Proxy Policy
A proxy policy indicates forwarding the request to another proxy server. Chute supports HTTP/HTTPS/SOCKS5/SOCKS5-TLS/SS/SSR/Trojan/VMess/VLESS proxy protocols.
Section [Proxy] declares proxy policies. You can create multiple proxies for different rules.
Example:
[Proxy]
ProxyHTTP = http, 1.2.3.4, 443, username, password
ProxyHTTPS = https, 1.2.3.4, 443, username, password, sni=example.com, skip-cert-verify=false
ProxySOCKS5 = socks5, 1.2.3.4, 443, username, password
ProxySOCKS5TLS = socks5-tls, 1.2.3.4, 443, username, password, sni=example.com, skip-cert-verify=false
SS = ss, 1.2.3.4, 443, method, password, obfs=post
SSR = ssr, 1.2.3.4, 443, method, password, protocol=auth_chain_f, protocol_param=user:pass, obfs=http_pose, obfs_param=example.com
Trojan = trojan, 1.2.3.4, 443, password=password, sni=example.com, skip-cert-verify=false, ws=true
VMess = vmess, 1.2.3.4, 443, uuid=uuid, sni=example.com, tls=true, ws=true
VLESS = vless, 1.2.3.4, 443, uuid=uuid, sni=example.com, xtls=true
SCHEME = scheme, ssr://....
Parameters
| Type | Username | Password | Method | TLS | XTLS | Websocket |
|---|---|---|---|---|---|---|
| HTTP | √ | √ | ||||
| HTTPS | √ | √ | TLS | |||
| Socks | √ | √ | ||||
| Socks5-TLS | √ | √ | TLS | |||
| Shdowsocks | √ | Method OBFS |
||||
| ShdowsocksR | √ | Method Protocol OBFS |
||||
| Trojan | √ | √ | TLS | WS | ||
| VMess | uuid | TLS | WS | |||
| VLESS | uuid | TLS | XTLS | WS |
Parameter for proxy with TLS
tls: Optional.
tls=true
Enable TLS transportation.
skip-cert-verify: Optional
skip-cert-verify=true
If this option is enabled, Chute will not verify the server's certificate.
sni (Default: hostname)
sni=exmaple.com
You may customize Server Name Indication (SNI) during TLS handshank. Use sni=off to turn off SNI completely. By defualt Chute will send SNI with hostname like most browsers.
Parameter for proxy with Shadowsocks
method: Required.
Current support:
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
aes-128-ctr
aes-192-ctr
aes-256-ctr
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
salsa20
chacha20
chacha20-ietf
aes-128-gcm
aes-192-gcm
aes-256-gcm
chacha20-ietf-poly1305
xchacha20-ietf-poly1305
obfs: Optional.
Current support:
tls
http
Parameter for proxy with ShadowsocksR/ShadowsocksRR/ShadowsocksR-Akarin
method: Required.
Current support:
rc4
rc4-md5-6
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
aes-128-ctr
aes-192-ctr
aes-256-ctr
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
cast5-cfb
des-cfb
idea-cfb
rc2-cfb
seed-cfb
salsa20
chacha20
chacha20-ietf
protocol: Optional.
Current support:
origin
auth_sha1
auth_sha1_v2
auth_sha1_v4
auth_aes128_md5
auth_aes128_sha1
auth_chain_a
auth_chain_b
auth_chain_c
auth_chain_d
auth_chain_e
auth_chain_f
auth_akarin_rand
auth_akarin_spec_a
protocol_param: Optional.
obfs: Optional.
Current support:
plain
http_simple
http_post
tls1.2_ticket_auth
obfs_param: Optional.
Parameter for proxy with WebSocket
ws: Optional.
ws=true
Enable WebSocket transportation.
ws-path: Optional.
ws-path=/exmaple
Change the path of the WebSocket HTTP request.
ws-headers: Optional.
ws-headers=Header1:Value1|Header2:Value2
Modify the HTTP header of WebSocket HTTP request.
Parameter for proxy with XTLS
xtls: Optional.
xtls=true
Enable XTLS transportation. Only xtls-rprx-direct flow is supported.
skip-cert-verify: Optional
skip-cert-verify=true
Same as TLS.
sni (Default: hostname)
sni=exmaple.com
Same as TLS.
TCP Fast Open (Experimental)
tfo: Optional
tfo=true
More information of TCP fast open could be read in Wikipedia. Enable TCP fast open may could unexpected connection fail.