-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtemplate.conf
108 lines (90 loc) · 4.64 KB
/
template.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
[General]
ipv6 = false
loglevel = notify //verbose, info, notify, or warning
#bypass-system = true
#replica = false
skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
#tun-excluded-routes = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
#tun-included-routes = 192.168.1.12/32
#always-real-ip = *.apple.com // This option asks Surge to return a real IP address instead of a fake IP address when Surge VIF handles a DNS question.
#hijack-dns = 8.8.8.8:53 // Some devices or software always use a hardcoded DNS server. You may use this option to hijack the query to get a fake address.
#force-http-engine-hosts = example.com:80,-*.apple.co? //Make Surge treat TCP connections as HTTP requests.
#external-controller-access = [email protected]:6170
#allow-wifi-access = true
collapse-policy-group-items = true
exclude-simple-hostnames = true
hide-crashlytics-request = true
http-listen = 0.0.0.0:8888
socks5-listen = 0.0.0.0:8889
doh-server = https://dns.quad9.net/dns-query
#doh-format=wireformat //json
#doh-follow-outbound-mode=true
dns-server = system, 1.1.1.1, 1.0.0.1
[Replica]
hide-apple-request = 1
hide-crashlytics-request = false
use-keyword-filter = false
hide-udp = 0
hide-crash-reporter-request = 0
[Rule]
#DOMAIN,www.apple.com,Proxy
#DOMAIN-SUFFIX,apple.com,Proxy
#DOMAIN-KEYWORD,google,Proxy
#DOMAIN-SET,hosts.txt,REJECT
#IP-CIDR,192.168.0.0/16,DIRECT
#IP-CIDR6,2001:db8:abcd:8000::/50,DIRECT
#GEOIP,US,DIRECT
# When a GEOIP or IP-CIDR rule is encountered, Surge will send a DNS query to check if the hostname of request is a domain. You can select 'no-resolve' option to skip this rule for a request with domain.
#GEOIP,US,DIRECT,no-resolve
#IP-CIDR,172.16.0.0/12,DIRECT,no-resolve
#USER-AGENT,Instagram*,DIRECT
#URL-REGEX,^http://google\.com,DIRECT
#AND,((SRC-IP,192.168.1.110), (DOMAIN, example.com)),DIRECT
#OR,((SRC-IP,192.168.1.110), (SRC-IP,192.168.1.111)),DIRECT
#AND,((NOT,((SRC-IP,192.168.1.110))),(DOMAIN, example.com)),DIRECT
#DEST-PORT,80,DIRECT // Rule matches if the target port of the request matches.
#SRC-IP,192.168.20.100,DIRECT //Rule matches if the client IP address of the request matches. Only for remote machines.
#IN-PORT,6152,DIRECT // Rule matches if the incoming port of the request matches.
#PROTOCOL,HTTP,DIRECT //HTTP, HTTPS, TCP, UDP, DOH
#RULE-SET,SYSTEM,DIRECT
#RULE-SET,LAN,DIRECT
#RULE-SET,rule-set.txt
#FINAL,Proxy,dns-failed // Use the FINAL rule if the DNS lookup fails during rule evaluating. This option only makes sense when used with a non-DIRECT policy.
FINAL,DIRECT
[Proxy]
ProxyHTTP = http, 1.2.3.4, 443, username, password
ProxyHTTPS = https, 1.2.3.4, 443, username, password
ProxySOCKS5 = socks5, 1.2.3.4, 443, username, password
ProxySOCKS5TLS = socks5-tls, 1.2.3.4, 443, username, password, skip-common-name-verify=true
ProxySnell = snell, 1.2.3.4, 8000, psk=password
ProxySS = ss, 1.2.3.4, 8000, encrypt-method=chacha20-ietf-poly1305, password=abcd1234
ProxyVMess = vmess, 1.2.3.4, 8000, username=0233d11c-15a4-47d3-ade3-48ffca0ce119
ProxyTrojan = trojan, 192.168.20.6, 443, password=password1
# Optionsl parameters: test-url, tfo, mptcp, no-error-alert
# For TLS (HTTP, SOCKS5-TLS, VMess, Trojan): skip-cert-verify, sni
# For HTTP/HTTPS: always-use-connect
# For obfuscation (Shadowsocks, Snell): obfs, obfs-host, obfs-uri
# For Snell: psk, version
# For Shadowsocks: udp-relay
# For VMess: ws, ws-path, ws-headers, encrypt-method
# For TLS Client Certification: [Proxy] Proxy = https, example.com, 443, client-cert=cert1 [Keystore] cert1 = base64=, password=123456
# Alias: On = direct Off = reject
# Policy Group: select, url-test, fallback, load-balance, ssid
#SelectGroup = select, ProxyHTTP, ProxyHTTPS, DIRECT, REJECT
#AutoTestGroup = url-test, ProxySOCKS5, ProxySOCKS5TLS, interval=600, tolerance=100, timeout = 5
#FallbackGroup = fallback, ProxySOCKS5, ProxySOCKS5TLS, interval=600, timeout = 5 // Select an available policy by priority. The availability is tested by accessing a URL, just like an auto URL test group.
#SSIDGroup = ssid, default = ProxyHTTP, cellular = ProxyHTTP, SSIDName = ProxySOCKS5
#ext-group = select, policy-path=proxies.txt, update-interval=300, policy-regex-filter=
# Other parameters: no-alert, hidden
[Host]
#abc.com = 1.2.3.4
#*.dev = 6.7.8.9
#foo.com = bar.com
#bar.com = server:8.8.8.8
[Script]
#script1 = type=http-response,pattern=^http://www.example.com/test script-path=test.js,max-size=16384,debug=true
#scropt2 = type=cron,cronexp="* * * * *",script-path=fired.js
#scropt3 = type=http-request,pattern=^http://httpbin.org script-path=http-request.js,max-size=16384,debug=true,requires-body=true
#scropt4 = type=dns,script-path=dns.js,debug=true
[MITM]
hostname = googlevideo.com, youtube.com