简述 Link to heading
配置文件总体框架直接抄的 虚空终端,proxy-groups 和 rules 以及 rule-provider 是根据自己的需求进行了修改,添加了自己额外需要的直连域名与代理域名,这三者之后应该也不会大改了,主要修改的 tpclash/rule-provider 和 gist 中的 proxy-provider 中的内容即可。
######### 锚点 start #######
# 策略组相关
pr: &pr { type: select, proxies: [默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, 直连] }
#这里是订阅更新和延迟测试相关的
p: &p { type: http, interval: 3600, health-check: { enable: true, url: https://www.gstatic.com/generate_204, interval: 300 } }
######### 锚点 end #######
#代理集 如果是自建节点屏蔽这里
proxy-providers:
#自定义名称
zwy: { url: "https://gist.githubusercontent.com/zwyyy456/<token>/raw/proxy-provider.yaml", path: "./profiles/zwy.yaml", <<: *p }
tproxy-port: 7893
mixed-port: 7890 # 局域网访问Port
bind-address: "*" #绑定IP地址
allow-lan: true # 允许局域网访问
mode: rule # 模式
log-level: info # 日志等级
external-controller: 0.0.0.0:9090 # 网页端口
find-process-mode: strict # 匹配所有进程
tcp-concurrent: true # tcp 并发模式
ipv6: false #软路由上不建议开启
# clash meta 内核需要关闭 iptables
iptables:
enable: false
# 域名嗅探,关闭
geodata-mode: true
geox-url: # 自定义 geodata url, 需要有代理的前提才能下载geoip和geosite
geoip: "https://gcore.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
geosite: "https://gcore.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
mmdb: "https://gcore.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb"
# fakeip 本地存储,省略DNS查询
profile:
store-selected: true # 存储 select 选择记录
store-fake-ip: true # 持久化 fake-ip
sniffer:
enable: true
sniff:
HTTP:
ports: [80, 8080-8880]
override-destination: true
TLS:
ports: [443, 8443]
QUIC:
ports: [443, 8443]
skip-domain:
- "Mijia Cloud"
tun:
enable: true
stack: system # gvisor / lwip
dns-hijack:
- any:53 # 需要劫持的 DNS
auto-route: true # 自动设置全局路由,可以自动将全局流量路由进入tun网卡。
auto-detect-interface: true # 自动识别出口网卡
dns:
enable: true # 关闭将使用系统 DNS
prefer-h3: true # 开启 DoH 支持 HTTP/3,将并发尝试
listen: 0.0.0.0:1053 # 开启 DNS 服务器监听
ipv6: false # 如果需要ipv6设置为true
default-nameserver:
# - 192.168.6.1 fakeip 模式不使用内网地址作为 dns
# defautl dns 需要是纯 IP
- https://223.5.5.5/dns-query
- https://1.12.12.12/dns-query
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter: #这里可以填写不使用fakeip的域名
- "*.jd.com"
nameserver:
# - 192.168.6.1 fakeip 模式不使用内网地址作为 dns
- https://223.5.5.5/dns-query
- https://1.12.12.12/dns-query
- https://doh.pub/dns-query
fallback:
- https://1.0.0.1/dns-query
- tls://dns.google
# 策略组引用
proxies:
- name: "直连"
type: direct
udp: true
proxy-groups:
- { name: 默认, type: select, proxies: [自动选择, 直连, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点] }
- { name: dns, type: select, proxies: [自动选择, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点] }
- { name: "youtube", <<: *pr }
- { name: "telegram", <<: *pr }
- { name: "apple", <<: *pr }
- { name: "microsoft", <<: *pr }
- { name: "openai", <<: *pr }
- { name: "emby", <<: *pr }
- { name: "spotify", <<: *pr }
- { name: "gscholar", <<: *pr }
- { name: "google", <<: *pr }
- { name: "github", <<: *pr }
- { name: "bilius", <<: *pr }
- { name: "onedrive", <<: *pr }
- { name: "stream", <<: *pr }
- { name: "icloud", <<: *pr }
- { name: 国内, type: select, proxies: [直连, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择] }
- { name: 其他, <<: *pr }
#分隔,下面是地区分组
- { name: 香港, type: select, include-all-providers: true, filter: "(?i)港|hk|hongkong|hong kong" }
- { name: 台湾, type: select, include-all-providers: true, filter: "(?i)台|tw|taiwan" }
- { name: 日本, type: select, include-all-providers: true, filter: "(?i)日|jp|japan" }
- { name: 美国, type: select, include-all-providers: true, filter: "(?i)美|us|unitedstates|united states" }
- { name: 新加坡, type: select, include-all-providers: true, filter: "(?i)(新|sg|singapore)" }
- {
name: 其它地区,
type: select,
include-all-providers: true,
filter: "(?i)^(?!.*(?:🇭🇰|🇯🇵|🇺🇸|🇸🇬|🇨🇳|港|hk|hongkong|台|tw|taiwan|日|jp|japan|新|sg|singapore|美|us|unitedstates)).*",
}
- { name: 全部节点, type: select, include-all-providers: true }
- { name: 自动选择, type: url-test, include-all-providers: true, tolerance: 10 }
#anchor for rule-provider
rl1: &rl1 { type: http, interval: 86400, behavior: classical }
rl2: &rl2 { type: http, interval: 86400, behavior: domain }
rl3: &rl3 { type: http, interval: 86400, behavior: ipcidr }
rule-providers:
mdirect:
{
path: "./ruleset/mdirect.yaml",
url: "https://raw.githubusercontent.com/zwyyy456/dotfile/main/myproxy-rule/tpclash/rule-provider/direct-rule.yaml",
<<: *rl1,
}
mdirect-ip:
{
path: "./ruleset/mdirect-ip.yaml",
url: "https://raw.githubusercontent.com/zwyyy456/dotfile/main/myproxy-rule/tpclash/rule-provider/direct-ip-rule.yaml",
<<: *rl3,
}
mproxy:
{
path: "./ruleset/mproxy.yaml",
url: "https://raw.githubusercontent.com/zwyyy456/dotfile/main/myproxy-rule/tpclash/rule-provider/proxy-rule.yaml",
<<: *rl1,
}
openai: { url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/OpenAI/OpenAI.yaml", path: "./ruleset/openai.yaml", <<: *rl1 }
reject: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt", path: "./ruleset/reject.txt", <<: *rl2 }
icloud: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt", path: "./ruleset/icloud.txt", <<: *rl2 }
apple-direct: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt", path: "./ruleset/apple-direct.txt", <<: *rl2 }
google-direct: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt", path: "./ruleset/google-direct.txt", <<: *rl2 }
proxy: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt", path: "./ruleset/proxy.txt", <<: *rl2 }
direct: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt", path: "./ruleset/direct.txt", <<: *rl2 }
private: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt", path: "./ruleset/private.txt", <<: *rl2 }
gfw: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt", path: "./ruleset/gfw.txt", <<: *rl2 }
tld-not-cn: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt", path: "./ruleset/tld-not-cn.txt", <<: *rl2 }
telegramcidr: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt", path: "./ruleset/telegramcidr.txt", <<: *rl3 }
cncidr: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt", path: "./ruleset/cncidr.txt", <<: *rl3 }
lancidr: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt", path: "./ruleset/lancidr.txt", <<: *rl3 }
applications: { url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt", path: "./ruleset/applications.txt", <<: *rl1 }
biliintl_domain: { url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/biliintl.yaml", <<: *rl2 }
rules:
# 开始匹配规则
- RULE-SET,mdirect,国内
- RULE-SET,mproxy,其他
- RULE-SET,direct,国内
- RULE-SET,cncidr,国内,no-resolve
- RULE-SET,private,国内
- RULE-SET,mdirect-ip,国内,no-resolve
- RULE-SET,apple-direct,国内
- RULE-SET,lancidr,国内,no-resolve
- RULE-SET,applications,国内
## GEOSITE
- GEOSITE,bilibili,国内
- GEOSITE,icloud,icloud
- GEOSITE,apple,apple
- GEOSITE,onedrive,onedrive
- GEOSITE,spotify,spotify
- GEOSITE,youtube,youtube
- GEOSITE,netflix,stream
- GEOSITE,google,google
- GEOSITE,telegram,telegram
- GEOSITE,github,github
- GEOSITE,microsoft,microsoft
- GEOSITE,steam@cn,国内
- GEOSITE,openai,openai
- GEOSITE,category-games@cn,国内
- GEOSITE,geolocation-!cn,其他
- GEOSITE,cn,国内
- RULE-SET,telegramcidr,telegram,no-resolve
- RULE-SET,gfw,国内
# 是否有这样的请求,域名不在上述规则之内,但是 ip 又是国内的?目前看来,似乎没有碰到过这样的情况;故选择 GEOIP,CN,DIRECT,no-resolve
- GEOIP,cn,国内,no-resolve
- MATCH,其他
gist 中的 clash 配置文件有四份:
arm-tao.yaml为 taosky 中的配置文件,目前主力;verge-yuan.yaml:订阅为一元机场和 hneko,备用;verge-vps.yaml:未来主力,主要是自己的配置文件;clash-lh.yaml:给刘恒用的配置文件,就一个阿里云香港;clash-zwy.yaml:verge-vps.yaml+clash-lh.yaml;
小火箭 Link to heading
小火箭的订阅链接可以使用 clash yaml url,但是小火箭目前不能识别锚点与引用,因此 proxy-provider 不使用锚点,直接按照虚空终端的 vless 配置示例,每个节点都写一遍,trojan 也是。
由于 clash.meta 不支持 naiveproxy,因此 naiveproxy 是 shadowrocket 一个个添加之后手动导出的,导出的链接还需要进行 base64 编码,编码之后的文件的 raw url 才能被小火箭识别。