glider/config/glider.conf.example

##########################################
#    __    _     _   ___   ____  ___  
#   / /`_ | |   | | | | \ | |_  | |_) 
#   \_\_/ |_|__ |_| |_|_/ |_|__ |_| \ 
#
# Glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).
#
# We can set up local listeners as proxy, and forward requests to internet via forwarders.
#
#                |Forwarder ----------------->|         
#   Listener --> |                            | Internet
#                |Forwarder --> Forwarder->...| 
# 
# -----------------------------------------------------------
#
# This is a sample configuration file for glider.
# 
# Format is one option per line, legal options are the same
# as the options legal on the command line. See "glider -help" for details.
#
# Comment line starts with "#", values set in the format: 
# KEY=VALUE
#
# -----------------------------------------------------------

# Verbose mode, print logs
verbose=True

# LISTENERS
# ---------
# Local listeners, we can set up multiple listeners on different port with
# different protocols.

# listen on 8443, serve as http/socks5 proxy on the same port.
listen=:8443

# listen on 8448 as a ss server.
# listen=ss://AEAD_CHACHA20_POLY1305:pass@:8448

# listen on 8080 as a http proxy server.
listen=http://:8080

# listen on 1080 as a socks5 proxy server.
listen=socks5://:1080

# listen on 1234 as vless proxy server.
# listen=vless://uuid@:1234
# listen on 1234 as vless proxy server, fallback to 127.0.0.1:8080 http server when client auth failed.
# listen=vless://uuid@:1234?fallback=127.0.0.1:8080

# listen on 1081 as a linux transparent proxy server.
# listen=redir://:1081

# http over tls (HTTPS proxy)
# listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://

# ss over tls
# listen=tls://:443?cert=crtFilePath&key=keyFilePath,ss://AEAD_CHACHA20_POLY1305:pass@

# socks5 over unix domain socket
# listen=unix:///tmp/glider.socket,socks5://

# socks5 over kcp
# listen=kcp://aes:key@127.0.0.1:8444?dataShards=10&parityShards=3&mode=fast,socks5://

# vless server
# listen=vless://UUID@:1234

# vless over tls server
# listen=tls://:1234?cert=/path/to/cert&key=/path/to/key,vless://UUID@?fallback=127.0.0.1:80

# vless over ws
# listen=ws://:1234/path?host=domain.com,vless://707f20ea-d4b8-4d1d-8e2e-2c86cb2ed97a@?fallback=127.0.0.1:80

# trojan server
# listen=trojan://PASSWORD:1234?cert=/path/to/cert&key=/path/to/key&fallback=127.0.0.1

# trojanc server (trojan without tls)
# listen=trojanc://PASSWORD:1234?fallback=127.0.0.1

# FORWARDERS
# ----------
# Forwarders, we can setup multiple forwarders.
# forward=SCHEME#OPTIONS

# FORWARDER OPTIONS
# priority: set the priority of that forwarder, default:0
# interface: set local interface or ip address used to connect remote server

# Socks5 proxy as forwarder
# forward=socks5://192.168.1.10:1080

# Socks5 proxy as forwarder with priority 100
# forward=socks5://192.168.1.10:1080#priority=100

# Socks5 proxy as forwarder with priority 100 and use `eth0` as source interface
# forward=socks5://192.168.1.10:1080#priority=100&interface=eth0

# Socks5 proxy as forwarder with priority 100 and use `192.168.1.100` as source ip
# forward=socks5://192.168.1.10:1080#priority=100&interface=192.168.1.100

# SS proxy as forwarder
# forward=ss://method:pass@1.1.1.1:8443

# SSR proxy as forwarder
# forward=ssr://method:pass@1.1.1.1:8443?protocol=auth_aes128_md5&protocol_param=xxx&obfs=tls1.2_ticket_auth&obfs_param=yyy

# ssh forwarder
# forward=ssh://user[:pass]@host:port[?key=keypath]
# forward=ssh://root:pass@host:port
# forward=ssh://root@host:port?key=/path/to/keyfile

# http proxy as forwarder
# forward=http://1.1.1.1:8080

# trojan as forwarder
# forward=trojan://PASSWORD@1.1.1.1:8080[?serverName=SERVERNAME][&skipVerify=true]

# trojanc as forwarder
# forward=trojanc://PASSWORD@1.1.1.1:8080

# vless forwarder
# forward=vless://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443

# vmess with none security
# forward=vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2

# vmess with aes-128-gcm security
# forward=vmess://aes-128-gcm:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2

# vmess over tls
# forward=tls://server.com:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2

# vmess over websocket
# forward=ws://1.1.1.1:80/path?host=server.com,vmess://chacha20-poly1305:5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2

# vmess over ws over tls
# forward=tls://server.com:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# forward=tls://server.com:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2

# ss over tls
# forward=tls://server.com:443,ss://AEAD_CHACHA20_POLY1305:pass@

# ss over kcp
# forward=kcp://aes:key@127.0.0.1:8444?dataShards=10&parityShards=3&mode=fast,ss://AEAD_CHACHA20_POLY1305:pass@

# ss with simple-obfs
# forward=simple-obfs://1.1.1.1:443?type=tls&host=apple.com,ss://AEAD_CHACHA20_POLY1305:pass@

# socks5 over unix domain socket
# forward=unix:///tmp/glider.socket,socks5://

# FORWARDER CHAIN
# ---------------
# We can setup a forward chain using 1 forward option, 
# use comma to separate different upstream forward proxies.
#forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080


# FORWARDE STRATEGY
# -----------------
# If we set up multiple forwarders, we can use them in our own strategy.

# Round Robin mode: rr
# High Availability mode: ha
# Latency based High Availability mode: lha
# Destination Hashing mode: dh
strategy=rr

# FORWARDER SETTINGS
# ------------------
# We can set some parameters for forwarders.

# forwarder will be set to disabled on how many failures counted(both dial and relay).
maxfailures=3

# timeout for create a connection(seconds)
# dialtimeout=3

# timeout for relay data from proxy server and client(seconds)
# DO NOT change it if you don't know what will happen. 
# relaytimeout=0


# FORWARDERS CHECK
# ----------------
# We can check whether a forwarder is available.

# Forwarder health check:
# check=tcp[://HOST:PORT]: tcp port connect check
# check=http://HOST[:PORT][/URI][#expect=STRING_IN_RESP_LINE]
# check=file://SCRIPT_PATH: run a check script, healthy when exitcode=0, environment variables: FORWARDER_ADDR
# check=disable: disable health check
check=http://www.msftconnecttest.com/connecttest.txt#expect=200

# check interval(seconds)
checkinterval=30

# timeout to set a forwarder to be disabled(seconds)
checktimeout=10

# switch forwarder only when new_latency < old_latency - tolerance, used in lha mode
checktolerance=100

# check disabled fowarders only
checkdisabledonly=false

# DNS FORWARDING SERVER
# ----------------
# we can specify different upstream dns server in rule file for different destinations.

# Setup a dns forwarding server
dns=:53

# global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53
dnsserver=1.1.1.1:53

# By default, when glider received udp dns request and there's no forwarder specified, 
# it will use udp to query upstream dns servers, otherwise, use tcp;
# you can set dnsalwaystcp=true to always use tcp no matter there is a forwarder or not.
# dnsalwaystcp=false

# timeout value used in multiple dnsservers switch(seconds)
dnstimeout=3

# maximum TTL value for entries in the CACHE(seconds)
dnsmaxttl=1800

# minimum TTL value for entries in the CACHE(seconds)
dnsminttl=0

# size of CACHE
dnscachesize=4096

# custom records
dnsrecord=www.example.com/1.2.3.4
dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946

# SERVICES
# service=dhcpd,INTERFACE,START_IP,END_IP
# e.g.:
# service=dhcpd,eth1,192.168.50.100,192.168.50.199

# INTERFACE SPECIFIC
# ------------------
# Specify the outbound ip/interface.
# 
# interface=""
# interface="192.168.1.100"
# interface="eth0"

# RULE FILES
# ----------
# Specify additional forward rules.

# specify rules folder, so all *.rule files under this folder will be parsed as rule file
rules-dir=rules.d

# specify a rule file
#rulefile=office.rule
#rulefile=home.rule


# INCLUDE MORE CONFIG FILES
#include=dnsrecord.inc.conf
#include=more.conf