mihomo — Config Layout

mihomo reads a single YAML document at startup. The root document maps to Go struct RawConfig at config/config.go:392. Unlike Xray and sing-box, there is no top-level log block — most operational toggles are flat keys at the document root, with a small number of nested blocks for feature areas (dns, tun, profile, …).

Flat top-level keys

These are scalar fields at the document root.

Key	Go field	Type	Page	Description
port	Port	int	Basics	HTTP proxy port.
socks-port	SocksPort	int	Basics	SOCKS proxy port.
redir-port	RedirPort	int	Basics	Linux REDIRECT inbound port.
tproxy-port	TProxyPort	int	Basics	Linux TPROXY inbound port.
mixed-port	MixedPort	int	Basics	HTTP + SOCKS multiplexed port.
ss-config	ShadowSocksConfig	string	Phase 3	Shadowsocks inbound URI.
vmess-config	VmessConfig	string	Phase 3	VMess inbound URI.
inbound-tfo	InboundTfo	bool	Basics	TCP Fast Open for inbounds.
inbound-mptcp	InboundMPTCP	bool	Basics	Multipath TCP for inbounds.
authentication	Authentication	[]string	Basics	user:pass list for HTTP/SOCKS auth.
skip-auth-prefixes	SkipAuthPrefixes	[]netip.Prefix	Basics	Source CIDRs that skip authentication.
lan-allowed-ips	LanAllowedIPs	[]netip.Prefix	Basics	Allow list when allow-lan is true.
lan-disallowed-ips	LanDisAllowedIPs	[]netip.Prefix	Basics	Deny list when allow-lan is true.
allow-lan	AllowLan	bool	Basics	Bind listeners on 0.0.0.0/:: instead of localhost.
bind-address	BindAddress	string	Basics	Override the bind address (with allow-lan).
mode	Mode	T.TunnelMode	Basics	rule / global / direct.
unified-delay	UnifiedDelay	bool	Basics	Cancel proxy URL-test handshake bias.
log-level	LogLevel	log.LogLevel	Log	debug / info / warning / error / silent.
ipv6	IPv6	bool	Basics	Enable IPv6 throughout the stack.
external-controller	ExternalController	string	External Controller	RESTful API listen address.
external-controller-pipe	ExternalControllerPipe	string	External Controller	Windows named-pipe path for API.
external-controller-unix	ExternalControllerUnix	string	External Controller	Unix-socket path for API.
external-controller-tls	ExternalControllerTLS	string	External Controller	TLS-listen address.
external-controller-cors	ExternalControllerCors	RawCors	External Controller	CORS allow-list.
external-ui	ExternalUI	string	External Controller	Static-asset directory for the dashboard.
external-ui-url	ExternalUIURL	string	External Controller	Auto-download URL for the dashboard tarball.
external-ui-name	ExternalUIName	string	External Controller	Subdirectory under external-ui.
external-doh-server	ExternalDohServer	string	External Controller	DoH server endpoint hosted by mihomo.
secret	Secret	string	External Controller	Bearer-token for the API.
interface-name	Interface	string	Basics	Outbound interface binding.
routing-mark	RoutingMark	int	Basics	Linux SO_MARK for outbound sockets.
tunnels	Tunnels	[]LC.Tunnel	Phase 6	Static port-to-target tunnels.
geo-auto-update	GeoAutoUpdate	bool	Geo Data	Auto-refresh geoip/geosite assets.
geo-update-interval	GeoUpdateInterval	int	Geo Data	Auto-refresh interval (hours).
geodata-mode	GeodataMode	bool	Geo Data	Use geoip.dat instead of Country.mmdb.
geodata-loader	GeodataLoader	string	Geo Data	Loader choice (memconservative vs standard).
geosite-matcher	GeositeMatcher	string	Geo Data	Matcher implementation.
tcp-concurrent	TCPConcurrent	bool	Basics	Race A/AAAA dials.
find-process-mode	FindProcessMode	process.FindProcessMode	Basics	strict / always / off.
global-client-fingerprint	GlobalClientFingerprint	string	Basics	Default uTLS fingerprint for outbounds.
global-ua	GlobalUA	string	Basics	Default HTTP User-Agent.
etag-support	ETagSupport	bool	Basics	Honor ETag on subscription fetches.
keep-alive-idle	KeepAliveIdle	int	Basics	TCP keepalive idle (seconds).
keep-alive-interval	KeepAliveInterval	int	Basics	TCP keepalive interval (seconds).
disable-keep-alive	DisableKeepAlive	bool	Basics	Disable TCP keepalive.

Nested blocks and lists

Key	Go field	Type	Page	Description
proxy-providers	ProxyProvider	map[string]map[string]any	Phase 6	Remote proxy lists.
rule-providers	RuleProvider	map[string]map[string]any	Phase 5	Remote rule sets.
proxies	Proxy	[]map[string]any	Phase 3	Outbound proxy definitions.
proxy-groups	ProxyGroup	[]map[string]any	Phase 5	Group selectors / url-test / fallback / load-balance / relay.
rules	Rule	[]string	Phase 5	Routing rules (compact string form).
sub-rules	SubRules	map[string][]string	Phase 5	Named sub-rule groups.
listeners	Listeners	[]map[string]any	Phase 3	Free-form inbound listeners.
hosts	Hosts	map[string]any	Phase 5	Static DNS overrides.
dns	DNS	RawDNS	Phase 5	DNS subsystem block.
ntp	NTP	RawNTP	NTP	Embedded NTP client.
tun	Tun	RawTun	Phase 6	TUN inbound.
tuic-server	TuicServer	RawTuicServer	Phase 3	TUIC inbound.
iptables	IPTables	RawIPTables	iptables	Linux iptables auto-configuration.
experimental	Experimental	RawExperimental	Experimental	Fingerprints, QUIC tuning, IPv4-in-IPv6 conversion.
profile	Profile	RawProfile	Profile	Persisted state (selected proxy, fake-ip cache).
geox-url	GeoXUrl	RawGeoXUrl	Geo Data	Download URLs for the four geo asset files.
sniffer	Sniffer	RawSniffer	Sniffer	Connection sniffing (TLS SNI, HTTP Host, QUIC).
tls	TLS	RawTLS	TLS	Default TLS material for inbounds.
clash-for-android	ClashForAndroid	RawClashForAndroid	Clash for Android	Android-app-specific settings.

At a glance

mode: rule
mixed-port: 7890
allow-lan: false
log-level: info
external-controller: 127.0.0.1:9090

dns:
  enable: true
  nameserver:
    - https://1.1.1.1/dns-query

proxies: []
proxy-groups: []
rules: []

Source: config/config.go:392-459 · v1.19.24 (a847246)