URI Scheme
The Hysteria 2 URI scheme is designed to provide a compact representation of the necessary information for connecting to a Hysteria 2 server. It captures various parameters such as server address, authentication details, obfuscation type and parameters, TLS settings.
Structure
Components
Scheme
hysteria2 or hy2
Auth
The authentication credentials should be specified in the auth component of the URI. A special case is when the server uses the userpass authentication, in which case the auth component should be formatted as username:password.
Hostname
The hostname and optional port of the server. If the port is omitted, it defaults to 443.
Query parameters
-
obfs: The type of obfuscation to be used. Current onlysalamanderis supported. -
obfs-password: The password required for the specified obfuscation type, if applicable. -
sni: Server Name Indication to be used for TLS connections. -
insecure: Determines if insecure TLS connections are allowed. Accepts boolean values "1" for true and "0" for false. -
pinSHA256: The pinned SHA-256 fingerprint of the server's certificate.
Example
hysteria2://[email protected]/?insecure=1&obfs=salamander&obfs-password=gawrgura&pinSHA256=deadbeef&sni=real.example.com
Implementation notes
The URI is intentionally designed to contain only the essential information needed to connect to a Hysteria 2 server. While third-party implementations are free to add additional parameters if necessary, they must not assume that other implementations will understand them.
Furthermore, the parameters should never include client modes (HTTP, SOCKS5, etc.) or bandwidth values. Users should be aware that these things are not meant to be shared and used blindly by others, as they are specific to each user and should be configured accordingly.