Proxy Providers¶
Name¶
Required, such as provider1, must be unique. It is advisable not to duplicate names with policy groups.
Type¶
Required, provider type, options are http / file / inline.
URL¶
If the type is http, this must be configured.
Path¶
Optional, the file path, must be unique. If not provided, the MD5 of the URL will be used as the filename.
For security reasons, this path is restricted to only allow locations within HomeDir (configured with the -d startup parameter). If you want to store it in other locations, please specify additional safe paths by setting the SAFE_PATHS environment variable. The syntax of this environment variable is the same as the PATH environment variable parsing rules of this operating system (that is, it is separated by semicolons in Windows and by colons in other systems).
Interval¶
The update time for the provider, measured in seconds.
Proxy¶
Download/update through the specified proxy.
size-limit¶
The maximum size of downloadable files is restricted, with the default being 0, which means no size limit; the unit is bytes (b)
age-secret-key¶
If set, age-secret-key will attempt to decrypt an age armor-formatted configuration file using this secret.
Note:
- For encrypted content, currently only the official ASCII "armor" format from age-encryption.org/v1 is supported.
- For key formats, currently only the x25519 recipient type and the mlkem768-x25519 hybrid post-quantum recipient type from age-encryption.org/v1 are supported.
- Currently, the core does not proactively send the public key to the server. Users need to manually set
X-Age-Public-Keyin the header or upload the public key through other means. - The core also supports loading encrypted configuration files using the command-line argument
-age-secret-keyor the environment variableCLASH_AGE_SECRET_KEY.
Utilities:
- You can generate a valid x25519 key using
mihomo age keygen. - You can generate a valid mlkem768-x25519 key using
mihomo age keygen-pq. - You can export an age-public key from age-secret-key using
mihomo age convert <secret_key>. - You can decrypts an encrypted file using
mihomo age decrypt <secret_key> <source_file> <target_file>.<source_file>is set to - and reads from standard input;<target_file>is set to - and writes to standard output. - You can encrypt an unencrypted file using
mihomo age encrypt <public_key> <source_file> <target_file>.<source_file>is set to - and reads from standard input;<target_file>is set to - and writes to standard output.
Reference Implementations:
- Golang: FiloSottile/age
- Rust: str4d/rage
- Typescript: FiloSottile/typage
Header¶
Custom HTTP request headers.
Health Check¶
Health check (latency testing).
health-check.enable¶
Whether to enable, optional true/false.
health-check.url¶
Health check address, it is recommended to use one of the following addresses:
health-check.interval¶
Health check interval, measured in seconds.
health-check.timeout¶
Health check timeout, measured in milliseconds.
health-check.lazy¶
Lazy state, defaults to true, no testing is performed when this provider node is not in use.
health-check.expected-status¶
Refer to expected status.
Override¶
Override node content, the following fields are supported.
override.additional-prefix¶
Add a fixed prefix to the node name.
override.additional-suffix¶
Add a fixed suffix to the node name.
override.proxy-name¶
Replace the content of the node name, supporting regular expressions, where pattern is the replacement content and target is the replacement target.
override.Configuration_items¶
Refer to common fields tfo
Refer to common fields mptcp
Refer to common fields udp.
Refer to Shadowsocks udp-over-tcp
Refer to Hysteria/Hysteria2 up.
Refer to Hysteria/Hysteria2 down.
Refer to common fields skip-cert-verify.
Refer to common fields dialer-proxy.
Refer to common fields interface-name.
Refer to common fields routing-mark.
Refer to common fields ip-version.
Filter¶
Filter nodes that meet keywords or regular expressions, multiple regular expressions can be separated by `.
Exclude Filter¶
Exclude nodes that meet keywords or regular expressions, multiple regular expressions can be separated by `.
Exclude Type¶
Regular expressions are not supported; use | to separate and exclude based on node type.
The exclude-type of the provider uses the type from the configuration file for exclusion
payload¶
Content, only effective when type is inline
When the http or file parsing fails, the payload can also be used as a backup proxy.