### Connecting via Mixed Port with curl
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/inbound.md
Demonstrates connecting to the mixed port using curl with SOCKS5 protocol. This example shows how to test connectivity to a specific URL through the proxy.
```shell
curl -x socks5h://127.0.0.1:7890 -v http://connect.rom.miui.com/generate_204
* Trying 127.0.0.1:7890...
* SOCKS5 connect to connect.rom.miui.com:80 (remotely resolved)
* SOCKS5 request granted.
* Connected to (nil) (127.0.0.1) port 7890 (#0)
GET /generate_204 HTTP/1.1
Host: connect.rom.miui.com
User-Agent: curl/7.81.0
Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Date: Thu, 11 May 2023 06:18:22 GMT
< Connection: keep-alive
< Content-Type: text/plain
*
* Connection #0 to host (nil) left intact
```
--------------------------------
### cURL Request Example with Clash DNS
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/dns.md
Demonstrates how cURL interacts with Clash DNS using fake IP addresses for domain resolution and connection establishment. Shows the step-by-step process from cURL's perspective and Clash's internal handling.
```bash
$ curl -v http://google.com
<---- cURL 向您的系统 DNS (Clash) 询问 google.com 的 IP 地址
----> Clash 决定使用 198.18.1.70 作为 google.com 的 IP 地址, 并记住它
* Trying 198.18.1.70:80...
<---- cURL 连接到 198.18.1.70 tcp/80
----> Clash 将立即接受连接, 并且..
* Connected to google.com (198.18.1.70) port 80 (#0)
----> Clash 在其内存中查找到 198.18.1.70 对应于 google.com
----> Clash 查询对应的规则, 并通过匹配的出口发送数据包
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ahELFt78xOoxhySY2lQ34A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Date: Thu, 11 May 2023 06:52:19 GMT
< Expires: Sat, 10 Jun 2023 06:52:19 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
>
301 Moved
301 Moved
The document has moved
here.
* Connection #0 to host google.com left intact
```
--------------------------------
### Specify Configuration File
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/getting-started.md
Use the -f flag to point Clash to a specific configuration file.
```shell
clash -f ./config.yaml
clash -f /etc/clash/config.yaml
```
--------------------------------
### Basic Shadowsocks Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Standard configuration for a Shadowsocks outbound proxy. Ensure 'server', 'port', 'cipher', and 'password' are correctly set.
```yaml
- name: "ss1"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true
```
--------------------------------
### Specify Configuration Directory
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/getting-started.md
Use the -d flag to tell Clash where to find your configuration files if they are not in the default location.
```shell
clash -d . # current directory
clash -d /etc/clash
```
--------------------------------
### Basic Vmess Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Standard configuration for a Vmess outbound proxy. Requires 'server', 'port', 'uuid', 'alterId', and 'cipher'. TLS can be enabled.
```yaml
- name: "vmess"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com # 优先于 wss 主机
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
```
--------------------------------
### IPv6 Address Formatting
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/getting-started.md
When specifying IPv6 addresses in configurations, enclose them in square brackets.
```yaml
[aaaa::a8aa:ff:fe09:57d8]
```
--------------------------------
### Shadowsocks with V2Ray Plugin (WebSocket)
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Configuration for Shadowsocks using the 'v2ray-plugin' with WebSocket transport. Supports options like mode, tls, skip-cert-verify, host, path, and mux.
```yaml
- name: "ss3"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # 暂不支持 QUIC
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: value
```
--------------------------------
### Shadowsocks with Obfs Plugin
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Configuration for Shadowsocks using the 'obfs' plugin. Supports 'tls' or 'http' modes for obfuscation.
```yaml
- name: "ss2"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
```
--------------------------------
### Multi-Level Wildcard Domain Matching with Plus
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/getting-started.md
Use a plus (+) for multi-level wildcard domain matching, similar to DOMAIN-SUFFIX, enabling quick matching across multiple levels.
```text
+.google.com
```
--------------------------------
### Clash Inbound Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/inbound.md
Configure ports for different proxy services like HTTP(S), SOCKS5, mixed ports, and transparent proxying on Linux and macOS. Set 'allow-lan' to true to permit connections from other LAN IP addresses.
```yaml
# HTTP(S) 代理服务端口
# port: 7890
# SOCKS5 代理服务端口
socks-port: 7891
# HTTP(S) 和 SOCKS4(A)/SOCKS5 代理服务共用一个端口
mixed-port: 7890
# Linux 和 macOS 的透明代理服务端口 (TCP 和 TProxy UDP 重定向)
# redir-port: 7892
# Linux 的透明代理服务端口 (TProxy TCP 和 TProxy UDP)
# tproxy-port: 7893
# 设置为 true 以允许来自其他 LAN IP 地址的连接
# allow-lan: false
```
--------------------------------
### Multi-Level Wildcard Domain Matching with Dot
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/getting-started.md
Use a dot (.) to match multi-level wildcard subdomains. This allows matching any subdomain, regardless of its depth.
```text
.google.com
```
--------------------------------
### ShadowsocksR Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Configuration for ShadowsocksR, specifying server, port, cipher, obfuscation method (obfs), and protocol.
```yaml
- name: "ssr"
type: ssr
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
```
--------------------------------
### Clash 规则语法示例
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/introduction.md
展示了 Clash 中规则的基本语法结构,包括类型、参数、策略和可选的 no-resolve 标志。
```yaml
# 类型,参数,策略(,no-resolve)
TYPE,ARGUMENT,POLICY(,no-resolve)
```
--------------------------------
### Match All Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A catch-all rule that matches any traffic not caught by previous rules. It directs all remaining traffic to the specified proxy group, in this case, 'auto'.
```yaml
- MATCH,auto
```
--------------------------------
### File-Based Proxy Provider Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
Configuration for a file-based proxy provider. It loads proxy configurations from a local file path. Health checks can be configured with a specified interval and URL.
```yaml
test:
type: file
path: /test.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
```
--------------------------------
### ShadowsocksR Proxy Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
Configuration for a ShadowsocksR (SSR) proxy server. Supports various ciphers, obfuscation methods, and protocols.
```yaml
- name: "ssr"
type: ssr
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
```
--------------------------------
### Load-Balance Proxy Group Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A load-balance proxy group distributes requests for the same eTLD+1 to the same proxy. It uses a specified URL for testing proxy availability and an 'interval' for re-testing.
```yaml
- name: "load-balance"
type: load-balance
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# strategy: consistent-hashing # or round-robin
```
--------------------------------
### Select Proxy Group Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A select proxy group allows manual selection of proxies or other policy groups. Selections can be managed via a RESTful API or a GUI. UDP traffic can be optionally disabled.
```yaml
- name: Proxy
type: select
# disable-udp: true
# filter: 'someregex'
proxies:
- ss1
- ss2
- vmess1
- auto
```
--------------------------------
### Single-Level Wildcard Domain Matching
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/getting-started.md
Use an asterisk (*) to match single-level wildcard subdomains. This is useful for matching all subdomains of a given domain.
```text
*.google.com
*.bar.google.com
*.*.google.com
```
--------------------------------
### Socks5 Proxy Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Configuration for a Socks5 outbound proxy. Supports optional username and password authentication, as well as TLS and UDP.
```yaml
- name: "socks"
type: socks5
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password
# tls: true
# skip-cert-verify: true
# udp: true
```
--------------------------------
### HTTP Proxy Provider Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
Configuration for an HTTP-based proxy provider. It fetches proxy configurations from a remote URL and updates them at a specified interval. Health checks can be enabled to monitor proxy availability.
```yaml
provider1:
type: http
url: "url"
interval: 3600
path: ./provider1.yaml
health-check:
enable: true
interval: 600
# lazy: true
url: http://www.gstatic.com/generate_204
```
--------------------------------
### URL-Test Proxy Group Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
An auto proxy group that selects the best proxy by testing a specified URL. It performs benchmark speed tests to determine the fastest proxy. The 'interval' specifies how often the test is run.
```yaml
- name: "auto"
type: url-test
proxies:
- ss1
- ss2
- vmess1
# tolerance: 150
# lazy: true
url: 'http://www.gstatic.com/generate_204'
interval: 300
```
--------------------------------
### Trojan Proxy Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
Configuration for a Trojan proxy server. Supports custom network protocols like WebSocket and SNI for enhanced stealth. UDP is enabled by default.
```yaml
port: 443
type: trojan
password: "example"
network: ws
sni: example.com
# skip-cert-verify: true
udp: true
# ws-opts:
# path: /path
# headers:
# Host: example.com
```
--------------------------------
### TCP Tunnel Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
Configures a TCP tunnel with explicit network, address, target, and proxy settings. This provides a more detailed configuration compared to the single-line format.
```yaml
- network: [tcp, udp]
address: 127.0.0.1:7777
target: target.com
proxy: proxy
```
--------------------------------
### Vmess with WebSocket (HTTP) Transport
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Vmess configuration using WebSocket transport in HTTP mode. Options for method, path, and headers are available.
```yaml
- name: "vmess-http"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive
```
--------------------------------
### Vmess with HTTP/2 Transport
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Vmess configuration utilizing HTTP/2 transport. Requires TLS to be enabled. Supports specifying hosts and path for the H2 connection.
```yaml
- name: "vmess-h2"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: h2
tls: true
h2-opts:
host:
- http.example.com
- http-alt.example.com
path: "/"
```
--------------------------------
### Fallback Proxy Group Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A fallback proxy group selects an available proxy based on priority. Availability is tested by accessing a specified URL, similar to url-test groups. The 'interval' determines the frequency of availability checks.
```yaml
- name: "fallback-auto"
type: fallback
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
```
--------------------------------
### Domain Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that matches traffic based on the exact destination domain. If the domain matches, traffic is sent to the 'auto' proxy group.
```yaml
- DOMAIN,google.com,auto
```
--------------------------------
### Domain Keyword Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that matches traffic if the destination domain contains a specific keyword. Matching domains are routed to the 'auto' proxy group.
```yaml
- DOMAIN-KEYWORD,google,auto
```
--------------------------------
### Vmess with gRPC Transport
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/outbound.md
Vmess configuration using gRPC transport. Requires TLS and specifying the gRPC service name.
```yaml
- name: vmess-grpc
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: grpc
tls: true
servername: example.com
# skip-cert-verify: true
grpc-opts:
grpc-service-name: "example"
```
--------------------------------
### Rule Set Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that applies a predefined set of rules, identified by a name (e.g., 'apple'). Traffic matching this rule set is rejected. This feature is typically available in Premium versions.
```yaml
- RULE-SET,apple,REJECT # 仅 Premium 版本支持
```
--------------------------------
### Source Port Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that directs traffic to the DIRECT connection if the source port matches the specified port number. This can be used for specific application traffic routing.
```yaml
- SRC-PORT,7777,DIRECT
```
--------------------------------
### Destination Port Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that directs traffic to the DIRECT connection if the destination port matches the specified port number. This is useful for allowing direct access to specific services.
```yaml
- DST-PORT,80,DIRECT
```
--------------------------------
### Relay Proxy Group Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A relay proxy group chains multiple proxies together. Traffic flows sequentially through the listed proxies. UDP is not supported in this group type.
```yaml
- name: "relay"
type: relay
proxies:
- http
- vmess
- ss1
- ss2
```
--------------------------------
### Domain Suffix Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that directs traffic based on a domain suffix. If the destination domain ends with the specified suffix, the traffic is routed to the 'auto' proxy group.
```yaml
- DOMAIN-SUFFIX,google.com,auto
```
--------------------------------
### Single-Line Tunnel Configuration
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
Defines a network tunnel with a single line of configuration, specifying protocol, local address, target address, and proxy. Supports TCP and UDP traffic.
```yaml
- tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy
```
--------------------------------
### Domain Suffix Rejection Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule to reject traffic destined for domains that match a specific suffix. This is useful for blocking ads or unwanted domains.
```yaml
- DOMAIN-SUFFIX,ad.com,REJECT
```
--------------------------------
### Interface-Based Select Proxy Group
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A select proxy group that binds to a specific network interface and routing mark. It can also proxy traffic to DIRECT connections.
```yaml
- name: en1
type: select
interface-name: en1
routing-mark: 6667
proxies:
- DIRECT
```
--------------------------------
### Fake IP Concept Definition
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/dns.md
Defines the concept of a 'fake IP' address as a keyword for querying FQDN information, as per RFC 3089.
```plaintext
一个 "fake IP" 地址被用于查询相应的 "FQDN" 信息的关键字.
```
--------------------------------
### Source IP CIDR Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that directs traffic based on the source IP address and CIDR notation. Traffic originating from the specified IP range is sent directly.
```yaml
- SRC-IP-CIDR,192.168.1.201/32,DIRECT
```
--------------------------------
### Provider-Based Select Proxy Group
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A select proxy group that utilizes proxies defined in a specified proxy provider. It can also fall back to a DIRECT connection.
```yaml
- name: UseProvider
type: select
use:
- provider1
proxies:
- Proxy
- DIRECT
```
--------------------------------
### IP CIDR Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that directs traffic to the DIRECT connection if the destination IP address falls within the specified CIDR block. The 'no-resolve' option can be used to prevent DNS resolution for IP-based rules.
```yaml
- IP-CIDR,127.0.0.0/8,DIRECT
```
--------------------------------
### GEOIP Rule
Source: https://github.com/karingx/clashmi-docu/blob/main/wiki/configuration-reference.md
A rule that directs traffic based on the geographical location of the destination IP address. Traffic destined for IPs within the specified country code (e.g., CN for China) is sent directly.
```yaml
- GEOIP,CN,DIRECT
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.