2022年2月

centos7 安装php8:
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --disable 'remi-php*'
sudo yum-config-manager --enable remi-safe
sudo yum -y install php80
sudo yum install php80-php-{cli,fpm,mysqlnd,zip,devel,gd,mbstring,curl,xml,pear,bcmath,json}

1.如果你的电脑没有开启tpm2.0和开启安全启动,可能提示“这台电脑无法运行windows11”
2.在这个界面按Shift+F10,打开命令行界面,输入regedit打开注册表,然后定位到HKEY_LOCAL_MACHINESYSTEMSetup,接着创建一个名为“LabConfig”

3.接着在“LabConfig”下创建两个DWORD值:键为“BypassTPMCheck”,值为“00000001”,键为“BypassSecureBootCheck”,值为“00000001”
4.接着我们返回上一步

Port of HTTP(S) proxy server on the local end

port: 7890

Port of SOCKS5 proxy server on the local end

socks-port: 7891

Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP)

redir-port: 7892

Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)

tproxy-port: 7893

HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port

mixed-port: 7890

authentication of local SOCKS5/HTTP(S) server

authentication:

- "user1:pass1"

- "user2:pass2"

Set to true to allow connections to the local-end server from

other LAN IP addresses

allow-lan: false

This is only applicable when allow-lan is true

'*': bind all IP addresses

192.168.122.11: bind a single IPv4 address

"[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address

bind-address: '*'

Clash router working mode

rule: rule-based packet routing

global: all packets will be forwarded to a single endpoint

direct: directly forward the packets to the Internet

mode: rule

Clash by default prints logs to STDOUT

info / warning / error / debug / silent

log-level: info

When set to false, resolver won't translate hostnames to IPv6 addresses

ipv6: false

RESTful web API listening address

external-controller: 127.0.0.1:9090

A relative path to the configuration directory or an absolute path to a

directory in which you put some static web resource. Clash core will then

serve it at http://{{external-controller}}/ui.

external-ui: folder

Secret for the RESTful API (optional)

Authenticate by spedifying HTTP header Authorization: Bearer ${secret}

ALWAYS set a secret if RESTful API is listening on 0.0.0.0

secret: ""

Outbound interface name

interface-name: en0

fwmark on Linux only

routing-mark: 6666

Static hosts for DNS server and connection establishment (like /etc/hosts)

Wildcard hostnames are supported (e.g. .clash.dev, .foo.*.example.com)

Non-wildcard domain names have a higher priority than wildcard domain names

e.g. foo.example.com > *.example.com > .example.com

P.S. +.foo.com equals to .foo.com and foo.com

hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'

profile:
# Store the select results in $HOME/.config/clash/.cache
# set false If you don't want this behavior
# when two different configurations have groups with the same name, the selected values are shared
store-selected: false

# persistence fakeip
store-fake-ip: true

DNS server settings

This section is optional. When not present, the DNS server will be disabled.

dns:
enable: false
listen: 0.0.0.0:53
# ipv6: false # when the false, response to AAAA questions will be empty

# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:

- 114.114.114.114
- 8.8.8.8

enhanced-mode: redir-host # or fake-ip
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# use-hosts: true # lookup hosts and return IP record

# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com

# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:

- 114.114.114.114 # default value
- 8.8.8.8 # default value
- tls://dns.rubyfish.cn:853 # DNS over TLS
- https://1.1.1.1/dns-query # DNS over HTTPS
- dhcp://en0 # dns from dhcp

# When fallback is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in nameservers.
# The answers from fallback servers are used when the GEOIP country
# is not CN.
# fallback:
# - tcp://1.1.1.1

# If IP addresses resolved with servers in nameservers are in the specified
# subnets below, they are considered invalid and results from fallback
# servers are used instead.
#
# IP address resolved with servers in nameserver is used when
# fallback-filter.geoip is true and when GEOIP of the IP address is CN.
#
# If fallback-filter.geoip is false, results from nameserver nameservers
# are always used if not match fallback-filter.ipcidr.
#
# This is a countermeasure against DNS pollution attacks.
# fallback-filter:
# geoip: true
# geoip-code: CN
# ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'

# Lookup domains via specific nameservers
# nameserver-policy:
# 'www.baidu.com': '114.114.114.114'
# '+.internal.crop.com': '10.0.0.1'

proxies:
# Shadowsocks
# The supported ciphers (encryption methods):
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305

  • name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"

    udp: true

  • name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
    mode: tls # or http
    # host: bing.com
  • name: "ss3"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: v2ray-plugin
    plugin-opts:
    mode: websocket # no QUIC now
    # tls: true # wss
    # skip-cert-verify: true
    # host: bing.com
    # path: "/"
    # mux: true
    # headers:
    # custom: value

# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none

  • name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto

    udp: true

    tls: true

    skip-cert-verify: true

    servername: example.com # priority over wss host

    network: ws

    ws-opts:

    path: /path

    headers:

    Host: v2ray.com

    max-early-data: 2048

    early-data-header-name: Sec-WebSocket-Protocol

  • name: "vmess-h2"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    network: h2
    tls: true
    h2-opts:
    host:

    - http.example.com
- http-alt.example.com

    path: /

  • name: "vmess-http"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto

    udp: true

    network: http

    http-opts:

    method: "GET"

    path:

    - '/'

    - '/video'

    headers:

    Connection:

    - keep-alive

  • name: vmess-grpc
    server: server
    port: 443
    type: vmess
    uuid: uuid
    alterId: 32
    cipher: auto
    network: grpc
    tls: true
    servername: example.com

    skip-cert-verify: true

    grpc-opts:
    grpc-service-name: "example"

# socks5

  • name: "socks"
    type: socks5
    server: server
    port: 443

    username: username

    password: password

    tls: true

    skip-cert-verify: true

    udp: true

# http

  • name: "http"
    type: http
    server: server
    port: 443

    username: username

    password: password

    tls: true # https

    skip-cert-verify: true

    sni: custom.com

# Snell
# Beware that there's currently no UDP support yet

  • name: "snell"
    type: snell
    server: server
    port: 44046
    psk: yourpsk

    version: 2

    obfs-opts:

    # mode: http # or tls
    # host: bing.com

# Trojan

  • name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk

    udp: true

    sni: example.com # aka server name

    alpn:

    - h2

    - http/1.1

    skip-cert-verify: true

  • name: trojan-grpc
    server: server
    port: 443
    type: trojan
    password: "example"
    network: grpc
    sni: example.com

    skip-cert-verify: true

    udp: true
    grpc-opts:
    grpc-service-name: "example"

  • name: trojan-ws
    server: server
    port: 443
    type: trojan
    password: "example"
    network: ws
    sni: example.com

    skip-cert-verify: true

    udp: true

    ws-opts:

    # path: /path
    # headers:
    # Host: example.com

# ShadowsocksR
# The supported ciphers (encryption methods): all stream ciphers in ss
# The supported obfses:
# plain http_simple http_post
# random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
# The supported supported protocols:
# origin auth_sha1_v4 auth_aes128_md5
# auth_aes128_sha1 auth_chain_a auth_chain_b

  • name: "ssr"
    type: ssr
    server: server
    port: 443
    cipher: chacha20-ietf
    password: "password"
    obfs: tls1.2_ticket_auth
    protocol: auth_sha1_v4

    obfs-param: domain.tld

    protocol-param: "#"

    udp: true

proxy-groups:
# relay chains the proxies. proxies shall not contain a relay. No UDP support.
# Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet

  • name: "relay"
    type: relay
    proxies:

    • http
    • vmess
    • ss1
    • ss2

# url-test select which proxy will be used by benchmarking speed to a URL.

# fallback selects an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.

# load-balance: The request of the same eTLD+1 will be dial to the same proxy.

# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy is recommended for use in GUI.

  • name: Proxy
    type: select

    disable-udp: true

    proxies:

    • ss1
    • ss2
    • vmess1
    • auto

# direct to another infacename

  • name: en1
    type: select
    interface-name: en1
    proxies:

    • DIRECT

  • name: UseProvider
    type: select
    use:

    • provider1

    proxies:

    • Proxy
    • DIRECT

proxy-providers:
provider1:

type: http
url: "url"
interval: 3600
path: ./provider1.yaml
health-check:
  enable: true
  interval: 600
  # lazy: true
  url: http://www.gstatic.com/generate_204

test:

type: file
path: /test.yaml
health-check:
  enable: true
  interval: 36000
  url: http://www.gstatic.com/generate_204

rules:

  • DOMAIN-SUFFIX,google.com,auto
  • DOMAIN-KEYWORD,google,auto
  • DOMAIN,google.com,auto
  • DOMAIN-SUFFIX,ad.com,REJECT
  • SRC-IP-CIDR,192.168.1.201/32,DIRECT
    # optional param "no-resolve" for IP rules (GEOIP, IP-CIDR, IP-CIDR6)
  • IP-CIDR,127.0.0.0/8,DIRECT
  • GEOIP,CN,DIRECT
  • DST-PORT,80,DIRECT
  • SRC-PORT,7777,DIRECT
  • RULE-SET,apple,REJECT # Premium only
  • MATCH,auto
  1. 1
  2. 2