Clash
Clash
- HTTP/HTTPS and SOCKS protocol
- Surge like configuration
- GeoIP rule support
- Support Vmess/Shadowsocks/Socks5
- Support for Netfilter TCP redirect
You can build from source:
go get -u -v github.com/Dreamacro/clash
Pre-built binaries are available: release
Requires Go >= 1.11.
Unfortunately, there is no native elegant way to implement golang's daemon.
So we can use third-party daemon tools like pm2, supervisor, and so on.
In the case of pm2, we can start the daemon this way:
pm2 start clash
If you have Docker installed, you can run clash directly using docker-compose.
The default configuration directory is $HOME/.config/clash
The name of the configuration file is config.yml
If you want to use another directory, you can use -d to control the configuration directory
For example, you can use the current directory as the configuration directory
clash -d .Below is a simple demo configuration file:
# port of HTTP port: 7890 # port of SOCKS5 socks-port: 7891 # redir port for Linux and macOS # redir-port: 7892 allow-lan: false # Rule / Global/ Direct (default is Rule) mode: Rule # set log level to stdout (default is info) # info / warning / error / debug / silent log-level: info # A RESTful API for clash external-controller: 127.0.0.1:9090 # you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui` # input is a relative path to the configuration directory or an absolute path # external-ui: folder # Secret for RESTful API (Optional) # secret: "" # dns: # enable: true # set true to enable dns (default is false) # ipv6: false # default is false # listen: 0.0.0.0:53 # enhanced-mode: redir-host # nameserver: # - 114.114.114.114 # - tls://dns.rubyfish.cn:853 # dns over tls # fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN # - 8.8.8.8 Proxy: # shadowsocks # The types of cipher are consistent with go-shadowsocks2 # support AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CTR AES-192-CTR AES-256-CTR AES-128-CFB AES-192-CFB AES-256-CFB CHACHA20-IETF XCHACHA20 # In addition to what go-shadowsocks2 supports, it also supports chacha20 rc4-md5 xchacha20-ietf-poly1305 - { name: "ss1", type: ss, server: server, port: 443, cipher: AEAD_CHACHA20_POLY1305, password: "password" } # old obfs configuration remove after prerelease - name: "ss2" type: ss server: server port: 443 cipher: AEAD_CHACHA20_POLY1305 password: "password" plugin: obfs plugin-opts: mode: tls # or http # host: bing.com - name: "ss3" type: ss server: server port: 443 cipher: AEAD_CHACHA20_POLY1305 password: "password" plugin: v2ray-plugin plugin-opts: mode: websocket # no QUIC now # tls: true # wss # skip-cert-verify: true # host: bing.com # path: "/" # vmess # cipher support auto/aes-128-gcm/chacha20-poly1305/none - { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto } # with tls - { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true } # with tls and skip-cert-verify - { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true, skip-cert-verify: true } # with ws-path and ws-headers - { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, network: ws, ws-path: /path, ws-headers: { Host: v2ray.com } } # with ws + tls - { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, network: ws, ws-path: /path, tls: true } # socks5 - { name: "socks", type: socks5, server: server, port: 443 } # socks5 with authentication - { name: "socks", type: socks5, server: server, port: 443, username: "username", password: "password" } # with tls - { name: "socks", type: socks5, server: server, port: 443, tls: true } # with tls and skip-cert-verify - { name: "socks", type: socks5, server: server, port: 443, tls: true, skip-cert-verify: true } # http - { name: "http", type: http, server: server, port: 443 } # http with authentication - { name: "http", type: http, server: server, port: 443, username: "username", password: "password" } # with tls (https) - { name: "http", type: http, server: server, port: 443, tls: true } # with tls (https) and skip-cert-verify - { name: "http", type: http, server: server, port: 443, tls: true, skip-cert-verify: true } Proxy Group: # url-test select which proxy will be used by benchmarking speed to a URL. - { name: "auto", type: url-test, proxies: ["ss1", "ss2", "vmess1"], url: "http://www.gstatic.com/generate_204", interval: 300 } # fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group. - { name: "fallback-auto", type: fallback, proxies: ["ss1", "ss2", "vmess1"], url: "http://www.gstatic.com/generate_204", interval: 300 } # select is used for selecting proxy or proxy group # you can use RESTful API to switch proxy, is recommended for use in GUI. - { name: "Proxy", type: select, proxies: ["ss1", "ss2", "vmess1", "auto"] } Rule: - DOMAIN-SUFFIX,google.com,Proxy - DOMAIN-KEYWORD,google,Proxy - DOMAIN,google.com,Proxy - DOMAIN-SUFFIX,ad.com,REJECT - IP-CIDR,127.0.0.0/8,DIRECT - SOURCE-IP-CIDR,192.168.1.201/32,DIRECT - GEOIP,CN,DIRECT # FINAL would remove after prerelease # you also can use `FINAL,Proxy` or `FINAL,,Proxy` now - MATCH,Proxy
- Complementing the necessary rule operators
- Redir proxy
- UDP support
- Connection manager