From cbc15980fd40f806c73daf35d35d5df9ea442fa9 Mon Sep 17 00:00:00 2001 From: xishang0128 Date: Sat, 21 Sep 2024 17:22:53 +0800 Subject: [PATCH] add en --- docs/api/index.en.md | 219 ++++++++++++---------- docs/config/dns/hosts.en.md | 16 ++ docs/config/dns/index.en.md | 204 ++++++++++++++++++++ docs/config/inbound/listeners/http.en.md | 19 ++ docs/config/inbound/listeners/http.md | 4 +- docs/config/inbound/listeners/mixed.en.md | 24 +++ docs/config/inbound/listeners/mixed.md | 4 +- docs/config/inbound/listeners/socks.en.md | 24 +++ docs/config/inbound/listeners/socks.md | 4 +- docs/config/inbound/port.en.md | 41 ++++ docs/config/proxies/hysteria2.en.md | 49 +++++ docs/config/proxies/tls.en.md | 58 ++++++ docs/config/proxies/tls.md | 2 +- docs/config/proxy-groups/index.en.md | 4 +- docs/config/proxy-providers/content.en.md | 34 ++++ docs/config/proxy-providers/index.en.md | 165 ++++++++++++++++ docs/config/rule-providers/content.en.md | 64 +++++++ docs/config/rule-providers/content.md | 2 +- docs/config/rule-providers/index.en.md | 49 +++++ docs/config/rules/index.en.md | 202 ++++++++++++++++++++ 20 files changed, 1080 insertions(+), 108 deletions(-) create mode 100644 docs/config/dns/hosts.en.md create mode 100644 docs/config/dns/index.en.md create mode 100644 docs/config/inbound/listeners/http.en.md create mode 100644 docs/config/inbound/listeners/mixed.en.md create mode 100644 docs/config/inbound/listeners/socks.en.md create mode 100644 docs/config/inbound/port.en.md create mode 100644 docs/config/proxies/hysteria2.en.md create mode 100644 docs/config/proxies/tls.en.md create mode 100644 docs/config/proxy-providers/content.en.md create mode 100644 docs/config/proxy-providers/index.en.md create mode 100644 docs/config/rule-providers/content.en.md create mode 100644 docs/config/rule-providers/index.en.md create mode 100644 docs/config/rules/index.en.md diff --git a/docs/api/index.en.md b/docs/api/index.en.md index 9a1daa47b..e231735dd 100644 --- a/docs/api/index.en.md +++ b/docs/api/index.en.md @@ -3,231 +3,248 @@ hide: - navigation # - toc --- + # API ## Request Example -curl example: `curl -H 'Authorization: Bearer ${secret}' http://${controller-api}/version` +Curl example: `curl -H 'Authorization: Bearer ${secret}' http://${controller-api}/configs?force=true -d '{"path": "", "payload": ""}' -X PUT` + +This request includes the header `'Authorization: Bearer ${secret}'`, where: -This request includes the `'Authorization: Bearer ${secret}'` header, where: +- `${secret}` is the API key set in the configuration file [api](../config/general.md#external-control-api) +- `${controller-api}` is the API listening address set in the configuration file [api](../config/general.md#external-control-api) +- `?force=true` is a parameter that needs to be included in certain requests +- `'{"path": "", "payload": ""}'` is the data for the resource to be updated -- `${secret}` is the [api](../config/general.md#api) secret set in the configuration file. -- `${controller-api}` is the [api](../config/general.md#api) listening address set in the configuration file. +In most cases, the data passed is `'{"path": "", "payload": ""}'`, which can include a new configuration file path. ## Logs ### `/logs` -Request Method: `GET` +Request method: `GET` -- Obtain real-time logs. +- Retrieve real-time logs. ## Traffic Information ### `/traffic` -Request Method: `GET` +Request method: `GET` -- Obtain real-time traffic, measured in kbps. +- Retrieve real-time traffic, measured in kbps. ## Memory Information ### `/memory` -Request Method: `GET` +Request method: `GET` -- Obtain real-time memory usage, measured in kb. +- Retrieve real-time memory usage, measured in kb. ## Version Information ### `/version` -Request Method: `GET` +Request method: `GET` -- Get Clash version. +- Retrieve the Clash version. ## Cache ### `/cache/fakeip/flush` -Request Method: `POST` +Request method: `POST` -- Clear fake-IP cache +- Clear the fake IP cache. -## Runtime Configuration +## Running Configuration ### `/configs` -Request Method: `GET` +Request method: `GET` -- Get basic configuration. +- Retrieve basic configuration. -Request Method: `PUT` +Request method: `PUT` -- Reload basic configuration. -- URL must include `?force=true` to force execution and must send data. -- curl example: `curl "${controller-api}/configs?force=true" -X PUT -d '{"path": "", "payload": ""}'` +- Reload basic configuration; data must be sent, and the URL must include `?force=true` to enforce execution. -Request Method: `PATCH` +Request method: `PATCH` -- Update basic configuration by providing the configuration to be modified in JSON format. -- curl example: `curl ${controller-api}/configs -X PATCH -d '{"mixed-port": 7890}'` +- Update basic configuration; data must be sent in the format `'{"mixed-port": 7890}'`, modified as needed for the configuration items to be updated. ### `/configs/geo` -Request Method: `POST` +Request method: `POST` -- Update GEO database. -- Must send data, as it automatically reloads the configuration after the update. -- curl example: `curl "${controller-api}/configs" -X POST -d '{"path": "", "payload": ""}'` +- Update the GEO database; data must be sent. ### `/restart` -Request Method: `POST` +Request method: `POST` -- Restart the kernel. -- Must send data. -- curl example: `curl "${controller-api}/restart " -X POST -d '{"path": "", "payload": ""}'` +- Restart the kernel; data must be sent. -## Update +## Updates -### `/upgrade/` +### `/upgrade` -Request Method: `POST` +Request method: `POST` -- Update the kernel. -- Must send data, as it automatically reloads the configuration after the update. -- curl example: `curl "${controller-api}/upgrade" -X POST -d '{"path": "", "payload": ""}'` +- Update the kernel; data must be sent. ### `/upgrade/ui` -Request Method: `POST` +Request method: `POST` -- Update the panel; external-ui must be set. -- curl example: `curl "${controller-api}/upgrade/ui" -X POST` +- Update the panel; [external-ui](../config/general.md#external-user-interface) must be set. -## Proxies +### `/upgrade/geo` -### `/proxies` +Request method: `POST` -Request Method: `GET` +- Update the GEO database; data must be sent. -- Get proxy information. +## Policy Groups -### `/proxies/:name` +### `/group` -Request Method: `GET` +Request method: `GET` -- Get specific proxy information. +- Retrieve policy group information. -Request Method: `PUT` +### `/group/group_name` -- Select a specific proxy. +Request method: `GET` -### `/proxies/:name/delay` +- Retrieve specific policy group information. -Request Method: `GET` +### `/group/group_name/delay` -- Get delay test information for a specific proxy. +Request method: `GET` -## Rules +- Test nodes/policy groups within a specified policy group and return new delay information; the URL must include `?url=xxx&timeout=5000`, modified as needed. -### `/rules` +## Proxies -Request Method: `GET` +### `/proxies` -- Get rule information. +Request method: `GET` -## Connections +- Retrieve proxy information. -### `/connections` +### `/proxies/proxies_name` -Request Method: `GET` +Request method: `GET` -- Get connection information. +- Retrieve specific proxy information. -Request Method: `DELETE` +Request method: `PUT` -- Close all connections. +- Select a specific proxy; data must be included in the format `'{"name":"Japan"}'`. -### `/connections/:id` +### `/proxies/proxies_name/delay` -Request Method: `DELETE` +Request method: `GET` -- Close a specific connection. +- Test a specified proxy and return new delay information; the URL must include `?url=xxx&timeout=5000`, modified as needed. -## Proxy Providers +## Proxy Sets ### `/providers/proxies` -Request Method: `GET` +Request method: `GET` + +- Retrieve all information for all proxy sets. + +### `/providers/proxies/providers_name` + +Request method: `GET` + +- Retrieve information for a specific proxy set. + +Request method: `PUT` -- Get information for all proxies in all Proxy Providers. +- Update the proxy set. -### `/providers/proxies/:name` +### `/providers/proxies/providers_name/healthcheck` -Request Method: `GET` +Request method: `GET` -- Get information for proxies in a specific Proxy Providers. +- Trigger a health check for a specific proxy set. -Request Method: `PUT` +### `/providers/proxies/providers_name/proxies_name/healthcheck` -- Update Proxy Providers. +- Test a specified proxy within the proxy set and return new delay information; the URL must include `?url=xxx&timeout=5000`, modified as needed. -### `/providers/proxies/:name/healthcheck` +## Rules + +### `/rules` -Request Method: `GET` +Request method: `GET` -- Trigger health check for a specific Proxy Providers. +- Retrieve rule information. -## Rule Providers +## Rule Sets ### `/providers/rules` -Request Method: `GET` +Request method: `GET` -- Get information for all Rule Providers. +- Retrieve all information for all rule sets. -### `/providers/rules/:name` +### `/providers/rules/providers_name` -Request Method: `PUT` +Request method: `PUT` -- Update Rule Providers. +- Update the rule set. -## Domain Query +## Connections -### `/dns/query` +### `/connections` + +Request method: `GET` + +- Retrieve connection information. -Request Method: `GET` +Request method: `DELETE` -- Get DNS query data for a specified name and type. +- Close all connections. + +### `/connections/:id` -Parameters: +Request method: `DELETE` + +- Close a specific connection. + +## Domain Query + +### `/dns/query` -- `name` (required): The domain name to query. -- `type` (optional): The DNS record type to query (e.g., A, MX, CNAME, etc.). +Request method: `GET` -Example: `GET /dns/query?name=example.com&type=A` +- Retrieve DNS query data for a specified name and type; the URL must include `?name=example.com&type=A`, modified as needed. ## DEBUG -`/debug` requires the core to start with [debug log level](../config/general.md#_5) +`/debug` requires the kernel to be started with the [log level](../config/general.md#log-level) set to `debug`. ### `/debug/gc` -Request Method: `PUT` +Request method: `PUT` -- Perform a manual GC. -- curl example: `curl "${controller-api}/debug/gc" -X PUT` +- Perform active garbage collection. ### `/debug/pprof` -Open `http://${controller-api}/debug/pprof` in a browser to view raw DEBUG information, including: +Open in a browser `http://${controller-api}/debug/pprof` to view raw DEBUG information, where: -- `allocs` shows the memory allocation for each function call, including the size and number of allocations on the stack and heap. This report helps identify memory leaks and frequent memory allocations in the code. -- `heap` report provides detailed information about the program's use of memory on the heap, including the size, quantity, and address of allocated memory blocks, sorted by size. This report is useful for finding places where memory usage is too high. You can view object sizes in the heap report to identify areas of excessive memory usage. +- `allocs` indicates memory allocation for each function call, including the size of memory allocated on the stack and heap, as well as the number of allocations. This report is primarily to help identify memory leaks and frequent memory requests in the code. +- The `heap` report provides detailed information about memory usage on the heap, including the size, number, and address of allocated memory blocks, sorted by size. This report is mainly to locate areas of excessive memory usage; we can check object sizes in the heap report to find areas of high memory consumption. -#### Install [Graphviz](https://graphviz.org/download/) to view graphical debug information +#### Install [Graphviz](https://graphviz.org/download/) to view graphical debug information. ##### View Graphical Heap Report @@ -243,8 +260,8 @@ go tool pprof -http=:8080 http://127.0.0.1:xxxx/debug/pprof/heap go tool pprof -http=:8080 http://127.0.0.1:xxxx/debug/pprof/allocs ``` -[Example output](../assets/image/api/allocs.svg) +[Sample output](../assets/image/api/allocs.svg) ##### Submit Output Report -Access `http://${controller-api}/debug/pprof/heap?raw=true` in your browser to download the file and submit any issues you encounter by uploading it to [issues](https://github.com/MetaCubeX/Clash.Meta/issues). +Access `http://${controller-api}/debug/pprof/heap?raw=true` in a browser to download this file, and upload it to [issues](https://github.com/MetaCubeX/Clash.Meta/issues) to report any problems you encounter. \ No newline at end of file diff --git a/docs/config/dns/hosts.en.md b/docs/config/dns/hosts.en.md new file mode 100644 index 000000000..aefa116b6 --- /dev/null +++ b/docs/config/dns/hosts.en.md @@ -0,0 +1,16 @@ +# hosts + +```{.yaml linenums="1"} +hosts: + '*.clash.dev': 127.0.0.1 + 'alpha.clash.dev': '::1' + test.com: [1.1.1.1, 2.2.2.2] + baidu.com: google.com +``` + +Keys support [domain wildcards](../../handbook/syntax.md#domain-wildcards). + +Values support strings/arrays; domain redirection does not support arrays. + +!!! note + A complete domain takes precedence over domains using wildcards, for example: foo.example.com > *.example.com > .example.com. \ No newline at end of file diff --git a/docs/config/dns/index.en.md b/docs/config/dns/index.en.md new file mode 100644 index 000000000..e2c41f875 --- /dev/null +++ b/docs/config/dns/index.en.md @@ -0,0 +1,204 @@ +# DNS + +```{.yaml linenums="1"} +dns: + enable: true + prefer-h3: false + use-hosts: true + use-system-hosts: true + respect-rules: false + listen: 0.0.0.0:1053 + ipv6: false + default-nameserver: + - 223.5.5.5 + enhanced-mode: fake-ip + fake-ip-range: 198.18.0.1/16 + fake-ip-filter-mode: blacklist + fake-ip-filter: + - '*.lan' + nameserver-policy: + '+.arpa': '10.0.0.1' + 'rule-set:cn': + - https://doh.pub/dns-query + - https://dns.alidns.com/dns-query + nameserver: + - https://doh.pub/dns-query + - https://dns.alidns.com/dns-query + fallback: + - tls://8.8.4.4 + - tls://1.1.1.1 + proxy-server-nameserver: + - https://doh.pub/dns-query + fallback-filter: + geoip: true + geoip-code: CN + geosite: + - gfw + ipcidr: + - 240.0.0.0/4 + domain: + - '+.google.com' + - '+.facebook.com' + - '+.youtube.com' +``` + +## enable + +Whether to enable; if set to false, the system DNS resolution will be used. + +## prefer-h3 + +DOH will prioritize the use of HTTP/3. + +## listen + +DNS service listening, only supports UDP. + +## IPV6 + +Whether to resolve IPV6; if set to false, it will respond with empty resolutions for AAAA records. + +## enhanced-mode + +Optional values are `fake-ip`/`redir-host`, default is `redir-host`. + +This refers to the DNS processing mode of mihomo. + +## fake-ip-range + +Settings for the IP range under fakeip; the default IPV4 address for [tun](../inbound/tun.md) also uses this value as a reference. + +## fake-ip-filter + +Fakeip filtering; the following addresses will not receive fakeip mappings for connections. + +Values support [domain wildcards](../../handbook/syntax.md#domain-wildcards) and [importing domain sets](../../handbook/syntax.md#introducing-domain-sets). + +## fake-ip-filter-mode: blacklist + +Optional values are `blacklist`/`whitelist`, default is `blacklist`. In `whitelist`, only successful matches will return fake-ip. + +## use-hosts + +Whether to respond to the configured [hosts](./hosts.md); default is true. + +## use-system-hosts + +Whether to query the system hosts; default is true. + +## respect-rules + +DNS connections comply with [routing rules](../rules/index.md), requiring configuration of [proxy-server-nameserver](./index.md#proxy-server-nameserver). + +## default-nameserver + +Default DNS, used for resolving the domain names of DNS servers. + +!!! node "" + Must be an IP, can be encrypted DNS. + +## nameserver-policy + +Specifies the resolving servers for domain queries, can use geosite, prioritized over `nameserver/fallback queries`. + +Keys support [domain wildcards](../../handbook/syntax.md#domain-wildcards). + +Values support strings/arrays. + +## nameserver + +Default domain name resolution server. + +## proxy-server-nameserver + +Proxy node domain name resolution server, used only for resolving the domain names of proxy nodes. + +## fallback + +Backup domain name resolution servers, generally using overseas DNS to ensure reliable results. + +After configuring `fallback`, `fallback-filter` is enabled by default, with `geoip-code` set to CN. + +## fallback-filter + +Filtering for backup domain name resolution servers; those meeting the conditions will use `fallback` results or only use `fallback` for resolution. + +### geoip + +Whether to enable geoip judgment. + +### geoip-code + +Optional values are country abbreviations, default value is `CN`. + +Results from IPs other than those configured with `geoip-code` will be considered polluted. + +Results from the country configured with `geoip-code` will be adopted directly; otherwise, `fallback` results will be used. + +### geosite + +Optional values are collections included in the corresponding geosite. + +Contents of the geosite list are considered polluted; domain names matching the geosite will only use `fallback` resolution, not `nameserver`. + +### ipcidr + +Written as `IP/mask`. + +Results from these subnets will be considered polluted; when `nameserver` resolves these results, it will adopt `fallback` resolution results. + +### domain + +These domains are considered polluted; matching these domains will directly use `fallback` resolution, not `nameserver`. + +## Additional Parameters + +This section can be used to send DNS queries to public address DNS servers, using `#` to append and `&` to connect different parameters. + +### DNS specifies proxy/interface for connection + +Prioritize existing proxies; if a proxy with that name does not exist, specify the interface for connection. + +`#RULES` is for connecting according to routing rules, equivalent to [respect-rules](./index.md#respect-rules). + +If queries need to go through a proxy, configure `proxy-server-nameserver` to avoid issues. + +```{.yaml linenums="1"} +nameserver: + - 'tls://dns.google#proxy' + - 'tls://dns.alidns.com#eth0' +``` + +### Force HTTP/3 + +This option does not conflict with `prefer-h3`; when filled in, it forces the use of HTTP/3 to establish DOH connections. Ensure that the DOH server supports HTTP/3 before use. + +```{.yaml linenums="1"} +nameserver: + - 'https://dns.cloudflare.com/dns-query#h3=true' +``` + +### Skip certificate verification for DOH + +```{.yaml linenums="1"} +nameserver: + - 'https://dns.cloudflare.com/dns-query#skip-cert-verify=true' +``` + +### ecs + +Specify the subnet address for DNS queries, only supports [doh](./type.md#dns-over-https). + +``` +nameserver: + - 'https://8.8.8.8/dns-query#ecs=1.1.1.1/24' +``` + +### ecs-override + +Force override of the subnet address for DNS queries, only supports [doh](./type.md#dns-over-https). + +``` +nameserver: + - 'https://8.8.8.8/dns-query#ecs=1.1.1.1/24&ecs-override=true' +``` \ No newline at end of file diff --git a/docs/config/inbound/listeners/http.en.md b/docs/config/inbound/listeners/http.en.md new file mode 100644 index 000000000..e4a135d1a --- /dev/null +++ b/docs/config/inbound/listeners/http.en.md @@ -0,0 +1,19 @@ +# HTTP + +```{.yaml linenums="1"} +listeners: +- name: http-in + type: http + port: 7890 + listen: 0.0.0.0 + users: + - username: password +``` + +## [General Fields](./index.md) + +## Protocol Configuration + +### User Authentication + +If the users field is not filled in, it will follow the global [User Authentication](../../general.md/#user-authentication) settings. If it is filled in, the global settings will be ignored. To skip authentication for this inbound connection, you can set `users: []`. \ No newline at end of file diff --git a/docs/config/inbound/listeners/http.md b/docs/config/inbound/listeners/http.md index 599a7de64..2bdbb0fd8 100644 --- a/docs/config/inbound/listeners/http.md +++ b/docs/config/inbound/listeners/http.md @@ -6,6 +6,8 @@ listeners: type: http port: 7890 listen: 0.0.0.0 + users: + - username: password ``` ## [通用字段](./index.md) @@ -14,4 +16,4 @@ listeners: ### 用户验证 -使用全局 [用户验证](../../general.md/#_2) +如果不填写 users 项,则遵从全局 [用户验证](../../general.md/#_2) 设置,如果填写会忽略全局设置,如想跳过该入站的验证可填写 `users: []` diff --git a/docs/config/inbound/listeners/mixed.en.md b/docs/config/inbound/listeners/mixed.en.md new file mode 100644 index 000000000..c225e3ac2 --- /dev/null +++ b/docs/config/inbound/listeners/mixed.en.md @@ -0,0 +1,24 @@ +# MIXED + +```{.yaml linenums="1"} +listeners: +- name: mixed-in + type: mixed + port: 7892 + listen: 0.0.0.0 + udp: true + users: + - username: password +``` + +## [General Fields](./index.md) + +## Protocol Configuration + +### UDP + +Whether to listen for UDP + +### User Authentication + +If the users field is left empty, it will follow the global [User Authentication](../../general.md/#user-authentication) settings. If filled in, it will override the global settings. To skip authentication for this inbound connection, you can specify users: [] \ No newline at end of file diff --git a/docs/config/inbound/listeners/mixed.md b/docs/config/inbound/listeners/mixed.md index 7a059de3a..509397871 100644 --- a/docs/config/inbound/listeners/mixed.md +++ b/docs/config/inbound/listeners/mixed.md @@ -7,6 +7,8 @@ listeners: port: 7892 listen: 0.0.0.0 udp: true + users: + - username: password ``` ## [通用字段](./index.md) @@ -19,4 +21,4 @@ listeners: ### 用户验证 -使用全局 [用户验证](../../general.md/#_2) +如果不填写 users 项,则遵从全局 [用户验证](../../general.md/#_2) 设置,如果填写会忽略全局设置,如想跳过该入站的验证可填写 users: [] diff --git a/docs/config/inbound/listeners/socks.en.md b/docs/config/inbound/listeners/socks.en.md new file mode 100644 index 000000000..aaabc34c0 --- /dev/null +++ b/docs/config/inbound/listeners/socks.en.md @@ -0,0 +1,24 @@ +# SOCKS + +```{.yaml linenums="1"} +listeners: +- name: socks-in + type: socks + port: 7891 + listen: 0.0.0.0 + udp: true + users: + - username: password +``` + +## [General Fields](./index.md) + +## Protocol Configuration + +### UDP + +Whether to listen for UDP + +### User Authentication + +If the users field is not filled in, it will follow the global [User Authentication](../../general.md/#user-authentication) settings. If it is filled in, the global settings will be ignored. To bypass authentication for this inbound connection, you can set users: [] \ No newline at end of file diff --git a/docs/config/inbound/listeners/socks.md b/docs/config/inbound/listeners/socks.md index 7c0aa3177..a52662edb 100644 --- a/docs/config/inbound/listeners/socks.md +++ b/docs/config/inbound/listeners/socks.md @@ -7,6 +7,8 @@ listeners: port: 7891 listen: 0.0.0.0 udp: true + users: + - username: password ``` ## [通用字段](./index.md) @@ -19,4 +21,4 @@ listeners: ### 用户验证 -使用全局 [用户验证](../../general.md/#_2) +如果不填写 users 项,则遵从全局 [用户验证](../../general.md/#_2) 设置,如果填写会忽略全局设置,如想跳过该入站的验证可填写 users: [] diff --git a/docs/config/inbound/port.en.md b/docs/config/inbound/port.en.md new file mode 100644 index 000000000..b255dfe8e --- /dev/null +++ b/docs/config/inbound/port.en.md @@ -0,0 +1,41 @@ +# Proxy Ports + +[HTTP/SOCKS/Mixed Port Verification and External Access](../general.md/#allow-lan) + +## HTTP(S) Proxy Port + +```{.yaml linenums="1"} +port: 7890 +``` + +## SOCKS4/4a/5 Proxy Port + +```{.yaml linenums="1"} +socks-port: 7891 +``` + +## Mixed Port + +!!! node + The mixed port is a special port that supports both HTTP(S) and SOCKS5 protocols. You can connect to this port using any program that supports HTTP or SOCKS proxies. + +```{.yaml linenums="1"} +mixed-port: 7892 +``` + +## Transparent Proxy Port + +!!! note + The redirect port is applicable only for Linux (Android) and macOS, while the tproxy port is applicable only for Linux (Android). + +The redirect transparent proxy port can only proxy TCP traffic. + +```{.yaml linenums="1"} +redir-port: 7893 +``` + +The tproxy transparent proxy port can proxy both TCP and UDP traffic. + +```{.yaml linenums="1"} +tproxy-port: 7894 +``` \ No newline at end of file diff --git a/docs/config/proxies/hysteria2.en.md b/docs/config/proxies/hysteria2.en.md new file mode 100644 index 000000000..a313bbbf3 --- /dev/null +++ b/docs/config/proxies/hysteria2.en.md @@ -0,0 +1,49 @@ +# Hysteria2 + +[Configuration Reference](https://hysteria.network/en/docs/advanced-usage/#client-side) + +```{.yaml linenums="1"} +proxies: +- name: "hysteria2" + type: hysteria2 + server: server.com + port: 443 + ports: 443-8443 + password: yourpassword + up: "30 Mbps" + down: "200 Mbps" + obfs: salamander # Default is empty; if filled, obfs is enabled. Currently, only salamander is supported. + obfs-password: yourpassword + + sni: server.com + skip-cert-verify: false + fingerprint: xxxx + alpn: + - h3 + ca: "./my.ca" + ca-str: "xyz" +``` + +[Common Fields](./index.md) + +[TLS Fields](./tls.md) + +## Ports + +Configuring this enables port jumping, ignoring `port`. Refer to [Port Range](../../handbook/syntax.md#port-ranges) for format. + +## Password + +Authentication password. + +## Up/Down + +Brutal rate control; if no unit is specified, the default is Mbps. + +## Obfs + +QUIC traffic obfuscator type, can only be set to `salamander`. If left empty, it is disabled. + +## Obfs-password + +QUIC traffic obfuscator password. \ No newline at end of file diff --git a/docs/config/proxies/tls.en.md b/docs/config/proxies/tls.en.md new file mode 100644 index 000000000..b27bd8482 --- /dev/null +++ b/docs/config/proxies/tls.en.md @@ -0,0 +1,58 @@ +# TLS Configuration + +```{.yaml linenums="1"} +proxies: +- name: "tls-example" + tls: true + sni: example.com + servername: example.com + fingerprint: xxx + alpn: + - h2 + - http/1.1 + skip-cert-verify: true + client-fingerprint: random + reality-opts: + public-key: xxxx + short-id: xxxx +``` + +## TLS + +Enables TLS, applicable only to protocols that use `tls`, with the `trojan` protocol requiring it to be enabled. + +## SNI/Servername + +The server name indication, referred to as `servername` in [`VMess`](./vmess.md)/[`VLESS`](./vless.md). If left empty, it defaults to the address in `server`. + +## Fingerprint + +Certificate fingerprint, applicable only to protocols that use `tls`. + +## ALPN + +List of supported Application Layer Protocol Negotiation options, arranged in order of priority. + +If both peers support ALPN, the selected protocol will be one from this list; if there are no mutually supported protocols, the connection will fail. + +Refer to [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation) + +## Skip Cert Verify + +Bypasses certificate verification, applicable only to protocols that use `tls`. + +## Client Fingerprint + +Client uTLS fingerprint, applicable only to [`VMess`](./vmess.md)/[`VLESS`](./vless.md)/[`Trojan`](./trojan.md) protocols. For optional details, refer to [Global Client Fingerprint](../general.md#global-client-fingerprint). + +## Reality Options + +Configuration for reality; if not empty, reality will be enabled. + +### reality-opts.public-key + +Public key corresponding to the reality server's private key. + +### reality-opts.short-id + +One of the server's short IDs. \ No newline at end of file diff --git a/docs/config/proxies/tls.md b/docs/config/proxies/tls.md index 4e0fddfff..03a020ced 100644 --- a/docs/config/proxies/tls.md +++ b/docs/config/proxies/tls.md @@ -35,7 +35,7 @@ proxies: 如果两个对等点都支持 ALPN,则选择的协议将是此列表中的一个,如果没有相互支持的协议则连接将失败。 -参阅 [Application-Layer Protocol Negotiation](https://sing-box.sagernet.org/zh/configuration/shared/tls/#alpn:~:text=Application%2DLayer%20Protocol%20Negotiation%E3%80%82) +参阅 [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation) ## skip-cert-verify diff --git a/docs/config/proxy-groups/index.en.md b/docs/config/proxy-groups/index.en.md index 4466699be..c5bf0706d 100644 --- a/docs/config/proxy-groups/index.en.md +++ b/docs/config/proxy-groups/index.en.md @@ -76,14 +76,14 @@ Disables `UDP` for this proxy group. ## interface-name -Specifies the [outbound interface](../general.md#_11) for the proxy group. +Specifies the [outbound interface](../general.md#outbound-interface) for the proxy group. !!! info "" Priority: Proxy Node > Proxy Policy > Global. ## routing-mark -The [routing mark](../general.md#_12) attached when the proxy group is outbound. +The [routing mark](../general.md#routing-mark) attached when the proxy group is outbound. !!! info "" Priority: Proxy Node > Proxy Policy > Global. diff --git a/docs/config/proxy-providers/content.en.md b/docs/config/proxy-providers/content.en.md new file mode 100644 index 000000000..c2fe7e2c4 --- /dev/null +++ b/docs/config/proxy-providers/content.en.md @@ -0,0 +1,34 @@ +# Content of the proxy-providers file + +=== "yaml" + ```{.yaml linenums="1"} + proxies: + - name: "ss1" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + - name: "ss2" + type: ss + server: server + port: 443 + cipher: chacha20-ietf-poly1305 + password: "password" + ``` + +=== "uri" + ```{.yaml linenums="1"} + ss://YWVzLTI1Ni1nY206bWV0YUAxMjcuMC4wLjE6NDQz#home + vmess://eyJhZGQiOiIxMjcuMC4wLjEiLCJhaWQiOiIwIiwiYWxwbiI6IiIsImZwIjoiIiwiaG9zdCI6IiIsImlkIjoiMTIyMzQ1Njc4OSIsIm5ldCI6InRjcCIsInBhdGgiOiIiLCJwb3J0IjoiNDQzIiwicHMiOiJ2bWVzcyIsInNjeSI6ImF1dG8iLCJzbmkiOiIiLCJ0bHMiOiIiLCJ0eXBlIjoibm9uZSIsInYiOiIyIn0= + ``` + +=== "base64" + ```{.text linenums="1"} + c3M6Ly9ZV1Z6TFRJMU5pMW5ZMjA2YldWMFlVQXhNamN1TUM0d0xqRTZORFF6I2hvbWUKdm1lc3M6Ly9leUpoWkdRaU9pSXhNamN1TUM0d0xqRWlMQ0poYVdRaU9pSXdJaXdpWVd4d2JpSTZJaUlzSW1ad0lqb2lJaXdpYUc5emRDSTZJaUlzSW1sa0lqb2lNVEl5TXpRMU5qYzRPU0lzSW01bGRDSTZJblJqY0NJc0luQmhkR2dpT2lJaUxDSndiM0owSWpvaU5EUXpJaXdpY0hNaU9pSjJiV1Z6Y3lJc0luTmplU0k2SW1GMWRHOGlMQ0p6Ym1raU9pSWlMQ0owYkhNaU9pSWlMQ0owZVhCbElqb2libTl1WlNJc0luWWlPaUl5SW4wPQ== + ``` + +!!! note + The base64 URI is typically the subscription link content provided by the provider for v2ray/xray. + + `YAML`/`uri`/`base64` cannot be written in the same file; `uri`/`base64` do not require the `proxies:` field and can be written directly. \ No newline at end of file diff --git a/docs/config/proxy-providers/index.en.md b/docs/config/proxy-providers/index.en.md new file mode 100644 index 000000000..7f3486004 --- /dev/null +++ b/docs/config/proxy-providers/index.en.md @@ -0,0 +1,165 @@ +# Proxy Providers + +```{.yaml linenums="1"} +proxy-providers: + provider1: + type: http + url: "http://test.com" + path: ./proxy_providers/provider1.yaml + interval: 3600 + proxy: DIRECT + header: + User-Agent: + - "Clash/v1.18.0" + - "mihomo/1.18.3" + Authorization: + - 'token 1231231' + health-check: + enable: true + url: https://www.gstatic.com/generate_204 + interval: 300 + timeout: 5000 + lazy: true + expected-status: 204 + override: + skip-cert-verify: true + udp: true + down: "50 Mbps" + up: "10 Mbps" + dialer-proxy: proxy + interface-name: tailscale0 + routing-mark: 233 + ip-version: ipv4-prefer + additional-prefix: "provider1 prefix |" + additional-suffix: "| provider1 suffix" + proxy-name: + - pattern: "IPLC-(.*?)倍" + target: "iplc x $1" + filter: "(?i)港|hk|hongkong|hong kong" + exclude-filter: "xxx" + exclude-type: "ss|http" + + provider2: + type: file + path: ./proxy_providers/provider2.yaml + health-check: + enable: true + url: https://www.gstatic.com/generate_204 + interval: 300 +``` + +## Name + +This is required, such as `provider1`, and must be unique. It is advisable not to duplicate names with [policy groups](../proxy-groups/index.md#name). + +## Type + +This is required, the `provider` type, with options of `http/file`. + +## URL + +If the type is `http`, this must be configured. + +## Path + +Optional, the file path, must be unique. If not provided, the MD5 of the URL will be used as the filename. + +For security reasons, this path is restricted to only allow locations within `HomeDir` (configured with the -d startup parameter). If you wish to store it in any location, set the environment variable `SKIP_SAFE_PATH_CHECK=1`. + +## Interval + +The update time for the `provider`, measured in seconds. + +## Proxy + +Download/update through the specified proxy. + +## Header + +Custom HTTP request headers. + +## Health Check + +Health check (latency testing). + +### health-check.enable + +Whether to enable, optional `true/false`. + +### health-check.url + +Health check address, it is recommended to use one of the following addresses: + +=== "Cloudflare" + ```yaml + https://cp.cloudflare.com + ``` + +=== "Google" + ```yaml + https://www.gstatic.com/generate_204 + ``` + +### health-check.interval + +Health check interval, measured in seconds. + +### health-check.timeout + +Health check timeout, measured in milliseconds. + +### health-check.lazy + +Lazy state, defaults to `true`, no testing is performed when this provider node is not in use. + +### health-check.expected-status + +Refer to [expected status](../proxy-groups/index.md#expected-status). + +## Override + +Override node content, the following fields are supported. + +### override.additional-prefix + +Add a fixed prefix to the node name. + +### override.additional-suffix + +Add a fixed suffix to the node name. + +### override.proxy-name + +Replace the content of the node name, supporting regular expressions, where pattern is the replacement content and target is the replacement target. + +### Configuration Items + +Refer to `Hysteria`/`Hysteria2` [up](../proxies/hysteria2.md#updown). + +Refer to `Hysteria`/`Hysteria2` [down](../proxies/hysteria2.md#updown). + +Refer to common fields [skip-cert-verify](../proxies/tls.md#skip-cert-verify). + +Refer to common fields [udp](../proxies/index.md#udp). + +Refer to common fields [dialer-proxy](../proxies/index.md#dialer-proxy). + +Refer to common fields [interface-name](../proxies/index.md#interface-name). + +Refer to common fields [routing-mark](../proxies/index.md#routing-mark). + +Refer to common fields [ip-version](../proxies/index.md#ip-version). + +## Filter + +Filter nodes that meet keywords or [regular expressions](https://github.com/ziishaned/learn-regex/blob/master/translations/README-cn.md), multiple regular expressions can be separated by `. + +## Exclude Filter + +Exclude nodes that meet keywords or [regular expressions](https://github.com/ziishaned/learn-regex/blob/master/translations/README-cn.md), multiple regular expressions can be separated by `. + +## Exclude Type + +Regular expressions are not supported; use `|` to separate and exclude based on node type. + +Note that the syntax for `proxy-groups` and `proxy-providers` is different. \ No newline at end of file diff --git a/docs/config/rule-providers/content.en.md b/docs/config/rule-providers/content.en.md new file mode 100644 index 000000000..7c8754f2b --- /dev/null +++ b/docs/config/rule-providers/content.en.md @@ -0,0 +1,64 @@ +# Contents of the rule-providers file + +## classical + +The `classical` type supports all types of [routing rules](../rules/index.md) (except for rule-set/sub-rule). + +=== "yaml" + ```{.yaml linenums="1"} + payload: + - DOMAIN-SUFFIX,google.com + - DOMAIN-KEYWORD,google + - DOMAIN,ad.com + - SRC-IP-CIDR,192.168.1.201/32 + - IP-CIDR,127.0.0.0/8 + - GEOIP,CN + - DST-PORT,80 + - SRC-PORT,7777 + ``` + +=== "text" + ```text + DOMAIN-SUFFIX,google.com + DOMAIN-KEYWORD,google + DOMAIN,ad.com + SRC-IP-CIDR,192.168.1.201/32 + IP-CIDR,127.0.0.0/8 + GEOIP,CN + DST-PORT,80 + SRC-PORT,7777 + ``` + +## domain + +The content of the `domain` rule set must adhere to the [clash wildcard](../../handbook/syntax.md#domain-wildcards). + +=== "yaml" + ```{.yaml linenums="1"} + payload: + - '.blogger.com' + - '*.*.microsoft.com' + - 'books.itunes.apple.com' + ``` + +=== "text" + ```text + .blogger.com + *.*.microsoft.com + books.itunes.apple.com + ``` + +## ipcidr + +=== "yaml" + ```{.yaml linenums="1"} + payload: + - '192.168.1.0/24' + - '10.0.0.0.1/32' + ``` + +=== "text" + ```text + 192.168.1.0/24 + 10.0.0.0.1/32 + ``` \ No newline at end of file diff --git a/docs/config/rule-providers/content.md b/docs/config/rule-providers/content.md index 57d6a2156..174e3a52b 100644 --- a/docs/config/rule-providers/content.md +++ b/docs/config/rule-providers/content.md @@ -31,7 +31,7 @@ ## domain -`domain`类规则集合内容通配应遵守[clash 通配符](../syntax.md#_8) +`domain`类规则集合内容通配应遵守[clash 通配符](../../handbook/syntax.md#_8) === "yaml" ```{.yaml linenums="1"} diff --git a/docs/config/rule-providers/index.en.md b/docs/config/rule-providers/index.en.md new file mode 100644 index 000000000..38cb90073 --- /dev/null +++ b/docs/config/rule-providers/index.en.md @@ -0,0 +1,49 @@ +# rule-provider + +```{.yaml linenums="1"} +rule-providers: + google: + type: http + path: ./rule1.yaml + url: "https://raw.githubusercontent.com/../Google.yaml" + interval: 600 + proxy: DIRECT + behavior: classical + format: yaml +``` + +## name + +Required, such as `google`, must be unique. + +## type + +Required, `provider` type, options are `http` / `file`. + +## url + +Must be configured if the type is `http`. + +## path + +Optional, file path, must be unique. If not provided, the MD5 of the URL will be used as the filename. + +For security reasons, this path is restricted to only allow locations within `HomeDir` (configured with the -d startup parameter). If you want to store it in any location, set the environment variable `SKIP_SAFE_PATH_CHECK=1`. + +## interval + +The update interval for the `provider`, in seconds. + +## proxy + +Download/update through the specified proxy. + +## behavior + +Behavior, options are `domain` / `ipcidr` / `classical`, corresponding to different formats of rule-provider files. Please fill in according to the actual format. + +## format + +Format, options are `yaml` / `text` / `mrs`, default is `yaml`. + +Currently, `mrs` behavior only supports `domain` / `ipcidr`. You can convert using `mihomo convert-ruleset domain/ipcidr yaml/text XXX.yaml XXX.mrs`. \ No newline at end of file diff --git a/docs/config/rules/index.en.md b/docs/config/rules/index.en.md new file mode 100644 index 000000000..4a006d6d2 --- /dev/null +++ b/docs/config/rules/index.en.md @@ -0,0 +1,202 @@ +# Routing Rules + +```{.yaml linenums="1"} +rules: +- DOMAIN,ad.com,REJECT +- DOMAIN-SUFFIX,google.com,auto +- DOMAIN-KEYWORD,google,auto +- DOMAIN-REGEX,^abc.*com,PROXY +- GEOSITE,youtube,PROXY + +- IP-CIDR,127.0.0.0/8,DIRECT,no-resolve +- IP-CIDR6,2620:0:2d0:200::7/32,auto +- IP-SUFFIX,8.8.8.8/24,PROXY +- IP-ASN,13335,DIRECT +- GEOIP,CN,DIRECT + +- SRC-GEOIP,cn,DIRECT +- SRC-IP-ASN,9808,DIRECT +- SRC-IP-CIDR,192.168.1.201/32,DIRECT +- SRC-IP-SUFFIX,192.168.1.201/8,DIRECT + +- DST-PORT,80,DIRECT +- SRC-PORT,7777,DIRECT + +- IN-PORT,7890,PROXY +- IN-TYPE,SOCKS/HTTP,PROXY +- IN-USER,mihomo,PROXY +- IN-NAME,ss,PROXY + +- PROCESS-PATH,/usr/bin/wget,PROXY +- PROCESS-PATH,C:\Program Files\Google\Chrome\Application\chrome.exe,PROXY +- PROCESS-PATH-REGEX,.*bin/wget,PROXY +- PROCESS-PATH-REGEX,(?i).*Application\\chrome.*,PROXY + +- PROCESS-NAME,curl,PROXY +- PROCESS-NAME,chrome.exe,PROXY +- PROCESS-NAME,com.termux,PROXY +- PROCESS-NAME-REGEX,curl$,PROXY +- PROCESS-NAME-REGEX,(?i)Telegram,PROXY +- PROCESS-NAME-REGEX,.*telegram.*,PROXY +- UID,1001,DIRECT + +- NETWORK,udp,DIRECT +- DSCP,4,DIRECT + +- RULE-SET,providername,proxy +- AND,((DOMAIN,baidu.com),(NETWORK,UDP)),DIRECT +- OR,((NETWORK,UDP),(DOMAIN,baidu.com)),REJECT +- NOT,((DOMAIN,baidu.com)),PROXY +- SUB-RULE,(NETWORK,tcp),sub-rule + +- MATCH,auto +``` + +## Priority + +Rules will be matched in order from top to bottom, with the rules at the top having higher priority than those below. + +!!! warning "" + If the request is for UDP and the proxy node does not support UDP (for example, if the `ss` node does not have `udp: true` specified), it will continue to match downwards. + +### DOMAIN + +Matches the full domain name. + +### DOMAIN-SUFFIX + +Matches the domain suffix. + +For example, `google.com` matches `www.google.com`, `mail.google.com`, and `google.com`, but does not match `content-google.com`. + +### DOMAIN-KEYWORD + +Matches using domain keywords. + +### DOMAIN-REGEX + +Matches using regular expressions for domain names. + +### GEOSITE + +Matches domains within a Geosite; some content is referenced from [v2fly/domain-list-community](https://github.com/v2fly/domain-list-community/tree/master/data). + +### IP-CIDR & IP-CIDR6 + +Matches IP address ranges; `IP-CIDR` and `IP-CIDR6` have the same effect, with `IP-CIDR6` being an alias. + +### IP-SUFFIX + +Matches IP suffix ranges. + +### IP-ASN + +Matches the ASN of the IP. + +### GEOIP + +Matches the country code of the IP. + +### SRC-GEOIP + +Matches the country code of the source IP. + +### SRC-IP-ASN + +Matches the ASN of the source IP. + +### SRC-IP-CIDR + +Matches the source IP address range. + +### SRC-IP-SUFFIX + +Matches the source IP suffix range. + +### DST-PORT + +Matches the target [port range](../../handbook/syntax.md#port-ranges) of the request. + +### SRC-PORT + +Matches the source [port range](../../handbook/syntax.md#port-ranges) of the request. + +### IN-PORT + +Matches the [inbound port](../inbound/listeners/index.md#port), allowing for [port ranges](../../handbook/syntax.md#port-ranges). + +### IN-TYPE + +Matches the [inbound type](../inbound/listeners/index.md#type). + +### IN-USER + +Matches the [inbound](../inbound/listeners/index.md) username, supporting multiple usernames separated by `/`. + +### IN-NAME + +Matches the [inbound name](../inbound/listeners/index.md#name). + +### PROCESS-PATH + +Matches using the full process path. + +### PROCESS-PATH-REGEX + +Matches using regular expressions for the process path. + +### PROCESS-NAME + +Matches using the process name; on the `Android` platform, it can match package names. + +### PROCESS-NAME-REGEX + +Matches using regular expressions for the process name; on the `Android` platform, it can match package names. + +### UID + +Matches the Linux USER ID. + +### NETWORK + +Matches `tcp` or `udp`. + +### DSCP + +Matches the `DSCP` tag (only for tproxy UDP inbound). + +### RULE-SET + +References a set of rules; configuration for [rule-providers](../rule-providers/index.md) is required. + +### AND & OR & NOT + +`LOGIC_TYPE,((payload1),(payload2)),Proxy` + +*payload1* and *payload2* are rule types and other payloads, such as `DOMAIN,google.com`. + +Logical rules require **careful use of parentheses**. + +### SUB-RULE + +Matches to [sub-rules](../sub-rule.md); careful use of parentheses is required. + +### MATCH + +Matches all requests without conditions. + +## Additional Parameters + +### no-resolve + +Only supports rules regarding the `target IP`. + +When domain matching begins for `target IP` rules, mihomo will trigger DNS resolution to check if the domain's `target IP` matches the rules. The `no-resolve` option can be selected to skip DNS resolution. + +If DNS resolution was triggered in an earlier match, it will still match rules regarding `target IP` that have the `no-resolve` option added. + +### src + +Only supports rules regarding the `target IP`. + +Converts `target IP` matching to `source IP` matching. \ No newline at end of file