port
,socks-port
和 allow-lan
字段是必须的。如果需要启用透明代理,还需要指定 redir-port
,其它可选的 General 配置如 dns
,external-controller
,secret
,cfw-bypass
等,请根据自己需要、参考示范配置文件自行添加。
在「继续」下一步之前,必须先点击「检查」按钮
port: 7890 # port of HTTP
socks-port: 7891 # port of SOCKS5
redir-port: 7892 # redir port for Linux and macOS
allow-lan: false
# Only applicable when setting allow-lan to true
# "*": bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: "*"
# Rule / Global/ Direct (default is Rule)
mode: Rule
# set log level to stdout (default is info)
# info / warning / error / debug / silent
log-level: info
external-controller: 127.0.0.1:9090 # RESTful API for clash
# you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
# input is a relative path to the configuration directory or an absolute path
external-ui: "path/to/local/clash-dashboard"
secret: "" # Secret for RESTful API (Optional)
experimental: # experimental feature
ignore-resolve-fail: true # ignore dns resolve fail, default value is true
# authentication of local SOCKS5/HTTP(S) server
authentication:
- "user1:pass1"
- "user2:pass2"
# experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
# static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)
hosts:
'*.clash.dev': 127.0.0.1
'alpha.clash.dev': '::1'
dns:
enable: true # set true to enable dns (default is false)
ipv6: false # default is false
listen: 0.0.0.0:53
enhanced-mode: fake-ip # or redir-host
fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it
nameserver:
- 114.114.114.114
- tcp://1.1.1.1
fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
- tls://dns.rubyfish.cn:853 # dns over tls
- https://1.1.1.1/dns-query # dns over https
fallback-filter:
geoip: true # default
ipcidr: # ips in these subnets will be considered polluted
- 240.0.0.0/4