├── LICENSE ├── README.md ├── dae └── config.dae └── clash └── config.yaml /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Sakari 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Sakari 的 Linux 网络配置仓库 2 | 3 | [使用dae和clash实现的全局代理方案](https://sakari.top/posts/2023/dae-clash/) 4 | 5 | ## 使用项目 6 | 7 | - [dae](https://github.com/daeuniverse/dae):高性能全局透明代理 8 | - [Clash.Meta](https://github.com/MetaCubeX/Clash.Meta/tree/Meta):作为 dae 的上游提供代理 9 | - [caddy](https://github.com/caddyserver/caddy):可选,为某些受到 SNI 阻断的服务提供直连 10 | 11 | ## 安装 12 | 13 | - [dae](https://github.com/daeuniverse/dae/blob/main/docs/getting-started/README_zh.md),注意 dae 对内核版本有要求 14 | 15 | - 一个正常工作的代理客户端,`clash`、`clash-meta`、`clash for windows`、`v2ray` 等均可 16 | 17 | ## 配置 18 | 19 | ### clash 20 | 21 | 本节可跳过,可使用现有的正常工作的配置文件,仅需要保证 clash 的端口和 dae node 中配置的一致。与 dae 共同使用时请保证代理的各种全局代理方案(tun、iptables 等)均已关闭 22 | 23 | #### 转换订阅 24 | 25 | 自行搭建 [proxy-provider-converter](https://github.com/qier222/proxy-provider-converter),或使用 [proxy-converter.sakari.top](https://proxy-converter.sakari.top/),将 clash 订阅转换成 `Proxy Provider` 支持的格式,或直接使用 v2ray 订阅连接 26 | 27 | #### 修改配置 28 | 29 | 编辑 [clash/config.yaml](clash/config.yaml),将转换后的链接填入 `url` 中 30 | 31 | 下载 [Yacd-meta](https://github.com/yaling888/yacd/archive/gh-pages.zip),解压至配置文件中 `external-ui` 所在目录 32 | 33 | 根据需要修改分流规则 34 | 35 | ### dae 36 | 37 | 修改 [dae/config.dae](dae/config.dae),将 `wan_interface` 的值修改为自己的网卡,可以使用 `ip a` 查看 38 | 39 | 根据使用的代理在 `routing` 下添加规则,如 `pname(clash) -> must_direct` 40 | 41 | ### caddy 42 | 43 | 无直连需求可跳过,参考 [在Linux上使用Caddy反代Steam社区](https://sakari.top/2022/steam-caddy/) 44 | -------------------------------------------------------------------------------- /dae/config.dae: -------------------------------------------------------------------------------- 1 | global { 2 | log_level: warning 3 | wan_interface: enp34s0 # 修改 4 | dial_mode: domain 5 | allow_insecure: false 6 | auto_config_kernel_parameter: true 7 | } 8 | node { 9 | clash: 'socks5://localhost:7890' 10 | } 11 | dns { 12 | upstream { 13 | alidns: 'udp://dns.alidns.com:53' 14 | googledns: 'tcp+udp://dns.google.com:53' 15 | } 16 | routing { 17 | request { 18 | fallback: alidns 19 | } 20 | response { 21 | upstream(googledns) -> accept 22 | !qname(geosite:cn) && ip(geoip:private) -> googledns 23 | fallback: accept 24 | } 25 | } 26 | } 27 | group { 28 | clash { 29 | policy: fixed(0) 30 | } 31 | } 32 | # 参考 https://github.com/daeuniverse/dae/blob/main/docs/routing.md 33 | routing { 34 | #pname(dnsmasq, systemd-resolved) && l4proto(udp) && dport(53) -> must_direct 35 | pname(NetworkManager) -> direct 36 | 37 | # clash 代理客户端直连,防止网络回环 38 | pname(clash) -> must_direct 39 | pname(clash-meta) -> must_direct 40 | pname(qemu-system-x86) -> must_direct 41 | 42 | # 需要指定代理的网站或进程 43 | domain(suffix: bing.com) -> clash 44 | 45 | # 需要指定直连的网站或进程 46 | domain(suffix: cm.steampowered.com) -> direct 47 | domain(suffix: steamserver.net) -> direct 48 | pname(qbittorrent) -> direct 49 | 50 | dip(224.0.0.0/3, 'ff00::/8') -> direct 51 | dip(geoip:private) -> direct 52 | dip(geoip:cn) -> direct 53 | domain(geosite:cn) -> direct 54 | 55 | fallback: clash 56 | } 57 | -------------------------------------------------------------------------------- /clash/config.yaml: -------------------------------------------------------------------------------- 1 | p: &p { type: http, interval: 86400, health-check: { 2 | enable: true, 3 | #url: https://www.gstatic.com/generate_204, 4 | url: https://cp.cloudflare.com/generate_204, 5 | interval: 600, 6 | } } 7 | 8 | use: &use 9 | type: select 10 | use: 11 | - proxy 12 | exclude-filter: "剩余流量|过期时间" 13 | 14 | # url里填写自己的订阅,名称不能重复,path(文件位置)不能重复 15 | proxy-providers: 16 | proxy: 17 | <<: *p 18 | url: "" 19 | path: ./proxy.yaml 20 | 21 | mixed-port: 7890 22 | allow-lan: true 23 | bind-address: "*" 24 | mode: rule 25 | log-level: warning 26 | ipv6: true 27 | unified-delay: true 28 | tcp-concurrent: true 29 | keep-alive-interval: 600 30 | 31 | external-controller: 0.0.0.0:9090 32 | #external-ui: /var/tmp/clash-meta-webui 33 | external-ui: webui 34 | #external-ui-name: xd 35 | external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip" #从 GitHub Pages 分支获取 36 | secret: "" 37 | 38 | profile: 39 | store-selected: true 40 | store-fake-ip: true 41 | 42 | sniffer: 43 | enable: false 44 | sniff: 45 | TLS: 46 | ports: [443, 8443] 47 | HTTP: 48 | ports: [80, 8080-8880] 49 | override-destination: true 50 | force-domain: 51 | - +.v2ex.com 52 | - +.steamcommunity.com 53 | - +.steampowered.com 54 | #- +.live.com 55 | 56 | # dns: 57 | # enable: true 58 | # ipv6: true 59 | # default-nameserver: [223.5.5.5, 119.29.29.29] 60 | # enhanced-mode: fake-ip 61 | # fake-ip-range: 198.18.0.1/16 62 | # use-hosts: true 63 | # nameserver: ["https://doh.pub/dns-query", "https://dns.alidns.com/dns-query"] 64 | # fallback: 65 | # [ 66 | # "https://doh.dns.sb/dns-query", 67 | # "https://dns.cloudflare.com/dns-query", 68 | # "https://dns.twnic.tw/dns-query", 69 | # "tls://8.8.4.4:853", 70 | # ] 71 | # fallback-filter: { geoip: true, ipcidr: [240.0.0.0/4, 0.0.0.0/32] } 72 | dns: 73 | enable: true 74 | listen: "0.0.0.0:53" 75 | ipv6: true 76 | default-nameserver: 77 | - 119.29.29.29 78 | - 223.5.5.5 79 | enhanced-mode: fake-ip 80 | fake-ip-range: 198.18.0.1/16 81 | use-hosts: true 82 | fake-ip-filter: 83 | - "*.lan" 84 | - localhost.ptlogin2.qq.com 85 | - "*.msftconnecttest.com" 86 | - "*.msftncsi.com" 87 | - "*.srv.nintendo.net" 88 | - "*.stun.playstation.net" 89 | - "xbox.*.microsoft.com" 90 | - "*.xboxlive.com" 91 | - "*.logon.battlenet.com.cn" 92 | - "*.logon.battle.net" 93 | - stun.l.google.com 94 | nameserver: 95 | - 119.29.29.29 96 | - 223.5.5.5 97 | 98 | proxies: 99 | - name: WARP 100 | type: direct 101 | 102 | proxy-groups: 103 | - { 104 | name: 代理模式, 105 | type: select, 106 | proxies: [节点选择, 自动选择, WARP, DIRECT], 107 | } 108 | 109 | - { name: 节点选择, <<: *use } 110 | 111 | - { 112 | name: 自动选择, 113 | type: url-test, 114 | <<: *use, 115 | filter: "香港|日本", 116 | exclude-filter: "2倍率|2.5倍率|3倍率", 117 | url: "https://cp.cloudflare.com/generate_204", 118 | interval: 300, 119 | tolerance: 300, 120 | lazy: true, 121 | } 122 | 123 | - { name: 其他流量, type: select, proxies: [代理模式, DIRECT] } 124 | 125 | - { name: EH, <<: *use, proxies: [节点选择, DIRECT] } 126 | 127 | - { name: JP, <<: *use, filter: "日本", proxies: [DIRECT] } 128 | 129 | - { name: Telegram, type: select, proxies: [代理模式, WARP, DIRECT] } 130 | 131 | # - { name: RELAY, type: relay, proxies: [WARP, 节点选择] } 132 | 133 | - { name: 微软服务, type: select, proxies: [DIRECT, 代理模式] } 134 | 135 | - { name: 国际流媒体, type: select, proxies: [代理模式, DIRECT] } 136 | 137 | - { name: 大陆流媒体国际版, type: select, proxies: [DIRECT, 代理模式] } 138 | 139 | - { name: 游戏平台, type: select, proxies: [DIRECT, 代理模式] } 140 | 141 | - { name: 国际网站, type: select, proxies: [代理模式, DIRECT] } 142 | 143 | - { name: 大陆流量, type: select, proxies: [DIRECT, 代理模式] } 144 | 145 | - { name: 大陆流媒体, type: select, proxies: [DIRECT, 大陆流量] } 146 | 147 | - { name: 大陆网站, type: select, proxies: [DIRECT, 大陆流量] } 148 | 149 | - { name: 特殊节点, <<: *use } 150 | 151 | rules: 152 | # User definied rules 153 | #- DOMAIN-SUFFIX,chaotic.cx,DIRECT 154 | #- DOMAIN-SUFFIX,mirror.heigou.pe.kr,DIRECT 155 | #- PROCESS-NAME,qbittorrent,DIRECT 156 | - DOMAIN-SUFFIX,bing.com,特殊节点 157 | - DOMAIN-SUFFIX,openai.com,特殊节点 158 | #- DOMAIN-SUFFIX,cm.steampowered.com,DIRECT 159 | #- DOMAIN-SUFFIX,steamserver.net,DIRECT 160 | - DOMAIN-SUFFIX,steamcommunity.com,DIRECT 161 | - DOMAIN-SUFFIX,cangku.moe,代理模式 162 | - DOMAIN-SUFFIX,dodi-repacks.site,代理模式 163 | #- DOMAIN-KEYWORD,google.com,机场节点 164 | #- DOMAIN-SUFFIX,android.googlesource.com,WARP 165 | - DOMAIN-SUFFIX,ghproxy.com,DIRECT 166 | 167 | # ブルーアーカイブ(ブルアカ),Blue Archive 168 | - DOMAIN-SUFFIX,prod-game.bluearchiveyostar.com,JP 169 | - DOMAIN-SUFFIX,prod-gateway.bluearchiveyostar.com,JP 170 | 171 | - DOMAIN-SUFFIX,yostar-serverinfo.bluearchiveyostar.com,JP 172 | - DOMAIN-SUFFIX,prod-xigncode.bluearchiveyostar.com,JP 173 | - DOMAIN-SUFFIX,prod-noticeindex.bluearchiveyostar.com,JP 174 | # download? 175 | - DOMAIN-SUFFIX,prod-clientpatch.bluearchiveyostar.com,DIRECT 176 | #- DOMAIN-SUFFIX,prod-notice.bluearchiveyostar.com,JP 177 | #- DOMAIN-SUFFIX,prod-voice.bluearchiveyostar.com,JP 178 | - DOMAIN-SUFFIX,ba-jp-sdk.bluearchive.jp,JP 179 | - DOMAIN,yostar-oversea-client-logging.ap-southeast-1.log.aliyuncs.com,JP 180 | - DOMAIN,yostar-oversea-netsdk-logging.ap-southeast-1.log.aliyuncs.com,JP 181 | 182 | - DOMAIN-SUFFIX,spotify.com,JP 183 | 184 | # Global Area Network 185 | # 186 | # Telegram 187 | - DOMAIN-SUFFIX,t.me,Telegram 188 | - DOMAIN-SUFFIX,tdesktop.com,Telegram 189 | - DOMAIN-SUFFIX,telegra.ph,Telegram 190 | - DOMAIN-SUFFIX,telegram.me,Telegram 191 | - DOMAIN-SUFFIX,telegram.org,Telegram 192 | - DOMAIN-SUFFIX,telesco.pe,Telegram 193 | - IP-CIDR,91.108.0.0/16,Telegram,no-resolve 194 | - IP-CIDR,109.239.140.0/24,Telegram,no-resolve 195 | - IP-CIDR,149.154.160.0/20,Telegram,no-resolve 196 | - IP-CIDR6,2001:67c:4e8::/48,Telegram,no-resolve 197 | - IP-CIDR6,2001:b28:f23d::/48,Telegram,no-resolve 198 | - IP-CIDR6,2001:b28:f23f::/48,Telegram,no-resolve 199 | 200 | # EH 201 | - DOMAIN-SUFFIX,e-hentai.org,EH 202 | - DOMAIN-SUFFIX,exhentai.org,EH 203 | 204 | # 微软服务 205 | - DOMAIN-KEYWORD,1drv,微软服务 206 | - DOMAIN-KEYWORD,microsoft,微软服务 207 | - DOMAIN-SUFFIX,aadrm.com,微软服务 208 | - DOMAIN-SUFFIX,acompli.com,微软服务 209 | - DOMAIN-SUFFIX,acompli.net,微软服务 210 | - DOMAIN-SUFFIX,aka.ms,微软服务 211 | - DOMAIN-SUFFIX,akadns.net,微软服务 212 | - DOMAIN-SUFFIX,aspnetcdn.com,微软服务 213 | - DOMAIN-SUFFIX,assets-yammer.com,微软服务 214 | - DOMAIN-SUFFIX,azure.com,微软服务 215 | - DOMAIN-SUFFIX,azure.net,微软服务 216 | - DOMAIN-SUFFIX,azureedge.net,微软服务 217 | - DOMAIN-SUFFIX,azurerms.com,微软服务 218 | - DOMAIN-SUFFIX,bing.com,微软服务 219 | - DOMAIN-SUFFIX,cloudapp.net,微软服务 220 | - DOMAIN-SUFFIX,cloudappsecurity.com,微软服务 221 | - DOMAIN-SUFFIX,edgesuite.net,微软服务 222 | - DOMAIN-SUFFIX,gfx.ms,微软服务 223 | - DOMAIN-SUFFIX,hotmail.com,微软服务 224 | - DOMAIN-SUFFIX,live.com,微软服务 225 | - DOMAIN-SUFFIX,live.net,微软服务 226 | - DOMAIN-SUFFIX,lync.com,微软服务 227 | - DOMAIN-SUFFIX,msappproxy.net,微软服务 228 | - DOMAIN-SUFFIX,msauth.net,微软服务 229 | - DOMAIN-SUFFIX,msauthimages.net,微软服务 230 | - DOMAIN-SUFFIX,msecnd.net,微软服务 231 | - DOMAIN-SUFFIX,msedge.net,微软服务 232 | - DOMAIN-SUFFIX,msft.net,微软服务 233 | - DOMAIN-SUFFIX,msftauth.net,微软服务 234 | - DOMAIN-SUFFIX,msftauthimages.net,微软服务 235 | - DOMAIN-SUFFIX,msftidentity.com,微软服务 236 | - DOMAIN-SUFFIX,msidentity.com,微软服务 237 | - DOMAIN-SUFFIX,msn.cn,微软服务 238 | - DOMAIN-SUFFIX,msn.com,微软服务 239 | - DOMAIN-SUFFIX,msocdn.com,微软服务 240 | - DOMAIN-SUFFIX,msocsp.com,微软服务 241 | - DOMAIN-SUFFIX,mstea.ms,微软服务 242 | - DOMAIN-SUFFIX,o365weve.com,微软服务 243 | - DOMAIN-SUFFIX,oaspapps.com,微软服务 244 | - DOMAIN-SUFFIX,office.com,微软服务 245 | - DOMAIN-SUFFIX,office.net,微软服务 246 | - DOMAIN-SUFFIX,office365.com,微软服务 247 | - DOMAIN-SUFFIX,officeppe.net,微软服务 248 | - DOMAIN-SUFFIX,omniroot.com,微软服务 249 | - DOMAIN-SUFFIX,onedrive.com,微软服务 250 | - DOMAIN-SUFFIX,onenote.com,微软服务 251 | - DOMAIN-SUFFIX,onenote.net,微软服务 252 | - DOMAIN-SUFFIX,onestore.ms,微软服务 253 | - DOMAIN-SUFFIX,outlook.com,微软服务 254 | - DOMAIN-SUFFIX,outlookmobile.com,微软服务 255 | - DOMAIN-SUFFIX,phonefactor.net,微软服务 256 | - DOMAIN-SUFFIX,public-trust.com,微软服务 257 | - DOMAIN-SUFFIX,sfbassets.com,微软服务 258 | - DOMAIN-SUFFIX,sfx.ms,微软服务 259 | - DOMAIN-SUFFIX,sharepoint.com,微软服务 260 | - DOMAIN-SUFFIX,sharepointonline.com,微软服务 261 | - DOMAIN-SUFFIX,skype.com,微软服务 262 | - DOMAIN-SUFFIX,skypeassets.com,微软服务 263 | - DOMAIN-SUFFIX,skypeforbusiness.com,微软服务 264 | - DOMAIN-SUFFIX,staffhub.ms,微软服务 265 | - DOMAIN-SUFFIX,svc.ms,微软服务 266 | - DOMAIN-SUFFIX,sway-cdn.com,微软服务 267 | - DOMAIN-SUFFIX,sway-extensions.com,微软服务 268 | - DOMAIN-SUFFIX,sway.com,微软服务 269 | - DOMAIN-SUFFIX,trafficmanager.net,微软服务 270 | - DOMAIN-SUFFIX,uservoice.com,微软服务 271 | - DOMAIN-SUFFIX,virtualearth.net,微软服务 272 | - DOMAIN-SUFFIX,visualstudio.com,微软服务 273 | - DOMAIN-SUFFIX,windows-ppe.net,微软服务 274 | - DOMAIN-SUFFIX,windows.com,微软服务 275 | - DOMAIN-SUFFIX,windows.net,微软服务 276 | - DOMAIN-SUFFIX,windowsazure.com,微软服务 277 | - DOMAIN-SUFFIX,windowsupdate.com,微软服务 278 | - DOMAIN-SUFFIX,wunderlist.com,微软服务 279 | - DOMAIN-SUFFIX,yammer.com,微软服务 280 | - DOMAIN-SUFFIX,yammerusercontent.com,微软服务 281 | 282 | # GlobalMedia 283 | - RULE-SET,GlobalMedia,国际流媒体 284 | 285 | # AsianMedia 286 | - RULE-SET,AsianMedia,大陆流媒体国际版 287 | 288 | # Game 289 | - RULE-SET,Game,游戏平台 290 | 291 | # Global 292 | - RULE-SET,Global,国际网站 293 | 294 | # ChinaMedia 295 | - RULE-SET,ChinaMedia,大陆流媒体 296 | 297 | # China 298 | - RULE-SET,China,大陆网站 299 | 300 | # Lan 301 | - RULE-SET,Lan,DIRECT 302 | 303 | # ChinaIPs 304 | - RULE-SET,ChinaIPs,大陆流量 305 | 306 | - MATCH,其他流量 307 | 308 | rule-providers: 309 | # name: # Provider 名称 310 | # type: http # http 或 file 311 | # behavior: classical # 或 ipcidr、domain 312 | # path: # 文件路径 313 | # url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 314 | # interval: # 自动更新间隔,仅在类型为 HTTP 时可用 315 | 316 | Direct: 317 | type: http 318 | behavior: classical 319 | path: ./RuleSet/Direct.yaml 320 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/Direct/Direct.yaml 321 | interval: 86400 322 | 323 | GlobalMedia: 324 | type: http 325 | behavior: classical 326 | path: ./RuleSet/GlobalMedia.yaml 327 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/GlobalMedia/GlobalMedia_Classical.yaml 328 | interval: 86400 329 | 330 | AsianMedia: 331 | type: http 332 | behavior: classical 333 | path: ./RuleSet/AsianMedia.yaml 334 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/AsianMedia/AsianMedia.yaml 335 | interval: 86400 336 | 337 | Game: 338 | type: http 339 | behavior: classical 340 | path: ./RuleSet/Game.yaml 341 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/Game/Game.yaml 342 | interval: 86400 343 | 344 | Global: 345 | type: http 346 | behavior: classical 347 | path: ./RuleSet/Global.yaml 348 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/Global/Global_Classical.yaml 349 | interval: 86400 350 | 351 | ChinaMedia: 352 | type: http 353 | behavior: classical 354 | path: ./RuleSet/ChinaMedia.yaml 355 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/ChinaMedia/ChinaMedia.yaml 356 | interval: 86400 357 | 358 | China: 359 | type: http 360 | behavior: classical 361 | path: ./RuleSet/China.yaml 362 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/China/China_Classical.yaml 363 | interval: 86400 364 | 365 | Lan: 366 | type: http 367 | behavior: classical 368 | path: ./RuleSet/Lan.yaml 369 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/Lan/Lan.yaml 370 | interval: 86400 371 | 372 | ChinaIPs: 373 | type: http 374 | behavior: classical 375 | path: ./RuleSet/ChinaIPs.yaml 376 | url: http://resource.touhou.center/ios_rule_script/rule/Clash/ChinaIPs/ChinaIPs_Classical.yaml 377 | interval: 86400 378 | --------------------------------------------------------------------------------