|
|
|
@ -1,78 +1,124 @@
|
|
|
|
mixed-port: 7890
|
|
|
|
# 本地端 HTTP(S)代理服务器端口
|
|
|
|
|
|
|
|
port: 7890
|
|
|
|
|
|
|
|
|
|
|
|
# HTTP 端口
|
|
|
|
# 本地端 SOCKS5 代理服务器端口
|
|
|
|
# port: 7891
|
|
|
|
socks-port: 7891
|
|
|
|
|
|
|
|
|
|
|
|
# SOCKS5 端口
|
|
|
|
# Linux 和 macOS 的透明代理服务器端口
|
|
|
|
# socks-port: 7892
|
|
|
|
redir-port: 7892
|
|
|
|
|
|
|
|
|
|
|
|
# Linux 及 macOS 的 redir 端口
|
|
|
|
# HTTP(S) 和 SOCKS5 代理服务器共用端口
|
|
|
|
# redir-port: 7893
|
|
|
|
# mixed-port: 7890
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 本地 SOCKS5/HTTP(S) 服务器验证
|
|
|
|
|
|
|
|
# authentication:
|
|
|
|
|
|
|
|
# - "user1:pass1"
|
|
|
|
|
|
|
|
# - "user2:pass2"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 设置为 true 以允许从其他 LAN IP 地址连接到本地端服务器
|
|
|
|
allow-lan: false
|
|
|
|
allow-lan: false
|
|
|
|
|
|
|
|
|
|
|
|
# 仅适用于设置 allow-lan 为 true 时
|
|
|
|
# 仅适用于设置 allow-lan 为 true 时
|
|
|
|
# "*": 绑定所有 IP 地址
|
|
|
|
# '*': 绑定所有 IP 地址
|
|
|
|
# 192.168.122.11: 绑定单个 IPv4 地址
|
|
|
|
# 192.168.122.11: 绑定一个 IPv4 地址
|
|
|
|
# "[aaaa::a8aa:ff:fe09:57d8]": 绑定单个 IPv6 地址
|
|
|
|
# "[aaaa::a8aa:ff:fe09:57d8]": 绑定一个 IPv6 地址
|
|
|
|
# bind-address: "*"
|
|
|
|
bind-address: '*'
|
|
|
|
|
|
|
|
|
|
|
|
# Rule / Global / Direct (默认为 Rule 模式)
|
|
|
|
# Clash router working mode
|
|
|
|
mode: Rule
|
|
|
|
# rule: rule-based packet routing
|
|
|
|
|
|
|
|
# global: all packets will be forwarded to a single endpoint
|
|
|
|
# 设置输出日志的等级 (默认为 info)
|
|
|
|
# direct: directly forward the packets to the Internet
|
|
|
|
|
|
|
|
mode: rule
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Clash by default prints logs to STDOUT
|
|
|
|
# info / warning / error / debug / silent
|
|
|
|
# info / warning / error / debug / silent
|
|
|
|
log-level: info
|
|
|
|
log-level: info
|
|
|
|
|
|
|
|
|
|
|
|
# RESTful API for clash
|
|
|
|
# When set to false, resolver won't translate hostnames to IPv6 addresses
|
|
|
|
|
|
|
|
ipv6: true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# RESTful web API listening address
|
|
|
|
external-controller: 127.0.0.1:9090
|
|
|
|
external-controller: 127.0.0.1:9090
|
|
|
|
|
|
|
|
|
|
|
|
# you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
|
|
|
|
# A relative path to the configuration directory or an absolute path to a
|
|
|
|
# input is a relative path to the configuration directory or an absolute path
|
|
|
|
# directory in which you put some static web resource. Clash core will then
|
|
|
|
# external-ui: folder
|
|
|
|
# serve it at `http://{{external-controller}}/ui`.
|
|
|
|
|
|
|
|
external-ui: folder
|
|
|
|
|
|
|
|
|
|
|
|
# Secret for RESTful API (Optional)
|
|
|
|
# Secret for the RESTful API (optional)
|
|
|
|
|
|
|
|
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
|
|
|
|
|
|
|
|
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
|
|
|
|
# secret: ""
|
|
|
|
# secret: ""
|
|
|
|
|
|
|
|
|
|
|
|
# 实验性功能
|
|
|
|
# Outbound interface name
|
|
|
|
experimental:
|
|
|
|
interface-name: en0
|
|
|
|
ignore-resolve-fail: true # 忽略 DNS 解析失败,默认值为true
|
|
|
|
|
|
|
|
# interface-name: en0 # 出站接口名称
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 本地 SOCKS5/HTTP(S) 服务器认证
|
|
|
|
# Static hosts for DNS server and connection establishment, only works
|
|
|
|
# authentication:
|
|
|
|
# when `dns.enhanced-mode` is `redir-host`.
|
|
|
|
# - "user1:pass1"
|
|
|
|
#
|
|
|
|
# - "user2:pass2"
|
|
|
|
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
|
|
|
|
|
|
|
|
# Non-wildcard domain names has a higher priority than wildcard domain names
|
|
|
|
# # 实验性 hosts, 支持通配符(如 *.clash.dev 甚至 *.foo.*.examplex.com )
|
|
|
|
# e.g. foo.example.com > *.example.com > .example.com
|
|
|
|
# # 静态域的优先级高于通配符域(foo.example.com > *.example.com)
|
|
|
|
# P.S. +.foo.com equals to .foo.com and foo.com
|
|
|
|
hosts:
|
|
|
|
hosts:
|
|
|
|
'mtalk.google.com': 108.177.125.188
|
|
|
|
'mtalk.google.com': 108.177.125.188
|
|
|
|
# '*.clash.dev': 127.0.0.1
|
|
|
|
# '*.clash.dev': 127.0.0.1
|
|
|
|
# 'alpha.clash.dev': '::1'
|
|
|
|
# '.dev': 127.0.0.1
|
|
|
|
|
|
|
|
# 'alpha.clash.dev': '::1'
|
|
|
|
# dns:
|
|
|
|
|
|
|
|
# enable: true # set true to enable dns (default is false)
|
|
|
|
# DNS server settings
|
|
|
|
# ipv6: false # default is false
|
|
|
|
# This section is optional. When not present, DNS server will be disabled.
|
|
|
|
# listen: 0.0.0.0:53
|
|
|
|
dns:
|
|
|
|
# # default-nameserver: # resolve dns nameserver host, should fill pure IP
|
|
|
|
enable: false
|
|
|
|
# # - 114.114.114.114
|
|
|
|
listen: 0.0.0.0:53
|
|
|
|
# # - 8.8.8.8
|
|
|
|
# ipv6: false # when false, response to AAAA questions will be empty
|
|
|
|
# enhanced-mode: redir-host # or fake-ip
|
|
|
|
|
|
|
|
# # fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it
|
|
|
|
# These nameservers are used to resolve the DNS nameserver hostnames below.
|
|
|
|
# fake-ip-filter: # fake ip white domain list
|
|
|
|
# Specify IP addresses only
|
|
|
|
|
|
|
|
default-nameserver:
|
|
|
|
|
|
|
|
- 114.114.114.114
|
|
|
|
|
|
|
|
- 8.8.8.8
|
|
|
|
|
|
|
|
enhanced-mode: redir-host # or fake-ip
|
|
|
|
|
|
|
|
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Hostnames in this list will not be resolved with fake IPs
|
|
|
|
|
|
|
|
# i.e. questions to these domain names will always be answered with their
|
|
|
|
|
|
|
|
# real IP addresses
|
|
|
|
|
|
|
|
# fake-ip-filter:
|
|
|
|
# - '*.lan'
|
|
|
|
# - '*.lan'
|
|
|
|
# - localhost.ptlogin2.qq.com
|
|
|
|
# - localhost.ptlogin2.qq.com
|
|
|
|
# nameserver:
|
|
|
|
|
|
|
|
# - 114.114.114.114
|
|
|
|
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
|
|
|
|
# - tls://dns.rubyfish.cn:853 # dns over tls
|
|
|
|
# All DNS questions are sent directly to the nameserver, without proxies
|
|
|
|
# - https://1.1.1.1/dns-query # dns over https
|
|
|
|
# involved. Clash answers the DNS question with the first result gathered.
|
|
|
|
# fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
|
|
|
|
nameserver:
|
|
|
|
|
|
|
|
- 114.114.114.114 # default value
|
|
|
|
|
|
|
|
- 8.8.8.8 # default value
|
|
|
|
|
|
|
|
- tls://dns.rubyfish.cn:853 # DNS over TLS
|
|
|
|
|
|
|
|
- https://1.1.1.1/dns-query # DNS over HTTPS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# When `fallback` is present, the DNS server will send concurrent requests
|
|
|
|
|
|
|
|
# to the servers in this section along with servers in `nameservers`.
|
|
|
|
|
|
|
|
# The answers from fallback servers are used when the GEOIP country
|
|
|
|
|
|
|
|
# is not `CN`.
|
|
|
|
|
|
|
|
# fallback:
|
|
|
|
# - tcp://1.1.1.1
|
|
|
|
# - tcp://1.1.1.1
|
|
|
|
# fallback-filter:
|
|
|
|
|
|
|
|
# geoip: true # default
|
|
|
|
# If IP addresses resolved with servers in `nameservers` are in the specified
|
|
|
|
# ipcidr: # ips in these subnets will be considered polluted
|
|
|
|
# subnets below, they are considered invalid and results from `fallback`
|
|
|
|
# - 240.0.0.0/4
|
|
|
|
# servers are used instead.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# IP address resolved with servers in `nameserver` is used when
|
|
|
|
|
|
|
|
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# If `fallback-filter.geoip` is false, results from `fallback` nameservers
|
|
|
|
|
|
|
|
# are always used, and answers from `nameservers` are discarded.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# This is a countermeasure against DNS pollution attacks.
|
|
|
|
|
|
|
|
fallback-filter:
|
|
|
|
|
|
|
|
geoip: true
|
|
|
|
|
|
|
|
ipcidr:
|
|
|
|
|
|
|
|
# - 240.0.0.0/4
|
|
|
|
|
|
|
|
|
|
|
|
proxies:
|
|
|
|
proxies:
|
|
|
|
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md
|
|
|
|
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md
|
Conners Hua
5 years ago