【笔记】Clash配置文件

发表于 2022-10-26 更新于 2025-12-19 阅读次数：

前言

Clash配置文件学习笔记

配置文件位置

Linux & MacOS

~/.config/clash/config.yaml

基本配置

port: 7890：指定HTTP代理的监听端口
socks-port: 7891：指定SOCKS5代理的监听端口
redir-port: 7892：Linux 和 MacOS 的透明代理服务端口（TCP 和 TProxy UDP 重定向）
tproxy-port: 7893：Linux 的透明代理服务端口（TProxy TCP 和 TProxy UDP）
mixed-port: 7890：混合代理的监听端口，自动切换http_proxy、https_proxy、sock5_proxy代理

allow-lan：是否允许局域网访问，如果为true表示所有局域网都可以将当前设备作为代理服务器，如果为false表示除了本机可以使用局域网的其他设备都不能将当前设备作为代理服务器
mode：代理模式

rule：缺省值，规则模式
global：全局模式
direct：直连模式

log-level：日志打印级别

info：信息
warning：警告
error：报错
debug：测试
silent：不显示

authentication：如果配置了身份认证，当连接clash作为代理服务器时，需要提供账号密码才能代理，如果不配置则此过程不需要提供账号密码
interface-name: en0：出站接口名
routing-mark: 6666：Linux 的 fwmark

~/.config/clash/config.yaml

port: 7890
socks-port: 7891
redir-port: 7892
tproxy-port: 7893
allow-lan: true
mode: global
log-level: info
authentication:
  - <username>:<password>

配置代理

name: <proxy_name>：节点名称
type: <type>：代理类型

ss、vmess、socks5、http、snell、trojan、ssr

server: <ip>：服务器域名或IP地址
port: <port>：端口号
cipher: <cipher>：加密方式

ss类型和ssr类型的加密方式：aes-128-gcm、aes-192-gcm、aes-256-gcm、aes-128-cfb、aes-192-cfb、aes-256-cfb、aes-128-ctr、aes-192-ctr、aes-256-ctr、rc4-md5、chacha20-ietf、xchacha20、chacha20-ietf-poly1305、xchacha20-ietf-poly1305
vmess类型的加密方式：auto、none、aes-128-gcm、chacha20-poly1305

password: <password>：密码

obfs: <obfs>：混淆方式

plain、http_simple、http_post、random_head、tls1.2_ticket_auth、tls1.2_ticket_fastauth

obfs-param: <obfs-param>：混淆参数

protocol: <protocol>：协议

origin、auth_sha1_v4、auth_aes128_md5、auth_aes128_sha1、auth_chain_a、auth_chain_b

protocol-param: <protocol-param>：协议参数

udp: <bool>：是否开启UDP转发

true：开启
false：关闭

1 2	proxies: - { name: '<proxy_name>', type: ss, server: <ip>, port: <port>, cipher: <cipher>, password: <password>, udp: true}

配置示例

proxies:
  # Shadowsocks
  # 支持的加密方法:
  #   aes-128-gcm aes-192-gcm aes-256-gcm
  #   aes-128-cfb aes-192-cfb aes-256-cfb
  #   aes-128-ctr aes-192-ctr aes-256-ctr
  #   rc4-md5 chacha20-ietf xchacha20
  #   chacha20-ietf-poly1305 xchacha20-ietf-poly1305
  - name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    # udp: true

  - name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
      mode: tls # or http
      # host: bing.com

  - name: "ss3"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: v2ray-plugin
    plugin-opts:
      mode: websocket # 暂不支持 QUIC
      # tls: true # wss
      # skip-cert-verify: true
      # host: bing.com
      # path: "/"
      # mux: true
      # headers:
      #   custom: value

  # vmess
  # 支持的加密方法:
  #  auto/aes-128-gcm/chacha20-poly1305/none
  - name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # tls: true
    # skip-cert-verify: true
    # servername: example.com # 优先于 wss 主机
    # network: ws
    # ws-opts:
    #   path: /path
    #   headers:
    #     Host: v2ray.com
    #   max-early-data: 2048
    #   early-data-header-name: Sec-WebSocket-Protocol

  - name: "vmess-h2"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    network: h2
    tls: true
    h2-opts:
      host:
        - http.example.com
        - http-alt.example.com
      path: /

  - name: "vmess-http"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # network: http
    # http-opts:
    #   # method: "GET"
    #   # path:
    #   #   - '/'
    #   #   - '/video'
    #   # headers:
    #   #   Connection:
    #   #     - keep-alive

  - name: vmess-grpc
    server: server
    port: 443
    type: vmess
    uuid: uuid
    alterId: 32
    cipher: auto
    network: grpc
    tls: true
    servername: example.com
    # skip-cert-verify: true
    grpc-opts:
      grpc-service-name: "example"

  # socks5
  - name: "socks"
    type: socks5
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true
    # skip-cert-verify: true
    # udp: true

  # http
  - name: "http"
    type: http
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true # https
    # skip-cert-verify: true
    # sni: custom.com

  # Snell
  # 请注意, 目前还没有UDP支持.
  - name: "snell"
    type: snell
    server: server
    port: 44046
    psk: yourpsk
    # version: 2
    # obfs-opts:
      # mode: http # or tls
      # host: bing.com

  # Trojan
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk
    # udp: true
    # sni: example.com # aka 服务器名称
    # alpn:
    #   - h2
    #   - http/1.1
    # skip-cert-verify: true

  - name: trojan-grpc
    server: server
    port: 443
    type: trojan
    password: "example"
    network: grpc
    sni: example.com
    # skip-cert-verify: true
    udp: true
    grpc-opts:
      grpc-service-name: "example"

  - name: trojan-ws
    server: server
    port: 443
    type: trojan
    password: "example"
    network: ws
    sni: example.com
    # skip-cert-verify: true
    udp: true
    # ws-opts:
      # path: /path
      # headers:
      #   Host: example.com

  # ShadowsocksR
  # 支持的加密方法: ss 中的所有流加密方法
  # 支持的混淆方式:
  #   plain http_simple http_post
  #   random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
  # 支持的协议:
  #   origin auth_sha1_v4 auth_aes128_md5
  #   auth_aes128_sha1 auth_chain_a auth_chain_b
  - name: "ssr"
    type: ssr
    server: server
    port: 443
    cipher: chacha20-ietf
    password: "password"
    obfs: tls1.2_ticket_auth
    protocol: auth_sha1_v4
    # obfs-param: domain.tld
    # protocol-param: "#"
    # udp: true

配置代理组

name: <group_name>：组名
type：组类型

select：手动选择
url-test：自动测试
fallback：故障切换
load-balance：负载均衡

proxies：组内代理服务器列表，可以指定节点名，也可以指定组名

proxy-groups:
  - { name: '<group_name>', type: select, proxies: ['<proxy_name>', '<group_name>']}
  - { name: '<group_name>', type: url-test, proxies: ['<proxies_name>', '<group_name>'], url: "https://www.google.com.hk/", interval}
  - { name: '<group_name>', type: fallback, proxies: ['<proxies_name>', '<group_name>'], url: "https://www.google.com.hk/", interval}
  - { name: '<group_name>', type: load-balance, proxies: ['<proxy_name>', '<group_name>']}

配置规则

<type>：规则类型

DOMAIN-SUFFIX：匹配指定域名，参数在第二部分传递
IP-CIDR：匹配IPV4和网段，参数在第二部分传递
IP-CIDR6：匹配IPV6和网段，参数在第二部分传递
GEOIP：匹配国家，参数在第二部分传递
MATCH：任何情况，无需指定第二部分

<param>：参数

<rule>：规则，可以是组名

DIRECT：直连
PROXY：使用代理
<group_name>：根据指定组选择代理服务器

no-resolve：无规则

rules:
  - DOMAIN-SUFFIX,local,<rule>
  - IP-CIDR,192.168.0.0/16,<rule>,no-resolve
  - IP-CIDR6,::1/128,<rule>,no-resolve
  - GEOIP,CN,<rule>
  - MATCH,<rule>

配置WebUI

external-controller：API的监听端口，缺省值为9090，可以使用WebUI来操作Clash
external-ui：WebUI目录路径，通过http://localhost:9090/ui来访问
secret：如果配置了秘密，当使用WebUI来操作Clash时，需要提供秘密才能操作，如果不配置则此过程不需要提供秘密

1
2
3

external-controller: :9090
external-ui: "/usr/share/openclash/ui"
secret: "<secret>"

配置静态地址

静态地址永不会经过代理

hosts:
  'alpha.clash.dev': '::1'
  '*.clash.dev': 127.0.0.1
  '.dev': 127.0.0.1

作为DNS服务器

开启了DNS配置后可以直接将Clash作为DNS服务器
Clash支持不加密和加密的DNS协议
- 加密的DNS协议只支持DoH和DoT，不支持DoQ

dns：作为DNS服务器

enable：将当前设备作为ipv4的DNS服务器
ipv6：将当前设备作为ipv6的DNS服务器
listen：DNS服务器坚挺的IP地址和端口号
default-nameserver：用来解析上游DNS服务器域名的IP地址，仅可指定IP地址
nameserver：上游DNS服务器的IP地址，可指定IP地址或域名
nameserver-policy：为指定域名配置指定DNS服务器

dns:
  enable: true
  ipv6: true
  listen: 0.0.0.0:53
  default-nameserver:
    - 223.5.5.5
    - 223.6.6.6
  nameserver:
    - https://dns.alidns.com/dns-query
  nameserver-policy:
    - 'baidu.com': '114.114.114.114'
  fallback:
    - https://dns.cloudflare.com/dns-query
    - https://dns.google/dns-query
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
      - 240.0.0.0/4

规则集订阅配置

# 规则集
rule-providers:
  Adobe:
    type: http
    behavior: classical
    path: ./ruleset/Adobe.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Adobe.yaml
    interval: 3600
  Amazon:
    type: http
    behavior: classical
    path: ./ruleset/Amazon.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Amazon.yaml
    interval: 3600
  GitHub:
    type: http
    behavior: classical
    path: ./ruleset/GitHub.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/GitHub.yaml
    interval: 3600
  Microsoft:
    type: http
    behavior: classical
    path: ./ruleset/Microsoft.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Microsoft.yaml
    interval: 3600
  Netflix:
    type: http
    behavior: classical
    path: ./ruleset/Netflix.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Netflix.yaml
    interval: 3600
  Spotify:
    type: http
    behavior: classical
    path: ./ruleset/Spotify.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Spotify.yaml
    interval: 3600
  Speedtest:
    type: http
    behavior: classical
    path: ./ruleset/Speedtest.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Speedtest.yaml
    interval: 3600
  Steam:
    type: http
    behavior: classical
    path: ./ruleset/Steam.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Steam.yaml
    interval: 3600
  Tencent:
    type: http
    behavior: classical
    path: ./ruleset/Tencent.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/Tencent.yaml
    interval: 3600
  YouTube:
    type: http
    behavior: classical
    path: ./ruleset/YouTube.yaml
    url: https://cdn.jsdelivr.net/gh/Semporia/Clash@master/Rule/YouTube.yaml
    interval: 3600
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400
  icloud:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400
  apple:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400
  google:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
    path: ./ruleset/google.yaml
    interval: 86400
  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400
  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400
  private:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400
  gfw:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400
  greatfire:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt"
    path: ./ruleset/greatfire.yaml
    interval: 86400
  tld-not-cn:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400
  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400
  cncidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400
  lancidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400
  Whitelist:
    type: http
    behavior: classical
    url: "https://gitee.com/myisafei/script/raw/master/clash/rule/Whitelist.yaml"
    path: ./ruleset/Whitelist.yaml
    interval: 86400
  ME:
    type: http
    behavior: classical
    url: "https://gitee.com/myisafei/script/raw/master/clash/rule/Other.yaml"
    path: ./ruleset/Other.yaml
    interval: 3600
  TW:
    type: http
    behavior: classical
    url: "https://gitee.com/myisafei/script/raw/master/clash/rule/Tw.yaml"
    path: ./ruleset/Tw.yaml
    interval: 3600

# 分流规则
rules:
  # Area
  - DOMAIN-SUFFIX,local,DIRECT
  - IP-CIDR,192.168.0.0/16,DIRECT
  - IP-CIDR,10.0.0.0/8,DIRECT
  - IP-CIDR,172.16.0.0/12,DIRECT
  - IP-CIDR,127.0.0.0/8,DIRECT
  # BT,PT 规则
  - DOMAIN-KEYWORD,tracker,DIRECT
  - DOMAIN-KEYWORD,announce.php?passkey=,DIRECT
  - DOMAIN-KEYWORD,torrent,DIRECT
  - DOMAIN-KEYWORD,peer_id=,DIRECT
  - DOMAIN-KEYWORD,info_hash,DIRECT
  - DOMAIN-KEYWORD,get_peers,DIRECT
  - DOMAIN-KEYWORD,find_node,DIRECT
  - DOMAIN-KEYWORD,BitTorrent,DIRECT
  - DOMAIN-KEYWORD,announce_peer,DIRECT
  # bilibili
  - DOMAIN-SUFFIX,biliapi.com,bilibili
  - DOMAIN-SUFFIX,biliapi.net,bilibili
  - DOMAIN-SUFFIX,bilibili.com,bilibili
  - DOMAIN-SUFFIX,bilibili.tv,bilibili
  - DOMAIN-SUFFIX,bilivideo.com,bilibili
  - DOMAIN-SUFFIX,biligame.com,bilibili
  - DOMAIN-SUFFIX,biligame.net,bilibili
  # Adobe
  - RULE-SET,Adobe,Adobe
  # 亚马逊
  - RULE-SET,Amazon,Amazon
  # GitHub
  - RULE-SET,GitHub,GitHub
  # Microsoft
  - RULE-SET,Microsoft,Microsoft
  # 奈飞
  - RULE-SET,Netflix,Netflix 
  # 测速
  - RULE-SET,Speedtest,Speedtest
  # Steam
  - RULE-SET,Steam,Steam
  # Spotify
  - RULE-SET,Spotify,Spotify
  # 腾讯
  - RULE-SET,Tencent,Tencent
  # 油管
  - RULE-SET,YouTube,YouTube
  - DOMAIN-SUFFIX,live.cn,China
  # 广告域名列表
  - RULE-SET,reject,REJECT
  # Apple域名列表
  - RULE-SET,apple,Apple
  # iCloud域名列表
  - RULE-SET,icloud,Apple
  # Google域名列表
  - RULE-SET,google,Google
  # 代理域名列表
  - RULE-SET,proxy,Proxy
  # 直连域名列表
  - RULE-SET,direct,China
  # 私有网络专用域名列表
  - RULE-SET,private,China
  # 长城防火墙域名列表
  - RULE-SET,gfw,MATCH
  # GreatFire域名列表
  - RULE-SET,greatfire,REJECT
  # 非中国大陆使用的顶级域名列表
  - RULE-SET,tld-not-cn,MATCH
  # 电报地址列表
  - RULE-SET,telegramcidr,Telegram
  # 中国大陆IPv4地址列表
  - RULE-SET,cncidr,China
  # 局域网IP及保留IP地址列表
  - RULE-SET,lancidr,China
  # GeoIP China
  - GEOIP,CN,DIRECT
  - MATCH,MATCH

代理集订阅配置

可以配置多个订阅

type：订阅类型

http：通过链接获取订阅
file：通过本地配置订阅

interval：更新订阅间隔
filter：包含指定关键字的代理将会被删除
health-check：健康检查

enable：是否开启健康检查
url：健康检查依据的URL
interval：健康检查时间间隔

<name>：订阅名
<file>：配置文件名，通常是订阅提供商名
<url>：订阅链接

# 代理集
proxy-providers:

  <name>:
    type: http
    path: ./<file>.yaml
    url: <url>
    interval: 86400
    filter: "Japan"
    health-check:
      enable: true
      url: http://www.gstatic.com/generate_204
      interval: 300

  <name>:
    type: file
    path: ./<file>.yaml
    health-check:
      enable: true
      url: http://www.gstatic.com/generate_204
      interval: 300

# 代理组
proxy-groups:
  - name: PROXY
    type: url-test
    url: http://www.gstatic.com/generate_204
    nterval: 86400
    use:
      - <name>
    proxies:
      - DIRECT
  - { name: "MATCH", type: select, proxies: ["Proxy"]}
  - { name: "Apple", type: select, proxies: ["DIRECT"], use: ["<name>"]}
  - { name: "Adobe", type: url-test, use: ["<name>"]}
  - { name: "Amazon", type: url-test, use: ["<name>"]}
  - { name: "China", type: select, proxies: ["DIRECT"]}
  - { name: "GitHub", type: url-test, use: ["<name>"]}
  - { name: "Google", type: url-test, use: ["<name>"]}
  - { name: "Microsoft", type: select, proxies: ["DIRECT"], use: ["<name>"]}
  - { name: "Netflix", type: select, use: ["<name>"]}
  - { name: "Speedtest", type: select, proxies: ["DIRECT"]}
  - { name: "Steam", type: url-test, use: ["<name>"]}
  - { name: "Spotify", type: url-test, use: ["<name>"]}
  - { name: "Telegram", type: url-test, use: ["<name>"]}
  - { name: "Tencent", type: select, proxies: ["DIRECT"]}
  - { name: "YouTube", type: url-test, use: ["<name>"]}
  - { name: "Proxy", type: url-test, use: ["<name>"]}
  - { name: "bilibili", type: select, proxies: ["DIRECT"], use: ["<name>"]}

完成

参考文献

DockerHub——dreamacro/clash
坑飞小屋
 詹姆斯的日常
 Youtube——James Daily Life 詹姆斯的日常
 Loyalsoldier/clash-rules
Semporia/Clash
a76yyyy的博客
 xkww3n的博客