########################################## # __ _ _ ___ ____ ___ # / /`_ | | | | | | \ | |_ | |_) # \_\_/ |_|__ |_| |_|_/ |_|__ |_| \ # # Glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq). # # We can set up local listeners as proxy, and forward requests to internet via forwarders. # # |Forwarder ----------------->| # Listener --> | | Internet # |Forwarder --> Forwarder->...| # # ----------------------------------------------------------- # # This is a sample configuration file for glider. # # Format is one option per line, legal options are the same # as the options legal on the command line. See "glider -help" for details. # # Comment line starts with "#", values set in the format: # KEY=VALUE # # ----------------------------------------------------------- # Verbose mode, print logs verbose=True # LISTENERS # --------- # Local listeners, we can set up multiple listeners on different port with # different protocols. # listen on 8443, serve as http/socks5 proxy on the same port. # listen=:8443 listen=127.0.0.1:8443 # listen on 8448 as a ss server. # listen=ss://AEAD_CHACHA20_POLY1305:pass@:8448 # listen on 8080 as a http proxy server. # listen=http://:8080 # listen on 1080 as a socks5 proxy server. # listen=socks5://:1080 # listen on 1234 as vless proxy server. # listen=vless://uuid@:1234 # listen on 1234 as vless proxy server, fallback to 127.0.0.1:8080 http server when client auth failed. # listen=vless://uuid@:1234?fallback=127.0.0.1:8080 # listen on 1081 as a linux transparent proxy server. # listen=redir://:1081 # listen on 1082 as a linux transparent proxy server(tproxy). # listen=tproxy://:1082 # http over tls (HTTPS proxy) # listen=tls://:443?cert=crtFilePath&key=keyFilePath,http:// # ss over tls # listen=tls://:443?cert=crtFilePath&key=keyFilePath,ss://AEAD_CHACHA20_POLY1305:pass@ # socks5 over unix domain socket # listen=unix:///dev/shm/socket,socks5:// # socks5 over vm socket # listen=vsock://:1234,socks5:// # socks5 over kcp # listen=kcp://aes:key@127.0.0.1:8444?dataShards=10&parityShards=3&mode=fast,socks5:// # vless server # listen=vless://UUID@:1234 # vless over tls server # listen=tls://:1234?cert=/path/to/cert&key=/path/to/key,vless://UUID@?fallback=127.0.0.1:80 # vless over ws # listen=ws://:1234/path?host=domain.com,vless://707f20ea-d4b8-4d1d-8e2e-2c86cb2ed97a@?fallback=127.0.0.1:80 # trojan server # listen=trojan://PASSWORD@:1234?cert=/path/to/cert&key=/path/to/key&fallback=127.0.0.1 # trojanc server (trojan without tls) # listen=trojanc://PASSWORD@:1234?fallback=127.0.0.1 # FORWARDERS # ---------- # Forwarders, we can setup multiple forwarders. # forward=SCHEME#OPTIONS # FORWARDER OPTIONS # priority: set the priority of that forwarder, default:0 # interface: set local interface or ip address used to connect remote server # Socks5 proxy as forwarder # forward=socks5://192.168.1.10:1080 # Socks5 proxy as forwarder with priority 100 # forward=socks5://192.168.1.10:1080#priority=100 # Socks5 proxy as forwarder with priority 100 and use `eth0` as source interface # forward=socks5://192.168.1.10:1080#priority=100&interface=eth0 # Socks5 proxy as forwarder with priority 100 and use `192.168.1.100` as source ip # forward=socks5://192.168.1.10:1080#priority=100&interface=192.168.1.100 # SS proxy as forwarder # forward=ss://method:pass@1.1.1.1:8443 # SSR proxy as forwarder # forward=ssr://method:pass@1.1.1.1:8443?protocol=auth_aes128_md5&protocol_param=xxx&obfs=tls1.2_ticket_auth&obfs_param=yyy # ssh forwarder # forward=ssh://user[:pass]@host:port[?key=keypath&timeout=SECONDS] # forward=ssh://root:pass@host:port # forward=ssh://root@host:port?key=/path/to/keyfile # forward=ssh://root@host:port?key=/path/to/keyfile&timeout=5 # http proxy as forwarder # forward=http://1.1.1.1:8080 # trojan as forwarder # forward=trojan://PASSWORD@1.1.1.1:8080[?serverName=SERVERNAME][&skipVerify=true] # trojanc as forwarder # forward=trojanc://PASSWORD@1.1.1.1:8080 # vless forwarder # forward=vless://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443 # vmess with aead auth # forward=vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443 # vmess with md5 auth (by setting alterID) # forward=vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2 # vmess over tls # forward=tls://server.com:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98 # vmess over websocket # forward=ws://1.1.1.1:80/path?host=server.com,vmess://chacha20-poly1305:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@ # vmess over ws over tls # forward=tls://server.com:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98 # forward=tls://server.com:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98 # ss over tls # forward=tls://server.com:443,ss://AEAD_CHACHA20_POLY1305:pass@ # ss over kcp # forward=kcp://aes:key@127.0.0.1:8444?dataShards=10&parityShards=3&mode=fast,ss://AEAD_CHACHA20_POLY1305:pass@ # ss with simple-obfs # forward=simple-obfs://1.1.1.1:443?type=tls&host=apple.com,ss://AEAD_CHACHA20_POLY1305:pass@ # socks5 over unix domain socket # forward=unix:///dev/shm/socket,socks5:// # FORWARDER CHAIN # --------------- # We can setup a forward chain using 1 forward option, # use comma to separate different upstream forward proxies. #forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080 # FORWARDE STRATEGY # ----------------- # If we set up multiple forwarders, we can use them in our own strategy. # Round Robin mode: rr # High Availability mode: ha # Latency based High Availability mode: lha # Destination Hashing mode: dh strategy=rr # FORWARDER SETTINGS # ------------------ # We can set some parameters for forwarders. # forwarder will be set to disabled on how many failures counted(both dial and relay). maxfailures=3 # timeout for create a connection(seconds) # dialtimeout=3 # timeout for relay data from proxy server and client(seconds) # DO NOT change it if you don't know what will happen. # relaytimeout=0 # FORWARDERS CHECK # ---------------- # We can check whether a forwarder is available. # Forwarder health check: # check=tcp[://HOST:PORT]: tcp port connect check # check=http://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE] # check=https://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE] # e.g. check=https://www.netflix.com/title/81215567#expect=301|404 # check=file://SCRIPT_PATH: run a check script, healthy when exitcode=0, environment variables: FORWARDER_ADDR,FORWARDER_URL # check=disable: disable health check check=http://www.msftconnecttest.com/connecttest.txt#expect=200 # check interval(seconds) checkinterval=30 # timeout to set a forwarder to be disabled(seconds) checktimeout=10 # switch forwarder only when new_latency < old_latency - tolerance, used in lha mode checktolerance=100 # use the average latency of the latest N checks checklatencysamples=10 # check disabled fowarders only checkdisabledonly=false # DNS FORWARDING SERVER # ---------------- # we can specify different upstream dns server in rule file for different destinations. # Setup a dns forwarding server # dns=:53 # global remote dns server (you can specify different dns server in rule file) dnsserver=8.8.8.8:53 dnsserver=1.1.1.1:53 # By default, when glider received udp dns request and there's no forwarder specified, # it will use udp to query upstream dns servers, otherwise, use tcp; # you can set dnsalwaystcp=true to always use tcp no matter there is a forwarder or not. # dnsalwaystcp=false # timeout value used in multiple dnsservers switch(seconds) dnstimeout=3 # maximum TTL value for entries in the CACHE(seconds) dnsmaxttl=1800 # minimum TTL value for entries in the CACHE(seconds) dnsminttl=0 # size of CACHE dnscachesize=4096 # show query log of dns cache dnscachelog=True # disable AAAA queries # dnsnoaaaa=True # custom records dnsrecord=www.example.com/1.2.3.4 dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946 # SERVICES # service=dhcpd,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...] # service=dhcpd-failover,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...] # e.g.: # service=dhcpd,eth1,192.168.1.100,192.168.1.199,720 # service=dhcpd,eth2,192.168.2.100,192.168.2.199,720,fc:23:34:9e:25:01=192.168.2.101,fc:23:34:9e:25:02=192.168.2.102 # INTERFACE SPECIFIC # ------------------ # Specify global outbound ip/interface. # # interface="" # interface="192.168.1.100" # interface="eth0" # # Specify interface for a forwarder: # forward=socks5://192.168.1.10:1080#priority=100&interface=eth0 # forward=socks5://192.168.1.10:1080#priority=100&interface=192.168.1.100 # RULE FILES # ---------- # Specify additional forward rules. # # specify rules folder, so all *.rule files under this folder will be parsed as rule file # rules-dir=rules.d # # specify a rule file #rulefile=office.rule #rulefile=home.rule # INCLUDE CONFIG FILES # ---------- #include=dnsrecord.inc.conf #include=more.conf # ENVIRONMENT VARIABLES # ---------- # use {$ENV_VAR_NAME} in VALUE to get the Environment Variable value. # forward=socks5://{$USER_NAME}:{$USER_PASS}@:1080