Proxy Policy

A proxy policy indicates forwarding the request to another proxy server. Chute supports HTTP/HTTPS/SOCKS5/SOCKS5-TLS/SS/SSR proxy protocols.

Section [Proxy] declares proxy policies. You can create multiple proxies for different rules.

Example:

[Proxy]
ProxyHTTP = http, 1.2.3.4, 443, username, password
ProxyHTTPS = https, 1.2.3.4, 443, username, password, sni=example.com, skip-cert-verify=false
ProxySOCKS5 = socks5, 1.2.3.4, 443, username, password
ProxySOCKS5TLS = socks5-tls, 1.2.3.4, 443, username, password, sni=example.com, skip-cert-verify=false
SS = ss, 1.2.3.4, 443, method, password, obfs=post
SSR = ssr, 1.2.3.4, 443, method, password, protocol=auth_chain_f, protocol_param=user:pass, obfs=http_pose, obfs_param=example.com
Trojan = trojan, 1.2.3.4, 443, password=password, sni=example.com, skip-cert-verify=false, ws=true
VMess = vmess, 1.2.3.4, 443, uuid=uuid, sni=example.com, tls=true, ws=true
SCHEME = scheme, ssr://....

Parameters

TCP Fast Open (Experimental)

tfo: Optional, "true" or "false" (Default: false).

tfo=true

More information of TCP fast open could be read in Wikipedia. Enable TCP fast open may could unexpected connection fail.

Parameter for proxy with TLS (https, socks5-tls, Trojan, VMess)

skip-cert-verify: Optional, "true" or "false" (Default: false).

If this option is enabled, Chute will not verify the server's certificate.

sni (Default: hostname)

sni=exmaple.com

You may customize Server Name Indication (SNI) during TLS handshank. Use sni=off to turn off SNI completely. By defualt Chute will send SNI with hostname like most browsers.

Parameter for proxy with SS (Shadowsocks)

method: Required.

Current support:

rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
aes-128-ctr
aes-192-ctr
aes-256-ctr
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
salsa20
chacha20
chacha20-ietf
aes-128-gcm
aes-192-gcm
aes-256-gcm
chacha20-ietf-poly1305
xchacha20-ietf-poly1305

obfs: Optional.

Current support:

tls
http

Parameter for proxy with SSR (ShadowsocksR, ShadowsocksRR, ShadowsocksR-Akarin)

method: Required.

Current support:

rc4
rc4-md5-6
rc4-md5
aes-128-cfb
aes-192-cfb
aes-256-cfb
aes-128-ctr
aes-192-ctr
aes-256-ctr
bf-cfb
camellia-128-cfb
camellia-192-cfb
camellia-256-cfb
cast5-cfb
des-cfb
idea-cfb
rc2-cfb
seed-cfb
salsa20
chacha20
chacha20-ietf

protocol: Optional.

Current support:

origin
auth_sha1
auth_sha1_v2
auth_sha1_v4
auth_aes128_md5
auth_aes128_sha1
auth_chain_a
auth_chain_b
auth_chain_c
auth_chain_d
auth_chain_e
auth_chain_f
auth_akarin_rand
auth_akarin_spec_a

protocol_param: Optional.

obfs: Optional.

Current support:

plain
http_simple
http_post
tls1.2_ticket_auth

obfs_param: Optional.

Parameter for proxy with WebSocket (Trojan, VMess)

ws: Optional.

ws=true

Enable WebSocket transportation.

ws-path: Optional.

ws-path=/exmaple

Change the path of the WebSocket HTTP request.

ws-headers: Optional.

ws-headers=Header1:Value1|Header2:Value2

Modify the HTTP header of WebSocket HTTP request.