参考配置

推荐工具

手搓总有错误时, 工具解放左手

clash/mihomo 官方参考配置

参考yaml 

# HTTP(S) 代理服务端口
port: 7890

# SOCKS5 代理服务端口
socks-port: 7891

# Linux 和 macOS 的透明代理服务端口 (TCP 和 TProxy UDP 重定向)
# redir-port: 7892

# Linux 的透明代理服务端口 (TProxy TCP 和 TProxy UDP)
# tproxy-port: 7893

# HTTP(S) 和 SOCKS4(A)/SOCKS5 代理服务共用一个端口
# mixed-port: 7890

# 本地 SOCKS5/HTTP(S) 代理服务的认证
# authentication:
#   - "user1:pass1"
#   - "user2:pass2"

# 设置为 true 以允许来自其他 LAN IP 地址的连接
# allow-lan: false

# 仅当 `allow-lan` 为 `true` 时有效
# '*': 绑定所有 IP 地址
# 192.168.122.11: 绑定单个 IPv4 地址
# "[aaaa::a8aa:ff:fe09:57d8]": 绑定单个 IPv6 地址
# bind-address: '*'

# Clash 路由工作模式
# rule: 基于规则的数据包路由
# global: 所有数据包将被转发到单个节点
# direct: 直接将数据包转发到互联网
mode: rule

# 默认情况下, Clash 将日志打印到 STDOUT
# 日志级别: info / warning / error / debug / silent
# log-level: info

# 当设置为 false 时, 解析器不会将主机名解析为 IPv6 地址
# ipv6: false

# RESTful Web API 监听地址
external-controller: 127.0.0.1:9090

# 配置目录的相对路径或静态 Web 资源目录的绝对路径
# external-ui: folder

# RESTful API 密钥 (可选)
# secret: ""

# 出站接口名称
# interface-name: en0

# fwmark (仅在 Linux 上有效)
# routing-mark: 6666

# hosts:
#   '*.clash.dev': 127.0.0.1
#   '.dev': 127.0.0.1
#   'alpha.clash.dev': '::1'

# profile:
#   store-selected: true
#   store-fake-ip: false

dns:
  enable: false
  listen: 0.0.0.0:53
  # ipv6: false

  default-nameserver:
    - 114.114.114.114
    - 8.8.8.8
  # enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  # use-hosts: true

  # fake-ip-filter:
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com

  nameserver:
    - 114.114.114.114
    - 8.8.8.8
    - tls://dns.rubyfish.cn:853
    - https://1.1.1.1/dns-query
    - dhcp://en0

  # fallback:
  #   - tcp://1.1.1.1

  # fallback-filter:
  #   geoip: true
  #   geoip-code: CN
  #   ipcidr:
  #     - 240.0.0.0/4
  #   domain:
  #     - '+.google.com'
  #     - '+.facebook.com'
  #     - '+.youtube.com'

  # nameserver-policy:
  #   'www.baidu.com': '114.114.114.114'
  #   '+.internal.crop.com': '10.0.0.1'

proxies:
  # Shadowsocks
  - name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    # udp: true

  - name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
      mode: tls
      # host: bing.com

  - name: "ss3"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: v2ray-plugin
    plugin-opts:
      mode: websocket
      # tls: true
      # host: bing.com
      # path: "/"
      # mux: true

  # vmess
  - name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # tls: true
    # network: ws

  - name: "vmess-h2"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    network: h2
    tls: true
    h2-opts:
      host:
        - http.example.com
      path: /

  - name: vmess-grpc
    server: server
    port: 443
    type: vmess
    uuid: uuid
    alterId: 32
    cipher: auto
    network: grpc
    tls: true
    servername: example.com
    grpc-opts:
      grpc-service-name: "example"

  # socks5
  - name: "socks"
    type: socks5
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true
    # udp: true

  # http
  - name: "http"
    type: http
    server: server
    port: 443
    # tls: true
    # sni: custom.com

  # Snell
  - name: "snell"
    type: snell
    server: server
    port: 44046
    psk: yourpsk
    # version: 2

  # Trojan
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk
    # sni: example.com
    # skip-cert-verify: true

  - name: trojan-grpc
    server: server
    port: 443
    type: trojan
    password: "example"
    network: grpc
    sni: example.com
    udp: true
    grpc-opts:
      grpc-service-name: "example"

  - name: trojan-ws
    server: server
    port: 443
    type: trojan
    password: "example"
    network: ws
    sni: example.com
    udp: true

  # ShadowsocksR
  - name: "ssr"
    type: ssr
    server: server
    port: 443
    cipher: chacha20-ietf
    password: "password"
    obfs: tls1.2_ticket_auth
    protocol: auth_sha1_v4
    # udp: true

proxy-groups:
  - name: "relay"
    type: relay
    proxies:
      - http
      - vmess
      - ss1
      - ss2

  - name: "auto"
    type: url-test
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300

  - name: "fallback-auto"
    type: fallback
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300

  - name: "load-balance"
    type: load-balance
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
    # strategy: consistent-hashing

  - name: Proxy
    type: select
    proxies:
      - ss1
      - ss2
      - vmess1
      - auto

  - name: en1
    type: select
    interface-name: en1
    routing-mark: 6667
    proxies:
      - DIRECT

  - name: UseProvider
    type: select
    use:
      - provider1
    proxies:
      - Proxy
      - DIRECT

proxy-providers:
  provider1:
    type: http
    url: "url"
    interval: 3600
    path: ./provider1.yaml
    health-check:
      enable: true
      interval: 600
      url: http://www.gstatic.com/generate_204
  test:
    type: file
    path: /test.yaml
    health-check:
      enable: true
      interval: 36000
      url: http://www.gstatic.com/generate_204

tunnels:
  - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy
  - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn
  - network: [tcp, udp]
    address: 127.0.0.1:7777
    target: target.com
    proxy: proxy

rules:
  - DOMAIN-SUFFIX,google.com,auto
  - DOMAIN-KEYWORD,google,auto
  - DOMAIN,google.com,auto
  - DOMAIN-SUFFIX,ad.com,REJECT
  - SRC-IP-CIDR,192.168.1.201/32,DIRECT
  - IP-CIDR,127.0.0.0/8,DIRECT
  - GEOIP,CN,DIRECT
  - DST-PORT,80,DIRECT
  - SRC-PORT,7777,DIRECT
  - RULE-SET,apple,REJECT
  - MATCH,auto

Reference Configuration

When manual configuration always has errors, tools free your hands.

clash/mihomo Official Reference

Reference YAML 

# HTTP(S) proxy server port
port: 7890

# SOCKS5 proxy server port
socks-port: 7891

# Transparent proxy server port for Linux and macOS (TCP and TProxy UDP redirect)
# redir-port: 7892

# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
# tproxy-port: 7893

# HTTP(S) and SOCKS4(A)/SOCKS5 proxy on the same port
# mixed-port: 7890

# authentication for local SOCKS5/HTTP(S) proxy
# authentication:
#   - "user1:pass1"
#   - "user2:pass2"

# Set to true to allow connections from other LAN IP addresses
# allow-lan: false

# Only effective when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
# bind-address: '*'

# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single node
# direct: directly forward packets to the Internet
mode: rule

# By default, Clash prints logs to STDOUT
# info / warning / error / debug / silent
# log-level: info

# When set to false, resolver won't translate hostnames to IPv6 addresses
# ipv6: false

# RESTful web API listening address
external-controller: 127.0.0.1:9090

# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `http://{{external-controller}}/ui`.
# external-ui: folder

# Secret for the RESTful API (optional)
# secret: ""

# Outbound interface name
# interface-name: en0

# fwmark on Linux only
# routing-mark: 6666

# Static hosts for DNS server and connection establishment (like /etc/hosts)
# hosts:
#   '*.clash.dev': 127.0.0.1
#   '.dev': 127.0.0.1
#   'alpha.clash.dev': '::1'

# profile:
#   store-selected: true
#   store-fake-ip: false

dns:
  enable: false
  listen: 0.0.0.0:53
  # ipv6: false

  default-nameserver:
    - 114.114.114.114
    - 8.8.8.8
  # enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  # use-hosts: true

  # fake-ip-filter:
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com

  nameserver:
    - 114.114.114.114
    - 8.8.8.8
    - tls://dns.rubyfish.cn:853
    - https://1.1.1.1/dns-query
    - dhcp://en0

  # fallback:
  #   - tcp://1.1.1.1

  # fallback-filter:
  #   geoip: true
  #   geoip-code: CN
  #   ipcidr:
  #     - 240.0.0.0/4
  #   domain:
  #     - '+.google.com'
  #     - '+.facebook.com'
  #     - '+.youtube.com'

proxies:
  # Shadowsocks
  - name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"

  - name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
      mode: tls

  # vmess
  - name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto

  - name: vmess-grpc
    server: server
    port: 443
    type: vmess
    uuid: uuid
    alterId: 32
    cipher: auto
    network: grpc
    tls: true
    servername: example.com
    grpc-opts:
      grpc-service-name: "example"

  # Trojan
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk

  # ShadowsocksR
  - name: "ssr"
    type: ssr
    server: server
    port: 443
    cipher: chacha20-ietf
    password: "password"
    obfs: tls1.2_ticket_auth
    protocol: auth_sha1_v4

proxy-groups:
  - name: "auto"
    type: url-test
    proxies:
      - ss1
      - ss2
    url: 'http://www.gstatic.com/generate_204'
    interval: 300

  - name: Proxy
    type: select
    proxies:
      - ss1
      - ss2
      - auto

rules:
  - DOMAIN-SUFFIX,google.com,auto
  - DOMAIN-KEYWORD,google,auto
  - DOMAIN,google.com,auto
  - DOMAIN-SUFFIX,ad.com,REJECT
  - IP-CIDR,127.0.0.0/8,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,auto