Proxy Policy
A proxy policy indicates forwarding the request to another proxy server. Chute supports HTTP/HTTPS/SOCKS5/SOCKS5-TLS/SS/SSR proxy protocols.
Section [Proxy] declares proxy policies. You can create multiple proxies for different rules.
Example:
[Proxy]
ProxyHTTP = http, 1.2.3.4, 443, username, password
ProxyHTTPS = https, 1.2.3.4, 443, username, password, sni=example.com, skip-cert-verify=false
ProxySOCKS5 = socks5, 1.2.3.4, 443, username, password
ProxySOCKS5TLS = socks5-tls, 1.2.3.4, 443, username, password, sni=example.com, skip-cert-verify=false
SS = ss, 1.2.3.4, 443, method, password, obfs=post
SSR = ssr, 1.2.3.4, 443, method, password, protocol=auth_chain_f, protocol_param=user:pass, obfs=http_pose, obfs_param=example.com
Trojan = trojan, 1.2.3.4, 443, password=password, sni=example.com, skip-cert-verify=false, ws=true
VMess = vmess, 1.2.3.4, 443, uuid=uuid, sni=example.com, tls=true, ws=true
SCHEME = scheme, ssr://....
Parameters
TCP Fast Open (Experimental)
tfo: Optional, "true" or "false" (Default: false).
tfo=true
More information of TCP fast open could be read in Wikipedia. Enable TCP fast open may could unexpected connection fail.
Parameter for proxy with TLS (https, socks5-tls, Trojan, VMess)
skip-cert-verify: Optional, "true" or "false" (Default: false).
If this option is enabled, Chute will not verify the server's certificate.
sni (Default: hostname)
sni=exmaple.com
You may customize Server Name Indication (SNI) during TLS handshank. Use sni=off to turn off SNI completely. By defualt Chute will send SNI with hostname like most browsers.
Parameter for proxy with SS (Shadowsocks)
method: Required.
Current support:
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
aes-128-ctr
aes-192-ctr
aes-256-ctr
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
salsa20
chacha20
chacha20-ietf
aes-128-gcm
aes-192-gcm
aes-256-gcm
chacha20-ietf-poly1305
xchacha20-ietf-poly1305
obfs: Optional.
Current support:
tls
http
Parameter for proxy with SSR (ShadowsocksR, ShadowsocksRR, ShadowsocksR-Akarin)
method: Required.
Current support:
rc4
rc4-md5-6
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
aes-128-ctr
aes-192-ctr
aes-256-ctr
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
cast5-cfb
des-cfb
idea-cfb
rc2-cfb
seed-cfb
salsa20
chacha20
chacha20-ietf
protocol: Optional.
Current support:
origin
auth_sha1
auth_sha1_v2
auth_sha1_v4
auth_aes128_md5
auth_aes128_sha1
auth_chain_a
auth_chain_b
auth_chain_c
auth_chain_d
auth_chain_e
auth_chain_f
auth_akarin_rand
auth_akarin_spec_a
protocol_param: Optional.
obfs: Optional.
Current support:
plain
http_simple
http_post
tls1.2_ticket_auth
obfs_param: Optional.
Parameter for proxy with WebSocket (Trojan, VMess)
ws: Optional.
ws=true
Enable WebSocket transportation.
ws-path: Optional.
ws-path=/exmaple
Change the path of the WebSocket HTTP request.
ws-headers: Optional.
ws-headers=Header1:Value1|Header2:Value2
Modify the HTTP header of WebSocket HTTP request.