You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

273 lines
7.6 KiB
YAML

3 years ago
# Port of HTTP(S) proxy server on the local end
# port: 7890
# Port of SOCKS5 proxy server on the local end
# socks-port: 7891
# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP)
# redir-port: 7892
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
# tproxy-port: 7893
# HTTP(S) and SOCKS5 server on the same port
mixed-port: 7890
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
# Set to true to allow connections to the local-end server from
# other LAN IP addresses
allow-lan: false
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: '*'
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
ipv6: false
# RESTful web API listening address
external-controller: 127.0.0.1:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `${API}/ui`.
# external-ui: folder
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# secret: ""
# Outbound interface name
# interface-name: en0
# Static hosts for DNS server and connection establishment (like /etc/hosts)
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names have a higher priority than wildcard domain names
# e.g. foo.example.com > *.example.com > .example.com
# P.S. +.foo.com equals to .foo.com and foo.com
hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
# DNS server settings
# This section is optional. When not present, the DNS server will be disabled.
dns:
enable: false
listen: 0.0.0.0:53
# ipv6: false # when the false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 8.8.8.8
- 1.0.0.1
enhanced-mode: redir-host # or fake-ip
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# use-hosts: true # lookup hosts and return IP record
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
fake-ip-filter:
- '*.lan'
- localhost.ptlogin2.qq.com
- '+.srv.nintendo.net'
- '+.stun.playstation.net'
- '+.msftconnecttest.com'
- '+.msftncsi.com'
- '+.xboxlive.com'
- 'msftconnecttest.com'
- 'xbox.*.microsoft.com'
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 8.8.8.8
- 1.0.0.1
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
# fallback:
# - tcp://1.1.1.1
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `nameserver` nameservers
# are always used if not match `fallback-filter.ipcidr`.
#
# This is a countermeasure against DNS pollution attacks.
fallback-filter:
geoip: true
ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
#
# https://github.com/Dreamacro/clash/wiki/premium-core-features
#
# tun:
# enable: true
# stack: system # or gvisor
# # dns-hijack:
# # - 8.8.8.8:53
# # - tcp://8.8.8.8:53
# macOS-auto-route: true # auto set global route
# macOS-auto-detect-interface: true # conflict with interface-name
proxies:
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式https://github.com/Dreamacro/clash/wiki/configuration
# Shadowsocks(Websocket + TLS)
- name: "CN1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
tls: true # wss
# skip-cert-verify: true
# host: bing.com
path: "/s"
# mux: true
# headers:
# custom: value
# VMess(Websocket + TLS)
- name: "CN2"
type: vmess
server: v2ray.cool
port: 443
uuid: a3482e88-686a-4a58-8126-99c9df64b7bf
alterId: 32
cipher: auto
# udp: true
tls: true
# skip-cert-verify: true
network: ws
ws-path: /v
# ws-headers:
# Host: v2ray.com
# Trojan
- name: "CN3"
type: trojan
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
# 节点订阅
proxy-providers:
# name: # Provider 名称
# type: http # http 或 file
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
# health-check: # 健康检查选项从此处开始
# enable:
# url:
# interval:
# DuckDuckGo: # 冲鸭机场订阅链接
# type: http
# url: "https://duckduckgo.security/user/sub.php?token=DivineEngine"
# interval: 3600
# path: ./Proxy/ProxyList.yaml
# health-check:
# enable: true
# interval: 600
# url: http://www.gstatic.com/generate_204
proxy-groups:
# 策略组示例请查阅 Clash 项目 README 以使用最新格式https://github.com/Dreamacro/clash/wiki/configuration
# Fallback
- name: "Fallback"
type: fallback
# use:
# - DuckDuckGo
proxies:
- CN1
- CN2
- CN3
url: 'http://cp.cloudflare.com/generate_204'
interval: 300
# 代理节点选择
- name: "PROXY"
type: select
proxies:
- Fallback
- CN1
- CN2
- CN3
rule-providers:
# name: # Provider 名称
# type: http # http 或 file
# behavior: classical # 或 ipcidr、domain
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
StreamingCN:
type: http
behavior: classical
path: ./RuleSet/StreamingMedia/StreamingCN.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/StreamingCN.yaml
interval: 86400
rules:
- RULE-SET,StreamingCN,PROXY
# Local Area Network
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- IP-CIDR,224.0.0.0/4,DIRECT
# GeoIP China
- GEOIP,CN,PROXY
- MATCH,DIRECT