原来一直在用机场订阅自带的配置,这回快到期了想换换,同时在用多家,顺便学习了一下 Surge 配置。

一些教程和指引

一些仓库

常见的配置方法

黑名单模式:除了我规定的走代理,剩下统统走直连。

白名单模式:除了我规定的走直连,剩下统统走代理。

我个人是觉得白名单模式比较好,省事儿,搭配一些需要直连的规则和 GEOIP,CN,DIRECT 很方便。

配置思路就是:

  • 把特殊的规则放在最上面,比如 JetBrains 在国内是可以访问的,Steam 下载游戏和 BT 之类的没必要走代理浪费流量。
  • 需要配置开关的,可以单独弄一个类型,比如是测速时是走代理还是直连的 SpeedTest。
  • 接下来是国内的规则集,命中就直连。
    • 还有一个 ChinaMax 规则集,比较大,我没试过。
  • 最后是判断 GeoIP,是 CN 的就直连
  • 规则全部检查完了,FINAL 走代理。

我的配置

[General]
loglevel = notify
skip-proxy = 127.0.0.1, 192.168.0.0/16, 193.168.0.0/24, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
exclude-simple-hostnames = true
internet-test-url = http://taobao.com/
proxy-test-url = http://cp.cloudflare.com/generate_204
test-timeout = 2
geoip-maxmind-url = https://github.com/Hackl0us/GeoIP2-CN/raw/release/Country.mmdb
dns-server = 223.5.5.5, 223.6.6.6, 119.29.29.29, 114.114.114.114, system
# encrypted-dns-server = https://dns.alidns.com/dns-query
# encrypted-dns-server = https://doh.pub/dns-query
use-local-host-item-for-proxy = true
show-error-page-for-reject = true
ipv6 = false

[Proxy]
🇨🇳Direct = direct
⛔️Reject = reject

[Proxy Group]
Final = select, 🌎Proxy, 🇨🇳Direct
SpeedTest = select, 🇨🇳Direct, 🌎Proxy
🛡Guard = select, ⛔️Reject, 🇨🇳Direct
🌎Proxy = select, 机场1, 机场2
机场1 = url-test, policy-path=订阅地址
机场2 = url-test, policy-path=订阅地址

[Rule]
# ################## 特殊 DIRECT
DOMAIN-SUFFIX,jetbrains.com,DIRECT
# ################## 特殊 🌎Proxy
DOMAIN-SUFFIX,bing.com,🌎Proxy
# ################## 下载类
PROCESS-NAME,aria2c,DIRECT
PROCESS-NAME,fdm,DIRECT
PROCESS-NAME,Folx,DIRECT
PROCESS-NAME,NetTransport,DIRECT
PROCESS-NAME,Transmission,DIRECT
PROCESS-NAME,uTorrent,DIRECT
PROCESS-NAME,WebTorrent,DIRECT
PROCESS-NAME,WebTorrent Helper,DIRECT
PROCESS-NAME,qbittorrent,DIRECT
PROCESS-NAME,Motrix,DIRECT
PROCESS-NAME,Thunder,DIRECT
PROCESS-NAME,nwjs,DIRECT // 城通网盘
PROCESS-NAME,qiyimac,DIRECT
PROCESS-NAME,QQLive,DIRECT
# ################## 规则集 https://github.com/blackmatrix7/ios_rule_script
# SystemOTA
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/SystemOTA/SystemOTA.list,DIRECT
# SteamCN
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/SteamCN/SteamCN.list,DIRECT
# 测速
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Speedtest/Speedtest.list,SpeedTest
# 去广告
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Advertising/Advertising.list,🛡Guard
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Advertising/Advertising_Domain.list,🛡Guard
# 🇨🇳国内
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/China/China.list,DIRECT
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/China/China_Domain.list,DIRECT
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/ChinaMedia/ChinaMedia.list,DIRECT
# 🌎国际
# RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GlobalMedia/GlobalMedia.list,🌎Proxy
# DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GlobalMedia/GlobalMedia_Domain.list,🌎Proxy
# RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Proxy/Proxy.list,🌎Proxy
# DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Proxy/Proxy_Domain.list,🌎Proxy
# RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Global/Global.list,🌎Proxy
# DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Global/Global_Domain.list,🌎Proxy
# 系统请求 & 局域网 & GeoIP China
RULE-SET,SYSTEM,DIRECT
RULE-SET,LAN,DIRECT
GEOIP,CN,DIRECT
# 最终
FINAL,Final,dns-failed

[Host]
amplifi.lan = server:syslib
router.synology.com = server:syslib
sila.razer.com = server:syslib
router.asus.com = server:syslib
routerlogin.net = server:syslib
orbilogin.com = server:syslib
www.LinksysSmartWiFi.com = server:syslib
LinksysSmartWiFi.com = server:syslib
myrouter.local = server:syslib
www.miwifi.com = server:syslib
miwifi.com = server:syslib
mediarouter.home = server:syslib
tplogin.cn = server:syslib
tplinklogin.net = server:syslib
melogin.cn = server:syslib
falogin.cn = server:syslib
_hotspot_.m2m = server:syslib
hotspot.cslwifi.com = server:syslib
*.lan = server:syslib

[URL Rewrite]
# wiki 的 m 移动站点及其他语言的重写
https://zh.(m.)?wikipedia.org/(wiki|zh|zh-sg|zh-tw|zh-hans)/(.*) https://zh.wikipedia.org/zh-cn/$3 302

白名单模式,除了命中的规则外,全部走代理。

Final 改成直连,解开「🌎国际」的那些规则,就是黑名单模式。

额外再用上 blackmatrix7/ios_rule_script 的一些复写和脚本去广告模块:Advertising 和 AdvertisingScript。

Firefox 额外需要手动设置,不会自动信任本地的证书。