2023-01-28 00:50:21 +07:00
global {
2023-05-27 09:52:13 +07:00
##### Software options.
2023-02-27 12:29:42 +07:00
# tproxy port to listen on. It is NOT a HTTP/SOCKS port, and is just used by eBPF program.
2023-02-12 15:04:30 +07:00
# In normal case, you do not need to use it.
2023-01-28 00:50:21 +07:00
tproxy_port: 12345
2023-06-04 10:38:05 +07:00
# Set it true to protect tproxy port from unsolicited traffic. Set it false to allow users to use self-managed
# iptables tproxy rules.
tproxy_port_protect: true
2024-06-16 13:41:52 +07:00
# Set non-zero value to enable pprof.
pprof_port: 0
2023-06-04 10:38:05 +07:00
# If not zero, traffic sent from dae will be set SO_MARK. It is useful to avoid traffic loop with iptables tproxy
# rules.
so_mark_from_dae: 0
2023-02-12 00:06:43 +07:00
# Log level: error, warn, info, debug, trace.
2023-02-05 13:03:34 +07:00
log_level: info
2023-05-27 09:52:13 +07:00
# Disable waiting for network before pulling subscriptions.
disable_waiting_network: false
2024-05-20 20:03:39 +07:00
# Enable fast redirect for local TCP connections. There is a known kernel issue that breaks certain clients/proxies, such as nadoo/glider. Users may enable this experimental option at their own risks.
enable_local_tcp_fast_redirect: false
2023-05-27 09:52:13 +07:00
##### Interface and kernel options.
# The LAN interface to bind. Use it if you want to proxy LAN.
# Multiple interfaces split by ",".
#lan_interface: docker0
# The WAN interface to bind. Use it if you want to proxy localhost.
# Multiple interfaces split by ",". Use "auto" to auto detect.
wan_interface: auto
# Automatically configure Linux kernel parameters like ip_forward and send_redirects. Check out
2023-07-09 16:31:47 +07:00
# https://github.com/daeuniverse/dae/blob/main/docs/en/user-guide/kernel-parameters.md to see what will dae do.
2023-05-27 09:52:13 +07:00
auto_config_kernel_parameter: true
##### Node connectivity check.
2023-02-12 14:39:00 +07:00
# Host of URL should have both IPv4 and IPv6 if you have double stack in local.
2023-04-29 00:08:46 +07:00
# First is URL, others are IP addresses if given.
2023-02-13 17:26:31 +07:00
# Considering traffic consumption, it is recommended to choose a site with anycast IP and less response.
2023-04-29 00:08:46 +07:00
#tcp_check_url: 'http://cp.cloudflare.com'
tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111'
2023-02-12 00:06:43 +07:00
2023-06-11 11:47:30 +07:00
# The HTTP request method to `tcp_check_url`. Use 'HEAD' by default because some server implementations bypass
2023-05-13 14:38:28 +07:00
# accounting for this kind of traffic.
2023-06-11 11:47:30 +07:00
tcp_check_http_method: HEAD
2023-05-13 14:38:28 +07:00
2023-02-13 01:40:34 +07:00
# This DNS will be used to check UDP connectivity of nodes. And if dns_upstream below contains tcp, it also be used to check
2023-02-12 14:39:00 +07:00
# TCP DNS connectivity of nodes.
2023-04-29 00:08:46 +07:00
# First is URL, others are IP addresses if given.
2023-02-13 01:40:34 +07:00
# This DNS should have both IPv4 and IPv6 if you have double stack in local.
2023-04-29 00:08:46 +07:00
#udp_check_dns: 'dns.google.com:53'
udp_check_dns: 'dns.google.com:53,8.8.8.8,2001:4860:4860::8888'
2023-02-12 00:06:43 +07:00
2023-01-28 14:47:43 +07:00
check_interval: 30s
2023-02-12 00:06:43 +07:00
# Group will switch node only when new_latency <= old_latency - tolerance.
2023-02-09 20:16:51 +07:00
check_tolerance: 50ms
2023-01-28 00:50:21 +07:00
2023-02-12 16:17:51 +07:00
2023-05-27 09:52:13 +07:00
##### Connecting options.
2023-02-15 00:53:53 +07:00
2023-02-18 01:06:23 +07:00
# Optional values of dial_mode are:
2023-02-15 00:53:53 +07:00
# 1. "ip". Dial proxy using the IP from DNS directly. This allows your ipv4, ipv6 to choose the optimal path
2023-02-18 01:06:23 +07:00
# respectively, and makes the IP version requested by the application meet expectations. For example, if you
# use curl -4 ip.sb, you will request IPv4 via proxy and get a IPv4 echo. And curl -6 ip.sb will request IPv6.
2023-04-12 23:18:42 +07:00
# This may solve some wierd full-cone problem if your are be your node support that. Sniffing will be disabled
# in this mode.
2023-02-15 00:53:53 +07:00
# 2. "domain". Dial proxy using the domain from sniffing. This will relieve DNS pollution problem to a great extent
2023-02-18 01:06:23 +07:00
# if have impure DNS environment. Generally, this mode brings faster proxy response time because proxy will
# re-resolve the domain in remote, thus get better IP result to connect. This policy does not impact routing.
# That is to say, domain rewrite will be after traffic split of routing and dae will not re-route it.
2023-03-13 15:49:01 +07:00
# 3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose
# DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not
# go through dae, dae cannot split traffic by domain.
2023-03-14 17:22:00 +07:00
# 4. "domain++". Based on domain+ mode but force to re-route traffic using sniffed domain to partially recover
# domain based traffic split ability. It doesn't work for direct traffic and consumes more CPU resources.
2023-02-15 00:53:53 +07:00
dial_mode: domain
2023-03-15 15:19:32 +07:00
2023-05-27 09:52:13 +07:00
# Allow insecure TLS certificates. It is not recommended to turn it on unless you have to.
allow_insecure: false
2023-04-12 23:18:42 +07:00
# Timeout to waiting for first data sending for sniffing. It is always 0 if dial_mode is ip. Set it higher is useful
# in high latency LAN network.
sniffing_timeout: 100ms
2023-05-27 09:52:13 +07:00
# TLS implementation. tls is to use Go's crypto/tls. utls is to use uTLS, which can imitate browser's Client Hello.
tls_implementation: tls
# The Client Hello ID for uTLS to imitate. This takes effect only if tls_implementation is utls.
# See more: https://github.com/daeuniverse/dae/blob/331fa23c16/component/outbound/transport/tls/utls.go#L17
utls_imitate: chrome_auto
2023-01-28 00:50:21 +07:00
}
2023-02-11 12:34:12 +07:00
# Subscriptions defined here will be resolved as nodes and merged as a part of the global node pool.
# Support to give the subscription a tag, and filter nodes from a given subscription in the group section.
2023-01-28 00:50:21 +07:00
subscription {
# Add your subscription links here.
2023-02-10 10:59:40 +07:00
my_sub: 'https://www.example.com/subscription/link'
another_sub: 'https://example.com/another_sub'
'https://example.com/no_tag_link'
2023-03-19 13:45:31 +07:00
'file://relative/path/to/mysub.sub' # Put subscription content in /etc/dae/relative/path/to/mysub.sub
2023-01-28 00:50:21 +07:00
}
2023-02-11 12:34:12 +07:00
# Nodes defined here will be merged as a part of the global node pool.
2023-01-28 00:50:21 +07:00
node {
# Add your node links here.
2023-07-29 22:41:40 +07:00
# Support socks5, http, https, ss, ssr, vmess, vless, trojan, tuic, juicity, etc.
2023-07-26 01:10:47 +07:00
# Full support list: https://github.com/daeuniverse/dae/blob/main/docs/en/proxy-protocols.md
2023-01-30 17:13:43 +07:00
'socks5://localhost:1080'
2023-03-07 12:30:27 +07:00
mylink: 'ss://LINK'
2023-03-26 11:32:43 +07:00
node1: 'vmess://LINK'
node2: 'vless://LINK'
2023-07-23 19:36:57 +07:00
chains: 'tuic://LINK -> vmess://LINK'
2023-01-28 00:50:21 +07:00
}
2023-07-09 16:31:47 +07:00
# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md for full examples.
2023-02-25 01:38:21 +07:00
dns {
2023-05-30 21:10:32 +07:00
# For example, if ipversion_prefer is 4 and the domain name has both type A and type AAAA records, the dae will only
# respond to type A queries and response empty answer to type AAAA queries.
2023-04-07 22:06:04 +07:00
#ipversion_prefer: 4
2023-04-07 22:13:10 +07:00
2023-05-30 21:10:32 +07:00
# Give a fixed ttl for domains. Zero means that dae will request to upstream every time and not cache DNS results
# for these domains.
#fixed_domain_ttl {
# ddns.example.org: 10
# test.example.org: 3600
#}
2023-02-25 01:38:21 +07:00
upstream {
# Value can be scheme://host:port, where the scheme can be tcp/udp/tcp+udp.
# If host is a domain and has both IPv4 and IPv6 record, dae will automatically choose
# IPv4 or IPv6 to use according to group policy (such as min latency policy).
# Please make sure DNS traffic will go through and be forwarded by dae, which is REQUIRED for domain routing.
# If dial_mode is "ip", the upstream DNS answer SHOULD NOT be polluted, so domestic public DNS is not recommended.
alidns: 'udp://dns.alidns.com:53'
2023-04-02 10:07:53 +07:00
googledns: 'tcp+udp://dns.google.com:53'
2023-02-25 01:38:21 +07:00
}
2023-02-25 21:53:18 +07:00
routing {
2023-03-27 11:45:10 +07:00
# According to the request of dns query, decide to use which DNS upstream.
# Match rules from top to bottom.
2023-02-25 21:53:18 +07:00
request {
2024-01-11 20:47:05 +07:00
# Lookup China mainland domains using alidns, otherwise googledns.
qname(geosite:cn) -> alidns
2023-03-27 11:45:10 +07:00
# fallback is also called default.
2024-01-11 20:47:05 +07:00
fallback: googledns
2023-02-25 21:53:18 +07:00
}
2023-02-25 01:38:21 +07:00
}
2024-01-11 20:47:05 +07:00
# routing {
# # According to the request of dns query, decide to use which DNS upstream.
# # Match rules from top to bottom.
# request {
# # fallback is also called default.
# fallback: alidns
# }
# # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
# # Match rules from top to bottom.
# response {
# # Trusted upstream. Always accept its result.
# upstream(googledns) -> accept
# # Possibly polluted, re-lookup using googledns.
# ip(geoip:private) && !qname(geosite:cn) -> googledns
# # fallback is also called default.
# fallback: accept
# }
# }
2023-02-25 01:38:21 +07:00
}
2023-02-05 12:31:21 +07:00
# Node group (outbound).
2023-01-28 00:50:21 +07:00
group {
my_group {
2023-03-07 12:30:27 +07:00
# No filter. Use all nodes.
2023-01-28 00:50:21 +07:00
# Randomly select a node from the group for every connection.
2023-02-19 11:37:37 +07:00
#policy: random
2023-01-29 06:31:52 +07:00
# Select the first node from the group for every connection.
2023-02-19 11:37:37 +07:00
#policy: fixed(0)
2023-02-07 20:54:57 +07:00
# Select the node with min last latency from the group for every connection.
2023-02-19 11:37:37 +07:00
#policy: min
2023-02-19 00:49:36 +07:00
# Select the node with min moving average of latencies from the group for every connection.
policy: min_moving_avg
2023-01-28 00:50:21 +07:00
}
2023-01-31 23:02:46 +07:00
group2 {
2023-02-11 12:34:12 +07:00
# Filter nodes from the global node pool defined by the subscription and node section above.
2024-04-02 17:31:19 +07:00
#filter: subtag(my_sub) && !name(keyword: 'ExpireAt:')
# Multiple filters indicate 'or' logic.
2023-07-10 18:44:56 +07:00
#filter: subtag(regex: '^my_', another_sub) && !name(keyword: 'ExpireAt:')
# Filter nodes from the global node pool defined by tag.
2023-03-26 11:32:43 +07:00
#filter: name(node1, node2)
2023-01-31 23:02:46 +07:00
2023-07-10 18:44:56 +07:00
# Filter nodes and give a fixed latency offset to archive latency-based failover.
# In this example, there is bigger possibility to choose US node even if original latency of US node is higher.
filter: name(HK_node)
filter: name(US_node) [add_latency: -500ms]
2023-01-31 23:02:46 +07:00
# Select the node with min average of the last 10 latencies from the group for every connection.
policy: min_avg10
}
2023-01-28 00:50:21 +07:00
}
2023-07-09 16:31:47 +07:00
# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
2023-01-28 00:50:21 +07:00
routing {
2023-02-19 11:46:11 +07:00
### Preset rules.
2023-01-31 23:02:46 +07:00
2023-02-19 11:46:11 +07:00
# Network managers in localhost should be direct to avoid false negative network connectivity check when binding to
# WAN.
2023-03-22 20:54:50 +07:00
pname(NetworkManager) -> direct
2023-02-19 11:46:11 +07:00
# Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
# forwarded by the proxy.
2023-02-25 02:12:35 +07:00
# "dip" means destination IP.
dip(224.0.0.0/3, 'ff00::/8') -> direct
2023-02-19 11:46:11 +07:00
# This line allows you to access private addresses directly instead of via your proxy. If you really want to access
# private addresses in your proxy host network, modify the below line.
2023-02-25 02:12:35 +07:00
dip(geoip:private) -> direct
2023-02-19 11:46:11 +07:00
### Write your rules below.
2023-02-04 10:24:03 +07:00
2023-11-15 13:32:57 +07:00
# Disable h3 because it usually consumes too much cpu/mem resources.
l4proto(udp) && dport(443) -> block
2023-02-25 02:12:35 +07:00
dip(geoip:cn) -> direct
2023-01-28 00:50:21 +07:00
domain(geosite:cn) -> direct
2023-02-11 23:53:33 +07:00
2023-02-18 02:01:51 +07:00
fallback: my_group
2023-01-28 00:50:21 +07:00
}