Base Configuration (Experimental Feature)
⚠️ If you're not familiar with Sing-Box/Clash/Surge configuration structures, please don't enable this feature. It's currently in experimental phase and may encounter unexpected issues.
Sublink Worker allows you to upload custom base configurations to use as templates when converting subscriptions. This capability is designed for advanced users, with configs stored in KV for 30 days by default.
Feature Overview
- Supports Sing-Box, Clash, and Surge configuration templates.
- Paste configuration content in the frontend or via
/configAPI to generate a uniqueconfigId. - When requesting
/singbox,/clash, or/surge, attachconfigIdto use your custom template for config generation. - Configs in KV undergo format validation; failures return 400.
Default Templates
Sing-Box
json
{
"dns": {
"servers": [
{ "type": "tcp", "tag": "dns_proxy", "server": "1.1.1.1", "detour": "🚀 节点选择", "domain_resolver": "dns_resolver" },
{ "type": "https", "tag": "dns_direct", "server": "dns.alidns.com", "domain_resolver": "dns_resolver" },
{ "type": "udp", "tag": "dns_resolver", "server": "223.5.5.5" },
{ "type": "fakeip", "tag": "dns_fakeip", "inet4_range": "198.18.0.0/15", "inet6_range": "fc00::/18" }
],
"rules": [
{ "rule_set": "geolocation-!cn", "query_type": ["A", "AAAA"], "server": "dns_fakeip" },
{ "rule_set": "geolocation-!cn", "query_type": ["CNAME"], "server": "dns_proxy" },
{ "query_type": ["A", "AAAA", "CNAME"], "invert": true, "action": "predefined", "rcode": "REFUSED" }
],
"final": "dns_direct",
"independent_cache": true
},
"ntp": { "enabled": true, "server": "time.apple.com", "server_port": 123, "interval": "30m" },
"inbounds": [
{ "type": "mixed", "tag": "mixed-in", "listen": "0.0.0.0", "listen_port": 2080 },
{ "type": "tun", "tag": "tun-in", "address": "172.19.0.1/30", "auto_route": true, "strict_route": true, "stack": "mixed", "sniff": true },
{ "type": "socks", "listen": "127.0.0.1", "listen_port": 2081, "tag": "REJECT-in" }
],
"outbounds": [
{ "type": "socks", "server": "127.0.0.1", "server_port": 2081, "tag": "REJECT" },
{ "type": "direct", "tag": "DIRECT" }
],
"route": {
"default_domain_resolver": "dns_resolver",
"rule_set": [
{ "tag": "geosite-geolocation-!cn", "type": "local", "format": "binary", "path": "geosite-geolocation-!cn.srs" }
],
"rules": [ { "inbound": ["DIRECT-in"], "action": "direct" } ]
},
"experimental": {
"cache_file": { "enabled": true, "store_fakeip": true },
"clash_api": { "external_controller": "127.0.0.1:9090", "external_ui": "dashboard" }
}
}Clash
yaml
port: 7890
socks-port: 7891
allow-lan: false
mode: Rule
log-level: info
dns:
enable: true
ipv6: true
respect-rules: true
enhanced-mode: fake-ip
nameserver:
- https://120.53.53.53/dns-query
- https://223.5.5.5/dns-query
proxy-server-nameserver:
- https://120.53.53.53/dns-query
- https://223.5.5.5/dns-query
nameserver-policy:
geosite:cn,private:
"https://120.53.53.53/dns-query"
"https://223.5.5.5/dns-query"
geosite:geolocation-!cn:
"https://dns.cloudflare.com/dns-query"
"https://dns.google/dns-query"Surge
Surge base configs can use either JSON or Surge's native INI/Conf format. When saving via the frontend, INI content is automatically converted to JSON and stored in KV. The example below matches the repository's default
SURGE_CONFIGand can be used directly as a custom starting point.
json
{
"general": {
"allow-wifi-access": false,
"wifi-access-http-port": 6152,
"wifi-access-socks5-port": 6153,
"http-listen": "127.0.0.1:6152",
"socks5-listen": "127.0.0.1:6153",
"allow-hotspot-access": false,
"skip-proxy": "127.0.0.1,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,100.64.0.0/10,17.0.0.0/8,localhost,*.local,*.crashlytics.com,seed-sequoia.siri.apple.com,sequoia.apple.com",
"test-timeout": 5,
"proxy-test-url": "http://cp.cloudflare.com/generate_204",
"internet-test-url": "http://www.apple.com/library/test/success.html",
"geoip-maxmind-url": "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb",
"ipv6": false,
"show-error-page-for-reject": true,
"dns-server": "119.29.29.29, 180.184.1.1, 223.5.5.5, system",
"encrypted-dns-server": "https://223.5.5.5/dns-query",
"exclude-simple-hostnames": true,
"read-etc-hosts": true,
"always-real-ip": "*.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.logon.battlenet.com.cn, *.logon.battle.net, stun.l.google.com, easy-login.10099.com.cn,*-update.xoyocdn.com, *.prod.cloud.netflix.com, appboot.netflix.com, *-appboot.netflix.com",
"hijack-dns": "*:53",
"udp-policy-not-supported-behaviour": "REJECT",
"hide-vpn-icon": false
},
"replica": {
"hide-apple-request": true,
"hide-crashlytics-request": true,
"use-keyword-filter": false,
"hide-udp": false
}
}Constraints & Best Practices
- Format Requirements
- Sing-Box templates must be valid JSON; Surge templates can be JSON or valid Surge INI/Conf (UI auto-converts to JSON); Clash templates must be valid YAML.
- Client configs are not interchangeable and won't auto-convert missing fields.
- Reserved Fields
- The system won't automatically add nodes like
blockordirect; ensure they're declared in your template. - We recommend only adjusting DNS, NTP, proxy policies, etc., while keeping core structure stable.
- The system won't automatically add nodes like
- Saving & Sharing
- Click the frontend's "Save Base Config" button or call the
/configAPI. - On success, a
configIdis returned. AppendconfigId=xxxto access URLs to reuse it.
- Click the frontend's "Save Base Config" button or call the
- Validation Process
- Validate format with local clients before submitting.
- If validation fails during save, the API returns 400 with error reason.
API Example: Save Config
bash
curl -X POST https://<worker-domain>/config \
-H 'Content-Type: application/json' \
-d '{
"type": "clash",
"content": "port: 7890\\nmode: Rule"
}'Response looks like
{"configId": "clash_abc123"}, which can be directly referenced in/clash?config=<...>&configId=clash_abc123.