pushcode

Signed-off-by: tujidelv <tujide.lv@foxmail.com>

source/_posts/st-trojan-advanced.md

@@ -25,94 +25,372 @@ tags:
 - 前言
     - 解决了MAC或Windows系统上使用Trojan更方便的问题，不需要连接Scoks代理、启动trojan进程等这些步骤了。
     - 新版本的Clash/ClashX支持SSR/Trojan/V2ray等协议，支持节点订阅，不得不说Trojan客户端的软件匹配速度是越来越快了。
+    - **Clash 不支持 SSR 节点的订阅，若是只有 SSR 的订阅地址，请自行更换 Clash 内核 （ClashR 支持 SSR）。**
 - Clash下载地址
+    - Clash项目地址：[点击访问](https://github.com/Dreamacro/clash)
     - Windows平台项目开源地址：[点击访问](https://github.com/Fndroid/clash_for_windows_pkg)
     - MacOS平台项目开源地址：[点击访问](https://github.com/yichengchen/clashX)
     - 安卓平台项目开源地址：[点击访问](https://github.com/Kr328/ClashForAndroid)
+    - Clash Windows 0.10.4汉化包：[点击下载](https://t.me/bozaiweb/427566)（7月8日更新） （支持WIN和MAC的CLASH汉化，汉化说明在包内）
 - 标准Clash配置文件
     ```
-    # Shadowsocks的标准写法
-    ## 第一种配置
-    - name: "你的 SS 节点 1"               # 软件显示的节点名字
-      type: ss                                  # 代理类型
-      server: 1.2.4.8                          # 服务器 IP
-      port: 443                                 #  端口号
-      cipher: chacha20-ietf-poly1305   # 加密方法
-      password: "password"                # SS 密码
-      # udp: true                                #默认不开启
+    # Port of HTTP(S) proxy server on the local end
+    port: 7890
+     
+    # Port of SOCKS5 proxy server on the local end
+    socks-port: 7891
+     
+    # Transparent proxy server port for Linux and macOS
+    # redir-port: 7892
+     
+    # HTTP(S) and SOCKS5 server on the same port
+    # mixed-port: 7890
+     
+    # authentication of local SOCKS5/HTTP(S) server
+    # authentication:
+    #  - "user1:pass1"
+    #  - "user2:pass2"
+     
+    # Set to true to allow connections to local-end server from
+    # other LAN IP addresses
+    allow-lan: false
+     
+    # This is only applicable when `allow-lan` is `true`
+    # '*': bind all IP addresses
+    # 192.168.122.11: bind a single IPv4 address
+    # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
+    bind-address: '*'
+     
+    # Clash router working mode
+    # rule: rule-based packet routing
+    # global: all packets will be forwarded to a single endpoint
+    # direct: directly forward the packets to the Internet
+    mode: rule
+     
+    # Clash by default prints logs to STDOUT
+    # info / warning / error / debug / silent
+    log-level: info
+     
+    # When set to false, resolver won't translate hostnames to IPv6 addresses
+    ipv6: true
+     
+    # RESTful web API listening address
+    external-controller: 127.0.0.1:9090
+     
+    # A relative path to the configuration directory or an absolute path to a
+    # directory in which you put some static web resource. Clash core will then
+    # serve it at `${API}/ui`.
+    # external-ui: folder
+     
+    # Secret for the RESTful API (optional)
+    # Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
+    # ALWAYS set a secret if RESTful API is listening on 0.0.0.0
+    # secret: ""
+     
+    # Outbound interface name
+    interface-name: en0
+     
+    # Static hosts for DNS server and connection establishment, only works
+    # when `dns.enhanced-mode` is `redir-host`.
+    #
+    # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
+    # Non-wildcard domain names has a higher priority than wildcard domain names
+    # e.g. foo.example.com > *.example.com > .example.com
+    # P.S. +.foo.com equals to .foo.com and foo.com
+    hosts:
+      'mtalk.google.com': 108.177.125.188
+      # '*.clash.dev': 127.0.0.1
+      # '.dev': 127.0.0.1
+      # 'alpha.clash.dev': '::1'
+     
+    # DNS server settings
+    # This section is optional. When not present, DNS server will be disabled.
+    dns:
+      enable: false
+      listen: 0.0.0.0:53
+      # ipv6: false # when false, response to AAAA questions will be empty
+     
+      # These nameservers are used to resolve the DNS nameserver hostnames below.
+      # Specify IP addresses only
+      default-nameserver:
+        - 114.114.114.114
+        - 8.8.8.8
+      enhanced-mode: redir-host # or fake-ip
+      fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
       
-    ## 第二种配置
-    ### Shadowsocks + simple-obfs   配置范本
-    - name: "你的 SS 节点 2"
-      type: ss
-      server: 1.2.4.8
-      port: 443
-      cipher: chacha20-ietf-poly1305
-      password: "password"
-      plugin: obfs
-      plugin-opts:                 
-        mode: tls # or http               #  大部分选择 HTTP
-        # host: bing.com                  #  伪装
-    ```
-    ```
-    # v2ray的标准写法
-    ## VMess 的配置
-    - name: "你的 V2RAY 节点 1" # 软件显示的节点名字
-      type: vmess # 代理类型
-      server: v2rayssr.com  # 服务器 IP
-      port: 443 #  端口号
-      uuid: a3482e88-686a-4a58-8126-99c9df64b7bf
-      alterId: 64  #额外的 ID
-      cipher: auto
-      #上面几行为必选参数
-      #下面几行为可选参数  根据你的配置情况来
-      # udp: true    #默认不开启
-      # tls: true      #TLS 开启
-      # skip-cert-verify: true     #默认不开启
-      # network: ws    # 网路类型 WS HTTP 等
-      # ws-path: /path  # 路径
-      # ws-headers:     #默认不开启
-      #  Host: v2rayssr.com    # HOST
+      # Hostnames in this list will not be resolved with fake IPs
+      # i.e. questions to these domain names will always be answered with their
+      # real IP addresses
+      # fake-ip-filter:
+      #   - '*.lan'
+      #   - localhost.ptlogin2.qq.com
       
-    ## v2ray+ws+tls(+nginx)的源码配置
-    - name: "主机测试"
-      type: vmess
-      server: www.v2rayssr.com
-      port: 443
-      uuid: dfdf8e0-c95d-4c74-b5d5-4a330969c8cb
-      alterId: 2
-      cipher: auto
-      tls: true
-      network: ws
-      ws-path: /f2a5dfd0/
-      Host: www.v2rayssr.com
-    ```
-    ```
-    # Trojan Clash/ClashX 配置文件写法
-    ## Trojan 的配置
-      - name: "Trojan 节点测试"
+      # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
+      # All DNS questions are sent directly to the nameserver, without proxies
+      # involved. Clash answers the DNS question with the first result gathered.
+      nameserver:
+        - 114.114.114.114 # default value
+        - 8.8.8.8 # default value
+        - tls://dns.rubyfish.cn:853 # DNS over TLS
+        - https://1.1.1.1/dns-query # DNS over HTTPS
+     
+      # When `fallback` is present, the DNS server will send concurrent requests
+      # to the servers in this section along with servers in `nameservers`.
+      # The answers from fallback servers are used when the GEOIP country
+      # is not `CN`.
+      # fallback:
+      #   - tcp://1.1.1.1
+     
+      # If IP addresses resolved with servers in `nameservers` are in the specified
+      # subnets below, they are considered invalid and results from `fallback`
+      # servers are used instead.
+      #
+      # IP address resolved with servers in `nameserver` is used when
+      # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
+      #
+      # If `fallback-filter.geoip` is false, results from `fallback` nameservers
+      # are always used, and answers from `nameservers` are discarded.
+      #
+      # This is a countermeasure against DNS pollution attacks.
+      fallback-filter:
+        geoip: true
+        ipcidr:
+          # - 240.0.0.0/4
+     
+    proxies:
+    # 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式：https://github.com/Dreamacro/clash/blob/master/README.md
+     
+     
+      # VMess(Websocket + TLS)
+      - name: "测试V2RAY"
+        type: vmess
+        server: test.bozai.us 
+        port: 443
+        uuid: 6d499645-649f-48c7-9841-424b3c955fa6
+        alterId: 22
+        cipher: auto
+        # udp: true
+        tls: true
+        # skip-cert-verify: true
+        network: ws
+        ws-path: /10e0521eb4/ 
+        # ws-headers:
+        #   Host: v2ray.com
+     
+      # Trojan
+      - name: "Trojan测试"
         type: trojan
-        server: server
+        server: test1.bozai.us
         port: 443
-        password: yourpsk
+        password: TRadayie
         # udp: true
         # sni: example.com # aka server name
         # alpn:
         #   - h2
         #   - http/1.1
         # skip-cert-verify: true
-        
-    ## 示例
-       - name: "Trojan 主机测试" # 软件显示的节点名字
-         type: trojan
-         server: hk.v2rayssr.com # 服务器域名
-         port: 443
-         password: trojanpasswords #Trojan 密码
+     
+    # 服务器节点订阅
+    proxy-providers:
+      # name: # Provider 名称
+      #   type: http # http 或 file
+      #   path: # 文件路径
+      #   url: # 只有当类型为 HTTP 时才可用，您不需要在本地空间中创建新文件。
+      #   interval: # 自动更新间隔，仅在类型为 HTTP 时可用
+      #   health-check: # 健康检查选项从此处开始
+      #     enable:
+      #     url: 
+      #     interval: 
+     
+      #
+      # 「url」参数填写订阅链接
+      #
+      # 订阅链接可以使用 API 进行转换，如：https://sub.dler.io/
+      #
+      # 1.模式选择「进阶模式」 2.填写订阅链接 3.勾选「输出为 Node List」 4.「生成订阅链接」
+      #
+     
+     SuYing666-Sub: # 速鹰666 https://goii.cc/666  机场订阅链接
+        type: http
+        url: "https://api.dler.io/sub?target=clash&url=https%3A%2F%2Fdingyue.suying666.info%2Flink%2F1VQMsXdKlJ5E2jFV%3Fsub%3D3&emoji=false&list=true&udp=false&tfo=false&scv=false&fdn=false&sort=false"
+        interval: 3600
+        path: ./Proxy/ProxyList.yaml # 不同机场不同命名
+        health-check:
+          enable: true
+          interval: 600
+          url: http://www.gstatic.com/generate_204
+     
+     SuYing777-Sub: # 速鹰666 https://goii.cc/666  机场订阅链接
+        type: http
+        url: "https://api.dler.io/sub?target=clash&url=https%3A%2F%2Fdingyue.suying666.info%2Flink%2F1VQMsXdKlJ5E2jFV%3Fsub%3D3&emoji=false&list=true&udp=false&tfo=false&scv=false&fdn=false&sort=false"
+        interval: 3600
+        path: ./Proxy/ProxyList.yaml # 不同机场不同命名
+        health-check:
+          enable: true
+          interval: 600
+          url: http://www.gstatic.com/generate_204
+     
+    proxy-groups:
+    # 策略组示例请查阅 Clash 项目 README 以使用最新格式：https://github.com/Dreamacro/clash/blob/master/README.md
+     
+    #
+    # 策略组说明
+    #
+    # 「MATCH」类似 Surge 的「Final」，此处用于选择白名单模式(PROXY 策略)和黑名单模式(DIRECT 策略)
+    #
+    # 「Streaming」和「StreamingSE」比较好理解，有专用于流媒体的节点就设置到其中，如果没有「StreamingSE」的需求可以连带 Rule 部分一起删掉，「Streaming」需至少保留 Rule，用「PROXY」即可。
+    #
+    # 「PROXY」是代理规则策略，它可以指定为某个节点或嵌套一个其他策略组，如：「自动测试」、「Fallback」或「负载均衡」的策略组，关于这 3 个策略组的具体示例可以看官方示例：https://github.com/Dreamacro/clash
+    #
+     
+      # Fallback 比较实用的策略组类型，用于测试服务器节点的可用性，当第一个节点不可用时切换到第二个，以此类推。
+      - name: "Fallback"
+        type: fallback
+        proxies:
+          - 测试V2RAY
+          - Trojan测试
+        url: 'http://www.gstatic.com/generate_204'
+        interval: 300
+     
+      # 代理节点选择
+      - name: "PROXY"
+        type: select
+        proxies:
+          - Fallback
+          - 测试V2RAY
+          - Trojan测试
+          - SuYing666
+          - SuYing777
+     
+      # 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动
+      - name: "MATCH"
+        type: select
+        proxies:
+          - PROXY
+          - DIRECT
+     
+      # 国际流媒体服务
+      - name: "Streaming"
+        type: select
+        proxies:
+          - PROXY
+          - 测试V2RAY
+          - Trojan测试
+     
+      # 中国流媒体服务（面向海外版本）
+      - name: "StreamingSE"
+        type: select
+        proxies:
+          - DIRECT
+          - 测试V2RAY
+          - Trojan测试
+     
+      # 手动选择节点订阅
+      - name: "SuYing666"
+        type: select # 亦可使用 fallback 或 load-balance
+        use:
+          - SuYing666-Sub
+     
+      - name: "SuYing777"
+        type: select # 亦可使用 fallback 或 load-balance
+        use:
+          - SuYing777-Sub
+     
+    # 关于 Rule Provider 请查阅：https://lancellc.gitbook.io/clash/clash-config-file/rule-provider
+     
+    rule-providers:
+    # name: # Provider 名称
+    #   type: http # http 或 file
+    #   behavior: classical # 或 ipcidr、domain
+    #   path: # 文件路径
+    #   url: # 只有当类型为 HTTP 时才可用，您不需要在本地空间中创建新文件。
+    #   interval: # 自动更新间隔，仅在类型为 HTTP 时可用
+     
+      Unbreak:
+        type: http
+        behavior: classical
+        path: ./RuleSet/Unbreak.yaml
+        url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Unbreak.yaml
+        interval: 86400
+     
+      Streaming:
+        type: http
+        behavior: classical
+        path: ./RuleSet/StreamingMedia/Streaming.yaml
+        url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/Streaming.yaml
+        interval: 86400
+     
+      StreamingSE:
+        type: http
+        behavior: classical
+        path: ./RuleSet/StreamingMedia/StreamingSE.yaml
+        url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/StreamingSE.yaml
+        interval: 86400
+     
+      Global:
+        type: http
+        behavior: classical
+        path: ./RuleSet/Global.yaml
+        url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Global.yaml
+        interval: 86400
+     
+      China:
+        type: http
+        behavior: classical
+        path: ./RuleSet/China.yaml
+        url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/China.yaml
+        interval: 86400
+     
+      ChinaIP:
+        type: http
+        behavior: ipcidr
+        path: ./RuleSet/Extra/ChinaIP.yaml
+        url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Extra/ChinaIP.yaml
+        interval: 86400
+     
+    # 规则
+    rules:
+      # Unbreak
+      - RULE-SET,Unbreak,DIRECT
+     
+      # Global Area Network
+     
+      # (Streaming Media)
+      - RULE-SET,Streaming,Streaming
+     
+      # (StreamingSE)
+      - RULE-SET,StreamingSE,StreamingSE
+     
+      # (DNS Cache Pollution) / (IP Blackhole) / (Region-Restricted Access Denied) / (Network Jitter)
+      - RULE-SET,Global,PROXY
+     
+      # China Area Network
+      - RULE-SET,China,DIRECT
+     
+      # Local Area Network
+      - IP-CIDR,192.168.0.0/16,DIRECT
+      - IP-CIDR,10.0.0.0/8,DIRECT
+      - IP-CIDR,172.16.0.0/12,DIRECT
+      - IP-CIDR,127.0.0.0/8,DIRECT
+      - IP-CIDR,100.64.0.0/10,DIRECT
+      - IP-CIDR,224.0.0.0/4,DIRECT
+     
+      # （可选）使用来自 ipipdotnet 的 ChinaIP 以解决数据不准确的问题，使用 ChinaIP.yaml 时可禁用下列直至（包括）「GEOIP,CN」规则
+      # - RULE-SET,ChinaIP,DIRECT
+      # Tencent
+      - IP-CIDR,119.28.28.28/32,DIRECT
+      - IP-CIDR,182.254.116.0/24,DIRECT
+      # GeoIP China
+      - GEOIP,CN,DIRECT
+     
+      - MATCH,MATCH
     ```
-- Clash配置文件范例
-    - 下面是Clash配置的一个标准设置（.yaml 文件）
+- 老版Clash规则配置文件范例（.yaml 文件）
     - 配置文件托管在 GitHub：[点击访问](https://raw.githubusercontent.com/V2RaySSR/Tools/master/clash.yaml)（不需富强）
     - 配置文件托管在 GitHub：[点击访问](https://github.com/V2RaySSR/Tools/blob/master/clash.yaml)（需要富强）
+- 新版Clash规则配置文件范例（.yaml 文件）
+    - 配置文件托管在 GitHub：[点击访问](https://github.com/ConnersHua/Profiles/tree/master/Clash)（
+
 
 ### `Trojan面板`
 
@@ -121,6 +399,8 @@ tags:
 ## 参考链接
 
 <https://www.v2rayssr.com/clashxx.html>
+<https://github.com/DivineEngine/Profiles/issues/1>
+<https://acl4ssr.netlify.app>
 
 ## 结束语