banner
raye~

Raye's Journey

且趁闲身未老,尽放我、些子疏狂。
medium
tg_channel
twitter
github
email
nintendo switch
playstation
steam_profiles
Home归档周报关于

Surge Getting Started Guide (Part 1)

#编程#surge6047
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author discusses the reasons for using Surge, a software used for streaming media, using foreign apps, and ChatGPT. They also mention the various modules and features available in Surge, such as price comparison, automatic sign-in for cloud storage, and UI modifications for Bilibili. The author recommends purchasing Surge through the website instead of the App Store to avoid potential issues with Apple ID accounts. They also suggest purchasing a package that supports multiple devices. The author explains the process of importing configurations and recommends using a VPN service. They provide instructions on setting up basic routing rules and advanced routing rules in Surge. The author also mentions the need for continuous adjustments and updates to the rules.

biaoti22

Why use Surge?#

As a three-device user of Surge, on Mac + mobile + Apple TV

image image image

I have to say that the interface of Surge is indeed beautiful (

  • The main uses: streaming media viewing + using foreign apps + ChatGPT
  • Secondly: price comparison on JD, automatic sign-in for Alibaba Cloud Disk, Bilibili UI modifications, and various modules
  • Development uses: packet capture, membership cracking

Of course, the functions I actually use are far less than what Surge includes. Advanced features like gateway configuration, intranet penetration, DHCP server, etc., I have also played around with, but I won't go into detail since they are rarely involved in daily use.

Of course, the above capabilities can also be replaced by QuanX, clashX, and Shadowrocket, and the prices are relatively cheap (clashX is free). If you are determined to dive into Surge, be prepared to spend money, haha.

How to get started with Surge?

It is strongly recommended to purchase through the web instead of in-app purchases, you will thank me (because foreign Apple ID accounts are easily banned and difficult to share with others).

When purchasing on the web, it is recommended to buy a package that supports multiple devices, which can be shared to save costs; buying for a single person is a bit of a loss 🥹.

After getting Surge, it’s not over yet; you need to purchase airport services (self-built nodes are also possible, but they are more troublesome and prone to being blocked). I recommend the airport I have been using (you can get a discount by registering through my link 😄).

https://rabbitpro.net/auth/register?code=JEBu

Now, the next step is to import the configuration; the airport provides a built-in configuration that is ready to use.

Untitled 2

After importing the configuration, it’s best to create a copy of the current configuration for easier editing later (the current configuration cannot be modified).

Let me also introduce the basic interface of Surge:

image image image image image

Alright, you have officially entered the door; the next step is to witness the magic of Surge.

Basic Traffic Splitting Rules#

First, you need to understand what traffic splitting is. There seems to be no unified definition for this; my personal understanding is as follows:

The essence of going online is to transmit data with servers. The data transmitted is counted by the number of bytes, which is how much traffic it is (by the way, I recommend watching the drama "Upload," which will give you a deeper understanding of traffic).

There are many connections between us and the server, and these connections can be simply categorized, such as domestic services, foreign services that are not blocked, and foreign services that are blocked.

Traffic splitting is to route all blocked foreign services through the airport proxy to bypass the wall's restrictions. There should be a diagram here (but there isn't 🐶).

In summary:

  • Domestic services
  • Foreign services that are not blocked
  • Foreign services that are blocked

Among these, blocked foreign services are further restricted by geographical limitations, adding an invisible wall. For example, OpenAI's services have blocked Hong Kong IPs.

Therefore, we need to further split traffic, routing foreign services to nodes in different regions, such as common ones like Hong Kong, the United States, India, Nigeria, Turkey, Argentina (I am a spiritual Argentinian!) etc.

In the previous section, the imported Surge configuration file contains a large part dedicated to this traffic splitting.

At this point, open Surge, and we need to switch to "Rule Mode." The three modes are understood as follows:

  • Direct Connection: Surge becomes transparent, allowing all traffic to pass through.
  • Global Mode: Surge becomes the overlord, proxying all traffic.
  • Rule Mode: Surge becomes the inspector, splitting traffic according to our configured rules.

After switching to Rule Mode, the policy groups are still relatively simple, divided into four categories: domestic, foreign, Apple, and others.

For example, if we want to access the ChatGPT service, we need to route all ChatGPT services through the US node, so we need a few things:

  • What are the servers for ChatGPT?
  • US nodes
  • Splitting rules

So what are the services of ChatGPT? Someone has already organized them; you can search for surge rule chatgpt github to find: ios_rule_script/rule/Surge/OpenAI/OpenAI.list at master · blackmatrix7/ios_rule_script (github.com).

What is listed here is what we need to obtain the original raw link.

https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/OpenAI/OpenAI.list

Of course, it is more recommended to use the accelerated version via jsdelivr (because raw.github links are blocked, and subsequent updates can easily lead to errors):

To accelerate with jsdelivr, just replace the GitHub domain with cdn.jsdelivr.net/gh and concatenate it.

https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Surge/OpenAI/OpenAI.list

Untitled 8

The first step is ready; the second step is to prepare the relevant US nodes. If you imported the configuration through the airport, many nodes have already been automatically added. Of course, you can also manually add your VPS nodes.

We can categorize these nodes, for example, by region. Click on [Proxy Servers], drag to the bottom, and add a new policy group:

Surge treats proxy servers and policy groups (i.e., aggregation of proxy servers) as proxy servers.

Drag all the US nodes in (other regions generally have unstable OpenAI access; US nodes are the most stable).

image

The third step is to set the splitting rules, at this point, you can directly add a rule to split to ChatGPT.

image image

Alright, it has been successful; try accessing ChatGPT.

Supplement#

The airport nodes are not stable and may experience temporary unavailability.

At this time, you can switch to the policy group, click on speed test, and switch to a node with a smooth connection (this is a form of manual load balancing 🤣).

If you find manual switching troublesome, you can also choose these two in the policy group:

  • URL latency auto-test: automatically selects the one with the lowest latency.
  • URL availability auto-test: randomly selects an available one when unavailable.
  • Load balancing: randomly switches each time.

image image

Advanced Traffic Splitting Rules#

Since we have already added the first rule, we definitely want to roll up our sleeves and try adding a bunch of rules, such as for Netflix, HBO, Pornhub (just kidding).

Before tinkering, don't forget that we add these rules essentially to achieve seamless internet access, meaning that whether accessing domestic or foreign services, Surge automatically chooses whether to proxy or not.

These rules can all be found here: https://github.com/blackmatrix7/ios_rule_script.git; just take your time to tinker with them.

Rule Fine-Tuning#

Some rules may be outdated, such as HBO's rules, which are mostly outdated when searched online, so you can do the following:

  1. First switch to Global Mode, selecting the US node. At this point, Surge the overlord will force all traffic to go through the US node (note that you shouldn't watch domestic dramas at this time, as the speed will be slow and waste traffic).
  2. Open the HBO MAX app and observe what domains have been accessed on the [Recent Requests] page (Surge also thoughtfully provides a floating window for real-time observation).
  3. Choose the domains you think need to add rules for; they usually have very distinctive features, such as [hbo.com](http://hbo.com) or [max.com](http://max.com). Generally, we will choose DOMAIN-SUFFIX (more on this later).

You can choose temporary rules or permanent rules for testing purposes.

image image image

Rule Explanation#

The rules we used earlier are rule sets, which contain a series of traffic splitting rules, referred to as RULE-SET in Surge.

The format of RULE-SET is one rule per line. Surge's rules can target domain names, IPs, and processes (on Mac).

Common rule formats include:

  • Domain rules
    • DOMAIN: strictly matches a certain domain.
    • DOMAIN-SUFFIX: matches a certain domain and its subdomains, such as DOMAIN-SUFFIX, apple.com can match apple.com and www.apple.com, but will not match anapple.com.
  • IP address rules
  • Other rules
    • PROCESS-NAME: only effective for the Mac version, can match program names.
    • SRC-IP: can match the source IP address of the connection, useful when taking over connections from other devices.
    • IN-PORT: The Mac version supports multi-port listening and can configure specific rules for different listening ports.

For more, please refer to the documentation: Surge Official Chinese Guide: Understanding Surge Principles (nssurge.com)

Scripts & Modules#

Before using the script and module functions, it is best to enable MITM.

To enable MITM, you need to perform certificate trust operations; I won't go into detail here, and I recommend Googling it yourself.

After that, you can switch to the [Modify] interface to use the script and module functions.

In fact, both of these essentially modify requests and responses and complete some automation tasks, but I personally find modules easier to use than scripts for the following reasons:

  • Script configuration is relatively cumbersome and requires manually adding MITM domain names.
  • Modules are relatively simpler and can be installed with one click (but depend on the quality of the module author's development; for example, a previous module author directly overwrote my skip-proxy configuration, and I spent a long time finding the reason).

image image

Here are some ready-to-use modules:

More advanced module techniques require pairing with boxjs; installation link: https://raw.githubusercontent.com/chavyleung/scripts/master/box/rewrite/boxjs.rewrite.surge.sgmodule

Documentation: Introduction - BoxJs

For example, a module to customize Bilibili UI: https://raw.githubusercontent.com/BiliUniverse/Enhanced/main/modules/BiliBili.Enhanced.sgmodule

With boxjs, you can freely select the content displayed on the homepage:

image image

Future Content#

I've written a bit here, mainly some experiences I've accumulated from regular use. In the next article, I plan to write about configuration files, script writing, and modules.

References#

  1. Surge Mac User Guide | by Alan He | Jan, 2024 | Medium
  2. Surge Official Chinese Guide: Understanding Surge Principles (nssurge.com) Surge's official documentation is very helpful for a deeper understanding of network protocols.
  3. GetSomeCats/Surge Newbie from Registering Apple ID to Refund.md at Surge · getsomecat/GetSomeCats (github.com) This is written in great detail.
  4. Recommended minimal configuration to understand configuration files Minimal Configuration Recommended for Users in China - Surge Tech Community (nssurge.com)
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.