet": {
"properties": {
"bind_interface": {
"type": "string",
"description": "The network interface to bind to."
},
"inet4_bind_address": {
"type": "string",
"description": "The IPv4 address to bind to."
},
"inet6_bind_address": {
"type": "string",
"description": "The IPv6 address to bind to."
},
"routing_mark": {
"type": "number",
"description": "Only supported on Linux. Set netfilter routing mark."
},
"reuse_addr": {
"type": "boolean",
"description": "Reuse listener address."
},
"tcp_fast_open": {
"type": "boolean",
"description": "Enable TCP Fast Open."
},
"udp_fragment": {
"type": "boolean",
"description": "Enable UDP fragmentation."
},
"connect_timeout": {
"type": "string",
"description": "Connect timeout, in golang's Duration format.\nA duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".",
"$ref": "#/$defs/durationStringPattern"
}
}
},
"dialFields": {
"type": "object",
"properties": {
"domain_strategy": {
"type": "string",
"enum": [
"prefer_ipv4",
"prefer_ipv6",
"ipv4_only",
"ipv6_only"
]
},
"fallback_delay": {
"type": "string",
"description": "The length of time to wait before spawning a RFC 6555 Fast Fallback connection. That is, is the amount of time to wait for connection to succeed before assuming that IPv4/IPv6 is misconfigured and falling back to other type of addresses. If zero, a default delay of 300ms is used.\nOnly take effect when domain_strategy is set.",
"$ref": "#/$defs/durationStringPattern"
}
},
"oneOf": [
{
"not": {
"required": [
"bind_interface",
"inet4_bind_address",
"inet6_bind_address",
"routing_mark",
"reuse_addr",
"tcp_fast_open",
"udp_fragment",
"connect_timeout",
"detour"
]
},
"properties": {
"detour": {
"type": "string",
"description": "The tag of the upstream outbound."
}
},
"$ref": "#/$defs/dialFieldsWhenDetourNotSet"
},
{
"required": [
"detour"
],
"properties": {
"detour": {
"type": "string",
"description": "The tag of the upstream outbound."
}
}
},
{
"anyOf": [
{
"required": [
"bind_interface"
]
},
{
"required": [
"inet4_bind_address"
]
},
{
"required": [
"inet6_bind_address"
]
},
{
"required": [
"routing_mark"
]
},
{
"required": [
"reuse_addr"
]
},
{
"required": [
"tcp_fast_open"
]
},
{
"required": [
"udp_fragment"
]
},
{
"required": [
"connect_timeout"
]
}
],
"$ref": "#/$defs/dialFieldsWhenDetourNotSet"
}
]
},
"tlsVersionValues": {
"enum": [
"1.0",
"1.1",
"1.2",
"1.3"
]
},
"cipherSuitevalues": {
"enum": [
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
]
},
"inboundTlsOptions": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable TLS."
},
"server_name": {
"type": "string",
"description": "Used to verify the hostname on the returned certificates unless insecure is given.\nIt is also included in the client's handshake to support virtual hosting unless it is an IP address."
},
"alpn": {
"type": "array",
"description": "List of supported application level protocols, in order of preference.\nIf both peers support ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol.\nSee Application-Layer Protocol Negotiation."
},
"min_version": {
"type": "string",
"$ref": "#/$defs/tlsVersionValues",
"description": "The minimum TLS version that is acceptable.\nBy default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server."
},
"max_version": {
"type": "string",
"$ref": "#/$defs/tlsVersionValues",
"description": "The maximum TLS version that is acceptable.\nBy default, the maximum version is currently TLS 1.3."
},
"cipher_suites": {
"type": "array",
"$ref": "#/$defs/cipherSuitevalues",
"description": "The elliptic curves that will be used in an ECDHE handshake, in preference order.\nIf empty, the default will be used. The client will use the first preference as the type for its key share in TLS 1.3. This may change in the future."
},
"certificate": {
"type": "string",
"description": "The server certificate, in PEM format."
},
"certificate_path": {
"type": "string",
"description": "The path to the server certificate, in PEM format."
},
"key": {
"type": "string",
"description": "The server private key, in PEM format."
},
"key_path": {
"type": "string",
"description": "The path to the server private key, in PEM format."
},
"acme": {
"type": "object",
"properties": {
"domain": {
"type": "array",
"description": "List of domain.\nACME will be disabled if empty."
},
"data_directory": {
"type": "string",
"description": "The directory to store ACME data.\n$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic will be used if empty."
},
"default_server_name": {
"type": "string",
"description": "Server name to use when choosing a certificate if the ClientHello's ServerName field is empty."
},
"email": {
"type": "string",
"description": "The email address to use when creating or selecting an existing ACME server account"
},
"provider": {
"type": "string",
"description": "The ACME CA provider to use.",
"oneOf": [
{
"const": "letsencrypt",
"description": "Let's Encrypt"
},
{
"const": "zerossl",
"description": "ZeroSSL"
},
{
"description": "Custom"
}
]
},
"disable_http_challenge": {
"type": "boolean",
"description": "Disable all HTTP challenges."
},
"disable_tls_alpn_challenge": {
"type": "boolean",
"description": "Disable all TLS-ALPN challenges"
},
"alternative_http_port": {
"type": "integer",
"description": "The alternate port to use for the ACME HTTP challenge; if non-empty, this port will be used instead of 80 to spin up a listener for the HTTP challenge."
},
"alternative_tls_port": {
"type": "integer",
"description": "The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to succeed."
},
"external_account": {
"type": "object",
"description": "EAB (External Account Binding) contains information necessary to bind or map an ACME account to some other account known by the CA.\nExternal account bindings are used to associate an ACME account with an existing account in a non-ACME system, such as a CA customer database.\nTo enable ACME account binding, the CA operating the ACME server needs to provide the ACME client with a MAC key and a key identifier, using some mechanism outside of ACME. §7.3.4",
"properties": {
"key_id": {
"type": "string",
"description": "The key identifier."
},
"mac_key": {
"type": "string",
"description": "The MAC key."
}
}
}
}
},
"reality": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"handshake": {
"type": "object",
"description": "Handshake server address and Dial options.",
"properties": {
"allOf": [
{
"server": {
"type": "string"
},
"server_port": {
"type": "integer"
}
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
"private_key": {
"type": "string",
"description": "Private key, generated by sing-box generate reality-keypair."
},
"short_id": {
"type": "list",
"description": "A 8-bit hex string."
},
"max_time_difference": {
"type": "string",
"description": "The maximum time difference between the server and the client.\nCheck disabled if empty.",
"$ref": "#/$defs/durationStringPattern"
}
},
"required": [
"handshake",
"private_key",
"short_id"
]
}
}
},
"outboundTlsOptions": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable TLS."
},
"disable_sni": {
"type": "boolean",
"description": "Do not send server name in ClientHello."
},
"server_name": {
"type": "string",
"description": "Used to verify the hostname on the returned certificates unless insecure is given.\nIt is also included in the client's handshake to support virtual hosting unless it is an IP address."
},
"insecure": {
"type": "boolean",
"description": "Accepts any server certificate."
},
"alpn": {
"type": "array",
"description": "List of supported application level protocols, in order of preference.\nIf both peers support ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol.\nSee Application-Layer Protocol Negotiation."
},
"min_version": {
"type": "string",
"$ref": "#/$defs/tlsVersionValues",
"description": "The minimum TLS version that is acceptable.\nBy default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server."
},
"max_version": {
"type": "string",
"$ref": "#/$defs/tlsVersionValues",
"description": "The maximum TLS version that is acceptable.\nBy default, the maximum version is currently TLS 1.3."
},
"cipher_suites": {
"type": "array",
"$ref": "#/$defs/cipherSuitevalues",
"description": "The elliptic curves that will be used in an ECDHE handshake, in preference order.\nIf empty, the default will be used. The client will use the first preference as the type for its key share in TLS 1.3. This may change in the future."
},
"certificate": {
"type": "string",
"description": "The server certificate, in PEM format."
},
"certificate_path": {
"type": "string",
"description": "The path to the server certificate, in PEM format."
},
"ech": {
"type": "object",
"description": "ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message.\nIf you don't know how to fill in the other configuration, just set enabled.",
"properties": {
"enabled": {
"type": "boolean"
},
"pq_signature_schemes_enabled": {
"type": "boolean"
},
"dynamic_record_sizing_disabled": {
"type": "boolean"
},
"config": {
"type": "string"
}
}
},
"utls": {
"type": "object",
"description": "uTLS is a fork of \"crypto/tls\", which provides ClientHello fingerprinting resistance.",
"properties": {
"enabled": {
"type": "boolean"
},
"fingerprint": {
"type": "string",
"enum": [
"chrome",
"firefox",
"edge",
"safari",
"360",
"qq",
"ios",
"android",
"random",
"randomized"
]
}
}
},
"reality": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"public_key": {
"type": "string",
"description": "Public key, generated by sing-box generate reality-keypair."
},
"short_id": {
"type": "string",
"description": "A 8-bit hex string."
}
},
"required": [
"public_key",
"short_id"
]
}
}
},
"v2rayTransportOptions": {
"type": "object",
"allOf": [
{
"properties": {
"type": {
"type": "string",
"enum": [
"http",
"ws",
"quic",
"grpc"
]
}
},
"required": "type"
},
{
"if": {
"properties": {
"type": {
"const": "http"
}
}
},
"then": {
"properties": {
"host": {
"type": "array",
"description": "List of host domain.\nThe client will choose randomly and the server will verify if not empty."
},
"path": {
"type": "string",
"description": "Path of HTTP request.\nThe server will verify if not empty."
},
"method": {
"type": "string",
"description": "Method of HTTP request.\nThe server will verify if not empty."
},
"headers": {
"type": "object",
"description": "Extra headers of HTTP request.\nThe server will write in response if not empty."
}
}
}
},
{
"if": {
"properties": {
"type": {
"const": "ws"
}
}
},
"then": {
"properties": {
"path": {
"type": "string",
"description": "Path of HTTP request.\nThe server will verify if not empty."
},
"headers": {
"type": "object",
"description": "Extra headers of HTTP request."
},
"max_early_data": {
"type": "number",
"description": "Allowed payload size is in the request. Enabled if not zero."
},
"early_data_header_name": {
"type": "string",
"description": "Early data is sent in path instead of header by default.\nTo be compatible with Xray-core, set this to Sec-WebSocket-Protocol.\nIt needs to be consistent with the server."
}
}
}
},
{
"if": {
"properties": {
"type": {
"const": "quic"
}
}
},
"then": {}
},
{
"if": {
"properties": {
"type": {
"const": "grpc"
}
}
},
"then": {
"properties": {
"service_name": {
"type": "string",
"description": "Service name of gRPC."
}
}
}
}
]
},
"multiplexOptions": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable multiplex."
},
"protocol": {
"type": "string",
"description": "Multiplex protocol.",
"enum": [
"smux",
"yamux"
]
},
"max_connections": {
"type": "integer",
"description": "Maximum connections.\nConflict with max_streams."
},
"min_streams": {
"type": "integer",
"description": "Minimum multiplexed streams in a connection before opening a new connection.\nConflict with max_streams."
},
"max_streams": {
"type": "integer",
"description": "Maximum multiplexed streams in a connection before opening a new connection.\nConflict with max_connections and min_streams."
}
}
},
"logOptions": {
"type": "object",
"properties": {
"disabled": {
"type": "boolean",
"description": "Disable logging, no output after start."
},
"level": {
"type": "string",
"description": "Log level.",
"enum": [
"trace",
"debug",
"info",
"warn",
"error",
"fatal",
"panic"
]
},
"output": {
"type": "string",
"description": "Output file path. Will not write log to console after enable."
},
"timestamp": {
"type": "boolean",
"description": "Add time to each line."
}
}
},
"dnsServer": {
"type": "object",
"properties": {
"tag": {
"type": "string",
"description": "The tag of the dns server."
},
"address": {
"type": "string",
"pattern": "local|\\d{1,3}(\\.\\d{1,3}){3}|((tcp|udp|)://\\d{1,3}(\\.\\d{1,3}){3})|(tls|https|quic|h3)://([a-z0-9.-]+)(/.*)?|(rcode://(success|format_error|server_failure|name_error|not_implemented|refused))|dhcp://(auto|en\\d+)",
"description": "The address of the dns server."
},
"address_resolver": {
"type": "string",
"description": "Required if address contains domain.Tag of a another server to resolve the domain name in the address."
},
"address_strategy": {
"type": "string",
"description": "The domain strategy for resolving the domain name in the address.",
"enum": [
"prefer_ipv4",
"prefer_ipv6",
"ipv4_only",
"ipv6_only"
]
},
"strategy": {
"type": "string",
"description": "Default domain strategy for resolving the domain names.",
"enum": [
"prefer_ipv4",
"prefer_ipv6",
"ipv4_only",
"ipv6_only"
]
},
"detour": {
"type": "string",
"description": "Tag of an outbound for connecting to the dns server."
}
}
},
"defaultDnsRule": {
"type": "object",
"properties": {
"inbound": {
"$ref": "#/$defs/listableString",
"description": "Tags of Inbound."
},
"ip_version": {
"type": "integer",
"enum": [
4,
6
]
},
"query_type": {
"description": "DNS query type. Values can be integers or type name strings.",
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
]
},
"network": {
"type": "string",
"enum": [
"tcp",
"udp"
]
},
"auth_user": {
"$ref": "#/$defs/listableString",
"description": "Username, see each inbound for details."
},
"protocol": {
"$ref": "#/$defs/listableString",
"description": "Sniffed protocol, see Sniff for details."
},
"domain": {
"$ref": "#/$defs/listableString",
"description": "Match full domain."
},
"domain_suffix": {
"$ref": "#/$defs/listableString",
"description": "Match domain suffix."
},
"domain_keyword": {
"$ref": "#/$defs/listableString",
"description": "Match domain using keyword."
},
"domain_regex": {
"$ref": "#/$defs/listableString",
"description": "Match domain using regular expression."
},
"geosite": {
"$ref": "#/$defs/listableString",
"description": "Match geosite."
},
"source_geoip": {
"$ref": "#/$defs/listableString",
"description": "Match source geoip."
},
"source_ip_cidr": {
"$ref": "#/$defs/listableString",
"description": "Match source ip cidr."
},
"source_port": {
"$ref": "#/$defs/portNumber",
"description": "Match source port."
},
"source_port_range": {
"$ref": "#/$defs/listableString",
"description": ""
},
"port": {
"$ref": "#/$defs/portNumber",
"description": "Match port."
},
"port_range": {
"$ref": "#/$defs/listableString",
"description": "Match port range."
},
"process_name": {
"$ref": "#/$defs/listableString",
"description": "Only supported on Linux, Windows, and macOS. Match process name."
},
"process_path": {
"$ref": "#/$defs/listableString",
"description": "Only supported on Linux, Windows, and macOS. Match process path."
},
"package_name": {
"$ref": "#/$defs/listableString",
"description": "Match android package name."
},
"user": {
"$ref": "#/$defs/listableString",
"description": "Only supported on Linux. Match user name."
},
"user_id": {
"oneOf": [
{
"type": "array",
"items": {
"type": "integer"
}
},
{
"type": "integer"
}
],
"description": "Only supported on Linux. Match user id."
},
"clash_mode": {
"type": "string",
"description": "Match Clash mode."
},
"invert": {
"type": "boolean",
"description": "Invert match result."
},
"outbound": {
"$ref": "#/$defs/listableString",
"description": "Match outbound."
},
"server": {
"type": "string",
"description": "Tag of the target dns server."
},
"disable_cache": {
"type": "bool",
"description": "Disable cache and save cache in this query."
}
},
"required": [
"server"
]
},
"logicalDnsRule": {
"type": "object",
"properties": {
"type": {
"enum": [
"logical"
]
},
"mode": {
"enum": [
"and",
"or"
]
},
"rules": {
"type": "array",
"items": {
"$ref": "#/$defs/defaultDnsRule"
},
"description": "Included default rules."
},
"invert": {
"type": "boolean",
"description": "Invert match result."
},
"server": {
"type": "string",
"description": "Tag of the target dns server."
},
"disable_cache": {
"type": "bool",
"description": "Disable cache and save cache in this query."
}
},
"required": [
"server"
]
},
"dnsOptions": {
"type": "object",
"properties": {
"server": {
"type": "array",
"items": {
"$ref": "#/$defs/dnsServer"
},
"description": "List of DNS Server"
},
"rules": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/$defs/defaultDnsRule"
},
{
"$ref": "#/$defs/logicalDnsRule"
}
]
},
"description": "List of DNS Rule"
},
"final": {
"type": "string",
"description": "Default dns server tag. The first server will be used if empty."
},
"strategy": {
"description": "Default domain strategy for resolving the domain names. Take no effect if server.strategy is set.",
"enum": [
"prefer_ipv4",
"prefer_ipv6",
"ipv4_only",
"ipv6_only"
]
},
"disable_cache": {
"type": "boolean",
"description": "Disable dns cache."
},
"disable_expire": {
"type": "boolean",
"description": "Disable dns cache expire."
}
}
},
"ntpOptions": {
"type": "object",
"allOf": [
{
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable NTP service."
},
"server": {
"type": "string",
"description": "NTP server address."
},
"server_port": {
"type": "string",
"description": "NTP server port.\n123 is used by default."
},
"interval": {
"type": "string",
"description": "Time synchronization interval.\n30 minutes is used by default.",
"$ref": "#/$defs/durationStringPattern"
}
}
},
{
"$ref": "#/$defs/dialFields"
}
],
"required": [
"server"
]
},
"inboundsOptions": {
"type": "array",
"items": {
"allOf": [
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": [
"direct",
"mixed",
"socks",
"http",
"shadowsocks",
"vmess",
"trojan",
"naive",
"hysteria",
"shadowtls",
"vless",
"tun",
"redirect",
"tproxy"
]
},
"tag": {
"type": "string",
"description": "The tag of the inbound."
}
},
"required": [
"type"
]
},
{
"if": {
"properties": {
"type": {
"const": "direct"
}
}
},
"then": {
"allOf": [
{
"properties": {
"network": {
"type": "string",
"enum": [
"",
"tcp",
"udp"
],
"description": "Listen network, one of tcp udp.\nBoth if empty."
},
"override_address": {
"type": "string",
"description": "Override the connection destination address."
},
"override_port": {
"type": "integer",
"description": "Override the connection destination port."
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "mixed"
}
}
},
"then": {
"allOf": [
{
"properties": {
"users": {
"type": "object",
"description": "SOCKS and HTTP users.\nNo authentication required if empty.",
"properties": {
"username": {
"type": "string"
},
"password": {
"type": "string"
}
}
},
"set_system_proxy": {
"type": "boolean",
"description": "Only supported on Linux, Android, Windows, and macOS.\nAutomatically set system proxy configuration when start and clean up when stop."
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "socks"
}
}
},
"then": {
"allOf": [
{
"properties": {
"users": {
"type": "object",
"description": "SOCKS users.\nNo authentication required if empty.",
"properties": {
"username": {
"type": "string"
},
"password": {
"type": "string"
}
}
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "http"
}
}
},
"then": {
"allOf": [
{
"properties": {
"tls": {
"type": "object",
"description": "TLS configuration, see TLS.",
"$ref": "#/$defs/inboundTlsOptions"
},
"users": {
"type": "object",
"description": "HTTP users.\nNo authentication required if empty.",
"properties": {
"username": {
"type": "string"
},
"password": {
"type": "string"
}
}
},
"set_system_proxy": {
"type": "boolean",
"description": "Only supported on Linux, Android, Windows, and macOS.\nAutomatically set system proxy configuration when start and clean up when stop."
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "shadowsocks"
}
}
},
"then": {
"allOf": [
{
"properties": {
"network": {
"type": "string",
"enum": [
"",
"tcp",
"udp"
],
"description": "Listen network, one of tcp udp.\nBoth if empty."
},
"method": {
"type": "string",
"enum": [
"2022-blake3-aes-128-gcm",
"2022-blake3-aes-256-gcm",
"2022-blake3-chacha20-poly1305",
"none",
"aes-128-gcm",
"aes-192-gcm",
"aes-256-gcm",
"chacha20-ietf-poly1305",
"xchacha20-ietf-poly1305"
]
},
"password": {
"type": "string"
}
},
"required": [
"method",
"password",
"listen_port"
]
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "vmess"
}
}
},
"then": {
"allOf": [
{
"properties": {
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"uuid": {
"type": "string"
},
"alterId": {
"type": "number"
}
}
}
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
},
"transport": {
"$ref": "#/$defs/v2rayTransportOptions"
}
},
"required": [
"users"
]
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "trojan"
}
}
},
"then": {
"allOf": [
{
"properties": {
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"password": {
"type": "string"
}
}
}
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
},
"fallback": {
"type": "object",
"properties": {
"server": {
"type": "string"
},
"server_port": {
"type": "integer"
}
}
},
"fallback_for_alpn": {
"type": "object"
},
"transport": {
"$ref": "#/$defs/v2rayTransportOptions"
}
},
"required": [
"users"
]
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "naive"
}
}
},
"then": {
"allOf": [
{
"properties": {
"network": {
"type": "string",
"enum": [
"",
"tcp",
"udp"
]
},
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"password": {
"type": "string"
}
}
}
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
}
},
"required": [
"users"
]
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "hysteria"
}
}
},
"then": {
"allOf": [
{
"properties": {
"up": {
"type": "string",
"description": "Format: [Integer] [Unit] e.g. 100 Mbps, 640 KBps, 2 Gbps"
},
"down": {
"type": "string",
"description": "Format: [Integer] [Unit] e.g. 100 Mbps, 640 KBps, 2 Gbps"
},
"up_mbps": {
"type": "number",
"description": "up, down in Mbps."
},
"down_mbps": {
"type": "number",
"description": "up, down in Mbps."
},
"obfs": {
"type": "string"
},
"users": {
"type": "array",
"description": "Hysteria users",
"items": {
"properties": {
"name": {
"type": "string"
},
"auth": {
"type": "string",
"description": "Authentication password, in base64."
},
"auth_str": {
"type": "string",
"description": "Authentication password."
}
}
}
},
"recv_window_conn": {
"type": "number",
"description": "The QUIC stream-level flow control window for receiving data.\n15728640 (15 MB/s) will be used if empty."
},
"recv_window_client": {
"type": "number",
"description": "The QUIC connection-level flow control window for receiving data.\n67108864 (64 MB/s) will be used if empty."
},
"max_conn_client": {
"type": "number",
"description": "The maximum number of QUIC concurrent bidirectional streams that a peer is allowed to open.\n1024 will be used if empty."
},
"disable_mtu_discovery": {
"type": "boolean",
"description": "Disables Path MTU Discovery (RFC 8899). Packets will then be at most 1252 (IPv4) / 1232 (IPv6) bytes in size.\nForce enabled on for systems other than Linux and Windows (according to upstream)."
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
}
},
"required": [
"up",
"down",
"up_mbps",
"down_mbps",
"tls"
]
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "shadowtls"
}
}
},
"then": {
"allOf": [
{
"properties": {
"version": {
"type": "number"
},
"password": {
"type": "string"
},
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"password": {
"type": "string"
}
}
}
},
"handshake": {
"type": "object",
"allOf": [
{
"properties": {
"server": {
"type": "string"
},
"server_port": {
"type": "number"
}
}
},
{
"$ref": "#/$defs/dialFields"
}
]
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "vless"
}
}
},
"then": {
"allOf": [
{
"properties": {
"users": {
"type": "array",
"description": "VLESS users.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"uuid": {
"type": "string",
"description": "VLESS user id."
},
"flow": {
"type": "string",
"description": "VLESS Sub-protocol.",
"enum": [
"",
"xtls-rprx-vision"
]
}
},
"required": [
"uuid"
]
}
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
},
"transport": {
"$ref": "#/$defs/v2rayTransportOptions"
}
},
"required": [
"users"
]
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "tun"
}
}
},
"then": {
"allOf": [
{
"properties": {
"interface_name": {
"type": "string",
"description": "Virtual device name, automatically selected if empty."
},
"inet4_address": {
"type": "string",
"description": "IPv4 prefix for the tun interface."
},
"inet6_address": {
"type": "string",
"description": "IPv6 prefix for the tun interface."
},
"mtu": {
"type": "number",
"description": "The maximum transmission unit."
},
"auto_route": {
"type": "boolean",
"description": "Set the default route to the Tun."
},
"strict_route": {
"type": "boolean",
"description": "Enforce strict routing rules when auto_route is enabled:\n\nIn Linux:\n\nLet unsupported network unreachable\nRoute all connections to tun\nIt prevents address leaks and makes DNS hijacking work on Android and Linux with systemd-resolved, but your device will not be accessible by others.\n\nIn Windows:\n\nAdd firewall rules to prevent DNS leak caused by Windows' ordinary multihomed DNS resolution behavior\nIt may prevent some applications (such as VirtualBox) from working properly in certain situations."
},
"inet4_route_address": {
"type": "array",
"items": {
"type": "string"
},
"description": "Use custom routes instead of default when auto_route is enabled."
},
"inet6_route_address": {
"type": "array",
"items": {
"type": "string"
},
"description": "Use custom routes instead of default when auto_route is enabled."
},
"endpoint_independent_nat": {
"type": "boolean",
"description": "This item is only available on the gvisor stack, other stacks are endpoint-independent NAT by default.\n\nEnable endpoint-independent NAT.\n\nPerformance may degrade slightly, so it is not recommended to enable on when it is not needed."
},
"stack": {
"type": "string",
"description": "TCP/IP stack.",
"enum": [
"system",
"gVisor",
"LWIP"
]
},
"include_uid": {
"type": "array",
"items": {
"type": "number"
},
"description": "UID rules are only supported on Linux and require auto_route.\n\nLimit users in route. Not limited by default."
},
"include_uid_range": {
"type": "array",
"items": {
"type": "string"
},
"description": "Limit users in route, but in range."
},
"exclude_uid": {
"type": "array",
"items": {
"type": "number"
},
"description": "Exclude users in route."
},
"exclude_uid_range": {
"type": "array",
"items": {
"type": "string"
},
"description": "Exclude users in route, but in range."
},
"include_android_user": {
"type": "array",
"items": {
"type": "number"
},
"description": "Android user and package rules are only supported on Android and require auto_route.\n\nLimit android users in route."
},
"include_package": {
"type": "array",
"items": {
"type": "string"
},
"description": "Limit android packages in route."
},
"exclude_package": {
"type": "array",
"items": {
"type": "string"
},
"description": "Exclude android packages in route."
},
"platform": {
"type": "object",
"description": "Platform-specific settings, provided by client applications.",
"properties": {
"http_proxy": {
"type": "object",
"description": "System HTTP proxy settings.",
"properties": {
"enabled": {
"type": "boolean"
},
"server": {
"type": "string"
},
"server_port": {
"type": "integer"
}
}
}
}
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "redirect"
}
}
},
"then": {
"allOf": [
{
"properties": {
"network": {
"type": "string",
"description": "Listen network, one of tcp udp.\n\nBoth if empty.",
"enum": [
"",
"tcp",
"udp"
]
}
}
},
{
"$ref": "#/$defs/listenFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "tproxy"
}
}
},
"then": {
"allOf": [
{},
{
"$ref": "#/$defs/listenFields"
}
]
}
}
]
}
},
"outboundsOptions": {
"type": "array",
"items": {
"allOf": [
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": [
"direct",
"block",
"socks",
"http",
"shadowsocks",
"vmess",
"trojan",
"wireguard",
"hysteria",
"shadowsocksr",
"vless",
"shadowtls",
"tor",
"ssh",
"dns",
"selector",
"urltest"
]
},
"tag": {
"type": "string",
"description": "The tag of the outbound."
}
},
"required": [
"type"
]
},
{
"if": {
"properties": {
"type": {
"const": "direct"
}
}
},
"then": {
"allOf": [
{
"properties": {
"override_address": {
"type": "string",
"description": "Override the connection destination address."
},
"override_port": {
"type": "integer",
"description": "Override the connection destination port."
},
"proxy_protocol": {
"type": "integer",
"enum": [
0,
1,
2
],
"description": "Write Proxy Protocol in the connection header.\nProtocol value can be 1 or 2."
}
}
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "block"
}
}
},
"then": {}
},
{
"if": {
"properties": {
"type": {
"const": "socks"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"version": {
"type": "string",
"description": "The SOCKS version, one of 4 4a 5.\nOCKS5 used by default.",
"enum": [
"4",
"4a",
"5"
],
"username": {
"type": "string",
"description": "SOCKS username."
},
"password": {
"type": "string",
"description": "SOCKS5 password."
},
"network": {
"type": "string",
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default.",
"enum": [
"tcp",
"udp"
]
},
"udp_over_tcp": {
"type": "boolean",
"description": "Enable the UDP over TCP protocol."
}
}
},
"required": [
"server",
"server_port"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "http"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"username": {
"type": "string",
"description": "Basic authorization username."
},
"password": {
"type": "string",
"description": "Basic authorization password."
},
"tls": {
"$ref": "#/$defs/outboundTlsOptions"
}
},
"required": [
"server",
"server_port"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "shadowsocks"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"method": {
"type": "string",
"enum": [
"2022-blake3-aes-128-gcm",
"2022-blake3-aes-256-gcm",
"2022-blake3-chacha20-poly1305",
"none",
"aes-128-gcm",
"aes-192-gcm",
"aes-256-gcm",
"chacha20-ietf-poly1305",
"xchacha20-ietf-poly1305",
"aes-128-ctr",
"aes-192-ctr",
"aes-256-ctr",
"aes-128-cfb",
"aes-192-cfb",
"aes-256-cfb",
"rc4-md5",
"chacha20-ietf",
"xchacha20"
]
},
"password": {
"type": "string",
"description": "The shadowsocks password."
},
"plugin": {
"type": "string",
"enum": [
"obfs-local",
"v2ray-plugin"
],
"description": "Shadowsocks SIP003 plugin, implemented in internal. Only obfs-local and v2ray-plugin are supported."
},
"plugin_opts": {
"type": "string",
"description": "Shadowsocks SIP003 plugin options."
},
"network": {
"type": "string",
"enum": [
"tcp",
"udp"
],
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default."
},
"udp_over_tcp": {
"type": "boolean",
"description": "Enable the UDP over TCP protocol.\nConflict with multiplex."
},
"multiplex": {
"type": "object",
"$ref": "#/$defs/multiplexOptions"
}
},
"required": [
"server",
"server_port",
"method",
"password"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "vmess"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"uuid": {
"type": "string",
"description": "The VMess user id."
},
"security": {
"type": "string",
"enum": [
"auto",
"none",
"zero",
"aes-128-gcm",
"chacha20-poly1305",
"aes-128-ctr"
]
},
"alter_id": {
"type": "number",
"oneOf": [
{
"const": "0",
"description": "Use AEAD protocol"
},
{
"const": "1",
"description": "Use legacy protocol"
},
{
"exclusiveMinimum": 1,
"description": "Unused, same as 1"
}
]
},
"global_padding": {
"type": "boolean",
"description": "Protocol parameter. Will waste traffic randomly if enabled (enabled by default in v2ray and cannot be disabled)."
},
"authenticated_length": {
"type": "boolean",
"description": "Protocol parameter. Enable length block encryption."
},
"network": {
"type": "string",
"enum": [
"tcp",
"udp"
],
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default."
},
"tls": {
"type": "object",
"$ref": "#/$defs/outboundTlsOptions"
},
"packet_encoding": {
"type": "string",
"enum": [
"none",
"packetaddr",
"xudp"
],
"description": "UDP packet encoding."
},
"multiplex": {
"type": "object",
"$ref": "#/$defs/multiplexOptions"
},
"transport": {
"type": "object",
"$ref": "#/$defs/v2rayTransportOptions"
}
},
"required": [
"server",
"server_port",
"uuid"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "trojan"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"password": {
"type": "string",
"description": "The Trojan password."
},
"network": {
"type": "string",
"enum": [
"tcp",
"udp"
],
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default."
},
"tls": {
"type": "object",
"$ref": "#/$defs/outboundTlsOptions"
},
"multiplex": {
"type": "object",
"$ref": "#/$defs/multiplexOptions"
},
"transport": {
"type": "object",
"$ref": "#/$defs/v2rayTransportOptions"
}
},
"required": [
"server",
"server_port",
"password"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "wireguard"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"system_interface": {
"type": "boolean",
"description": "Use system tun support.\nRequires privilege and cannot conflict with system interfaces.\nForced if gVisor not included in the build."
},
"interface_name": {
"type": "string",
"description": "Custom device name when system_interface enabled."
},
"local_address": {
"type": "array",
"description": "List of IP (v4 or v6) address prefixes to be assigned to the interface.",
"items": {
"type": "string"
}
},
"private_key": {
"type": "string",
"description": "WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:"
},
"peer_public_key": {
"type": "string",
"description": "WireGuard peer public key."
},
"pre_shared_key": {
"type": "string",
"description": "WireGuard pre-shared key."
},
"reserved": {
"type": "array",
"description": "WireGuard reserved field bytes."
},
"workers": {
"type": "integer",
"description": "WireGuard worker count.\nCPU count is used by default."
},
"mtu": {
"type": "number",
"description": "WireGuard MTU.\n1408 will be used if empty."
},
"network": {
"type": "string",
"enum": [
"tcp",
"udp"
],
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default."
}
},
"required": [
"server",
"server_port",
"local_address",
"private_key",
"peer_public_key"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "hysteria"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"up": {
"type": "string",
"description": "Format: [Integer] [Unit] e.g. 100 Mbps, 640 KBps, 2 Gbps"
},
"down": {
"type": "string",
"description": "Format: [Integer] [Unit] e.g. 100 Mbps, 640 KBps, 2 Gbps"
},
"up_mbps": {
"type": "number",
"description": "up, down in Mbps."
},
"down_mbps": {
"type": "number",
"description": "up, down in Mbps."
},
"obfs": {
"type": "string",
"description": "Obfuscated password."
},
"auth": {
"type": "string",
"description": "Authentication password, in base64."
},
"auth_str": {
"type": "string",
"description": "Authentication password."
},
"recv_window_conn": {
"type": "number",
"description": "The QUIC stream-level flow control window for receiving data."
},
"recv_window": {
"type": "number",
"description": "The QUIC connection-level flow control window for receiving data."
},
"disable_mtu_discovery": {
"type": "boolean",
"description": "Disables Path MTU Discovery (RFC 8899). Packets will then be at most 1252 (IPv4) / 1232 (IPv6) bytes in size.\nForce enabled on for systems other than Linux and Windows (according to upstream)."
},
"network": {
"type": "string",
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default.",
"enum": [
"tcp",
"udp"
]
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
}
},
"required": [
"server",
"server_port",
"up",
"down",
"up_mbps",
"down_mbps",
"tls"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "shadowsocksr"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"method": {
"type": "string",
"enum": [
"aes-128-ctr",
"aes-192-ctr",
"aes-256-ctr",
"aes-128-cfb",
"aes-192-cfb",
"aes-256-cfb",
"rc4-md5",
"chacha20-ietf",
"xchacha20"
]
},
"password": {
"type": "string",
"description": "The shadowsocks password."
},
"obfs": {
"type": "string",
"enum": [
"plain",
"http_simple",
"http_post",
"random_head",
"tls1.2_ticket_auth"
],
"description": "The ShadowsocksR obfuscate."
},
"obfs_param": {
"type": "string",
"description": "The ShadowsocksR obfuscate parameter."
},
"protocol": {
"type": "string",
"enum": [
"origin",
"verify_sha1",
"auth_sha1_v4",
"auth_aes128_md5",
"auth_aes128_sha1",
"auth_chain_a",
"auth_chain_b"
],
"description": "The ShadowsocksR protocol."
},
"protocol_param": {
"type": "string",
"description": "The ShadowsocksR protocol parameter."
},
"network": {
"type": "string",
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default.",
"enum": [
"tcp",
"udp"
]
}
},
"required": [
"server",
"server_port",
"password",
"method"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "vless"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"uuid": {
"type": "string",
"description": "VLESS user id."
},
"flow": {
"type": "string",
"enum": [
"",
"xtls-rprx-vision"
],
"description": "VLESS Sub-protocol."
},
"network": {
"type": "string",
"description": "Enabled network\nOne of tcp udp.\nBoth is enabled by default.",
"enum": [
"tcp",
"udp"
]
},
"tls": {
"type": "object",
"$ref": "#/$defs/outboundTlsOptions"
},
"packet_encoding": {
"type": "string",
"enum": [
"none",
"packetaddr",
"xudp"
],
"description": "UDP packet encoding."
},
"transport": {
"type": "object",
"$ref": "#/$defs/v2rayTransportOptions"
}
},
"required": [
"server",
"server_port",
"uuid"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "shadowtls"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "The server port."
},
"version": {
"type": "number",
"description": "ShadowTLS protocol version.",
"enum": [
1,
2,
3
]
},
"password": {
"type": "string",
"description": "Set password.\nOnly available in the ShadowTLS v2/v3 protocol."
},
"tls": {
"$ref": "#/$defs/inboundTlsOptions"
}
},
"required": [
"server",
"server_port",
"tls"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "tor"
}
}
},
"then": {
"allOf": [
{
"properties": {
"executable_path": {
"type": "string",
"description": "The path to the Tor executable.\nEmbedded Tor will be ignored if set."
},
"extra_args": {
"type": "array",
"description": "List of extra arguments passed to the Tor instance when started."
},
"data_directory": {
"type": "string",
"description": "The data directory of Tor.\nEach start will be very slow if not specified."
},
"torrc": {
"type": "object",
"description": "Map of torrc options."
}
}
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "ssh"
}
}
},
"then": {
"allOf": [
{
"properties": {
"server": {
"type": "string",
"description": "The server address."
},
"server_port": {
"type": "integer",
"description": "Server port. 22 will be used if empty."
},
"user": {
"type": "string",
"description": "SSH user, root will be used if empty."
},
"password": {
"type": "string",
"description": "Password."
},
"private_key": {
"type": "string",
"description": "Private key."
},
"private_key_path": {
"type": "string",
"description": "Private key path."
},
"private_key_passphrase": {
"type": "string",
"description": "Private key passphrase."
},
"host_key": {
"type": "array",
"description": "Host key. Accept any if empty."
},
"host_key_algorithms": {
"type": "array",
"description": "Host key algorithms."
},
"client_version": {
"type": "string",
"description": "Client version. Random version will be used if empty."
}
},
"required": [
"server"
]
},
{
"$ref": "#/$defs/dialFields"
}
]
}
},
{
"if": {
"properties": {
"type": {
"const": "dns"
}
}
},
"then": {}
},
{
"if": {
"properties": {
"type": {
"const": "selector"
}
}
},
"then": {
"properties": {
"outbounds": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of outbound tags to select."
},
"default": {
"type": "string",
"description": "The default outbound tag. The first outbound will be used if empty."
}
},
"required": [
"outbounds"
]
}
},
{
"if": {
"properties": {
"type": {
"const": "urltest"
}
}
},
"then": {
"properties": {
"outbounds": {
"type": "array",
"items": "string",
"description": "List of outbound tags to test."
},
"url": {
"type": "string",
"description": "The URL to test. http://www.gstatic.com/generate_204 will be used if empty."
},
"interval": {
"type": "string",
"description": "The test interval. 1m will be used if empty.",
"$ref": "#/$defs/durationStringPattern"
},
"tolerance": {
"type": "number",
"description": "The test tolerance in milliseconds. 50 will be used if empty."
}
},
"required": [
"outbounds"
]
}
}
]
}
},
"geoIPOptions": {
"type": "object",
"properties": {
"path": {
"type": "string",
"description": "The path to the sing-geoip database.\ngeoip.db will be used if empty."
},
"download_url": {
"type": "string",
"description": "The download URL of the sing-geoip database.\nDefault is https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db."
},
"download_detour": {
"type": "string",
"description": "The tag of the outbound to download the database.\nDefault outbound will be used if empty."
}
}
},
"geositeOptions": {
"type": "object",
"properties": {
"path": {
"type": "string",
"description": "The path to the sing-geosite database.\ngeosite.db will be used if empty."
},
"download_url": {
"type": "string",
"description": "The download URL of the sing-geoip database.\nDefault is https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db."
},
"download_detour": {
"type": "string",
"description": "The tag of the outbound to download the database.\nDefault outbound will be used if empty."
}
}
},
"defaultRouteRule": {
"type": "object",
"properties": {
"inbound": {
"$ref": "#/$defs/listableString",
"description": "Tags of Inbound."
},
"ip_version": {
"type": "integer",
"enum": [
4,
6
]
},
"auth_user": {
"$ref": "#/$defs/listableString",
"description": "Username, see each inbound for details."
},
"protocol": {
"$ref": "#/$defs/listableString",
"description": "Sniffed protocol, see Sniff for details."
},
"network": {
"type": "string",
"enum": [
"tcp",
"udp"
]
},
"domain": {
"$ref": "#/$defs/listableString",
"description": "Match full domain."
},
"domain_suffix": {
"$ref": "#/$defs/listableString",
"description": "Match domain suffix."
},
"domain_keyword": {
"$ref": "#/$defs/listableString",
"description": "Match domain using keyword."
},
"domain_regex": {
"$ref": "#/$defs/listableString",
"description": "Match domain using regular expression."
},
"geosite": {
"$ref": "#/$defs/listableString",
"description": "Match geosite."
},
"source_geoip": {
"$ref": "#/$defs/listableString",
"description": "Match source geoip."
},
"geoip": {
"$ref": "#/$defs/listableString",
"description": "Match geoip."
},
"source_ip_cidr": {
"$ref": "#/$defs/listableString",
"description": "Match source ip cidr."
},
"ip_cidr": {
"$ref": "#/$defs/listableString",
"description": "Match ip cidr."
},
"source_port": {
"$ref": "#/$defs/portNumber",
"description": "Match source port."
},
"source_port_range": {
"$ref": "#/$defs/listableString",
"description": ""
},
"port": {
"$ref": "#/$defs/portNumber",
"description": "Match port."
},
"port_range": {
"$ref": "#/$defs/listableString",
"description": "Match port range."
},
"process_name": {
"$ref": "#/$defs/listableString",
"description": "Only supported on Linux, Windows, and macOS. Match process name."
},
"process_path": {
"$ref": "#/$defs/listableString",
"description": "Only supported on Linux, Windows, and macOS. Match process path."
},
"package_name": {
"$ref": "#/$defs/listableString",
"description": "Match android package name."
},
"user": {
"$ref": "#/$defs/listableString",
"description": "Only supported on Linux. Match user name."
},
"user_id": {
"oneOf": [
{
"type": "array",
"items": {
"type": "integer"
}
},
{
"type": "integer"
}
],
"description": "Only supported on Linux. Match user id."
},
"clash_mode": {
"type": "string",
"description": "Match Clash mode."
},
"invert": {
"type": "boolean",
"description": "Invert match result."
},
"outbound": {
"$ref": "#/$defs/listableString",
"description": "Match outbound."
}
},
"required": [
"outbound"
]
},
"logicalRouteRule": {
"type": "object",
"properties": {
"type": {
"enum": [
"logical"
]
},
"mode": {
"enum": [
"and",
"or"
]
},
"rules": {
"type": "array",
"items": {
"$ref": "#/$defs/defaultRouteRule"
},
"description": "Included default rules."
},
"invert": {
"type": "boolean",
"description": "Invert match result."
},
"outbound": {
"type": "string",
"description": "Tag of the target outbound."
}
},
"required": [
"outbound"
]
},
"routeOptions": {
"type": "object",
"properties": {
"geoip": {
"$ref": "#/$defs/geoIPOptions"
},
"geosite": {
"$ref": "#/$defs/geositeOptions"
},
"rules": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/$defs/defaultRouteRule"
},
{
"$ref": "#/$defs/logicalRouteRule"
}
]
}
},
"final": {
"type": "string",
"description": "Default outbound tag. the first outbound will be used if empty."
},
"auto_detect_interface": {
"type": "boolean",
"description": "Only supported on Linux, Windows and macOS.\nBind outbound connections to the default NIC by default to prevent routing loops under tun.\nTakes no effect if outbound.bind_interface is set."
},
"override_android_vpn": {
"type": "boolean",
"description": "Only supported on Android.\nAccept Android VPN as upstream NIC when auto_detect_interface enabled."
},
"default_interface": {
"type": "string",
"description": "Only supported on Linux, Windows and macOS.\nBind outbound connections to the specified NIC by default to prevent routing loops under tun.\nTakes no effect if auto_detect_interface is set."
},
"default_mark": {
"type": "number",
"description": "Only supported on Linux.\nSet routing mark by default.\nTakes no effect if outbound.routing_mark is set."
}
}
},
"experimentalOptions": {
"type": "object",
"properties": {
"clash_api": {
"external_controller": {
"type": "string",
"description": "RESTful web API listening address. Clash API will be disabled if empty."
},
"external_ui": {
"type": "string",
"description": "A relative path to the configuration directory or an absolute path to a directory in which you put some static web resource. sing-box will then serve it at http://{{external-controller}}/ui."
},
"secret": {
"type": "string",
"description": "Secret for the RESTful API (optional) Authenticate by spedifying HTTP header Authorization: Bearer ${secret} ALWAYS set a secret if RESTful API is listening on 0.0.0.0"
},
"default_mode": {
"type": "string",
"description": "Default mode in clash, rule will be used if empty.\nThis setting has no direct effect, but can be used in routing and DNS rules via the clash_mode rule item."
},
"store_selected": {
"type": "boolean",
"description": "The tag must be set for target outbounds.\nStore selected outbound for the Selector outbound in cache file."
},
"cache_file": {
"type": "string",
"description": "Cache file path, cache.db will be used if empty."
}
},
"v2ray_api": {
"listen": {
"type": "string",
"description": "gRPC API listening address. V2Ray API will be disabled if empty."
},
"stats": {
"type": "object",
"description": "Traffic statistics service settings.",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable statistics service."
},
"inbounds": {
"type": "array",
"description": "Inbound list to count traffic."
},
"outbounds": {
"type": "array",
"description": "Outbound list to count traffic."
},
"users": {
"type": "array",
"description": "User list to count traffic."
}
}
}
}
}
}
},
"properties": {
"log": {
"$ref": "#/$defs/logOptions"
},
"dns": {
"$ref": "#/$defs/dnsOptions"
},
"ntp": {
"$ref": "#/$defs/ntpOptions"
},
"inbounds": {
"$ref": "#/$defs/inboundsOptions"
},
"outbounds": {
"$ref": "#/$defs/outboundsOptions"
},
"route": {
"$ref": "#/$defs/routeOptions"
},
"experimental": {
"$ref": "#/$defs/experimentalOptions"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment