Full Example

---
port: 8888
socks-port: 8889
mixed-port: 8899

tun:
  enable: false
  device-id: "dev://utun1989"

dns:
  enable: true
  listen: 127.0.0.1:53553
  #   udp: 127.0.0.1:53553
  #   tcp: 127.0.0.1:53553
  #   dot: 127.0.0.1:53554
  #   doh: 127.0.0.1:53555

  # ipv6: false # when the false, response to AAAA questions will be empty

  # These nameservers are used to resolve the DNS nameserver hostnames below.
  # Specify IP addresses only
  default-nameserver:
    - 114.114.114.114
    - 8.8.8.8
  enhanced-mode: fake-ip 
  fake-ip-range: 198.18.0.2/16 # Fake IP addresses pool CIDR
  # use-hosts: true # lookup hosts and return IP record

  # Hostnames in this list will not be resolved with fake IPs
  # i.e. questions to these domain names will always be answered with their
  # real IP addresses
  # fake-ip-filter:
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com

  # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
  # All DNS questions are sent directly to the nameserver, without proxies
  # involved. Clash answers the DNS question with the first result gathered.
  nameserver:
    - 114.114.114.114 # default value
    - 1.1.1.1 # default value
    - tls://1.1.1.1:853 # DNS over TLS
    - https://1.1.1.1/dns-query # DNS over HTTPS
#    - dhcp://en0 # dns from dhcp

allow-lan: true
mode: rule
log-level: debug
external-controller: 127.0.0.1:9090
external-ui: "public"
# secret: "clash-rs"
experimental:
  ignore-resolve-fail: true

profile:
  store-selected: true
  store-fake-ip: false


proxy-groups:
  - name: "relay"
    type: relay
    proxies:
      - "plain-vmess"
      - "ws-vmess"
      - "auto"
      - "fallback-auto"
      - "load-balance"
      - "select"
      - DIRECT

  - name: "relay-one"
    type: relay
    use:
      - "file-provider"

  - name: "auto"
    type: url-test
    use:
      - "file-provider"
    proxies:
      - DIRECT
    url: "http://www.gstatic.com/generate_204"
    interval: 300

  - name: "fallback-auto"
    type: fallback
    use:
      - "file-provider"
    proxies:
      - DIRECT
    url: "http://www.gstatic.com/generate_204"
    interval: 300

  - name: "load-balance"
    type: load-balance
    use:
      - "file-provider"
    proxies:
      - DIRECT
    strategy: round-robin
    url: "http://www.gstatic.com/generate_204"
    interval: 300

  - name: select
    type: select
    use:
      - "file-provider"

  - name: test 🌏
    type: select
    use:
      - "file-provider"
    proxies:
      - DIRECT

proxies:
  - name: plain-vmess
    type: vmess
    server: 10.0.0.13
    port: 16823
    uuid: b831381d-6324-4d53-ad4f-8cda48b30811
    alterId: 0
    cipher: auto
    udp: true
    skip-cert-verify: true
  - name: ws-vmess
    type: vmess
    server: 10.0.0.13
    port: 16824
    uuid: b831381d-6324-4d53-ad4f-8cda48b30811
    alterId: 0
    cipher: auto
    udp: true
    skip-cert-verify: true
    network: ws
    ws-opts:
      path: /api/v3/download.getFile
      headers:
        Host: www.amazon.com

  - name: tls-vmess
    type: vmess
    server: 10.0.0.13
    port: 8443
    uuid: 23ad6b10-8d1a-40f7-8ad0-e3e35cd38297
    alterId: 0
    cipher: auto
    udp: true
    skip-cert-verify: true
    tls: true

  - name: h2-vmess
    type: vmess
    server: 10.0.0.13
    port: 8444
    uuid: b831381d-6324-4d53-ad4f-8cda48b30811
    alterId: 0
    cipher: auto
    udp: true
    skip-cert-verify: true
    tls: true
    network: h2
    h2-opts:
      path: /ray

  - name: vmess-altid
    type: vmess
    server: tw-1.ac.laowanxiang.com
    port: 153
    uuid: 46dd0dd3-2cc0-3f55-907c-d94e54877687
    alterId: 64
    cipher: auto
    udp: true
    network: ws
    ws-opts:
      path: /api/v3/download.getFile
      headers:
        Host: 5607b9d187e655736f563fee87d7283994721.laowanxiang.com
  - name: "ss-simple"
    type: ss
    server: 10.0.0.13
    port: 8388
    cipher: aes-256-gcm
    password: "password"
    udp: true
  - name: "trojan"
    type: trojan
    server: 10.0.0.13
    port: 9443
    password: password1
    udp: true
    # sni: example.com # aka server name
    alpn:
      - h2
      - http/1.1
    skip-cert-verify: true

proxy-providers:
  file-provider:
    type: file
    path: ./ss.yaml
    interval: 300
    health-check:
      enable: true
      url: http://www.gstatic.com/generate_204
      interval: 300

rule-providers:
  file-provider:
    type: file
    path: ./rule-set.yaml
    interval: 300
    behavior: domain

rules:
  - DOMAIN,ipinfo.io,relay
  - RULE-SET,file-provider,trojan
  - GEOIP,CN,relay
  - DOMAIN-SUFFIX,facebook.com,REJECT
  - DOMAIN-KEYWORD,google,select
  - DOMAIN,google.com,select
  - SRC-IP-CIDR,192.168.1.1/24,DIRECT
  - GEOIP,CN,DIRECT
  - DST-PORT,53,trojan
  - SRC-PORT,7777,DIRECT
  - MATCH, DIRECT
...