From 22aa0c2f4046957faf68cf56a019fe664e2700d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Tue, 23 Aug 2022 23:15:56 +0800 Subject: [PATCH] Update documentation --- docs/changelog.md | 9 ++ docs/configuration/dns/server.md | 2 +- docs/configuration/experimental.md | 2 +- docs/configuration/inbound/direct.md | 35 +++-- docs/configuration/inbound/http.md | 45 +++--- docs/configuration/inbound/hysteria.md | 77 +++++----- docs/configuration/inbound/mixed.md | 28 ++-- docs/configuration/inbound/naive.md | 41 ++--- docs/configuration/inbound/redirect.md | 2 +- docs/configuration/inbound/shadowsocks.md | 153 ++++++++++--------- docs/configuration/inbound/socks.md | 19 ++- docs/configuration/inbound/tproxy.md | 16 +- docs/configuration/inbound/trojan.md | 46 +++--- docs/configuration/inbound/tun.md | 2 +- docs/configuration/inbound/vmess.md | 48 +++--- docs/configuration/outbound/direct.md | 9 +- docs/configuration/outbound/hysteria.md | 2 +- docs/configuration/outbound/tor.md | 2 +- docs/configuration/outbound/trojan.md | 5 + docs/configuration/outbound/vmess.md | 5 + docs/configuration/outbound/wireguard.md | 2 +- docs/configuration/shared/tls.md | 5 +- docs/configuration/shared/v2ray-transport.md | 131 ++++++++++++++++ docs/faq/known-issues.md | 7 +- docs/index.md | 1 + mkdocs.yml | 1 + 26 files changed, 452 insertions(+), 243 deletions(-) create mode 100644 docs/configuration/shared/v2ray-transport.md diff --git a/docs/changelog.md b/docs/changelog.md index 6bccde21..6f08deec 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,12 @@ +#### 2022/08/23 + +* Add [V2Ray Transport](/configuration/shared/v2ray-transport) support for VMess and Trojan +* Allow plain http request in Naive inbound (It can now be used with nginx) +* Add proxy protocol support +* Free memory after start +* Parse X-Forward-For in HTTP requests +* Handle SIGHUP signal + #### 2022/08/22 * Add strategy setting for each [DNS server](/configuration/dns/server) diff --git a/docs/configuration/dns/server.md b/docs/configuration/dns/server.md index 49fb0777..4861d2f4 100644 --- a/docs/configuration/dns/server.md +++ b/docs/configuration/dns/server.md @@ -47,7 +47,7 @@ The address of the dns server. !!! warning "" - QUIC and HTTP3 transport is not included by default, see [Installation](/#Installation). + QUIC and HTTP3 transport is not included by default, see [Installation](/#installation). !!! info "" diff --git a/docs/configuration/experimental.md b/docs/configuration/experimental.md index a2f80787..ec9a3e09 100644 --- a/docs/configuration/experimental.md +++ b/docs/configuration/experimental.md @@ -16,7 +16,7 @@ !!! error "" - Clash API is not included by default, see [Installation](/#Installation). + Clash API is not included by default, see [Installation](/#installation). !!! note "" diff --git a/docs/configuration/inbound/direct.md b/docs/configuration/inbound/direct.md index ceb72c3b..edfc4c09 100644 --- a/docs/configuration/inbound/direct.md +++ b/docs/configuration/inbound/direct.md @@ -8,7 +8,6 @@ { "type": "direct", "tag": "direct-in", - "listen": "::", "listen_port": 5353, "tcp_fast_open": false, @@ -16,8 +15,8 @@ "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", "udp_timeout": 300, - "network": "udp", + "proxy_protocol": false, "override_address": "1.0.0.1", "override_port": 53 } @@ -25,6 +24,22 @@ } ``` +### Direct Fields + +#### network + +Listen network, one of `tcp` `udp`. + +Both if empty. + +#### override_address + +Override the connection destination address. + +#### override_port + +Override the connection destination port. + ### Listen Fields #### listen @@ -67,18 +82,6 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb UDP NAT expiration time in seconds, default is 300 (5 minutes). -### Direct Fields +#### proxy_protocol -#### network - -Listen network, one of `tcp` `udp`. - -Both if empty. - -#### override_address - -Override the connection destination address. - -#### override_port - -Override the connection destination port. \ No newline at end of file +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/http.md b/docs/configuration/inbound/http.md index 8dc57e61..eac166cd 100644 --- a/docs/configuration/inbound/http.md +++ b/docs/configuration/inbound/http.md @@ -1,5 +1,3 @@ -`socks` inbound is a http server. - ### Structure ```json @@ -15,7 +13,8 @@ "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", - + "proxy_protocol": false, + "users": [ { "username": "admin", @@ -29,6 +28,26 @@ } ``` +### HTTP Fields + +#### tls + +TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). + +#### users + +HTTP users. + +No authentication required if empty. + +#### set_system_proxy + +!!! error "" + + Only supported on Linux, Android, Windows, and macOS. + +Automatically set system proxy configuration when start and clean up when stop. + ### Listen Fields #### listen @@ -67,22 +86,6 @@ If set, the requested domain name will be resolved to IP before routing. If `sniff_override_destination` is in effect, its value will be taken as a fallback. -#### set_system_proxy +#### proxy_protocol -!!! error "" - - Only supported on Linux, Android, Windows, and macOS. - -Automatically set system proxy configuration when start and clean up when stop. - -### HTTP Fields - -#### tls - -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). - -#### users - -HTTP users. - -No authentication required if empty. \ No newline at end of file +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/hysteria.md b/docs/configuration/inbound/hysteria.md index 50b76413..782d8d83 100644 --- a/docs/configuration/inbound/hysteria.md +++ b/docs/configuration/inbound/hysteria.md @@ -6,13 +6,11 @@ { "type": "hysteria", "tag": "hysteria-in", - "listen": "::", "listen_port": 443, "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", - "up": "100 Mbps", "up_mbps": 100, "down": "100 Mbps", @@ -32,41 +30,7 @@ !!! warning "" - QUIC, which is required by hysteria is not included by default, see [Installation](/#Installation). - -### Listen Fields - -#### listen - -==Required== - -Listen address. - -#### listen_port - -==Required== - -Listen port. - -#### sniff - -Enable sniffing. - -See [Sniff](/configuration/route/sniff/) for details. - -#### sniff_override_destination - -Override the connection destination address with the sniffed domain. - -If the domain name is invalid (like tor), this will not work. - -#### domain_strategy - -One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. - -If set, the requested domain name will be resolved to IP before routing. - -If `sniff_override_destination` is in effect, its value will be taken as a fallback. + QUIC, which is required by hysteria is not included by default, see [Installation](/#installation). ### Hysteria Fields @@ -87,7 +51,8 @@ Supported units (case sensitive, b = bits, B = bytes, 8b=1B): Gbps (gigabits per second) GBps (gigabytes per second) Tbps (terabits per second) - TBps (terabytes per second) + TBps (terabytes per`socks` inbound is a http server. + second) #### up_mbps, down_mbps @@ -135,4 +100,38 @@ Force enabled on for systems other than Linux and Windows (according to upstream ==Required== -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). \ No newline at end of file +TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). + +### Listen Fields + +#### listen + +==Required== + +Listen address. + +#### listen_port + +==Required== + +Listen port. + +#### sniff + +Enable sniffing. + +See [Sniff](/configuration/route/sniff/) for details. + +#### sniff_override_destination + +Override the connection destination address with the sniffed domain. + +If the domain name is invalid (like tor), this will not work. + +#### domain_strategy + +One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +If set, the requested domain name will be resolved to IP before routing. + +If `sniff_override_destination` is in effect, its value will be taken as a fallback. diff --git a/docs/configuration/inbound/mixed.md b/docs/configuration/inbound/mixed.md index 95668bb6..2633bc33 100644 --- a/docs/configuration/inbound/mixed.md +++ b/docs/configuration/inbound/mixed.md @@ -15,6 +15,7 @@ "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, "users": [ { @@ -22,13 +23,28 @@ "password": "admin" } ], - "set_system_proxy": false } ] } ``` +### Mixed Fields + +#### users + +SOCKS and HTTP users. + +No authentication required if empty. + +#### set_system_proxy + +!!! error "" + + Only supported on Linux, Android, Windows, and macOS. + +Automatically set system proxy configuration when start and clean up when stop. + ### Listen Fields #### listen @@ -73,12 +89,4 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb Only supported on Linux, Android, Windows, and macOS. -Automatically set system proxy configuration when start and clean up when stop. - -### Mixed Fields - -#### users - -Socks and HTTP users. - -No authentication required if empty. \ No newline at end of file +Automatically set system proxy configuration when start and clean up when stop. \ No newline at end of file diff --git a/docs/configuration/inbound/naive.md b/docs/configuration/inbound/naive.md index 337c2d97..894776f0 100644 --- a/docs/configuration/inbound/naive.md +++ b/docs/configuration/inbound/naive.md @@ -13,6 +13,7 @@ "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, "network": "udp", "users": [ @@ -29,7 +30,25 @@ !!! warning "" - HTTP3 transport is not included by default, see [Installation](/#Installation). + HTTP3 transport is not included by default, see [Installation](/#installation). + +### Naive Fields + +#### tls + +TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). + +#### users + +==Required== + +Naive users. + +#### network + +Listen network, one of `tcp` `udp`. + +Both if empty. ### Listen Fields @@ -69,22 +88,6 @@ If set, the requested domain name will be resolved to IP before routing. If `sniff_override_destination` is in effect, its value will be taken as a fallback. -### Naive Fields +#### proxy_protocol -#### tls - -==Required== - -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). - -#### users - -==Required== - -Naive users. - -#### network - -Listen network, one of `tcp` `udp`. - -Both if empty. \ No newline at end of file +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/redirect.md b/docs/configuration/inbound/redirect.md index 59805789..6f716b7c 100644 --- a/docs/configuration/inbound/redirect.md +++ b/docs/configuration/inbound/redirect.md @@ -1,4 +1,4 @@ -`redirect` inbound is a linux redirect server. +`redirect` inbound is a Linux redirect server. ### Structure diff --git a/docs/configuration/inbound/shadowsocks.md b/docs/configuration/inbound/shadowsocks.md index 5c3c8323..4fe83476 100644 --- a/docs/configuration/inbound/shadowsocks.md +++ b/docs/configuration/inbound/shadowsocks.md @@ -15,6 +15,7 @@ "domain_strategy": "prefer_ipv6", "udp_timeout": 300, "network": "udp", + "proxy_protocol": false, "method": "2022-blake3-aes-128-gcm", "password": "8JCsPssfgS8tiRwiMlhARg==" @@ -23,6 +24,82 @@ } ``` +### Multi-User Structure + +```json +{ + "inbounds": [ + { + "type": "shadowsocks", + "method": "2022-blake3-aes-128-gcm", + "password": "8JCsPssfgS8tiRwiMlhARg==", + "users": [ + { + "name": "sekai", + "password": "PCD2Z4o12bKUoFa3cC97Hw==" + } + ] + } + ] +} +``` + +### Relay Structure + +```json +{ + "inbounds": [ + { + "type": "shadowsocks", + "method": "2022-blake3-aes-128-gcm", + "password": "8JCsPssfgS8tiRwiMlhARg==", + "destinations": [ + { + "name": "test", + "server": "example.com", + "server_port": 8080, + "password": "PCD2Z4o12bKUoFa3cC97Hw==" + } + ] + } + ] +} +``` + +### Shadowsocks Fields + +#### network + +Listen network, one of `tcp` `udp`. + +Both if empty. + +#### method + +==Required== + +| Method | Key Length | +|-------------------------------|------------| +| 2022-blake3-aes-128-gcm | 16 | +| 2022-blake3-aes-256-gcm | 32 | +| 2022-blake3-chacha20-poly1305 | 32 | +| none | / | +| aes-128-gcm | / | +| aes-192-gcm | / | +| aes-256-gcm | / | +| chacha20-ietf-poly1305 | / | +| xchacha20-ietf-poly1305 | / | + +#### password + +==Required== + +| Method | Password Format | +|---------------|-------------------------------------| +| none | / | +| 2022 methods | `openssl rand -base64 ` | +| other methods | any string | + ### Listen Fields #### listen @@ -65,78 +142,6 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb UDP NAT expiration time in seconds, default is 300 (5 minutes). -### Shadowsocks Fields +#### proxy_protocol -#### network - -Listen network, one of `tcp` `udp`. - -Both if empty. - -#### method - -==Required== - -| Method | Key Length | -|-------------------------------|------------| -| 2022-blake3-aes-128-gcm | 16 | -| 2022-blake3-aes-256-gcm | 32 | -| 2022-blake3-chacha20-poly1305 | 32 | -| none | / | -| aes-128-gcm | / | -| aes-192-gcm | / | -| aes-256-gcm | / | -| chacha20-ietf-poly1305 | / | -| xchacha20-ietf-poly1305 | / | - -#### password - -==Required== - -| Method | Password Format | -|---------------|-------------------------------------| -| none | / | -| 2022 methods | `openssl rand -base64 ` | -| other methods | any string | - -### Multi-User Structure - -```json -{ - "inbounds": [ - { - "type": "shadowsocks", - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==", - "users": [ - { - "name": "sekai", - "password": "PCD2Z4o12bKUoFa3cC97Hw==" - } - ] - } - ] -} -``` - -### Relay Structure - -```json -{ - "inbounds": [ - { - "type": "shadowsocks", - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==", - "destinations": [ - { - "name": "test", - "server": "example.com", - "server_port": 8080, - "password": "PCD2Z4o12bKUoFa3cC97Hw==" - } - ] - } - ] -} -``` \ No newline at end of file +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/socks.md b/docs/configuration/inbound/socks.md index 65d4abaa..4f747abd 100644 --- a/docs/configuration/inbound/socks.md +++ b/docs/configuration/inbound/socks.md @@ -15,7 +15,8 @@ "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", - + "proxy_protocol": false, + "users": [ { "username": "admin", @@ -27,6 +28,14 @@ } ``` +### Socks Fields + +#### users + +SOCKS users. + +No authentication required if empty. + ### Listen Fields #### listen @@ -65,10 +74,6 @@ If set, the requested domain name will be resolved to IP before routing. If `sniff_override_destination` is in effect, its value will be taken as a fallback. -### Socks Fields +#### proxy_protocol -#### users - -Socks users. - -No authentication required if empty. \ No newline at end of file +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/tproxy.md b/docs/configuration/inbound/tproxy.md index edac0e6c..dfadc44c 100644 --- a/docs/configuration/inbound/tproxy.md +++ b/docs/configuration/inbound/tproxy.md @@ -20,6 +20,14 @@ } ``` +### TProxy Fields + +#### network + +Listen network, one of `tcp` `udp`. + +Both if empty. + ### Listen Fields #### listen @@ -57,11 +65,3 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb #### udp_timeout UDP NAT expiration time in seconds, default is 300 (5 minutes). - -### TProxy Fields - -#### network - -Listen network, one of `tcp` `udp`. - -Both if empty. \ No newline at end of file diff --git a/docs/configuration/inbound/trojan.md b/docs/configuration/inbound/trojan.md index 998d7d05..27f48a75 100644 --- a/docs/configuration/inbound/trojan.md +++ b/docs/configuration/inbound/trojan.md @@ -13,7 +13,8 @@ "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", - + "proxy_protocol": false, + "users": [ { "name": "sekai", @@ -24,12 +25,35 @@ "fallback": { "server": "127.0.0.0.1", "server_port": 8080 - } + }, + "transport": {} } ] } ``` +### Trojan Fields + +#### users + +Trojan users. + +#### tls + +TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). + +#### fallback + +!!! error "" + + There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature. + +Fallback server configuration. Disabled if empty. + +#### transport + +V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport). + ### Listen Fields #### listen @@ -68,20 +92,6 @@ If set, the requested domain name will be resolved to IP before routing. If `sniff_override_destination` is in effect, its value will be taken as a fallback. -### Trojan Fields +#### proxy_protocol -#### users - -Trojan users. - -#### tls - -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). - -#### fallback - -!!! error "" - - There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature. - -Fallback server configuration. Disabled if empty. \ No newline at end of file +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index b892ebfe..9f5f4ed9 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -107,7 +107,7 @@ TCP/IP stack. !!! warning "" - The LWIP stack is not included by default, see [Installation](/#Installation). + The LWIP stack is not included by default, see [Installation](/#installation). #### include_uid diff --git a/docs/configuration/inbound/vmess.md b/docs/configuration/inbound/vmess.md index c641c313..eabc7f99 100644 --- a/docs/configuration/inbound/vmess.md +++ b/docs/configuration/inbound/vmess.md @@ -13,7 +13,8 @@ "sniff": false, "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", - + "proxy_protocol": false, + "users": [ { "name": "sekai", @@ -21,12 +22,36 @@ "alterId": 0 } ], - "tls": {} + "tls": {}, + "transport": {} } ] } ``` +### VMess Fields + +#### users + +VMess users. + +| Alter ID | Description | +|----------|-------------------------| +| 0 | Disable legacy protocol | +| > 0 | Enable legacy protocol | + +!!! warning "" + + Legacy protocol support (VMess MD5 Authentication) is provided for compatibility purposes only, use of alterId > 1 is not recommended. + +#### tls + +TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). + +#### transport + +V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport). + ### Listen Fields #### listen @@ -65,21 +90,6 @@ If set, the requested domain name will be resolved to IP before routing. If `sniff_override_destination` is in effect, its value will be taken as a fallback. -### VMess Fields +#### proxy_protocol -#### users - -VMess users. - -| Alter ID | Description | -|----------|-------------------------| -| 0 | Disable legacy protocol | -| > 0 | Enable legacy protocol | - -!!! warning "" - - Legacy protocol support (VMess MD5 Authentication) is provided for compatibility purposes only, use of alterId > 1 is not recommended. - -#### tls - -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure). +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/outbound/direct.md b/docs/configuration/outbound/direct.md index eda9bc03..5c33c2c3 100644 --- a/docs/configuration/outbound/direct.md +++ b/docs/configuration/outbound/direct.md @@ -11,7 +11,8 @@ "override_address": "1.0.0.1", "override_port": 53, - + "proxy_protocol": 0, + "detour": "upstream-out", "bind_interface": "en0", "bind_address": "0.0.0.0", @@ -36,6 +37,12 @@ Override the connection destination address. Override the connection destination port. +#### proxy_protocol + +Write [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. + +Protocol value can be `1` or `2`. + ### Dial Fields #### detour diff --git a/docs/configuration/outbound/hysteria.md b/docs/configuration/outbound/hysteria.md index c69bd4ea..a398ae0e 100644 --- a/docs/configuration/outbound/hysteria.md +++ b/docs/configuration/outbound/hysteria.md @@ -38,7 +38,7 @@ !!! warning "" - QUIC, which is required by hysteria is not included by default, see [Installation](/#Installation). + QUIC, which is required by hysteria is not included by default, see [Installation](/#installation). ### Hysteria Fields diff --git a/docs/configuration/outbound/tor.md b/docs/configuration/outbound/tor.md index 028ff068..d4f4b6e0 100644 --- a/docs/configuration/outbound/tor.md +++ b/docs/configuration/outbound/tor.md @@ -30,7 +30,7 @@ !!! info "" - Embedded tor is not included by default, see [Installation](/#Installation). + Embedded tor is not included by default, see [Installation](/#installation). ### Tor Fields diff --git a/docs/configuration/outbound/trojan.md b/docs/configuration/outbound/trojan.md index 71c28f4e..9080171d 100644 --- a/docs/configuration/outbound/trojan.md +++ b/docs/configuration/outbound/trojan.md @@ -13,6 +13,7 @@ "network": "tcp", "tls": {}, "multiplex": {}, + "transport": {}, "detour": "upstream-out", "bind_interface": "en0", @@ -64,6 +65,10 @@ TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbo Multiplex configuration, see [Multiplex structure](/configuration/shared/multiplex). +#### transport + +V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport). + ### Dial Fields #### detour diff --git a/docs/configuration/outbound/vmess.md b/docs/configuration/outbound/vmess.md index 66f26b9b..67ac7e8a 100644 --- a/docs/configuration/outbound/vmess.md +++ b/docs/configuration/outbound/vmess.md @@ -17,6 +17,7 @@ "network": "tcp", "tls": {}, "multiplex": {}, + "transport": {}, "detour": "upstream-out", "bind_interface": "en0", @@ -98,6 +99,10 @@ TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbo Multiplex configuration, see [Multiplex structure](/configuration/shared/multiplex). +#### transport + +V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport). + ### Dial Fields #### detour diff --git a/docs/configuration/outbound/wireguard.md b/docs/configuration/outbound/wireguard.md index a00113ff..b5ac0c05 100644 --- a/docs/configuration/outbound/wireguard.md +++ b/docs/configuration/outbound/wireguard.md @@ -35,7 +35,7 @@ !!! warning "" - WireGuard is not included by default, see [Installation](/#Installation). + WireGuard is not included by default, see [Installation](/#installation). ### WireGuard Fields diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md index e49805e8..42f1f7da 100644 --- a/docs/configuration/shared/tls.md +++ b/docs/configuration/shared/tls.md @@ -28,7 +28,7 @@ !!! warning "" - ACME is not included by default, see [Installation](/#Installation). + ACME is not included by default, see [Installation](/#installation). ### Outbound Structure @@ -41,7 +41,6 @@ "min_version": "", "max_version": "", "cipher_suites": [], - "disable_system_root": false, "certificate": "", "certificate_path": "" } @@ -182,7 +181,7 @@ The ACME CA provider to use. | Value | Provider | |-------------------------|---------------| -| `letsenctypt (default)` | Let's Encrypt | +| `letsencrypt (default)` | Let's Encrypt | | `zerossl` | ZeroSSL | | `https://...` | Custom | diff --git a/docs/configuration/shared/v2ray-transport.md b/docs/configuration/shared/v2ray-transport.md new file mode 100644 index 00000000..ae771d31 --- /dev/null +++ b/docs/configuration/shared/v2ray-transport.md @@ -0,0 +1,131 @@ +V2Ray Transport is a set of private protocols invented by v2ray, and has contaminated the names of other protocols, such +as `trojan-grpc` in clash. + +### Structure + +```json +{ + "type": "" +} +``` + +Available transports: + +* HTTP +* WebSocket +* QUIC +* gRPC + +!!! warning "Difference from v2ray-core" + + * No TCP transport, plain HTTP is merged into the HTTP transport. + * No mKCP transport. + * No DomainSocket transport. + +!!! note + + You can ignore the JSON Array [] tag when the content is only one item + +### HTTP + +```json +{ + "type": "http", + "host": [], + "path": "", + "method": "", + "headers": {} +} +``` + +!!! warning "Difference from v2ray-core" + + TLS is not enforced. If TLS is not configured, plain HTTP 1.1 is used. + +#### host + +List of host domain. + +The client will choose randomly and the server will verify if not empty. + +#### path + +Path of HTTP request. + +The server will verify if not empty. + +#### method + +Method of HTTP request. + +The server will verify if not empty. + +#### headers + +Extra headers of HTTP request. + +The server will write in response if not empty. + +### WebSocket + +```json +{ + "type": "ws", + "path": "", + "headers": {}, + "max_early_data": 0, + "early_data_header_name": "" +} +``` + +#### path + +Path of HTTP request. + +The server will verify if not empty. + +#### headers + +Extra headers of HTTP request. + +#### max_early_data + +Allowed payload size is in the request. Enabled if not zero. + +#### early_data_header_name + +Early data is sent in path instead of header by default. + +To be compatible with Xray-core, set this to `Sec-WebSocket-Protocol`. + +It needs to be consistent with the server. + +### QUIC + +```json +{ + "type": "quic" +} +``` + +!!! warning "Difference from v2ray-core" + + No additional encryption support: + It's basically duplicate encryption. And Xray-core is not compatible with v2ray-core in here. + +### gRPC + +!!! warning "" + + gRPC is not included by default, see [Installation](/#installation). + +```json +{ + "type": "grpc", + "service_name": "TunService" +} +``` + +#### service_name + +Service name of gRPC. \ No newline at end of file diff --git a/docs/faq/known-issues.md b/docs/faq/known-issues.md index c58a3abf..e86b21f3 100644 --- a/docs/faq/known-issues.md +++ b/docs/faq/known-issues.md @@ -2,12 +2,17 @@ ##### on macOS -`auto-route` cannot automatically hijack DNS requests sent to the LAN, so it's need to manually set DNS to servers on the public internet. +`auto-route` cannot automatically hijack DNS requests sent to the LAN, so it's need to manually set DNS to servers on +the public internet. ##### on Android `auto-route` cannot automatically hijack DNS requests when Android's `Private DNS` is enabled. +##### on Linux + +`auto-route` cannot automatically hijack DNS requests with `systemd-resoled` enabled, you can switch to NetworkManager. + #### System proxy ##### on Linux diff --git a/docs/index.md b/docs/index.md index b16dd490..75cb9a2f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -21,6 +21,7 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat | Build Tag | Description | |------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `with_quic` | Build with QUIC support, see [QUIC and HTTP3 dns transports](./configuration/dns/server), [Naive inbound](./configuration/inbound/naive), [Hysteria Inbound](./configuration/inbound/hysteria) and [Hysteria Outbound](./configuration/outbound/hysteria). | +| `with_grpc` | Build with gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | | `with_wireguard` | Build with WireGuard support, see [WireGuard outbound](./configuration/outbound/wireguard). | | `with_acme` | Build with ACME TLS certificate issuer support, see [TLS](./configuration/shared/tls). | | `with_clash_api` | Build with Clash api support, see [Experimental](./configuration/experimental#clash-api-fields). | diff --git a/mkdocs.yml b/mkdocs.yml index 7d1caa9b..52278c8b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -81,6 +81,7 @@ nav: - Shared: - TLS: configuration/shared/tls.md - Multiplex: configuration/shared/multiplex.md + - V2Ray Transport: configuration/shared/v2ray-transport.md - FAQ: - faq/index.md - Known Issues: faq/known-issues.md