Linux使用clash

概述

因为需要科学上网，解决代码在外网无法下载的问题。

步骤

一、下载clash

clash下载地址：https://github.com/Dreamacro/clash/releases

选择匹配的版本进行下载，此次环境为Linux环境。

将下载的包上传至Linux系统，或者直接使用wget下载链接下载至系统

[root@localhost ~]# wget https://github.com/Dreamacro/clash/releases/download/v1.17.0/clash-linux-amd64-v1.17.0.gz

二、安装clash

[root@localhost ~]# gzip -d clash-linux-amd64-v1.1
[root@localhost ~]# mv clash-linux-amd64-v1.17.0 clash7.0.gz
[root@localhost ~]# mkdir -p /usr/local/clash
[root@localhost ~]# mv clash /usr/local/clash/
[root@localhost ~]# ln -s /usr/local/clash/clash  /usr/local/bin/clash
[root@localhost ~]# clash -v
Clash v1.17.0 linux amd64 with go1.20.5 Fri Jun 30 13:06:20 UTC 223

三、下载Country.mmdb地理数据库文件

下载地址：https://github.com/Dreamacro/maxmind-geoip/releases/

下载完毕后，上传至/usr/local/clash目录下，也可以使用wget直接下载。

root@localhost clash]# wget https://github.com/Dreamacro/maxmind-geoip/releases/download/20230612/Country.mmdb
[root@localhost clash]# ls
clash  Country.mmdb

四、配置订阅文件

[root@localhost clash]# wget -O config.yaml 订阅url
[root@localhost clash]# ls
clash  config.yaml  Country.mmdb

编辑订阅文件(vi config.yaml)，允许局域网设备连接（可选）

五、让 Systemd 接管 clash

关闭selinux，将/etc/sysconfig/selinux中的SELINUX更改为disabled

[root@localhost clash]# getenforce 
Enforcing
[root@localhost clash]# setenforce 0
[root@localhost clash]# getenforce 
Permissive
[root@localhost clash]# vi /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# See also:
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
#
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
#    grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
#    grubby --update-kernel ALL --remove-args selinux
#
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

添加clash服务

[root@localhost clash]# vi /etc/systemd/system/clash.service
 cat /etc/systemd/system/clash.service 
[Unit]
Description=Clash - A rule-based tunnel in Go
Documentation=https://github.com/Dreamacro/clash/wiki
[Service]
OOMScoreAdjust=-1000
ExecStart=/usr/local/clash/clash -d /usr/local/clash/
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
[root@localhost clash]# systemctl daemon-reload
[root@localhost clash]# systemctl restart clash
[root@localhost clash]# systemctl status clash
● clash.service - Clash - A rule-based tunnel in Go
     Loaded: loaded (/etc/systemd/system/clash.service; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2023-07-07 22:47:30 CST; 2s ago
       Docs: https://github.com/Dreamacro/clash/wiki
   Main PID: 2451 (clash)
      Tasks: 9 (limit: 100416)
     Memory: 13.0M
        CPU: 150ms
     CGroup: /system.slice/clash.service
             └─2451 /usr/local/clash/clash -d /usr/local/clash/

7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="Start initial compatible pro>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="RESTful API listening at: [:>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="HTTP proxy listening at: [::>
7月 07 22:47:30 localhost.localdomain clash[2451]: time="2023-07-07T22:47:30+08:00" level=info msg="SOCKS proxy listening at: [:>

查看端口是否正常开放

[root@localhost clash]# ss -tnlp | grep 7890 LISTEN 0 4096 *:7890 *:* users:(("clash",pid=2451,fd=19))

六、通过网页管理clash

编辑配置文件中的external-controller可以设置端口号，该端口号需要防火墙放行，secret可以设置管理密钥。

访问网页管理

http://clash.razord.top/#/settings

七、设置Linux系统使用代理

如果clash本地系统使用，则地址使用127.0.0.1，如果局域网机器使用则需要使用安装clash软件的IP地址，并且需要开放代理端口，此案例使用本地地址。

编辑home目录下的.bashrc文件，在文件最尾端增加以下内容，重新连接即可。

export http_proxy=http://127.0.0.1:7890
export https_proxy=http://127.0.0.1:7890

2023年7月7日23:08:57