预下载geo文件
cd /www/clash
http_proxy=http://x99.kc.com:7890 wget -O ./data/geoip.dat https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat
http_proxy=http://x99.kc.com:7890 wget -O ./data/geosite.dat https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat
http_proxy=http://x99.kc.com:7890 wget -O ./data/country.mmdb https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country-lite.mmdb
docker-compose.yml
services:
clash:
image: metacubex/mihomo:v1.19.24
container_name: clash
restart: always
# user: "1000:1000" # tune模式需要root权限,冲突
volumes:
- ./data:/root/.config/mihomo
- /etc/localtime:/etc/localtime:ro
- /usr/share/zoneinfo:/usr/share/zoneinfo:ro # 增加这一行
ports:
- "7890:7890" # HTTP(S) 代理端口,可以考虑端口融合
- "9090:9090" # api接口
networks:
- ghost_net
environment:
- TZ=Asia/Shanghai
# 提高容器权限以支持 TProxy 等高级功能(可选)
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
# --- 新增面板服务 ---
clash-ui:
image: ghcr.io/metacubex/metacubexd:v1.247.0
container_name: clash-ui
restart: always
environment:
- TZ=Asia/Shanghai
- DEFAULT_BACKEND_URL=http://192.168.1.142:9090
ports:
- "10000:80" # 用 8080 端口访问面板界面
networks:
- ghost_net
networks:
ghost_net:
external: true
config.yaml
# ---------------------------------------------------
# 1. 基础连接 (Docker 映射必备)
# ---------------------------------------------------
mixed-port: 7890
allow-lan: true
log-level: info
external-controller: '0.0.0.0:9090'
# secret: "你的密码" # 建议设一个
# external-ui: ui
# 这里推荐一个目前最漂亮、功能最全的面板:Zashboard (也就是你链接里提到的)
# external-ui-url: "https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip"
# ---------------------------------------------------
# TUN 模式配置
# ---------------------------------------------------
tun:
enable: true # 默认开启
stack: mixed # 堆栈模式,建议 mixed 或 gvisor (Docker 环境下 gvisor 更稳)
device: utun # 虚拟网卡名称
auto-route: true # 自动设置容器内路由 (关键:不开启这个,流量进不来网卡)
auto-detect-interface: true # 自动检测出口网卡
dns-hijack: # 劫持 DNS 请求到 Clash 内部处理
- "any:53"
- "tcp://any:53"
# ---------------------------------------------------
# 2. 订阅来源 (核心:一个链接搞定一切)
# ---------------------------------------------------
proxy-providers:
clash20260513:
type: http
url: "你的订阅链接"
interval: 86400
path: ./sub.yaml
health-check:
enable: true
url: https://www.gstatic.com/generate_204
interval: 300
# ---------------------------------------------------
# 3. 策略组 (大幅精简:合并重复项)
# ---------------------------------------------------
proxy-groups:
# 总控开关
- name: 节点选择
type: select
proxies: [自动选择, HK香港, TW台湾, JP日本, US美国, SG新加坡, 全部节点, DIRECT]
# 自动选最快的
- name: 自动选择
type: url-test
use: [clash20260513]
tolerance: 50
# 分地区自动筛选 (利用 include-all 和 filter)
- name: HK香港
type: select
include-all: true
filter: "(?i)港|hk|hongkong"
use: [clash20260513]
- name: TW台湾
type: select
include-all: true
filter: "(?i)台|tw|taiwan"
use: [clash20260513]
- name: JP日本
type: select
include-all: true
filter: "(?i)日|jp|japan"
use: [clash20260513]
- name: US美国
type: select
include-all: true
filter: "(?i)美|us|unitedstates"
use: [clash20260513]
- name: SG新加坡
type: select
include-all: true
filter: "(?i)新|sg|singapore"
use: [clash20260513]
- name: 全部节点
type: select
include-all: true
use: [clash20260513]
# ---------------------------------------------------
# 4. 路由规则 (化繁为简)
# ---------------------------------------------------
rules:
# 私有网络直连,geoip文件全是github的,没代理之前下载不到
- GEOIP,lan,DIRECT,no-resolve
# 常见的 AI 服务 (ChatGPT/Claude 等)
- GEOSITE,category-ai-!cn,节点选择
# 常见的海外社交媒体/视频
- GEOSITE,google,节点选择
- GEOSITE,youtube,节点选择
- GEOSITE,telegram,节点选择
- GEOSITE,twitter,节点选择
- GEOSITE,netflix,节点选择
# 国内直连 (利用 GEOSITE 和 GEOIP)
- GEOSITE,cn,DIRECT
- GEOIP,cn,DIRECT
# 最后的兜底全部走代理
- MATCH,节点选择
# ---------------------------------------------------
# 5. DNS (精简后的 Fake-IP 模式)
# ---------------------------------------------------
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-filter: ['*', '+.lan', '+.local']
nameserver:
- 223.5.5.5
- 119.29.29.29