OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
small-package/luci-app-openclash/root/usr/share/openclash/res/default.yaml

410 lines
11 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Copyright (c) 2018 Dreamacro
# 接管:不支持在此页面直接修改,请到全局设置页面进行修改
# Port of HTTP(S) proxy server on the local end
# 此项将被接管
port: 7890
# Port of SOCKS5 proxy server on the local end
# 此项将被接管
socks-port: 7891
# Transparent proxy server port for Linux and macOS
# 此项将被接管
redir-port: 7892
# HTTP(S) and SOCKS5 server on the same port
mixed-port: 7890
# Set to true to allow connections to the local-end server from
# other LAN IP addresses
# 此项将被接管为true
allow-lan: true
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
# HTTP(S)\SOCKS5 监听地址此项将被接管为all
bind-address: "*"
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
# 此项将被接管
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
# 此项将被接管
log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
# 此项将被接管
ipv6: false
# RESTful web API listening address
# 此项将被接管
external-controller: 0.0.0.0:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `http://{{external-controller}}/ui`.
# 此项将被接管
external-ui: "/usr/share/openclash/dashboard"
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# 此项将被接管
secret: '123456'
# authentication of local SOCKS5/HTTP(S) server
# 此项将被接管
authentication:
- "user1:pass1"
- "user2:pass2"
# Outbound interface name
interface-name: br-lan
# tun option
# 此项将被接管
tun:
# enable: false
# stack: system
# dns-hijack:
# - tcp://8.8.8.8:53
# - tcp://8.8.4.4:53
# Static hosts for DNS server and connection establishment, only works
# when `dns.enhanced-mode` is `redir-host`.
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names have a higher priority than wildcard domain names
# e.g. foo.example.com > *.example.com > .example.com
# P.S. +.foo.com equals to .foo.com and foo.com
hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
profile:
# store the `select` results in $HOME/.config/clash/.cache
# when two different configurations have groups with the same name, the selected values are shared
# set false if you don't want this behavior
store-selected: true
# open tracing exporter API
tracing: true
# DNS server settings
# This section is optional. When not present, the DNS server will be disabled.
# 如订阅配置无包括此项的所有DNS设置OpenClash将自动添加
dns:
enable: true # set true to enable dns (default is false) # 此项将被接管为true
ipv6: false # default is false # 此项将被接管
listen: 0.0.0.0:53 # 端口为53时将被接管为7874
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 114.114.114.114
- 8.8.8.8
enhanced-mode: redir-host # or fake-ip # 此项将被接管
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR # 此项将被接管
use-hosts: true # lookup hosts and return IP record # 此项将被接管
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 114.114.114.114
- https://1.1.1.1/dns-query # dns over https
fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
- tcp://1.1.1.1
fallback-filter:
geoip: true # default
ipcidr: # ips in these subnets will be considered polluted
- 240.0.0.0/4
# 以上设置您可直接覆盖到配置文件,无需更改
# Openclash 不会对下方服务器设置进行任何更改,请确保设置正确
#proxy-providers: # 代理集设置此部分与Proxy两者不能同时删除
# pro:
# type: http
# path: ./proxy_provider/pro.yaml
# url: https://xxx
# interval: 3600
# health-check:
# enable: true
# url: http://www.gstatic.com/generate_204
# interval: 300
# iplc:
# type: file
# path: ./proxy_provider/iplc.yaml
# health-check:
# enable: true
# url: http://www.gstatic.com/generate_204
# interval: 300
proxies: # 节点设置此部分与proxy-provider两者不能同时删除
# shadowsocks
# The supported ciphers(encrypt methods):
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
- name: "ss1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true
# old obfs configuration remove after prerelease
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
- name: "ss3"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# headers:
# custom: value
# shadowsocksR
#The supported shadowsocksR ciphers(encrypt methods):
#aes-128-cfb aes-192-cfb aes-256-cfb
#aes-128-ctr aes-192-ctr aes-256-ctr
#rc4-md5 chacha20-ietf xchacha20
#The supported shadowsocksR obfses:
#plain http_simple http_post
#random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
#The supported shadowsocksR protocols:
#origin auth_sha1_v4 auth_aes128_md5
#auth_aes128_sha1 auth_chain_a auth_chain_b
- name: "ssr"
type: ssr
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- name: "vmess"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com # priority over wss host
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
- name: "vmess-http"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive
# socks5
- name: "socks"
type: socks5
server: server
port: 443
# username: username
# password: password
# tls: true
# skip-cert-verify: true
# udp: true
# http
- name: "http"
type: http
server: server
port: 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# snell
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# obfs-opts:
# mode: http # or tls
# host: bing.com
# trojan
- name: "trojan"
type: trojan
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
# Openclash 不会对下方策略组设置进行任何更改,请确保设置正确
proxy-groups: # 此参数必须保留,不能删除
# relay chains the proxies. proxies shall not contain a proxy-group. No UDP support.
# Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
- name: "relay"
type: relay
proxies:
- http
- vmess
- ss1
- ss2
# url-test select which proxy will be used by benchmarking speed to a URL.
- name: "auto"
type: url-test
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- name: "fallback-auto"
type: fallback
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# load-balance: The request of the same eTLD will be dial on the same proxy.
- name: "load-balance"
type: load-balance
strategy: consistent-hashing # or round-robin
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy, is recommended for use in GUI.
- name: Proxy
type: select
proxies:
- ss1
- ss2
- vmess1
- auto
- name: UseProvider
type: select
use:
- provider1
proxies:
- Proxy
- DIRECT
# https://lancellc.gitbook.io/clash/clash-config-file/rule-provider
#rule-providers:
# name: # name of the provider
# type: http # type of the provider, it can be a HTTP or a File
# behavior: classical # or ipcidr、domain
# path: # where is the file, ./ relative to clash home
# url: # only available when type is HTTP, where to download a file. You don't need to create a new file in local space.
# interval: # auto-update interval, only available when type is HTTP
# https://lancellc.gitbook.io/clash/clash-config-file/script
#script:
# code: |
# def main(ctx, metadata):
# ip = metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])
# if ip == "":
# return "DIRECT"
#
# code = ctx.geoip(ip)
# if code == "LAN" or code == "CN":
# return "DIRECT"
#
# return "Proxy" # default policy for requests which are not matched by any other script
rules: # 此参数必须保留,不能删除
# 如果您将一直使用第三方规则,下方可以留空。
- DOMAIN-SUFFIX,google.com,auto
- DOMAIN-KEYWORD,google,auto
- DOMAIN,google.com,auto
- DOMAIN-SUFFIX,ad.com,REJECT
- IP-CIDR,127.0.0.0/8,DIRECT
# rename SOURCE-IP-CIDR and would remove after prerelease
- SRC-IP-CIDR,192.168.1.201/32,DIRECT
- GEOIP,CN,DIRECT
- DST-PORT,80,DIRECT
- SRC-PORT,7777,DIRECT
# or use rule with provider
- RULE-SET,name,Proxy
- MATCH,auto
Reference in New Issue View Git Blame Copy Permalink