完整示例

  • 原开源Clash内核配置部分主要引自 Clash Wiki ,做了小部分调整和翻译;

  • 注释标记【Meta专属】内容为Meta核新特有功能,在其他Clash核心使用可能造成意想不到的后果。

基础配置:

# port: 7890                 #本地http代理端口
# socks-port: 7891           #本地socks5代理端口
mixed-port: 7890             #本地混合代理(http和socks5合并)端口
# redir-port: 7892           #本地Linux/macOS Redir代理端口
# tproxy-port: 7893          #本地Linux Tproxy代理端口

# authentication:            # 本地SOCKS5/HTTP(S)代理端口认证设置
#  - "user1:pass1"
#  - "user2:pass2"

# geodata-mode: true         #【Meta专属】使用geoip.dat数据库(默认:false使用mmdb数据库)
tcp-concurrent: true         #【Meta专属】TCP连接并发,如果域名解析结果对应多个IP,
                             # 并发所有IP,选择握手最快的IP进行连接

allow-lan: false                  #允许局域网连接(false/true)
bind-address:                     #监听IP白名单(当allow-lan:true),只允许列表设备
  '*'                             #全部设备
  # 192.168.122.11                #单个ip4地址
  # "[aaaa::a8aa:ff:fe09:57d8]"   #单个ip6地址
  
mode: rule                 #clash工作模式(rule/global/direct,meta暂不支持script)

log-level: info            #日志等级(info/warning/error/debug/silent)

ipv6: false                #ip6开关,当为false时,停止解析hostanmes为ip6地址

external-controller: 127.0.0.1:9090   #控制器监听地址
external-ui: folder                   #http服务路径,可以放静态web网页,如yacd的控制面板
                                      #可通过`http://{{external-controller}}/ui`直接使用
# secret: ""                          #控制器登录密码


interface-name: en0        #出口网卡名称
routing-mark: 6666         #流量标记(仅Linux)

profile:                   #缓存设置(文件位置./cache.db)
  store-selected: false    #节点状态记忆(若不同配置有同代理名称,设置值共享)
  store-fake-ip: true      #fake-ip缓存

DNS配置:

sniffer:                         #【Meta专属】sniffer域名嗅探器
  enable: true                   #嗅探开关
  sniffing:                      #嗅探协议对象:目前支持tls/http
    - tls
    - http
  skip-domain:                   #列表中的sni字段,保留mapping结果,不通过嗅探还原域名
                                 #优先级比force-domain高
    - 'Mijia Cloud'              #米家设备,建议加
    - 'dlg.io.mi.com'
    - '+.apple.com'              #苹果域名,建议加
  # - '*.baidu.com'              #支持通配符
    
  force-domain:                  #需要强制嗅探的域名,默认只对IP嗅探
  # - '+'                        #去掉注释后等于全局嗅探
    - 'google.com'
    
  #port-whitelist:               #端口白名单,只对名单内的端口进行还原域名
  # - 80
  # - 443
  # - 8000-9000

hosts:                           #host,支持通配符(非通配符域名优先级高于通配符域名)
  # '*.clash.dev': 127.0.0.1     #例如foo.example.com>*.example.com>.example.com
  # '.dev': 127.0.0.1
  # 'alpha.clash.dev': '::1'
dns:
  enable: true                 #DNS开关(false/true)
  listen: 0.0.0.0:53           #DNS监听地址
  # ipv6: false                #IP6解析开关;如果为false,将返回ip6结果为空
  
  default-nameserver:          #解析非IP的dns用的dns服务器,只支持纯IP
    - 114.114.114.114
    - 8.8.8.8
    
  #nameserver-policy:                #指定域名使用自定义DNS解析
  # 'www.baidu.com': 'https://223.5.5.5/dns-query'
  # '+.internal.crop.com': '114.114.114.114'
  
  enhanced-mode: redir-host          #DNS模式(redir-host/fake-ip)
                                     #【Meta专属】redir-host传递域名,可远程解析
  fake-ip-range: 198.18.0.1/16       #Fake-IP解析地址池
  # use-hosts: true                  #查询hosts配置并返回真实IP
  
  # fake-ip-filter:                  #Fake-ip过滤,列表中的域名返回真实ip
  #   - '*.lan'
  #   - '*.linksys.com'
  #   - '+.pool.ntp.org'
  #   - localhost.ptlogin2.qq.com
  
  #proxy-server-nameserver:          #【Meta专属】解析代理服务器域名的dns
  # - tls://1.0.0.1:853              # 不写时用nameserver解析

  nameserver:                        #默认DNS服务器,支持udp/tcp/dot/doh/doq
    - 114.114.114.114 # default value
    - 8.8.8.8 # default value
    - tls://223.5.5.5:853 # DNS over TLS
    - https://doh.pub/dns-query # DNS over HTTPS
    - https://dns.alidns.com/dns-query#h3=true #【Meta专属】强制HTTP/3
    - https://mozilla.cloudflare-dns.com/dns-query#DNS&h3=true #【Meta专属】指定策略组和使用 HTTP/3
    - dhcp://en0 # dns from dhcp
    - quic://dns.adguard.com:784 # DNS over QUIC
    # - '8.8.8.8#en0' # 兼容指定DNS出口网卡
    
  fallback:                          #回落DNS服务器,支持udp/tcp/dot/doh/doq
    - https://doh.dns.sb/dns-query
    - tcp://208.67.222.222:443
    - quic://a.passcloud.xyz:784     #【Meta专属】Dns over quic
    - 'tls://8.8.4.4:853#DNSg'       #【Meta专属】"#DNSg"代表该DNS服务器通过
                                     # 名为"DNSg"的proxy Group访问
                                     
  fallback-filter:                   #回落DNS服务器过滤
    geoip: true                      #为真时,不匹配为geoip规则的使用fallback返回结果
    geoip-code: CN                   #geoip匹配区域设定
    geosite:                         #【Meta专属】设定geosite某分类使用fallback返回结果
      - gfw
    ipcidr:                          #列表中的ip使用fallback返回解析结果
      - 240.0.0.0/4
    domain:                          #列表中的域名使用fallback返回解析结果
      - '+.google.com'
      - '+.facebook.com'
      - '+.youtube.com'

代理配置:

proxies:
    
    #【Meta专属】Hysteria
  - name: "hysteria"
    type: hysteria
    server: server.com
    port: 443
    auth_str: yourpassword
    # obfs: yourpassword
    alpn: h3
    protocol: udp          #支持udp/wechat-video/faketcp
    up: '30 Mbps'          #若不写单位,默认为Mbps
    down: '200 Mbps'       #若不写单位,默认为Mbps
    # sni: server.com
    # skip-cert-verify: false
    # recv_window_conn: 12582912
    # recv_window: 52428800
    # auth_str: "yubiyubi"
    # ca: "./my.ca"
    # ca_str: "xyz"
    # disable_mtu_discovery: false
    
    # fingerprint: xxxx 
    # 同 experimental.fingerprints 使用 sha256 指纹
    # 配置协议独立的指纹,将忽略 experimental.fingerprints
    
  #【Meta专属】Vless
  - name: "vless-tcp"
    type: vless
    server: server
    port: 443
    uuid: uuid
    network: tcp
    servername: example.com # AKA SNI
    # flow: xtls-rprx-direct # xtls-rprx-origin  # enable XTLS
    # skip-cert-verify: true
    # fingerprint: xxxx
    
  #【Meta专属】Vless   
  - name: "vless-ws"
    type: vless
    server: server
    port: 443
    uuid: uuid
    udp: true
    tls: true
    network: ws
    servername: example.com # priority over wss host
    # skip-cert-verify: true
    ws-opts:
      path: "/"
      headers:
        Host: example.com
    # fingerprint: xxxx
  
  # Wireguard         
  # 兼容官方核心配置,并支持双栈模式 
  - name: "wg"
    type: wireguard
    server: 162.159.192.1
    port: 2480
    ip: 172.16.0.2
    ipv6: fd01:5ca1:ab1e:80fa:ab85:6eea:213f:f4a5 # *支持双栈*
    private-key: eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU=
    public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo=
    udp: true
    # fingerprint: xxxx
    
                                            
  # Shadowsocks
  # 加密支持:
  #   aes-128-gcm aes-192-gcm aes-256-gcm
  #   aes-128-cfb aes-192-cfb aes-256-cfb
  #   aes-128-ctr aes-192-ctr aes-256-ctr
  #   rc4-md5 chacha20-ietf xchacha20
  #   chacha20-ietf-poly1305 xchacha20-ietf-poly1305
 
  #【Meta专属】支持SS2022加密:
  #   2022-blake3-aes-128-gcm
  #   2022-blake3-aes-256-gcm
  #   2022-blake3-chacha20-poly1305
  - name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    # udp: true

  - name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
      mode: tls # or http
      # host: bing.com

  - name: "ss3"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: v2ray-plugin
    plugin-opts:
      mode: websocket # no QUIC now
      # tls: true # wss
      # skip-cert-verify: true
      # host: bing.com
      # path: "/"
      # mux: true
      # headers:
      #   custom: value

  # vmess
  # 加密支持 auto/aes-128-gcm/chacha20-poly1305/none
  - name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # tls: true
    # skip-cert-verify: true
    # servername: example.com # priority over wss host
    # network: ws
    # ws-opts:
    #   path: /path
    #   headers:
    #     Host: v2ray.com
    #   max-early-data: 2048
    #   early-data-header-name: Sec-WebSocket-Protocol

  - name: "vmess-h2"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    network: h2
    tls: true
    h2-opts:
      host:
        - http.example.com
        - http-alt.example.com
      path: /
  
  - name: "vmess-http"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # network: http
    # http-opts:
    #   # method: "GET"
    #   # path:
    #   #   - '/'
    #   #   - '/video'
    #   # headers:
    #   #   Connection:
    #   #     - keep-alive

  - name: vmess-grpc
    server: server
    port: 443
    type: vmess
    uuid: uuid
    alterId: 32
    cipher: auto
    network: grpc
    tls: true
    servername: example.com
    # skip-cert-verify: true
    grpc-opts:
      grpc-service-name: "example"

  # socks5
  - name: "socks"
    type: socks5
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true
    # skip-cert-verify: true
    # udp: true

  # http
  - name: "http"
    type: http
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true # https
    # skip-cert-verify: true
    # sni: custom.com
    # headers:                      #【Meta专属】
    #   X-T5-Auth: "1962xxxxx709"
    #   User-Agent: "okhttp/3.11.0 Dalvik/2.1.0 ...... "

  # Snell
  # 不支持UDP
  - name: "snell"
    type: snell
    server: server
    port: 44046
    psk: yourpsk
    # version: 2
    # obfs-opts:
      # mode: http # or tls
      # host: bing.com

  # Trojan
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk
    # udp: true
    # sni: example.com # aka server name
    # alpn:
    #   - h2
    #   - http/1.1
    # skip-cert-verify: true

  - name: trojan-grpc
    server: server
    port: 443
    type: trojan
    password: "example"
    network: grpc
    sni: example.com
    # skip-cert-verify: true
    udp: true
    grpc-opts:
      grpc-service-name: "example"

  - name: trojan-ws
    server: server
    port: 443
    type: trojan
    password: "example"
    network: ws
    sni: example.com
    # skip-cert-verify: true
    udp: true
    # ws-opts:
      # path: /path
      # headers:
      #   Host: example.com

  # ShadowsocksR
  # 支持的加密: ss中的所有加密方法
  # 支持的obfses:
  #   plain http_simple http_post
  #   random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
  # 支持的protocols:
  #   origin auth_sha1_v4 auth_aes128_md5
  #   auth_aes128_sha1 auth_chain_a auth_chain_b  
  - name: "ssr"
    type: ssr
    server: server
    port: 443
    cipher: chacha20-ietf
    password: "password"
    obfs: tls1.2_ticket_auth
    protocol: auth_sha1_v4
    # obfs-param: domain.tld
    # protocol-param: "#"
    # udp: true

代理组配置:

proxy-groups:
  - name: DNSg             #【Meta专属】DNS代理组,配合上文"DNS配置"使用
    type: url-test         #可任意name/type,此处仅做举例
    proxies:
      - ss1
      - ss2
      
  - name: "relay"          #【Meta专属】relay支持UDP over TCP
    type: relay            #中继代理,不能中继套娃中继     
    proxies:               #流量走向:clash <-> http <-> vmess <-> ss1 <-> Internet
      - http
      - vmess
      - ss1
      
  - name: "auto" 
    type: url-test         #通过httping URL 自动切换延迟最低的节点
    proxies:
      - ss1
      - ss2
      - vmess1
    # tolerance: 150       #容差值:节点差值低于设定值时,不自动切换
    # lazy: true           #为true时,未被使用时不进行测ping
    url: 'http://www.gstatic.com/generate_204'      #用来测ping的地址
    interval: 300          #测ping时间(秒)
    # disable-udp: true    #关闭UDP
    # filter: 'HK'         #【Meta专属】代理筛选

  - name: "fallback-auto"
    type: fallback         #通过httping URL,当没有ping值时,自动切换下一个节点
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
    # lazy: true
    # disable-udp: true
    # filter: 'HK'          #【Meta专属】代理筛选

  - name: "load-balance"
    type: load-balance      #负载均衡:同一域名(eTLD+1)使用同一代理
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
    # lazy: true
    # disable-udp: true
    # filter: 'HK'            #【Meta专属】代理筛选
    # strategy: round-robin   #策略:round-robin :所有请求不使用同一代理
                              #consistent-hashing:同一有效顶级域名(eTLD)使用同一代理
                              
  - name: Proxy
    type: select              #手动代理组
    # disable-udp: true
    proxies:
      - PASS                  #【Meta专属】跳过:命中的规则会被忽略,继续向下查询
      - ss1
      - ss2
      - vmess1
      - auto
    # filter: 'HK'            #【Meta专属】代理筛选
 
  - name: en1
    type: select
    interface-name: en1       #指定网口
    proxies:
      - DIRECT 

  - name: UseProvider
    type: select
    use:
      - provider1
    # filter: 'HK'            #【Meta专属】代理筛选
    proxies:
      - Proxy
      - DIRECT

proxy-providers:
  provider1:
    type: http
    url: "https://abc.com/xhYdgd"    #【Meta专属】支持解析V2rayN等工具使用的普通订阅
    interval: 3600
    path: ./provider1.yaml
    health-check:
      enable: true
      interval: 600
      # lazy: true
      url: http://www.gstatic.com/generate_204
  test:
    type: file
    path: /test.yaml
    health-check:
      enable: true
      interval: 36000
      url: http://www.gstatic.com/generate_204

rule-providers:
  google:
    type: http
    behavior: classical
    path: ./rule1.yaml
    #【Meta专属】URL可根据rule设定匹配对应的策略,方便更新provider
    url: "https://raw.githubusercontent.com/../Google.yaml"
    interval: 600            

规则配置:

rules:
  #目的域名后缀规则
  - DOMAIN-SUFFIX,githubusercontent.com,auto
  - DOMAIN-SUFFIX,ad.com,REJECT
  - DOMAIN-SUFFIX,bilibili.com,DIRECT,tcp   #【Meta专属】可指定协议类型(tcp/udp)
  
  #目的域名规则
  - DOMAIN,google.com,auto
  
  #目的域名关键字规则
  - DOMAIN-KEYWORD,google,auto
  
  #目的IP规则
  - IP-CIDR,127.0.0.0/8,DIRECT
  - IP-CIDR,122.122.0.0/8,DIRECT,no-resolve #no-resolve:不解析,可应用于GEOIP, IP-CIDR
  
  #来源IP规则
  - SRC-IP-CIDR,192.168.1.201/32,DIRECT

  #目的端口规则
  - DST-PORT,123/136/137-139,DIRECT         #【Meta专属】可指定端口范围
  
  #来源端口规则
  - SRC-PORT,123/136/137-139,DIRECT,udp     #【Meta专属】可指定端口范围
  
  #【Meta专属】入站规则
  #支持HTTP/HTTPS/SOCKS5/SOCKS4/SOCKS/TUN/TPROXY/REDIR/INNER
  - IN-TYPE,SOCKS5/HTTP,auto
  
  #【Meta专属】逻辑判断规则
  - AND,((DOMAIN,baidu.com),(NETWORK,UDP)),DIRECT #AND(和):域名为baidu.com的UDP协议
  - OR,((NETWORK,UDP),(DOMAIN,baidu.com)),REJECT  #OR(或):UDP的协议,或者域名为baidu.com
  - NOT,((DOMAIN,baidu.com)),PROXY                #NOT(否):域名不为baidu.com访问
  #域名关键词为bilibili或者douyu的UDP协议
  - AND,((OR,((DOMAIN-KEYWORD,bilibili),(DOMAIN-KEYWORD,douyu))),(NETWORK,UDP)),REJECT 
  
  #【Meta专属】子规则集规则
  - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 当规则集
  - SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2 # 定义多个子规则集,规则将以分叉匹配
  
  #【Meta专属】GEOSITE规则
  - GEOSITE,category-ads-all,REJECT
  - GEOSITE,icloud@cn,DIRECT
  - GEOSITE,apple@cn,DIRECT
  - GEOSITE,apple-cn,DIRECT
  - GEOSITE,microsoft@cn,DIRECT
  - GEOSITE,facebook,PROXY
  - GEOSITE,youtube,PROXY
  - GEOSITE,geolocation-cn,DIRECT
  - GEOSITE,geolocation-!cn,PROXY
  
  #GEOIP规则  
  - GEOIP,telegram,PROXY,no-resolve
  - GEOIP,private,DIRECT,no-resolve
  - GEOIP,cn,DIRECT

  #Rule Provider规则
  - RULE-SET,google,REJECT                   # Meta支持RULE-SET规则
  
  #兜底规则
  - MATCH,auto

最后更新于