-
-
Notifications
You must be signed in to change notification settings - Fork 3.3k
配置文件
vernesong edited this page Jan 30, 2020
·
10 revisions
- 在配置文件页面您可以上传、修改、下载、切换配置文件,并提供标准模板供您参考
- 支持在此上传代理集配置文件
- OpenClash 使用
yaml
格式(兼容yml
格式)的配置文件,上传时请重命名为config.yaml
或者config.yml
。 - 配置文件的组成主要分为:
基本设置、服务器信息、服务器分组信息、规则(对应服务器分组)
,各个部分顺序不可调换
,否则会造成OpenClash功能异常
# 此部分您可直接覆盖到配置文件,无需更改
# port of HTTP
port: 7890 # 此项将被接管
# port of SOCKS5
socks-port: 7891 # 此项将被接管
# redir port for Linux and macOS
redir-port: 7892 # 此项将被接管
allow-lan: true # 此项将被接管为true
# Only applicable when setting allow-lan to true
# "*": bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: "*" # HTTP(S)\SOCKS5 监听地址,此项将被接管为all
# Rule / Global/ Direct (default is Rule)
mode: Rule
# set log level to stdout (default is info)
# info / warning / error / debug / silent
log-level: info
# A RESTful API for clash
external-controller: 0.0.0.0:9090 # 此项将被接管
# you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
# input is a relative path to the configuration directory or an absolute path
external-ui: "/usr/share/openclash/dashboard" # 此项将被接管
# Secret for RESTful API (Optional)
secret: '123456' # 此项将被接管
# experimental feature
experimental:
ignore-resolve-fail: true # ignore dns resolve fail, default value is true
# authentication of local SOCKS5/HTTP(S) server
authentication: # 此项将被接管
- "user1:pass1"
- "user2:pass2"
# # experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
# # static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)
#hosts:
#'*.clash.dev': 127.0.0.1
#'alpha.clash.dev': '::1'
dns: # 如订阅配置无包括此项的所有DNS设置,OpenClash将自动添加
enable: true # set true to enable dns (default is false) # 此项将被接管为true
ipv6: false # default is false # 此项将被接管
listen: 0.0.0.0:53 # 端口为53时将被接管为7874
enhanced-mode: redir-host # or fake-ip # 此项将被接管
fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it # 此项将被接管
nameserver:
- 114.114.114.114
- https://1.1.1.1/dns-query # dns over https
fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
- tcp://1.1.1.1
fallback-filter:
geoip: true # default
ipcidr: # ips in these subnets will be considered polluted
- 240.0.0.0/4
# Openclash 不会对下方服务器设置进行任何更改,请确保设置正确
proxy-provider: # 代理集信息,此部分与下方【Proxy】二者不能同时为空
iplc:
type: http
path: ./proxy_provider/iplc.yaml # 代理集文件路径,在【服务器与策略组管理】页面添加代理集时无需设置此项
url: ...
interval: 3600
health-check:
enable: true
url: http://www.gstatic.com/generate_204
interval: 300
Proxy:
# shadowsocks
# The supported ciphers(encrypt methods):
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
- { name: "ss1", type: ss, server: server, port: 443, cipher: chacha20-ietf-poly1305, password: "password", udp: true }
# old obfs configuration remove after prerelease
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
- name: "ss3"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# headers:
# custom: value
# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto }
# with tls
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true }
# with tls and skip-cert-verify
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true, skip-cert-verify: true }
# with ws-path and ws-headers
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, network: ws, ws-path: /path, ws-headers: { Host: v2ray.com } }
# with ws + tls
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, network: ws, ws-path: /path, tls: true }
# socks5
- { name: "socks", type: socks5, server: server, port: 443 }
# socks5 with authentication
- { name: "socks", type: socks5, server: server, port: 443, username: "username", password: "password" }
# with tls
- { name: "socks", type: socks5, server: server, port: 443, tls: true }
# with tls and skip-cert-verify
- { name: "socks", type: socks5, server: server, port: 443, tls: true, skip-cert-verify: true }
# http
- { name: "http", type: http, server: server, port: 443 }
# http with authentication
- { name: "http", type: http, server: server, port: 443, username: "username", password: "password" }
# with tls (https)
- { name: "http", type: http, server: server, port: 443, tls: true }
# with tls (https) and skip-cert-verify
- { name: "http", type: http, server: server, port: 443, tls: true, skip-cert-verify: true }
# Openclash 不会对下方策略组设置进行任何更改,请确保设置正确
Proxy Group: # 服务器策略组信息,此参数必须保留,不能删除
# url-test select which proxy will be used by benchmarking speed to a URL.
- { name: "auto", type: url-test, proxies: ["ss1", "ss2", "vmess1"], url: "http://www.gstatic.com/generate_204", interval: 300 }
# fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- { name: "fallback-auto", type: fallback, proxies: ["ss1", "ss2", "vmess1"], url: "http://www.gstatic.com/generate_204", interval: 300 }
# load-balance: The request of the same eTLD will be dial on the same proxy.
- { name: "load-balance", type: load-balance, proxies: ["ss1", "ss2", "vmess1"], url: "http://www.gstatic.com/generate_204", interval: 300 }
# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy, is recommended for use in GUI.
- { name: "Proxy", type: select, proxies: ["ss1", "ss2", "vmess1", "auto"] }
Rule: # 规则设置,此参数必须保留,不能删除
# 如果您将一直使用第三方规则,下方可以留空。
- DOMAIN-SUFFIX,google.com,auto
- DOMAIN-KEYWORD,google,auto
- DOMAIN,google.com,auto
- DOMAIN-SUFFIX,ad.com,REJECT
- IP-CIDR,127.0.0.0/8,DIRECT
# rename SOURCE-IP-CIDR and would remove after prerelease
- SRC-IP-CIDR,192.168.1.201/32,DIRECT
- GEOIP,CN,DIRECT
- DST-PORT,80,DIRECT
- SRC-PORT,7777,DIRECT
# FINAL would remove after prerelease
# you also can use `FINAL,Proxy` or `FINAL,,Proxy` now
- MATCH,auto
使用第三方规则:如何启用第三方规则
- 首次使用
- 运行状态页面
- 全局设置页面
- 服务器与策略组管理页面
- 游戏规则与策略组管理页面
- 配置文件订阅页面
- 配置文件管理页面
- 常见疑问
- 订阅仅更新节点信息启用保留配置选项、或者使用代理集
- Fake-IP、Redir-Host模式选择
- DNS服务器的选择
- 网络连接异常时排查原因
- Fake-IP模式下ICMP、NTP、DDNS等服务异常,请尝试配置 DNS高级设置