Surge个人设置参考

2024 年 10 月 25 日 星期五(已编辑)
/
101

Surge个人设置参考

免责声明

以下为我在个人使用Surge之中,为了能够得到更好的使用体验而进行的一些个性化配置,供参考。

其中部分参考了SukkaW大佬的配置指南及规则组,在此表示感谢。

不排除以下配置在你的设备上出现水土不服的情况,请自行尝试并修改。

另:请支持正版。

General片段

skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, 162.14.0.0/16, 211.99.96.0/19, 162.159.192.0/24, 162.159.193.0/24, 162.159.195.0/24, fc00::/7, fe80::/10, localhost, *.local, captive.apple.com, passenger.t3go.cn, *.ccb.com, wxh.wo.cn, *.abcchina.com, *.abcchina.com.cn, *.ccb.com.cn

跳过本地IP及常用软件代理检测域名

hijack-dns = 8.8.8.8:53, 8.8.4.4:53

劫持Google DNS请求,避免Google系产品不走Surge代理

ipv6 = false
ipv6-vif = disabled

对于代理软件来说,IPv6暂不完善,建议目前保持关闭

exclude-simple-hostnames = true
show-error-page-for-reject = true
read-etc-hosts = true

localhost等绕过代理、截拦显示错误页面、读取系统hosts

internet-test-url = http://connectivitycheck.platform.hicloud.com/generate_204
proxy-test-url = http://latency-test.skk.moe/endpoint
proxy-test-udp = [email protected]

延迟及UDP测试网址,推荐SukkaW大佬的小测试工具

dns-server = system

DNS配置,如果不是DNS劫持特别严重,建议使用自带以获得最优解析

force-http-engine-hosts = www.google.cn:80

让Surge 将TCP 连接视为HTTP 请求,可以做到Mac网关模式对其他设备的google.cn请求的重写

udp-policy-not-supported-behaviour = REJECT

不支持UDP转发的代理后续操作,建议使用REJECT防止连接泄漏

General配置合并如下:

[General]
skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, 162.14.0.0/16, 211.99.96.0/19, 162.159.192.0/24, 162.159.193.0/24, 162.159.195.0/24, fc00::/7, fe80::/10, localhost, *.local, captive.apple.com, passenger.t3go.cn, *.ccb.com, wxh.wo.cn, *.abcchina.com, *.abcchina.com.cn, *.ccb.com.cn
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
ipv6 = false
ipv6-vif = disabled
exclude-simple-hostnames = true
show-error-page-for-reject = true
read-etc-hosts = true
internet-test-url = http://connectivitycheck.platform.hicloud.com/generate_204
proxy-test-url = http://latency-test.skk.moe/endpoint
proxy-test-udp = [email protected]
dns-server = system
force-http-engine-hosts = www.google.cn:80
udp-policy-not-supported-behaviour = REJECT

Proxy和Proxy Group片段

该片段主要以自己的服务器集合和分流规则为主,最适合自己的使用习惯的就是最好的配置。

我个人是不喜欢很复杂的策略组选择,本身也没有这个需求。分流规则可以参照Github

另外:建议使用Surge的最新特性:Smart策略组,可以大幅降低对测试策略组可用性的担忧。

Rule片段

[Rule]
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/reject.conf,REJECT,extended-matching //广告拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject.conf,REJECT,extended-matching //广告拦截
RULE-SET,https://ruleset.skk.moe/List/ip/reject.conf,REJECT-DROP //广告拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-no-drop.conf,REJECT-NO-DROP,extended-matching //广告拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-drop.conf,REJECT-DROP,extended-matching //广告拦截
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/cdn.conf,Proxy,extended-matching //国外CDN
RULE-SET,https://ruleset.skk.moe/List/non_ip/ai.conf,Proxy,extended-matching //AI相关服务,可换成自己的策略组名称
RULE-SET,https://ruleset.skk.moe/List/non_ip/global.conf,Proxy,extended-matching //常见国际网站
RULE-SET,https://ruleset.skk.moe/List/non_ip/domestic.conf,DIRECT,extended-matching //常见国内网站
RULE-SET,https://ruleset.skk.moe/List/non_ip/lan.conf,DIRECT //本地服务
RULE-SET,https://ruleset.skk.moe/List/ip/telegram.conf,Proxy //Telegram
PROCESS-NAME,Telegram,REJECT-DROP //Telegram,结合上一条使用
RULE-SET,https://ruleset.skk.moe/List/ip/lan.conf,DIRECT //本地服务-ip
RULE-SET,https://ruleset.skk.moe/List/non_ip/direct.conf,DIRECT,extended-matching //直连的服务
RULE-SET,https://ruleset.skk.moe/List/ip/domestic.conf,DIRECT //常见国内ip
RULE-SET,https://ruleset.skk.moe/List/ip/china_ip.conf,DIRECT //国内ip
FINAL,Proxy,dns-failed //回退

Rule字段使用了SukkaW大佬的规则组,根据自己的实际情况进行了删减,具体可见SukkaW

Host片段

github.com = server:1.1.1.1 // Github
*.github.com = server:1.1.1.1 // Github
*.githubusercontent.com = server:1.1.1.1 // Github

由于目前国内多数运营商对Github进行了DNS污染,以上配置对Github网址使用1.1.1.1DNS解析。

MITM&Script

MITM及脚本功能主要看个人需求,脚本搜寻可以关注NobyDa大佬的TG频道

以下是我目前在用的一些脚本,可以参考一下。

Ali-Point = type=cron,cronexp="0 6,13 * * *",timeout=600,script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/aliyun_web/aliyun_web.js,script-update-interval=259200
AliYun_Checkin = type=cron,cronexp=44 6 * * *,script-path=https://gist.githubusercontent.com/Sliverkiss/33800a98dcd029ba09f8b6fc6f0f5162/raw/aliyun.js,script-update-interval=259200,timeout=600
Amap_Checkin = type=cron,cronexp=47 6 * * *,timeout=60,script-path=https://raw.githubusercontent.com/wf021325/qx/master/task/ampDache.js,script-update-interval=259200
Longfor_Checkin = type=cron,cronexp=42 6 * * *,script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/lhtj/lhtj.js,script-update-interval=259200,timeout=120
Ali_Points = type=http-response,pattern=^https?:\/\/developer\.aliyun\.com\/developer\/api\/my\/user\/getUser,requires-body=1,max-size=0,binary-body-mode=0,timeout=60,script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/aliyun_web/aliyun_web.js,script-update-interval=259200
# AliYun_Cookie = type=http-request,pattern=^https:\/\/(auth|aliyundrive)\.alipan\.com\/v2\/account\/token,requires-body=1,max-size=0,binary-body-mode=0,script-path=https://gist.githubusercontent.com/Sliverkiss/33800a98dcd029ba09f8b6fc6f0f5162/raw/aliyun.js,script-update-interval=259200
# Amap_Cookie = type=http-response,pattern=^https:\/\/(m5(|-zb)|dache)\.amap\.com\/(ws\/yuece\/(act|openapi\/activity\/current)\/query|common\/(alipaymini|wxmini)\?_ENCRYPT=),requires-body=1,max-size=0,binary-body-mode=0,script-path=https://raw.githubusercontent.com/wf021325/qx/master/task/ampDache.js,script-update-interval=0
# Longfor_Cookie = script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/lhtj/lhtj.js,timeout=60,tag=龙湖天街获取Cookie,type=http-request,pattern=^https?:\/\/gw2c\-hw\-open\.longfor\.com\/lmarketing\-task\-api\-mvc\-prod\/openapi\/task\/v1\/signature\/clock,requires-body=0,script-update-interval=0

分别是阿里云签到脚本、阿里云盘签到、高德打车签到、龙湖天街签到,下面四个是Cookie获取的脚本。

对应hostname需添加:

hostname = developer.aliyun.com, *.amap.com, auth.alipan.com, auth.aliyundrive.com, gw2c-hw-open.longfor.com

模块

参照LoonKissSurge Repository,请自行挑选所需的模块,感恩各路大佬无私奉献。

广电网络特殊配置

由于广电网络设施并不完善,在使用微信的过程中大概率会出现连接中/收取中长时间转圈的情况,以下配置经测试后可以有效改善。

垃圾广电,已经销卡了,换成了网络更差的联通

AND,((SUBNET,TYPE:CELLULAR), (OR,((PROTOCOL,UDP), (PROTOCOL,QUIC))), (DEST-PORT,443)),REJECT-NO-DROP

以上添加至[Rule]中,丢弃443端口的所有UDP及QUIC请求

*.qq.com = server:101.226.4.6 // QQ
*.qlogo.cn = server:101.226.4.6 // 腾讯头像
*.qpic.cn = server:101.226.4.6 // 腾讯图片
*.weixin.qq.com = server:101.226.4.6 // 微信
*.wx.qq.com = server:101.226.4.6 // 微信
*.weixin.com = server:101.226.4.6 // 微信
*.weixinbridge.com = server:101.226.4.6 // 微信公众平台
*.wechat.com = server:101.226.4.6 // WeChat
*.servicewechat.com = server:101.226.4.6 // 微信小程序

以上添加至[Host]中,将微信相关域名使用360DNS进行解析

以上是测试后的可用配置,能大幅改善微信转圈的问题,如果你有更好配置,欢迎评论分享。

使用社交账号登录

  • Loading...
  • Loading...
  • Loading...
  • Loading...
  • Loading...