Xray的配置 - 张小白的小窝

本文章主要记录一些VPS的设置，使得购买的VPS及域名能够支持科学上网，服务器为Ubuntu 20.04。在执行任何操作之前，切换到/root目录，并使用apt update && apt upgrade来更新系统。

事前准备#

服务器准备#

部分软件：

1
apt install vim git curl wget -y

启用 BBR TCP 拥塞控制算法：

1
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
2
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
3
sysctl -p

设置时区：

1
timedatectl set-timezone Asia/Shanghai

Cloudflare准备#

将Cloudflare中SSL/TLS加密模式设置为完全（严格）。

在Cloudflare创建一个新的令牌（参考cf插件主页配置），权限为Zone.Zone.Read; Zone.DNS.Edit，并将令牌保存到本地。

在Caddy官方下载地址，选择dns.provider.cloudflare，下载到本地准备。

设置密钥登陆#

生成密钥#

连接到服务器后，使用ssh-keygen来生成密钥，并把私钥保存到本地。

使用mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys更改公钥名称。使用如下命令来更改权限：

1
chmod 700 ~/.ssh
2
chmod 600 ~/.ssh/authorized_keys

修改登录方式#

使用vim /etc/ssh/sshd_config来修改SSH配置文件，将PasswordAuthentication改为no，将PubkeyAuthentication改为yes，并systemctl restart ssh重启SSH服务。

如有必要，可以更改ssh的端口号，修改Port即可。

安装Caddy#

1
apt install -y debian-keyring debian-archive-keyring apt-transport-https
2
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
3
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
4
apt update
5
apt install caddy

把之前下载的Caddy传到root下，

1
mv ./caddy_linux_amd64_custom ./caddy
2
chmod +x ./caddy
3
./caddy list-modules | grep dns

如果正常，会显示出dns.providers.cloudflare模块。

在替换官方的Caddy：

1
mv ./caddy /usr/bin/caddy

寻找合适的伪装站#

示例关键字：intext:登录 Cloudreve

配置Caddy#

启动Caddy服务：

1
systemctl enable --now caddy

通过如下命令查看Caddy的日志：

1
journalctl -u caddy --no-pager | less +G

1
vim /etc/caddy/Caddyfile

改为如下：

1
example.com {
2
    encode gzip
3

4
    tls {
5
        dns cloudflare 你的API token
6
        protocols tls1.2 tls1.3
7
    }
8

9
    reverse_proxy /xui* 127.0.0.1:port {
10
        header_up Host {host}
11
        header_up X-Real-IP {remote_host}
12
    }
13

14
    # ws
15
    # reverse_proxy /ray* 127.0.0.1:port {
16
    #     header_up Host {host}
17
    #     header_up X-Real-IP {remote_host}
18
    # }
19

20
    # xhttp
21
    reverse_proxy /ray* h2c://127.0.0.1:port {
22
        header_up Host {host}
23
        header_up X-Real-IP {remote_host}
24
    }
25

26
    # 伪装网址
27
    reverse_proxy https://demo.cloudreve.org {
28
        header_up Host {upstream_hostport}
29
    }
30
}

奇怪的是xui只能在Chrome匿名模式下进入

caddy run查看tls是否生效：

1
tls.obtain      certificate obtained successfully

1
sudo systemctl reload caddy

3X-UI#

安装3X-UI#

参考官方仓库：

1
curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh | sudo bash

配置XUI#

进入面板，把监听IP改为127.0.0.1，端口改为上面定义的xui端口。添加端口为ray端口的节点。

配置节点 vmess+ws#

监听设置为127.0.0.1，端口设置为ray的端口，传输方式为WebSocket，路径填/ray

配置节点 vless+xhttp#

监听设置为127.0.0.1，端口设置为ray的端口，传输方式为xhttp，路径填/ray

优选ip#

到这里使用假节点vless://[email protected]:443?encryption=none&security=tls&sni=aaa.bbb.ccc&type=websocket&path=%2F123&#temp%20-%2054，然后使用如下脚本拿到ip：

1
import base64
2
import json
3
import urllib.parse
4
import os
5

6
INPUT_FILE = "cf_ips.txt"
7
OUTPUT_FILE = "new_ips.txt"
8

9
def extract_ips():
10
    ips = []
11
    if not os.path.exists(INPUT_FILE):
12
        print(f"[!] 找不到 {INPUT_FILE}，请确保该文件存在。")
13
        return
14

15
    with open(INPUT_FILE, "r", encoding="utf-8") as f:
16
        for line in f:
17
            line = line.strip()
18
            if not line:
19
                continue
20

21
            if line.startswith("vless://"):
22
                try:
23
                    parsed = urllib.parse.urlparse(line)
24
                    netloc = parsed.netloc
25
                    # 解析如 uuid@ip:port 的格式
26
                    if "@" in netloc:
27
                        host_port = netloc.split("@")[-1]
28
                        ip = host_port.split(":")[0]
29
                        ips.append(ip)
30
                except Exception as e:
31
                    print(f"[!] VLESS 解析失败: {line[:30]}... 错误信息: {e}")
32

33
            elif line.startswith("vmess://"):
34
                try:
35
                    payloadstr = line[8:]
36
                    padding = len(payloadstr) % 4
37
                    if padding:
38
                        payloadstr += '=' * (4 - padding)
39
                    config = json.loads(base64.b64decode(payloadstr).decode('utf-8'))
40
                    ip = config.get("add")
41
                    if ip:
42
                        ips.append(ip)
43
                except Exception as e:
44
                    print(f"[!] VMESS 解析失败: {line[:30]}... 错误信息: {e}")
45

46
    # 去重处理（如有需要可取消注释下面这行进行去重过滤，但为了保持与源文件等量这里原样输出）
47
    # ips = list(dict.fromkeys(ips))
48

49
    if ips:
50
        with open(OUTPUT_FILE, "w", encoding="utf-8") as f:
51
            for ip in ips:
52
                f.write(ip + "\n")
53
        print(f"[+] 成功提取 {len(ips)} 个 IP 地址，已保存至 {OUTPUT_FILE}")
54
    else:
55
        print("[!] 未能从文件中提取到任何 IP。")
56

57
if __name__ == "__main__":
58
    extract_ips()

v2rayn#

拿到new_ips.txt后，新建一个ips.txt，把内容复制进去，然后使用如下脚本生成对应的链接，然后进行测速：

1
import urllib.parse
2
import os
3
import base64
4
import json
5

6
# ==========================================
7
# ⚙️ 配置区
8
# ==========================================
9
# 你的 3x-ui 生成的“本地母体链接”
10
BASE_URI = "vless://..."
11
# 域名
12
# TODO: 替换为你的真实域名
13
DOMAIN = "aaa.bbb.ccc"
14
# 节点名称
15
# TODO: 替换为你喜欢的节点名称前缀
16
NODE_NAME_PREFIX = "MyNode"
17

18
TXT_FILE = "ips.txt"
19
OUTPUT_FILE = "v2rayn.txt"
20
# ==========================================
21

22
def build_links():
23
    if not os.path.exists(TXT_FILE):
24
        print(f"[!] 找不到 {TXT_FILE}，请先创建。")
25
        return
26

27
    is_vmess = BASE_URI.startswith("vmess://")
28
    is_vless = BASE_URI.startswith("vless://")
29

30
    if not is_vmess and not is_vless:
31
        print("[!] 初始化失败，母体链接必须以 vless:// 或 vmess:// 开头")
32
        return
33

34
    # 1. 拆解母体链接
35
    if is_vless:
36
        parsed_base = urllib.parse.urlparse(BASE_URI)
37
        qs = urllib.parse.parse_qs(parsed_base.query)
38

39
        uuid = parsed_base.username
40

41
        # 提取核心固定参数（如果母体里有，就继承；没有就用默认值）
42
        network_type = qs.get('type', ['xhttp'])[0]
43
        path = qs.get('path', ['/'])[0]
44
        mode = qs.get('mode', ['auto'])[0]
45
        encryption = qs.get('encryption', ['none'])[0]
46
    else:
47
        # 解析 vmess
48
        payloadstr = BASE_URI[8:]
49
        padding = len(payloadstr) % 4
50
        if padding:
51
            payloadstr += '=' * (4 - padding)
52
        try:
53
            base_config = json.loads(base64.b64decode(payloadstr).decode('utf-8'))
54
        except Exception as e:
55
            print(f"[!] VMESS 解析失败: {e}")
56
            return
57

58
    links_list = []
59
    index = 1
60

61
    # 2. 遍历优选 IP 列表
62
    with open(TXT_FILE, 'r', encoding='utf-8') as f:
63
        for line in f:
64
            line = line.strip()
65
            if not line or line.startswith('#'):
66
                continue
67

68
            parts = line.split()
69
            ip = parts[0]
70
            domain = DOMAIN # 跟 build_nodes.py 保持一致
71
            node_name_base = f"{NODE_NAME_PREFIX} - {index}"
72

73
            if is_vless:
74
                # 3. 组装全新的查询参数 (Query String)
75
                new_qs = {
76
                    'encryption': encryption,
77
                    'security': 'tls',          # 强制开启 TLS
78
                    'sni': domain,              # 注入真实域名
79
                    'type': network_type,
80
                    'path': path,
81
                    'mode': mode,
82
                    # 'alpn': 'h2,http/1.1',      # 注入 CF 兼容的 ALPN
83
                    # 'fp': 'chrome',             # 注入浏览器指纹
84
                    # 'host': domain,             # 注入 Host 头
85
                }
86

87
                # 如果母体带有 extra 的 padding 参数，原样继承
88
                if 'extra' in qs:
89
                    new_qs['extra'] = qs['extra'][0]
90
                if 'x_padding_bytes' in qs:
91
                    new_qs['x_padding_bytes'] = qs['x_padding_bytes'][0]
92

93
                # 4. URL 编码参数
94
                encoded_qs = urllib.parse.urlencode(new_qs, doseq=True)
95

96
                # 5. 组装节点名称（备注名），与 build_nodes.py 保持一致
97
                node_name = urllib.parse.quote(node_name_base)
98

99
                # 6. 拼接最终的 URI
100
                final_uri = f"vless://{uuid}@{ip}:443?{encoded_qs}#{node_name}"
101
                links_list.append(final_uri)
102
            else:
103
                # VMESS 处理逻辑
104
                config = base_config.copy()
105
                config['add'] = ip
106
                config['port'] = 443       # 使用 CF 的 TLS 端口
107
                config['tls'] = 'tls'      # 强制 TLS
108
                config['sni'] = domain     # 注入真实域名
109
                config['ps'] = node_name_base  # 节点名称
110

111
                b64str = base64.b64encode(json.dumps(config).encode('utf-8')).decode('utf-8')
112
                links_list.append(f"vmess://{b64str}")
113

114
            index += 1
115

116
    # 追加最后一个直连域名的节点
117
    node_name_base = f"{NODE_NAME_PREFIX} - {index}"
118
    if is_vless:
119
        new_qs['sni'] = DOMAIN
120
        new_qs['host'] = DOMAIN
121
        encoded_qs = urllib.parse.urlencode(new_qs, doseq=True)
122
        node_name = urllib.parse.quote(node_name_base)
123
        final_uri = f"vless://{uuid}@{DOMAIN}:443?{encoded_qs}#{node_name}"
124
        links_list.append(final_uri)
125
    else:
126
        config = base_config.copy()
127
        config['add'] = DOMAIN
128
        config['port'] = 443
129
        config['tls'] = 'tls'
130
        config['sni'] = DOMAIN
131
        config['host'] = DOMAIN
132
        config['ps'] = node_name_base
133
        b64str = base64.b64encode(json.dumps(config).encode('utf-8')).decode('utf-8')
134
        links_list.append(f"vmess://{b64str}")
135

136
    # 7. 导出到文件
137
    if links_list:
138
        with open(OUTPUT_FILE, 'w', encoding='utf-8') as f:
139
            for link in links_list:
140
                f.write(link + '\n')
141
        schema_name = "VMESS" if is_vmess else "VLESS"
142
        print(f"[+] 成功生成 {len(links_list)} 个标准 {schema_name} 链接，已保存至 {OUTPUT_FILE}")
143

144
if __name__ == '__main__':
145
    build_links()

clash#

vmess://ew0KICAidiI6ICIyIiwNCiAgInBzIjogIlJFUExBQ0VNRSIsDQogICJhZGQiOiAiMTA0LjE4LjExOS4yMCIsDQogICJwb3J0IjogIjQ0MyIsDQogICJpZCI6ICIwY2MzMjY3ZS1kNmIwLTRiMjctYTM0Zi0zOGY3MGI5ZjhjZGMiLA0KICAiYWlkIjogIjAiLA0KICAic2N5IjogImF1dG8iLA0KICAibmV0IjogIndzIiwNCiAgInR5cGUiOiAibm9uZSIsDQogICJob3N0IjogImFhYS5iYmIiLA0KICAicGF0aCI6ICIvYWJjZGVmZyIsDQogICJ0bHMiOiAidGxzIiwNCiAgInNuaSI6ICIiLA0KICAiYWxwbiI6ICIiDQp9

使用上面的假链接到这里生成订阅链接，获取配置文件，保存到configs/mini_adplus.yaml。然后使用如下的脚本生成：

1
import urllib.parse
2
import urllib.request
3
import json
4
import yaml
5
import os
6
import base64
7
import ssl
8

9
# ==========================================
10
# ⚙️ 配置区
11
# ==========================================
12
# 你的母体链接，支持 vless:// 或 vmess://
13
BASE_URI = "vless://..."
14

15
# 域名
16
DOMAIN = "aaa.bbb.ccc"
17
# 节点名称
18
NODE_NAME_PREFIX = "MyNode"
19

20
TXT_FILE = "ips.txt"
21
OUTPUT_YAML = "optimized_nodes.yaml"
22

23
# mini_adplus 配置模板
24
MINI_ADPLUS_YAML = os.path.join(os.path.dirname(os.path.abspath(__file__)), "configs", "mini_adplus.yaml")
25
MINI_ADPLUS_URL = (
26
    "https://api.wcc.best/sub?target=clash&url=vmess%3A%2F%2Few0KICAidiI6ICIyIiwNCiAgInBzIjogIlJFUExBQ0VNRSIsDQogICJhZGQiOiAiMTA0LjE4LjExOS4yMCIsDQogICJwb3J0IjogIjQ0MyIsDQogICJpZCI6ICIwY2MzMjY3ZS1kNmIwLTRiMjctYTM0Zi0zOGY3MGI5ZjhjZGMiLA0KICAiYWlkIjogIjAiLA0KICAic2N5IjogImF1dG8iLA0KICAibmV0IjogIndzIiwNCiAgInR5cGUiOiAibm9uZSIsDQogICJob3N0IjogImFhYS5iYmIiLA0KICAicGF0aCI6ICIvYWJjZGVmZyIsDQogICJ0bHMiOiAidGxzIiwNCiAgInNuaSI6ICIiLA0KICAiYWxwbiI6ICIiDQp9%7C&insert=false&config=https%3A%2F%2Fraw.githubusercontent.com%2FACL4SSR%2FACL4SSR%2Fmaster%2FClash%2Fconfig%2FACL4SSR_Online_Mini_AdblockPlus.ini"
27
)
28
# ==========================================
29

30
def build_node_yaml(protocol, ip, uuid, network, path, mode, domain, index, config_dict):
31
    # 构造 Mihomo 标准 YAML 字典
32
    proxy = {
33
        'name': f"{NODE_NAME_PREFIX} - {index}",
34
        'type': protocol,
35
        'server': ip,
36
        'port': 443,          # 强制使用 HTTPS 端口
37
        'uuid': uuid,         # 继承母体的 UUID
38
        'network': network,
39
        'udp': True,
40
        'tls': True,          # 强制开启 TLS
41
        # 'alpn': ['h2', 'http/1.1'], # 强制指定 ALPN，部分 CF 节点非常挑剔
42
        # 'sni': domain,
43
        'servername': domain, # 许多受限内核 VLESS 配置只认 servername
44
        'skip-cert-verify': False,
45
        'client-fingerprint': 'chrome', # 极其重要：伪装 TLS 指纹，防 CF 阻断
46
    }
47

48
    if protocol == 'vmess':
49
        proxy['alterId'] = 0
50
        proxy['cipher'] = config_dict.get('scy', 'auto')
51

52
    if network == 'xhttp':
53
        proxy['xhttp-opts'] = {
54
            'mode': mode,
55
            'path': path,
56
            # 'headers': {
57
            #     'Host': [domain]
58
            # }
59
        }
60
        if protocol == 'vless' and 'extra' in config_dict:
61
            try:
62
                extra_json = json.loads(urllib.parse.unquote(config_dict['extra'][0]))
63
                proxy['xhttp-opts']['extra'] = extra_json
64
            except:
65
                pass
66
    elif network == 'ws':
67
        proxy['ws-opts'] = {
68
            'path': path,
69
            # 'headers': {
70
            #     'Host': domain # ws-opts 的 Host 在 Mihomo 中通常是字符串
71
            # }
72
        }
73

74
    return proxy
75

76
def download_mini_adplus():
77
    """检测 mini_adplus.yaml 是否存在，不存在则从远程下载"""
78
    if os.path.exists(MINI_ADPLUS_YAML):
79
        print(f"[✓] 配置模板已存在: {MINI_ADPLUS_YAML}")
80
        return True
81

82
    print(f"[*] 配置模板不存在，正在从远程下载...")
83
    os.makedirs(os.path.dirname(MINI_ADPLUS_YAML), exist_ok=True)
84

85
    try:
86
        # 跳过 SSL 验证（subconverter API 可能证书不完整）
87
        ctx = ssl.create_default_context()
88
        ctx.check_hostname = False
89
        ctx.verify_mode = ssl.CERT_NONE
90

91
        req = urllib.request.Request(MINI_ADPLUS_URL, headers={
92
            'User-Agent': 'ClashForAndroid/2.5.12'
93
        })
94
        with urllib.request.urlopen(req, context=ctx, timeout=30) as resp:
95
            data = resp.read()
96

97
        with open(MINI_ADPLUS_YAML, 'wb') as f:
98
            f.write(data)
99

100
        print(f"[✓] 下载成功: {MINI_ADPLUS_YAML} ({len(data)} bytes)")
101
        return True
102
    except Exception as e:
103
        print(f"[✗] 下载失败: {e}")
104
        return False
105

106

107
def build_clash():
108
    # 0. 确保 mini_adplus.yaml 模板存在
109
    if not download_mini_adplus():
110
        print("[!] 无法获取配置模板，退出。")
111
        return
112

113
    if not os.path.exists(TXT_FILE):
114
        print(f"[!] 找不到 {TXT_FILE}，请先创建。")
115
        return
116

117
    # 1. 拆解母体链接
118
    if BASE_URI.startswith('vmess://'):
119
        protocol = 'vmess'
120
        b64_str = BASE_URI[8:]
121
        b64_str += "=" * ((4 - len(b64_str) % 4) % 4)
122
        config_dict = json.loads(base64.b64decode(b64_str).decode('utf-8'))
123
        uuid = config_dict.get('id')
124
        network = config_dict.get('net', 'ws')
125
        path = config_dict.get('path', '/')
126
        mode = 'auto'
127
    elif BASE_URI.startswith('vless://'):
128
        protocol = 'vless'
129
        parsed_base = urllib.parse.urlparse(BASE_URI)
130
        config_dict = urllib.parse.parse_qs(parsed_base.query)
131
        uuid = parsed_base.username
132
        network = config_dict.get('type', ['tcp'])[0]
133
        path = urllib.parse.unquote(config_dict.get('path', ['/'])[0])
134
        mode = config_dict.get('mode', ['auto'])[0]
135
    else:
136
        print("[!] 不支持的协议类型，只能处理 vmess:// 或 vless://")
137
        return
138

139
    proxies_list = []
140
    index = 1
141

142
    # 2. 读取优选列表并进行批量克隆
143
    with open(TXT_FILE, 'r', encoding='utf-8') as f:
144
        for line in f:
145
            line = line.strip()
146
            if not line or line.startswith('#'):
147
                continue
148

149
            parts = line.split()
150
            ip = parts[0]
151
            domain = DOMAIN
152

153
            proxy = build_node_yaml(protocol, ip, uuid, network, path, mode, domain, index, config_dict)
154
            index += 1
155
            proxies_list.append(proxy)
156

157
    # 追加最后一个兜底真实域名的节点
158
    proxy = build_node_yaml(protocol, DOMAIN, uuid, network, path, mode, DOMAIN, index, config_dict)
159
    proxies_list.append(proxy)
160

161
    # 3. 基于 mini_adplus.yaml 模板生成最终配置
162
    FINAL_CONFIG = "final_config.yaml"
163

164
    if proxies_list:
165
        proxy_names = [p['name'] for p in proxies_list]
166

167
        try:
168
            from ruamel.yaml import YAML
169
            yaml_parser = YAML()
170
            yaml_parser.preserve_quotes = True
171
            with open(MINI_ADPLUS_YAML, 'r', encoding='utf-8') as f:
172
                config_data = yaml_parser.load(f)
173
        except ImportError:
174
            with open(MINI_ADPLUS_YAML, 'r', encoding='utf-8') as f:
175
                config_data = yaml.safe_load(f)
176
            yaml_parser = None
177

178
        # 替换 proxies 为新生成的节点
179
        if 'proxy-providers' in config_data:
180
            del config_data['proxy-providers']
181
        config_data['proxies'] = proxies_list
182

183
        # mode 值需要小写
184
        if 'mode' in config_data:
185
            config_data['mode'] = config_data['mode'].lower()
186
        # 期望的策略组结构（用于变更检测）
187
        EXPECTED_GROUPS = [
188
            '🚀 节点选择',
189
            '♻️ 自动选择',
190
            '🎯 全球直连',
191
            '🛑 全球拦截',
192
            '🐟 漏网之鱼',
193
        ]
194
        # 需要注入新节点的策略组
195
        INJECT_GROUPS = {'🚀 节点选择', '♻️ 自动选择'}
196
        # 需要清理旧节点但不注入新节点的策略组（只保留分组引用）
197
        CLEAN_GROUPS = {'🐟 漏网之鱼'}
198

199
        if 'proxy-groups' in config_data:
200
            # ⚠️ 变更检测：检查模板的策略组是否与预期一致
201
            actual_groups = [g['name'] for g in config_data['proxy-groups']]
202
            if actual_groups != EXPECTED_GROUPS:
203
                print("=" * 60)
204
                print("⚠️  警告: 模板策略组结构已发生变化！")
205
                print(f"   期望: {EXPECTED_GROUPS}")
206
                print(f"   实际: {actual_groups}")
207
                added = set(actual_groups) - set(EXPECTED_GROUPS)
208
                removed = set(EXPECTED_GROUPS) - set(actual_groups)
209
                if added:
210
                    print(f"   新增: {added}")
211
                if removed:
212
                    print(f"   缺失: {removed}")
213
                if actual_groups != EXPECTED_GROUPS and not (added or removed):
214
                    print(f"   顺序不同")
215
                print("   请检查是否需要更新脚本逻辑！")
216
                print("=" * 60)
217

218
            # 收集内置策略和分组名，用于区分"具体节点"和"引用"
219
            builtin_names = {'DIRECT', 'REJECT'}
220
            group_names = {g['name'] for g in config_data['proxy-groups']}
221
            skip_names = builtin_names | group_names
222

223
            for group in config_data['proxy-groups']:
224
                gname = group['name']
225

226
                # 处理 use 字段（proxy-provider 引用）
227
                if 'use' in group:
228
                    del group['use']
229

230
                if gname in INJECT_GROUPS:
231
                    # 节点选择 / 自动选择：替换为新节点
232
                    if 'proxies' in group:
233
                        kept = [p for p in group['proxies'] if p in skip_names]
234
                        group['proxies'] = proxy_names + kept
235
                    else:
236
                        group['proxies'] = proxy_names[:]
237
                elif gname in CLEAN_GROUPS:
238
                    # 漏网之鱼：只删掉具体节点名（REPLACEME等），保留分组引用
239
                    if 'proxies' in group:
240
                        group['proxies'] = [p for p in group['proxies'] if p in skip_names]
241

242
        # 修补 rules 尾部，防止 DNS 泄露
243
        if 'rules' in config_data:
244
            rules = config_data['rules']
245
            new_rules = []
246
            for r in rules:
247
                rule_str = str(r)
248
                # GEOIP,CN 加上 no-resolve
249
                if rule_str.startswith('GEOIP,CN,') and 'no-resolve' not in rule_str:
250
                    new_rules.append(rule_str + ',no-resolve')
251
                else:
252
                    new_rules.append(r)
253
            # 在 MATCH 之前插入 GEOSITE,CN（如果不存在）
254
            has_geosite_cn = any('GEOSITE,CN,' in str(r) for r in new_rules)
255
            if not has_geosite_cn:
256
                # 找到 MATCH 规则的位置，插入到它前面
257
                match_idx = next((i for i, r in enumerate(new_rules) if str(r).startswith('MATCH,')), len(new_rules))
258
                new_rules.insert(match_idx, 'GEOSITE,CN,🎯 全球直连')
259
            config_data['rules'] = new_rules
260

261
            # ⚠️ 检查所有 IP 类规则是否都有 no-resolve
262
            IP_RULE_PREFIXES = ('IP-CIDR,', 'IP-CIDR6,', 'GEOIP,')
263
            missing = []
264
            for i, r in enumerate(new_rules):
265
                rule_str = str(r)
266
                if any(rule_str.startswith(p) for p in IP_RULE_PREFIXES) and 'no-resolve' not in rule_str:
267
                    missing.append((i + 1, rule_str))
268
            if missing:
269
                print("=" * 60)
270
                print(f"⚠️  警告: 发现 {len(missing)} 条 IP 类规则缺少 no-resolve，可能导致 DNS 泄露！")
271
                for idx, rule in missing[:10]:  # 最多显示10条
272
                    print(f"   第 {idx} 条: {rule}")
273
                if len(missing) > 10:
274
                    print(f"   ... 还有 {len(missing) - 10} 条")
275
                print("=" * 60)
276
        # 写入最终配置
277
        try:
278
            if yaml_parser is not None:
279
                with open(FINAL_CONFIG, 'w', encoding='utf-8') as f:
280
                    yaml_parser.dump(config_data, f)
281
            else:
282
                with open(FINAL_CONFIG, 'w', encoding='utf-8') as f:
283
                    yaml.dump(config_data, f, allow_unicode=True, sort_keys=False, indent=2)
284
            print(f"[+] 成功生成配置: {FINAL_CONFIG} (基于 mini_adplus.yaml, 类型: {protocol}, 包含 {len(proxies_list)} 个节点)")
285
        except Exception as e:
286
            print(f"[✗] 写入配置失败: {e}")
287

288
if __name__ == '__main__':
289
    build_clash()

注意事项#

如果clash遇到wsl无网络的问题，在最前面加入mtu设置：

1
mixed-port: 7890
2
allow-lan: true
3
mode: rule
4
log-level: info
5
external-controller: :9090
6

7
tun:
8
  mtu: 1280