预下载geo文件
cd /www/clash
http_proxy=http://x99.kc.com:7890 wget -O ./data/geoip.dat https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat
http_proxy=http://x99.kc.com:7890 wget -O ./data/geosite.dat https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat
http_proxy=http://x99.kc.com:7890 wget -O ./data/country.mmdb https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country-lite.mmdb
docker-compose.yml
services:
clash:
image: metacubex/mihomo:v1.19.24
container_name: clash
restart: always
# user: "1000:1000" # tune模式需要root权限,冲突
volumes:
- ./data:/root/.config/mihomo
- /etc/localtime:/etc/localtime:ro
- /usr/share/zoneinfo:/usr/share/zoneinfo:ro # 增加这一行
ports:
- "0.0.0.0:7890:7890" # HTTP(S) 代理端口,可以考虑端口融合
- "0.0.0.0:9090:9090" # api接口
networks:
- ghost_net
deploy:
resources:
limits:
memory: 256M
cpus: 0.5
environment:
- TZ=Asia/Shanghai
# 提高容器权限以支持 TProxy 等高级功能(可选)
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
# --- 新增面板服务 ---
clash-ui:
image: ghcr.io/metacubex/metacubexd:v1.247.0
container_name: clash-ui
restart: always
environment:
- TZ=Asia/Shanghai
- DEFAULT_BACKEND_URL=http://192.168.1.142:9090
ports:
- "0.0.0.0:10000:80" # 用 8080 端口访问面板界面
networks:
- ghost_net
deploy:
resources:
limits:
memory: 256M
cpus: 0.5
networks:
ghost_net:
external: true
config.yaml
# ---------------------------------------------------
# 1. 基础连接 (Docker 映射必备)
# ---------------------------------------------------
mixed-port: 7890
allow-lan: true
log-level: info
external-controller: '0.0.0.0:9090'
# secret: "你的密码" # 建议设一个
# external-ui: ui
# 这里推荐一个目前最漂亮、功能最全的面板:Zashboard (也就是你链接里提到的)
# external-ui-url: "https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip"
# ---------------------------------------------------
# TUN 模式配置
# ---------------------------------------------------
tun:
enable: true # 默认开启
stack: mixed # 堆栈模式,建议 mixed 或 gvisor (Docker 环境下 gvisor 更稳)
device: utun # 虚拟网卡名称
auto-route: true # 自动设置容器内路由 (关键:不开启这个,流量进不来网卡)
auto-detect-interface: true # 自动检测出口网卡
dns-hijack: # 劫持 DNS 请求到 Clash 内部处理
- "any:53"
- "tcp://any:53"
# ---------------------------------------------------
# 2. 订阅来源 (核心:一个链接搞定一切)
# ---------------------------------------------------
proxy-providers:
clash20260513:
type: http
url: "你的订阅链接"
interval: 1800
path: ./sub.yaml
health-check:
enable: true
url: https://www.gstatic.com/generate_204
interval: 300
# ---------------------------------------------------
# 3. 策略组 (大幅精简:合并重复项)
# ---------------------------------------------------
proxy-groups:
# 总控开关
- name: 节点选择
type: select
proxies: [自动选择, HK香港, TW台湾, JP日本, US美国, SG新加坡, 全部节点, DIRECT]
# 自动选最快的
- name: 自动选择
type: url-test
use: [clash20260513]
tolerance: 50
# 分地区自动筛选 (利用 include-all 和 filter)
- name: HK香港
type: select
include-all: true
filter: "(?i)港|hk|hongkong"
use: [clash20260513]
- name: TW台湾
type: select
include-all: true
filter: "(?i)台|tw|taiwan"
use: [clash20260513]
- name: JP日本
type: select
include-all: true
filter: "(?i)日|jp|japan"
use: [clash20260513]
- name: US美国
type: select
include-all: true
filter: "(?i)美|us|unitedstates"
use: [clash20260513]
- name: SG新加坡
type: select
include-all: true
filter: "(?i)新|sg|singapore"
use: [clash20260513]
- name: 全部节点
type: select
include-all: true
use: [clash20260513]
# ---------------------------------------------------
# 4. 路由规则 (化繁为简)
# ---------------------------------------------------
rules:
# ================= 1. 私有/本地网络直连 =================
- GEOIP,lan,DIRECT,no-resolve
- GEOSITE,private,DIRECT
# ================= 2. 个人高频开发与镜像直连 =================
# 本地/特定专属域名及其子域名直连
- DOMAIN-SUFFIX,atibm.com,DIRECT
# HuggingFace 国内镜像站
- DOMAIN-SUFFIX,hf-mirror.com,DIRECT
# 使用关键词精准拦截国内常见开源镜像站(清华、科大、阿里、腾讯等)
- DOMAIN-KEYWORD,tuna.tsinghua,DIRECT
- DOMAIN-KEYWORD,ustc.edu,DIRECT
- DOMAIN-KEYWORD,mirrors.aliyun,DIRECT
- DOMAIN-KEYWORD,mirrors.tencent,DIRECT
- DOMAIN-KEYWORD,mirrors.cloud.tencent,DIRECT
- DOMAIN-KEYWORD,huaweicloud,DIRECT
# ================= 3. 核心海外 AI 与流媒体 (走代理) =================
- GEOSITE,category-ai-!cn,节点选择
- GEOSITE,google,节点选择
- GEOSITE,youtube,节点选择
- GEOSITE,telegram,节点选择
- GEOSITE,twitter,节点选择
- GEOSITE,netflix,节点选择
- GEOSITE,geolocation-!cn,节点选择
# ================= 4. 国内传统网站直连 (大包围) =================
# 绝大多数国内零散的镜像源(比如某些 npm、pip 国内源)其实都在 cn 列表里,这里直接兜底
- GEOSITE,cn,DIRECT
- GEOIP,cn,DIRECT
# ================= 5. 最终兜底 =================
- MATCH,节点选择
# ---------------------------------------------------
# 5. DNS (精简后的 Fake-IP 模式)
# ---------------------------------------------------
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-filter: ['*', '+.lan', '+.local']
nameserver:
- 223.5.5.5
- 119.29.29.29