# 本地端 HTTP(S)代理服务器端口 port: 7890 # 本地端 SOCKS5 代理服务器端口 socks-port: 7891 # Linux 和 macOS 的透明代理服务器端口 redir-port: 7892 # HTTP(S) 和 SOCKS5 代理服务器共用端口 # mixed-port: 7890 # 本地 SOCKS5/HTTP(S) 服务器验证 # authentication: # - "user1:pass1" # - "user2:pass2" # 设置为 true 以允许从其他 LAN IP 地址连接到本地端服务器 allow-lan: false # 仅适用于设置 allow-lan 为 true 时 # '*': 绑定所有 IP 地址 # 192.168.122.11: 绑定一个 IPv4 地址 # "[aaaa::a8aa:ff:fe09:57d8]": 绑定一个 IPv6 地址 bind-address: '*' # Clash router working mode # rule: rule-based packet routing # global: all packets will be forwarded to a single endpoint # direct: directly forward the packets to the Internet mode: rule # Clash by default prints logs to STDOUT # info / warning / error / debug / silent log-level: info # When set to false, resolver won't translate hostnames to IPv6 addresses ipv6: true # RESTful web API listening address external-controller: 127.0.0.1:9090 # A relative path to the configuration directory or an absolute path to a # directory in which you put some static web resource. Clash core will then # serve it at `${API}/ui`. external-ui: folder # Secret for the RESTful API (optional) # Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}` # ALWAYS set a secret if RESTful API is listening on 0.0.0.0 # secret: "" # Outbound interface name interface-name: en0 # Static hosts for DNS server and connection establishment, only works # when `dns.enhanced-mode` is `redir-host`. # # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) # Non-wildcard domain names has a higher priority than wildcard domain names # e.g. foo.example.com > *.example.com > .example.com # P.S. +.foo.com equals to .foo.com and foo.com hosts: 'mtalk.google.com': 108.177.125.188 # '*.clash.dev': 127.0.0.1 # '.dev': 127.0.0.1 # 'alpha.clash.dev': '::1' # DNS server settings # This section is optional. When not present, DNS server will be disabled. dns: enable: false listen: 0.0.0.0:53 # ipv6: false # when false, response to AAAA questions will be empty # These nameservers are used to resolve the DNS nameserver hostnames below. # Specify IP addresses only default-nameserver: - 114.114.114.114 - 8.8.8.8 enhanced-mode: redir-host # or fake-ip fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR # Hostnames in this list will not be resolved with fake IPs # i.e. questions to these domain names will always be answered with their # real IP addresses # fake-ip-filter: # - '*.lan' # - localhost.ptlogin2.qq.com # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. # All DNS questions are sent directly to the nameserver, without proxies # involved. Clash answers the DNS question with the first result gathered. nameserver: - 114.114.114.114 # default value - 8.8.8.8 # default value - tls://dns.rubyfish.cn:853 # DNS over TLS - https://1.1.1.1/dns-query # DNS over HTTPS # When `fallback` is present, the DNS server will send concurrent requests # to the servers in this section along with servers in `nameservers`. # The answers from fallback servers are used when the GEOIP country # is not `CN`. # fallback: # - tcp://1.1.1.1 # If IP addresses resolved with servers in `nameservers` are in the specified # subnets below, they are considered invalid and results from `fallback` # servers are used instead. # # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # # If `fallback-filter.geoip` is false, results from `fallback` nameservers # are always used, and answers from `nameservers` are discarded. # # This is a countermeasure against DNS pollution attacks. fallback-filter: geoip: true ipcidr: # - 240.0.0.0/4 proxies: # 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md # Shadowsocks(Websocket + TLS) - name: "CN1" type: ss server: server port: 443 cipher: chacha20-ietf-poly1305 password: "password" plugin: v2ray-plugin plugin-opts: mode: websocket # no QUIC now tls: true # wss # skip-cert-verify: true # host: bing.com path: "/s" # mux: true # headers: # custom: value # VMess(Websocket + TLS) - name: "CN2" type: vmess server: v2ray.cool port: 443 uuid: a3482e88-686a-4a58-8126-99c9df64b7bf alterId: 32 cipher: auto # udp: true tls: true # skip-cert-verify: true network: ws ws-path: /v # ws-headers: # Host: v2ray.com # Trojan - name: "CN3" type: trojan server: server port: 443 password: yourpsk # udp: true # sni: example.com # aka server name # alpn: # - h2 # - http/1.1 # skip-cert-verify: true # 节点订阅 proxy-providers: # name: # Provider 名称 # type: http # http 或 file # path: # 文件路径 # url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 # interval: # 自动更新间隔,仅在类型为 HTTP 时可用 # health-check: # 健康检查选项从此处开始 # enable: # url: # interval: # DuckDuckGo: # 冲鸭机场订阅链接 # type: http # url: "https://duckduckgo.security/user/sub.php?token=DivineEngine" # interval: 3600 # path: ./Proxy/ProxyList.yaml # health-check: # enable: true # interval: 600 # url: http://www.gstatic.com/generate_204 proxy-groups: # 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md # Fallback - name: "Fallback" type: fallback # use: # - DuckDuckGo proxies: - CN1 - CN2 - CN3 url: 'http://cp.cloudflare.com/generate_204' interval: 300 # 代理节点选择 - name: "PROXY" type: select proxies: - Fallback - CN1 - CN2 - CN3 rule-providers: # name: # Provider 名称 # type: http # http 或 file # behavior: classical # 或 ipcidr、domain # path: # 文件路径 # url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 # interval: # 自动更新间隔,仅在类型为 HTTP 时可用 StreamingCN: type: http behavior: classical path: ./RuleSet/StreamingMedia/StreamingCN.yaml url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/StreamingCN.yaml interval: 86400 rules: - RULE-SET,StreamingCN,PROXY # Local Area Network - IP-CIDR,192.168.0.0/16,DIRECT - IP-CIDR,10.0.0.0/8,DIRECT - IP-CIDR,172.16.0.0/12,DIRECT - IP-CIDR,127.0.0.0/8,DIRECT - IP-CIDR,100.64.0.0/10,DIRECT - IP-CIDR,224.0.0.0/4,DIRECT # GeoIP China - GEOIP,CN,PROXY - MATCH,DIRECT