Skip to content

Instantly share code, notes, and snippets.

@Chenx221

Chenx221/config.yaml

Last active January 26, 2025 03:25
Show Gist options
  • Save Chenx221/e9a93162cd2c83f845e3cf5769f94768 to your computer and use it in GitHub Desktop.
Save Chenx221/e9a93162cd2c83f845e3cf5769f94768 to your computer and use it in GitHub Desktop.
Download ZIP
Self-use Clash configuration file
Raw
config.yaml
mixed-port: 7890 # HTTP(S) 和 SOCKS 代理混合端口
allow-lan: true # 允许局域网连接
external-controller: 0.0.0.0:9090
geodata-mode: true
geo-auto-update: true # 是否自动更新 geodata
geo-update-interval: 24 # 更新间隔,单位:小时
geox-url:
geoip: "https://git.chenx221.cyou/Public-Mirror/v2ray-rules-dat/raw/branch/release/geoip.dat"
geosite: "https://git.chenx221.cyou/Public-Mirror/v2ray-rules-dat/raw/branch/release/geosite.dat"
mmdb: "https://git.chenx221.cyou/Public-Mirror/meta-rules-dat/raw/branch/release/geoip.metadb"
global-client-fingerprint: chrome # 全局 TLS 指纹
log-level: info # 日志等级 silent/error/warning/info/debug
profile:
store-selected: true # 存储 select 选择记录
store-fake-ip: true # 持久化 fake-ip
sniffer:
enable: false
force-dns-mapping: true
parse-pure-ip: true
override-destination: true
sniff:
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
QUIC:
ports: [443, 8443]
force-domain:
- +.v2ex.com
skip-domain:
- Mijia Cloud
tun: # Tun 配置
enable: true
stack: system # gvisor/mixed
dns-hijack:
- "any:53" # 需要劫持的 DNS
auto-detect-interface: true # 自动识别出口网卡
auto-route: true # 配置路由表
dns: # DNS 配置
cache-algorithm: arc
enable: true
listen: 0.0.0.0:1053 # 开启 DNS 服务器监听
ipv6: true
default-nameserver: # 用于解析 nameserver,fallback 以及其他 DNS 服务器配置的,DNS 服务域名
- 223.5.5.5
- 223.6.6.6
enhanced-mode: fake-ip # or redir-host
fake-ip-range: 28.0.0.1/8 # fake-ip 池设置
fake-ip-filter: # 配置不使用 fake-ip 的域名
- '*.lan'
- '*.localdomain'
- '*.example'
- '*.invalid'
- '*.localhost'
- '*.test'
- '*.local'
- '*.home.arpa'
- 'time.*.com'
- 'time.*.gov'
- 'time.*.edu.cn'
- 'time.*.apple.com'
- 'time-ios.apple.com'
- 'time1.*.com'
- 'time2.*.com'
- 'time3.*.com'
- 'time4.*.com'
- 'time5.*.com'
- 'time6.*.com'
- 'time7.*.com'
- 'ntp.*.com'
- 'ntp1.*.com'
- 'ntp2.*.com'
- 'ntp3.*.com'
- 'ntp4.*.com'
- 'ntp5.*.com'
- 'ntp6.*.com'
- 'ntp7.*.com'
- '*.time.edu.cn'
- '*.ntp.org.cn'
- '+.pool.ntp.org'
- 'time1.cloud.tencent.com'
- 'music.163.com'
- '*.music.163.com'
- '*.126.net'
- 'musicapi.taihe.com'
- 'music.taihe.com'
- 'songsearch.kugou.com'
- 'trackercdn.kugou.com'
- '*.kuwo.cn'
- 'api-jooxtt.sanook.com'
- 'api.joox.com'
- 'joox.com'
- 'y.qq.com'
- '*.y.qq.com'
- 'streamoc.music.tc.qq.com'
- 'mobileoc.music.tc.qq.com'
- 'isure.stream.qqmusic.qq.com'
- 'dl.stream.qqmusic.qq.com'
- 'aqqmusic.tc.qq.com'
- 'amobile.music.tc.qq.com'
- '*.xiami.com'
- '*.music.migu.cn'
- 'music.migu.cn'
- '+.msftconnecttest.com'
- '+.msftncsi.com'
- 'localhost.ptlogin2.qq.com'
- 'localhost.sec.qq.com'
- '+.qq.com'
- '+.tencent.com'
- '+.steamcontent.com'
- '+.srv.nintendo.net'
- '*.n.n.srv.nintendo.net'
- '+.cdn.nintendo.net'
- '+.stun.playstation.net'
- 'xbox.*.*.microsoft.com'
- '*.*.xboxlive.com'
- 'xbox.*.microsoft.com'
- 'xnotify.xboxlive.com'
- '+.battlenet.com.cn'
- '+.wotgame.cn'
- '+.wggames.cn'
- '+.wowsgame.cn'
- '+.wargaming.net'
- 'proxy.golang.org'
- 'stun.*.*'
- 'stun.*.*.*'
- '+.stun.*.*'
- '+.stun.*.*.*'
- '+.stun.*.*.*.*'
- '+.stun.*.*.*.*.*'
- 'heartbeat.belkin.com'
- '*.linksys.com'
- '*.linksyssmartwifi.com'
- '*.router.asus.com'
- 'mesu.apple.com'
- 'swscan.apple.com'
- 'swquery.apple.com'
- 'swdownload.apple.com'
- 'swcdn.apple.com'
- 'swdist.apple.com'
- 'lens.l.google.com'
- 'stun.l.google.com'
- 'na.b.g-tun.com'
- '+.nflxvideo.net'
- '*.square-enix.com'
- '*.finalfantasyxiv.com'
- '*.ffxiv.com'
- '*.ff14.sdo.com'
- 'ff.dorado.sdo.com'
- '*.mcdn.bilivideo.cn'
- '+.media.dssott.com'
- 'shark007.net'
- '+.market.xiaomi.com'
- '+.cmbchina.com'
- '+.cmbimg.com'
- 'adguardteam.github.io'
- 'adrules.top'
- 'anti-ad.net'
- 'local.adguard.org'
- 'static.adtidy.org'
- '+.sandai.net'
- '+.n0808.com'
- '+.3gppnetwork.org'
- '+.uu.163.com'
- 'ps.res.netease.com'
- '+.oray.com'
- '+.orayimg.com'
- '+.kaspersky.com'
- '+.kaspersky-labs.com'
nameserver: # DNS 主要域名配置
- "tls://8.8.4.4#PROXY"
- "tls://1.0.0.1#PROXY"
proxy-server-nameserver: # 专用于节点域名解析的 DNS 服务器
- https://dns.alidns.com/dns-query#h3=true
nameserver-policy: # 配置查询域名使用的 DNS 服务器
"geosite:cn,private,apple":
- 223.5.5.5
- 223.6.6.6
- https://dns.alidns.com/dns-query#h3=true
"geosite:category-ads-all": rcode://success
"www.baidu.com,+.google.cn": [223.5.5.5, https://dns.alidns.com/dns-query]
proxy-providers:
x221:
type: http
path: ./x221.yaml
url: https://api.chenx221.cyou/ <Private API used to obtain proxy-providers configuration files>
proxy-groups:
- name: PROXY
type: select
proxies:
- X221
- name: X221
type: select
use:
- x221
rule-providers-config: &rule-providers-config
type: http
interval: 86400
rule-providers:
# reject: # AD Block # REJECT
# <<: *rule-providers-config
# behavior: domain
# url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/reject.txt"
# path: ./profiles/ruleset/reject.txt
icloud: # iCloud # DIRECT
<<: *rule-providers-config
behavior: domain
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/icloud.txt"
path: ./profiles/ruleset/icloud.txt
apple: # Apple CN # DIRECT
<<: *rule-providers-config
behavior: domain
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/apple.txt"
path: ./profiles/ruleset/apple.txt
google: # Google CN # PROXY
<<: *rule-providers-config
behavior: domain
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/google.txt"
path: ./profiles/ruleset/google.txt
proxy: # Proxy List # PROXY
<<: *rule-providers-config
behavior: domain
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/proxy.txt"
path: ./profiles/ruleset/proxy.txt
direct: # Direct List # DIRECT
<<: *rule-providers-config
behavior: domain
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/direct.txt"
path: ./profiles/ruleset/direct.txt
private: # Private Network # DIRECT
<<: *rule-providers-config
behavior: domain
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/private.txt"
path: ./profiles/ruleset/private.txt
# gfw: # GFW List # Proxy
# <<: *rule-providers-config
# behavior: domain
# url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/gfw.txt"
# path: ./profiles/ruleset/gfw.txt
# greatfire: # Uesless greatfire.org
# <<: *rule-providers-config
# behavior: domain
# url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/greatfire.txt"
# path: ./profiles/ruleset/greatfire.txt
# tld-not-cn: # Domain tld !cn
# <<: *rule-providers-config
# behavior: domain
# url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/tld-not-cn.txt"
# path: ./profiles/ruleset/tld-not-cn.txt
telegramcidr: # Telegram Server IP # PROXY
<<: *rule-providers-config
behavior: ipcidr
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/telegramcidr.txt"
path: ./profiles/ruleset/telegramcidr.txt
cncidr: # CN IP # DIRECT
<<: *rule-providers-config
behavior: ipcidr
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/cncidr.txt"
path: ./profiles/ruleset/cncidr.txt
lancidr: # LAN IP # DIRECT
<<: *rule-providers-config
behavior: ipcidr
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/lancidr.txt"
path: ./profiles/ruleset/lancidr.txt
applications: # Application without proxy(torrent, proxy) # DIRECT
<<: *rule-providers-config
behavior: classical
url: "https://git.chenx221.cyou/Public-Mirror/clash-rules/raw/branch/release/applications.txt"
path: ./profiles/ruleset/applications.txt
# 白名单模式
rules:
# - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOSITE,cn))),REJECT # QUIC Disable
- RULE-SET,applications,DIRECT
- RULE-SET,lancidr,DIRECT,no-resolve
- RULE-SET,cncidr,DIRECT,no-resolve
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,g3.letv.com,DIRECT
- DOMAIN,gstatic.cn,PROXY
- DOMAIN,googleapis.cn,PROXY
- DOMAIN-SUFFIX,kaspersky.com,DIRECT
- DOMAIN-SUFFIX,kaspersky-labs.com,DIRECT
# - DOMAIN,analytics.google.com,PROXY
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
# - RULE-SET,reject,REJECT
# - GEOSITE,category-ads-all,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- GEOSITE,openai,PROXY
- RULE-SET,google,PROXY
- GEOSITE,google-cn,PROXY
- RULE-SET,proxy,PROXY
- GEOSITE,onedrive,DIRECT
- GEOSITE,microsoft@cn,DIRECT
- GEOSITE,apple-cn,DIRECT
- GEOSITE,steam@cn,DIRECT
- GEOSITE,category-games@cn,DIRECT
- RULE-SET,direct,DIRECT
# - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOIP,CN))),REJECT # QUIC Disable
- RULE-SET,telegramcidr,PROXY,no-resolve
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,PROXY
@Chenx221
Copy link
Author

Chenx221 commented Sep 1, 2024

If you are using Clash Meta on an AOSP-based system, to resolve Telegram connection issues, you may need to follow these steps:

  • Go to (Android) Settings > Network & Internet > VPN > Clash Meta for Android > ⚙ (Settings)
  • Enable the switches for "Always-on VPN" and "Block connections without VPN".

@Chenx221
Copy link
Author

proxy-providers

  • Private server configuration information has been removed
proxies:
  - name: "usla2"
    type: vmess
    server: <removed>
    port: <removed>
    uuid: <removed>
    alterId: 0
    cipher: auto
    udp: true
    tls: true
    servername: <removed>
    network: ws
    ws-opts:
      path: "/<removed>/"
      headers:
        Host: <removed>

  - name: "usla2_hysteria2"
    type: hysteria2
    server: <removed>
    port: <removed>
    up: "50 Mbps"
    down: "100 Mbps"
    password: <removed>
    obfs: salamander
    obfs-password: <removed>
    sni: <removed>
    skip-cert-verify: false
    alpn:
      - h3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment