From 92708a905039a34f826ad5ea62345ae5229e22c3 Mon Sep 17 00:00:00 2001 From: xishang0128 Date: Sat, 12 Oct 2024 08:43:23 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/api/index.en.md | 16 +++++-- docs/api/index.md | 16 +++++-- docs/config/dns/index.en.md | 16 +++++-- docs/config/dns/index.md | 19 +++++++-- docs/config/general.en.md | 46 +++++++++++++++++--- docs/config/general.md | 47 ++++++++++++++++++--- docs/config/proxies/wg.md | 11 +++++ docs/config/proxy-groups/load-balance.en.md | 13 +++--- docs/config/proxy-groups/load-balance.md | 11 +++-- docs/config/sniff/index.md | 46 +++++++++++--------- docs/groups.md | 7 +++ 11 files changed, 190 insertions(+), 58 deletions(-) create mode 100644 docs/groups.md diff --git a/docs/api/index.en.md b/docs/api/index.en.md index e231735dd..27e4ed813 100644 --- a/docs/api/index.en.md +++ b/docs/api/index.en.md @@ -121,11 +121,16 @@ Request method: `GET` - Retrieve specific policy group information. +Request method: `DELETE` + +- Clear the fixed selection of the automatic policy group. + ### `/group/group_name/delay` Request method: `GET` -- Test nodes/policy groups within a specified policy group and return new delay information; the URL must include `?url=xxx&timeout=5000`, modified as needed. +- Test the nodes/strategy groups within the specified strategy group, return new latency information, and clear the fixed selection of the automatic strategy group +- the URL must include `?url=xxx&timeout=5000`, modified as needed. ## Proxies @@ -149,7 +154,8 @@ Request method: `PUT` Request method: `GET` -- Test a specified proxy and return new delay information; the URL must include `?url=xxx&timeout=5000`, modified as needed. +- Test a specified proxy and return new delay information +- the URL must include `?url=xxx&timeout=5000`, modified as needed. ## Proxy Sets @@ -177,7 +183,8 @@ Request method: `GET` ### `/providers/proxies/providers_name/proxies_name/healthcheck` -- Test a specified proxy within the proxy set and return new delay information; the URL must include `?url=xxx&timeout=5000`, modified as needed. +- Test a specified proxy within the proxy set and return new delay information +- the URL must include `?url=xxx&timeout=5000`, modified as needed. ## Rules @@ -225,7 +232,8 @@ Request method: `DELETE` Request method: `GET` -- Retrieve DNS query data for a specified name and type; the URL must include `?name=example.com&type=A`, modified as needed. +- Retrieve DNS query data for a specified name and type +- the URL must include `?name=example.com&type=A`, modified as needed. ## DEBUG diff --git a/docs/api/index.md b/docs/api/index.md index 5073651cd..e1d756dc5 100644 --- a/docs/api/index.md +++ b/docs/api/index.md @@ -121,11 +121,16 @@ curl 示例 `curl -H 'Authorization: Bearer ${secret}' http://${controller-api} - 获取具体的策略组信息 +请求方法:`DELETE` + +- 清除自动策略组 fixed 选择 + ### `/group/group_name/delay` 请求方法:`GET` -- 对指定策略组内的节点/策略组进行测试,并返回新的延迟信息,URL 需携带`?url=xxx&timeout=5000`,按需修改 +- 对指定策略组内的节点/策略组进行测试,返回新的延迟信息,,并清除自动策略组的 fixed 选择 +- URL 需携带`?url=xxx&timeout=5000`,按需修改 ## 代理 @@ -149,7 +154,8 @@ curl 示例 `curl -H 'Authorization: Bearer ${secret}' http://${controller-api} 请求方法:`GET` -- 对指定代理进行测试,并返回新的延迟信息,URL 需携带`?url=xxx&timeout=5000`,按需修改 +- 对指定代理进行测试,并返回新的延迟信息 +- URL 需携带`?url=xxx&timeout=5000`,按需修改 ## 代理集合 @@ -177,7 +183,8 @@ curl 示例 `curl -H 'Authorization: Bearer ${secret}' http://${controller-api} ### `/providers/proxies/providers_name/proxies_name/healthcheck` -- 对代理集合内的指定代理进行测试,并返回新的延迟信息,URL 需携带`?url=xxx&timeout=5000`,按需修改 +- 对代理集合内的指定代理进行测试,并返回新的延迟信息 +- URL 需携带`?url=xxx&timeout=5000`,按需修改 ## 规则 @@ -225,7 +232,8 @@ curl 示例 `curl -H 'Authorization: Bearer ${secret}' http://${controller-api} 请求方法:`GET` -- 获取指定名称和类型的 DNS 查询数据,URL 需携带`?name=example.com&type=A`,按需修改 +- 获取指定名称和类型的 DNS 查询数据 +- URL 需携带`?name=example.com&type=A`,按需修改 ## DEBUG diff --git a/docs/config/dns/index.en.md b/docs/config/dns/index.en.md index e2c41f875..6316b7497 100644 --- a/docs/config/dns/index.en.md +++ b/docs/config/dns/index.en.md @@ -105,13 +105,21 @@ Keys support [domain wildcards](../../handbook/syntax.md#domain-wildcards). Values support strings/arrays. -## nameserver +## proxy-server-nameserver -Default domain name resolution server. +The proxy node domain resolution server is used solely for resolving the domain names of proxy nodes. If left blank, it will follow the configurations of nameserver-policy, nameserver, and fallback. -## proxy-server-nameserver +## direct-nameserver + +The DNS server for domain resolution at the direct exit. If left blank, it will follow the configurations of nameserver-policy, nameserver, and fallback. -Proxy node domain name resolution server, used only for resolving the domain names of proxy nodes. +## direct-nameserver-follow-policy + +Indicates whether to adhere to the nameserver-policy. The default is not to comply, and it only takes effect when direct-nameserver is not empty. + +## nameserver + +Default domain name resolution server. ## fallback diff --git a/docs/config/dns/index.md b/docs/config/dns/index.md index f6e9ceb9b..146f5e831 100644 --- a/docs/config/dns/index.md +++ b/docs/config/dns/index.md @@ -29,6 +29,9 @@ dns: - tls://1.1.1.1 proxy-server-nameserver: - https://doh.pub/dns-query + direct-nameserver: + - system + direct-nameserver-follow-policy: false fallback-filter: geoip: true geoip-code: CN @@ -105,13 +108,21 @@ dns 连接遵守[路由规则](../rules/index.md),需配置 [proxy-server-name 值支持字符串/数组 -## nameserver +## proxy-server-nameserver -默认的域名解析服务器 +代理节点域名解析服务器,仅用于解析代理节点的域名,如果不填则遵循nameserver-policy、nameserver和fallback的配置 -## proxy-server-nameserver +## direct-nameserver + +用于direct出口域名解析的 DNS 服务器,如果不填则遵循nameserver-policy、nameserver和fallback的配置 -代理节点域名解析服务器,仅用于解析代理节点的域名 +## direct-nameserver-follow-policy + +是否遵循nameserver-policy,默认为不遵守,仅当direct-nameserver不为空时生效 + +## nameserver + +默认的域名解析服务器 ## fallback diff --git a/docs/config/general.en.md b/docs/config/general.en.md index 68d444443..77fb5f02e 100644 --- a/docs/config/general.en.md +++ b/docs/config/general.en.md @@ -90,19 +90,27 @@ default is `true`. ipv6: true ``` -## TCP Keep Alive Interval +## TCP Keep Alive Settings -Controls the interval at which Clash sends out TCP Keep Alive packets to reduce temporary measures for mobile device power consumption. +Modify this item to reduce the [power consumption issue](https://github.com/vernesong/OpenClash/issues/2614) on mobile devices -unit is seconds +The interval for TCP Keep Alive packets, measured in seconds. ```{.yaml linenums="1"} -keep-alive-interval: 30 +keep-alive-interval: 15 ``` -The time Clash discovers and closes an invalid TCP connection: +The maximum idle time for TCP Keep Alive. -1 × keep-alive-interval + 9 × keep-alive-interval +```{.yaml linenums="1"} +keep-alive-idle: 15 +``` + +Disable TCP Keep Alive; on Android, this is set to true by default. + +```{.yaml linenums="1"} +disable-keep-alive: false +``` ## Process Matching Mode @@ -126,6 +134,15 @@ API listening address, you can change `127.0.0.1` to `0.0.0.0` to listen on all external-controller: 127.0.0.1:9090 ``` +API CORS Header Configuration + +```{.yaml linenums="1"} +external-controller-cors: + allow-origins: + - * + allow-private-network: true +``` + Unix socket API listening address !!! warning "" @@ -135,6 +152,15 @@ Unix socket API listening address external-controller-unix: mihomo.sock ``` +Windows Named Pipe API Listening Address + +!!! warning "" + Accessing the API interface via Windows Named Pipe does not validate the secret. If enabled, please ensure your security. + +```{.yaml linenums="1"} +external-controller-pipe: \\.\pipe\mihomo +``` + HTTPS-API listening address, requires configuring the tls section for certificate and private key configuration, external-controller must also be filled in. ```{.yaml linenums="1"} @@ -286,3 +312,11 @@ Custom UA used when downloading external resources, default is clash.meta. ```{.yaml linenums="1"} global-ua: clash.meta ``` + +## ETag Support + +ETag support for external resource downloads is enabled by default. + +```{.yaml linenums="1"} +etag-support: true +``` diff --git a/docs/config/general.md b/docs/config/general.md index b6569261c..ed68ad2e4 100644 --- a/docs/config/general.md +++ b/docs/config/general.md @@ -92,18 +92,27 @@ log-level: info ipv6: true ``` -## TCP Keep Alive 间隔 +## TCP Keep Alive 设置 -控制 Clash 发出 TCP Keep Alive 包的间隔,减少移动设备[耗电问题](https://github.com/vernesong/OpenClash/issues/2614)的临时措施。 +修改此项以减少移动设备[耗电问题](https://github.com/vernesong/OpenClash/issues/2614) -单位为秒 +TCP Keep Alive 包的间隔,单位为秒 ```{.yaml linenums="1"} -keep-alive-interval: 30 +keep-alive-interval: 15 ``` -此时 Clash 发现并关闭一个无效 TCP 连接用时: -`1*keep-alive-interval + 9*keep-alive-interval` +TCP Keep Alive 的最大空闲时间 + +```{.yaml linenums="1"} +keep-alive-idle: 15 +``` + +禁用 TCP Keep Alive,在 Amdroid 默认为 true + +```{.yaml linenums="1"} +disable-keep-alive: false +``` ## 进程匹配模式 @@ -127,6 +136,15 @@ API 监听地址,你可以将 127.0.0.1 修改为 0.0.0.0 来监听所有 IP external-controller: 127.0.0.1:9090 ``` +API CORS 标头配置 + +```{.yaml linenums="1"} +external-controller-cors: + allow-origins: + - * + allow-private-network: true +``` + Unix socket API 监听地址 !!! warning "" @@ -136,6 +154,15 @@ Unix socket API 监听地址 external-controller-unix: mihomo.sock ``` +Windows namedpipe API 监听地址 + +!!! warning "" + 从Windows namedpipe访问api接口不会验证secret, 如果开启请自行保证安全问题 + +```{.yaml linenums="1"} +external-controller-pipe: \\.\pipe\mihomo +``` + HTTPS-API 监听地址,需要配置 `tls` 部分证书和其私钥配置,使用 TLS 也必须填写 `external-controller` ```{.yaml linenums="1"} @@ -296,3 +323,11 @@ geox-url: ```{.yaml linenums="1"} global-ua: clash.meta ``` + +## ETag 支持 + +外部资源下载的 ETag 支持,默认为 `true` + +```{.yaml linenums="1"} +etag-support: true +``` \ No newline at end of file diff --git a/docs/config/proxies/wg.md b/docs/config/proxies/wg.md index 0779d424e..944c2c379 100644 --- a/docs/config/proxies/wg.md +++ b/docs/config/proxies/wg.md @@ -22,6 +22,17 @@ proxies: # dialer-proxy: "ss1" # 一个出站代理的标识。当值不为空时,将使用指定的 proxy/proxy-group 发出连接 # remote-dns-resolve: true # 强制dns远程解析,默认值为false # dns: [ 1.1.1.1, 8.8.8.8 ] # 仅在remote-dns-resolve为true时生效 + # 如果存在则开启AmneziaWG功能 + # amnezia-wg-option: + # jc: 5 + # jmin: 500 + # jmax: 501 + # s1: 30 + # s2: 40 + # h1: 123456 + # h2: 67543 + # h4: 32345 + # h3: 123123 ``` ## 完整写法 diff --git a/docs/config/proxy-groups/load-balance.en.md b/docs/config/proxy-groups/load-balance.en.md index 71de33446..90f2aedd6 100644 --- a/docs/config/proxy-groups/load-balance.en.md +++ b/docs/config/proxy-groups/load-balance.en.md @@ -18,12 +18,15 @@ proxy-groups: Refer to [Common Fields](./index.md). -## strategy +## Strategy -Load balancing strategy. +Load Balancing Strategies -* `consistent-hashing`: Distributes requests with the same top-level domain to the same proxy node within the strategy group. +* `round-robin` will distribute all requests among different proxy nodes within the strategy group. -* `round-robin`: Distributes all requests to different proxy nodes within the strategy group. +* `consistent-hashing` will assign requests with the same `target address` to the same proxy node within the strategy group. -* `sticky-sessions`: sticky-sessions. +* `sticky-sessions`: requests with the same `source address` and `target address` will be directed to the same proxy node within the strategy group, with a cache expiration of 10 minutes. + +!!! note + When the `target address` is a domain, it uses top-level domain matching. diff --git a/docs/config/proxy-groups/load-balance.md b/docs/config/proxy-groups/load-balance.md index a65d9d87e..6eac4a954 100644 --- a/docs/config/proxy-groups/load-balance.md +++ b/docs/config/proxy-groups/load-balance.md @@ -11,7 +11,7 @@ proxy-groups: url: 'https://www.gstatic.com/generate_204' interval: 300 #lazy: true - #strategy: consistent-hashing # or round-robin + #strategy: consistent-hashing ``` ## 通用字段 @@ -22,8 +22,11 @@ proxy-groups: 负载均衡策略 -* `consistent-hashing` 将会把相同顶级域名的请求分配给策略组内的同一个代理节点 - * `round-robin` 将会把所有的请求分配给策略组内不同的代理节点 -* `sticky-sessions`: sticky-sessions +* `consistent-hashing` 将相同的 `目标地址` 的请求分配给策略组内的同一个代理节点 + +* `sticky-sessions`: 将相同的 `来源地址` 和 `目标地址` 的请求分配给策略组内的同一个代理节点,缓存 10 分钟过期 + +!!! note + `目标地址` 为域名时,使用顶级域名匹配 \ No newline at end of file diff --git a/docs/config/sniff/index.md b/docs/config/sniff/index.md index 6b4429810..e0867bb72 100644 --- a/docs/config/sniff/index.md +++ b/docs/config/sniff/index.md @@ -1,11 +1,5 @@ # 域名嗅探 -Clash 使用 Mapping 机制解决透明代理情况下,无法通过 Redir 端口传递域名的问题;但此机制会导致如果不使用 Clash 内置的 DNS 解析服务,就无法准确还原域名,进行域名分流的问题。 - -Meta 内置了 Sniffer 域名嗅探器,通过读取握手包内的域名字段,将 IP 还原成域名,有效解决 Mapping 机制的短板。 - -## 示例 - ```{.yaml linenums="1"} sniffer: enable: false @@ -24,37 +18,47 @@ sniffer: - +.v2ex.com skip-domain: - Mijia Cloud + skip-src-address: + - 192.168.0.3/32 + skip-dst-address: + - 192.168.0.3/32 ``` -## 字段解释 - -### enable +## enable 是否启用 sniffer -### force-dns-mapping +## force-dns-mapping -对 redir-host 类型识别的流量进行强制嗅探 +对 `redir-host` 类型识别的流量进行强制嗅探 -### parse-pure-ip +## parse-pure-ip 对所有未获取到域名的流量进行强制嗅探 -### override-destination +## override-destination 是否使用嗅探结果作为实际访问,默认为 true -### sniff +## sniff + +需要嗅探的协议设置,仅支持 `HTTP`/`TLS`/`QUIC` + +- `ports`: [端口范围](../../handbook/syntax.md#_14) +- `override-destination`: 覆盖全局`override-destination`设置 + +## force-domain + +强制进行嗅探的域名列表,使用[域名通配](../../handbook/syntax.md#_8) -一个数组,里面可以包含多个协议对象。每种协议对象包含: +## skip-domain -- `ports`字段,表示端口范围。示例:`ports: [80, 8080-8880]` -- `override-destination`字段(可选),用于覆盖全局`override-destination`设置 +跳过嗅探的域名列表,使用[域名通配](../../handbook/syntax.md#_8) -### force-domain +## skip-src-address -需要强制嗅探的域名(默认情况下只对 IP 进行嗅探) +跳过嗅探的来源 IP 段列表 -### skip-domain +## skip-dst-address -需要跳过嗅探的域名。主要解决部分站点 sni 字段非域名,导致嗅探结果异常的问题,如米家设备`Mijia Cloud` +跳过嗅探的目标 IP 段列表 diff --git a/docs/groups.md b/docs/groups.md new file mode 100644 index 000000000..0fd096558 --- /dev/null +++ b/docs/groups.md @@ -0,0 +1,7 @@ +# 某奇怪群组 + +请不要传播,否则该链接将会撤销 + +Please do not share; otherwise, the link will be revoked. + +https://t.me/+QL4Imm5KrV9kOGQ1 \ No newline at end of file