2018-06-23 00:44:28 +08:00
< h1 align = "center" >
< img src = "https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt = "Clash" width = "200" >
2019-02-11 15:55:17 +08:00
< br > Clash< br >
2018-06-23 00:44:28 +08:00
< / h1 >
2018-12-11 00:25:05 +08:00
< h4 align = "center" > A rule-based tunnel in Go.< / h4 >
2018-06-23 00:44:28 +08:00
< p align = "center" >
2019-12-08 12:34:05 +08:00
< a href = "https://github.com/Dreamacro/clash/actions" >
< img src = "https://img.shields.io/github/workflow/status/Dreamacro/clash/Go?style=flat-square" alt = "Github Actions" >
< / a >
2018-06-23 00:44:28 +08:00
< a href = "https://goreportcard.com/report/github.com/Dreamacro/clash" >
2019-02-11 15:55:17 +08:00
< img src = "https://goreportcard.com/badge/github.com/Dreamacro/clash?style=flat-square" >
2018-06-23 00:44:28 +08:00
< / a >
< a href = "https://github.com/Dreamacro/clash/releases" >
< img src = "https://img.shields.io/github/release/Dreamacro/clash/all.svg?style=flat-square" >
< / a >
< / p >
2018-06-10 22:50:03 +08:00
## Features
2020-03-20 12:35:30 +08:00
- Local HTTP/HTTPS/SOCKS server with/without authentication
- VMess, Shadowsocks, Trojan (experimental), Snell protocol support for remote connections. UDP is supported.
- Built-in DNS server that aims to minimize DNS pollution attacks, supports DoH/DoT upstream. Fake IP is also supported.
- Rules based off domains, GEOIP, IP CIDR or ports to forward packets to different nodes
- Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select node based off latency
- Remote providers, allowing users to get node lists remotely instead of hardcoding in config
- Netfilter TCP redirecting. You can deploy Clash on your Internet gateway with `iptables` .
- Comprehensive HTTP API controller
2018-08-14 18:06:56 +08:00
2018-06-10 22:50:03 +08:00
## Install
2020-03-20 12:35:30 +08:00
Clash requires Go >= 1.13. You can build it from source:
2018-06-10 22:50:03 +08:00
```sh
2019-10-08 10:59:24 +08:00
$ go get -u -v github.com/Dreamacro/clash
2018-06-10 22:50:03 +08:00
```
2020-03-20 12:35:30 +08:00
Pre-built binaries are available here: [release ](https://github.com/Dreamacro/clash/releases )
2020-05-08 21:52:17 +08:00
Pre-built Premium binaries are available here: [Premium release ](https://github.com/Dreamacro/clash/releases/tag/premium ). Source is not currently available.
2019-12-28 22:42:30 +08:00
2019-10-08 10:59:24 +08:00
Check Clash version with:
2019-03-30 14:20:04 +08:00
```sh
2019-10-08 10:59:24 +08:00
$ clash -v
2019-03-30 14:20:04 +08:00
```
2020-03-20 12:35:30 +08:00
## Daemonize Clash
2018-06-15 00:35:33 +08:00
2020-03-20 12:35:30 +08:00
Unfortunately, there is no native or elegant way to implement daemons on Golang. We recommend using third-party daemon management tools like PM2, Supervisor or the like to keep Clash running as a service.
2018-06-15 00:35:33 +08:00
2020-03-20 12:35:30 +08:00
In the case of [pm2 ](https://github.com/Unitech/pm2 ), start the daemon this way:
2018-06-15 00:35:33 +08:00
```sh
2019-10-08 10:59:24 +08:00
$ pm2 start clash
2018-06-15 00:35:33 +08:00
```
2020-03-20 12:35:30 +08:00
If you have Docker installed, it's recommended to deploy Clash directly using `docker-compose` : [run Clash in Docker ](https://github.com/Dreamacro/clash/wiki/Run-clash-in-docker )
2018-06-18 11:31:49 +08:00
2018-06-10 22:50:03 +08:00
## Config
2019-10-08 10:59:24 +08:00
The default configuration directory is `$HOME/.config/clash` .
2018-10-17 00:51:04 +08:00
2019-10-08 10:59:24 +08:00
The name of the configuration file is `config.yaml` .
2018-10-17 00:51:04 +08:00
2019-10-08 10:59:24 +08:00
If you want to use another directory, use `-d` to control the configuration directory.
2018-10-17 00:51:04 +08:00
2019-10-08 10:59:24 +08:00
For example, you can use the current directory as the configuration directory:
2018-10-17 00:51:04 +08:00
```sh
2019-10-08 10:59:24 +08:00
$ clash -d .
2018-10-17 00:51:04 +08:00
```
2018-06-10 22:50:03 +08:00
2019-10-09 18:46:23 +08:00
< details >
2019-12-08 12:34:05 +08:00
< summary > This is an example configuration file (click to expand)< / summary >
2018-06-10 22:50:03 +08:00
2018-10-03 12:25:24 +08:00
```yml
# port of HTTP
port: 7890
# port of SOCKS5
socks-port: 7891
2018-06-10 22:50:03 +08:00
2020-06-07 16:54:41 +08:00
# (HTTP and SOCKS5 in one port)
# mixed-port: 7890
2018-11-08 20:14:57 +08:00
# redir port for Linux and macOS
2018-10-17 00:51:04 +08:00
# redir-port: 7892
2018-10-03 12:25:24 +08:00
allow-lan: false
2019-08-08 13:45:07 +08:00
# Only applicable when setting allow-lan to true
# "*": bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
2019-10-09 18:46:23 +08:00
# bind-address: "*"
2019-08-08 13:45:07 +08:00
2020-06-18 18:11:02 +08:00
# ipv6: false # when ipv6 is false, each clash dial with ipv6, but it's not affect the response of the dns server, default is false
2020-06-01 00:32:37 +08:00
# rule / global / direct (default is rule)
mode: rule
2018-10-03 12:25:24 +08:00
# set log level to stdout (default is info)
2018-12-05 21:26:04 +08:00
# info / warning / error / debug / silent
2018-10-03 12:25:24 +08:00
log-level: info
2018-08-12 04:22:14 +08:00
2019-10-08 10:59:24 +08:00
# RESTful API for clash
2018-10-03 12:25:24 +08:00
external-controller: 127.0.0.1:9090
2018-12-20 22:34:38 +08:00
# you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
# input is a relative path to the configuration directory or an absolute path
# external-ui: folder
2018-10-17 00:51:04 +08:00
# Secret for RESTful API (Optional)
2018-10-29 20:25:13 +08:00
# secret: ""
2018-10-17 00:51:04 +08:00
2019-04-24 12:02:52 +08:00
# experimental feature
experimental:
2019-05-16 14:19:37 +08:00
ignore-resolve-fail: true # ignore dns resolve fail, default value is true
2020-02-15 21:42:46 +08:00
# interface-name: en0 # outbound interface name
2019-04-24 12:02:52 +08:00
2019-06-27 17:04:25 +08:00
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
2020-05-28 12:13:05 +08:00
# # hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
2020-05-07 21:58:53 +08:00
# # static domain has a higher priority than wildcard domain (foo.example.com > *.example.com > .example.com)
2020-05-28 12:13:05 +08:00
# # +.foo.com equal .foo.com and foo.com
2019-09-14 21:45:11 +08:00
# hosts:
# '*.clash.dev': 127.0.0.1
2020-05-07 21:58:53 +08:00
# '.dev': 127.0.0.1
2019-09-14 21:45:11 +08:00
# 'alpha.clash.dev': '::1'
2020-05-28 12:13:05 +08:00
# '+.foo.dev': 127.0.0.1
2019-09-14 21:45:11 +08:00
2019-02-11 15:55:17 +08:00
# dns:
2018-12-05 21:52:31 +08:00
# enable: true # set true to enable dns (default is false)
2020-06-18 18:11:02 +08:00
# ipv6: false # it only affect the dns server response, default is false
2018-12-05 21:52:31 +08:00
# listen: 0.0.0.0:53
2020-02-15 21:42:46 +08:00
# # default-nameserver: # resolve dns nameserver host, should fill pure IP
# # - 114.114.114.114
# # - 8.8.8.8
2019-05-03 00:05:14 +08:00
# enhanced-mode: redir-host # or fake-ip
2019-05-09 21:05:47 +08:00
# # fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it
2019-12-28 00:10:06 +08:00
# fake-ip-filter: # fake ip white domain list
2020-01-09 18:13:15 +08:00
# - '*.lan'
2019-12-28 00:10:06 +08:00
# - localhost.ptlogin2.qq.com
2018-12-05 21:52:31 +08:00
# nameserver:
# - 114.114.114.114
# - tls://dns.rubyfish.cn:853 # dns over tls
2019-06-28 12:29:08 +08:00
# - https://1.1.1.1/dns-query # dns over https
2018-12-05 21:52:31 +08:00
# fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
2019-03-01 00:52:30 +08:00
# - tcp://1.1.1.1
2019-09-15 13:36:45 +08:00
# fallback-filter:
# geoip: true # default
# ipcidr: # ips in these subnets will be considered polluted
# - 240.0.0.0/4
2018-12-05 21:26:04 +08:00
2020-03-07 20:01:24 +08:00
proxies:
2019-12-08 12:34:05 +08:00
# shadowsocks
# The supported ciphers(encrypt methods):
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
2019-12-08 13:05:05 +08:00
# rc4-md5 chacha20-ietf xchacha20
2019-12-08 12:34:05 +08:00
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
- name: "ss1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true
# old obfs configuration format remove after prerelease
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
- name: "ss3"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: value
# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- name: "vmess"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
2020-06-01 00:27:04 +08:00
# servername: example.com # priority over wss host
2019-12-08 12:34:05 +08:00
# network: ws
# ws-path: /path
# ws-headers:
# Host: v2ray.com
2020-03-31 16:07:21 +08:00
- name: "vmess-http"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive
2019-12-08 12:34:05 +08:00
# socks5
- name: "socks"
type: socks5
server: server
port: 443
# username: username
# password: password
# tls: true
2019-02-11 15:55:17 +08:00
# skip-cert-verify: true
2019-12-08 12:34:05 +08:00
# udp: true
# http
- name: "http"
type: http
server: server
port: 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# snell
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# obfs-opts:
# mode: http # or tls
# host: bing.com
2018-12-05 21:26:04 +08:00
2020-03-19 20:26:53 +08:00
# trojan
- name: "trojan"
type: trojan
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
2020-03-07 20:01:24 +08:00
proxy-groups:
2020-05-07 21:42:52 +08:00
# relay chains the proxies. proxies shall not contain a relay. No UDP support.
2020-03-21 23:46:49 +08:00
# Traffic: clash < - > http < - > vmess < - > ss1 < - > ss2 < - > Internet
- name: "relay"
type: relay
proxies:
- http
- vmess
- ss1
- ss2
2019-12-08 12:34:05 +08:00
# url-test select which proxy will be used by benchmarking speed to a URL.
- name: "auto"
type: url-test
proxies:
- ss1
- ss2
- vmess1
2020-05-29 17:47:50 +08:00
# tolerance: 150
2019-12-08 12:34:05 +08:00
url: 'http://www.gstatic.com/generate_204'
interval: 300
# fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- name: "fallback-auto"
type: fallback
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# load-balance: The request of the same eTLD will be dial on the same proxy.
- name: "load-balance"
type: load-balance
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy, is recommended for use in GUI.
- name: Proxy
type: select
proxies:
- ss1
- ss2
- vmess1
- auto
2020-03-07 20:01:24 +08:00
- name: UseProvider
type: select
use:
- provider1
proxies:
- Proxy
- DIRECT
2018-10-03 12:25:24 +08:00
2020-03-07 20:01:24 +08:00
proxy-providers:
provider1:
type: http
url: "url"
interval: 3600
path: ./hk.yaml
health-check:
enable: true
interval: 600
url: http://www.gstatic.com/generate_204
test:
type: file
path: /test.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
rules:
2019-12-08 12:34:05 +08:00
- DOMAIN-SUFFIX,google.com,auto
- DOMAIN-KEYWORD,google,auto
- DOMAIN,google.com,auto
- DOMAIN-SUFFIX,ad.com,REJECT
# rename SOURCE-IP-CIDR and would remove after prerelease
- SRC-IP-CIDR,192.168.1.201/32,DIRECT
# optional param "no-resolve" for IP rules (GEOIP IP-CIDR)
- IP-CIDR,127.0.0.0/8,DIRECT
- GEOIP,CN,DIRECT
- DST-PORT,80,DIRECT
- SRC-PORT,7777,DIRECT
# FINAL would remove after prerelease
# you also can use `FINAL,Proxy` or `FINAL,,Proxy` now
- MATCH,auto
2018-06-10 22:50:03 +08:00
```
2019-10-09 18:46:23 +08:00
< / details >
2018-06-10 22:50:03 +08:00
2019-12-08 12:34:05 +08:00
## Advanced
[Provider ](https://github.com/Dreamacro/clash/wiki/Provider )
2019-04-15 19:05:01 +08:00
## Documentations
https://clash.gitbook.io/
2020-03-20 12:35:30 +08:00
## Credits
2018-08-12 04:22:14 +08:00
[riobard/go-shadowsocks2 ](https://github.com/riobard/go-shadowsocks2 )
2018-09-16 23:08:04 +08:00
[v2ray/v2ray-core ](https://github.com/v2ray/v2ray-core )
2018-07-15 22:32:20 +08:00
## License
2018-08-12 04:22:14 +08:00
2018-07-15 22:32:20 +08:00
[![FOSSA Status ](https://app.fossa.io/api/projects/git%2Bgithub.com%2FDreamacro%2Fclash.svg?type=large )](https://app.fossa.io/projects/git%2Bgithub.com%2FDreamacro%2Fclash?ref=badge_large)
2018-06-10 22:50:03 +08:00
## TODO
2018-08-12 04:22:14 +08:00
- [x] Complementing the necessary rule operators
- [x] Redir proxy
2019-04-25 16:32:15 +08:00
- [x] UDP support
2019-12-08 12:34:05 +08:00
- [x] Connection manager
2020-06-07 16:54:41 +08:00
- ~~[ ] Event API~~