mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-25 10:01:30 +00:00
Initial zh-CN document translation: shared
This commit is contained in:
parent
71dac85600
commit
591a4fcf8e
|
@ -1,3 +1,5 @@
|
|||
# DNS
|
||||
|
||||
### 结构
|
||||
|
||||
```json
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
|
||||
|
||||
#### users
|
||||
|
||||
|
|
|
@ -102,7 +102,7 @@ Force enabled on for systems other than Linux and Windows (according to upstream
|
|||
|
||||
==Required==
|
||||
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
|
||||
|
||||
### Listen Fields
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
|
||||
|
||||
#### users
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ Trojan users.
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
|
||||
|
||||
#### fallback
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ VMess users.
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
|
||||
TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
|
||||
|
||||
#### transport
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ Basic authorization password.
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
|
||||
|
||||
### Dial Fields
|
||||
|
||||
|
|
|
@ -113,7 +113,7 @@ Force enabled on for systems other than Linux and Windows (according to upstream
|
|||
|
||||
==Required==
|
||||
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
|
||||
|
||||
#### network
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ Both is enabled by default.
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
|
||||
|
||||
#### multiplex
|
||||
|
||||
|
|
|
@ -93,7 +93,7 @@ Both is enabled by default.
|
|||
|
||||
#### tls
|
||||
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
|
||||
TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
|
||||
|
||||
#### multiplex
|
||||
|
||||
|
|
50
docs/configuration/shared/multiplex.zh.md
Normal file
50
docs/configuration/shared/multiplex.zh.md
Normal file
|
@ -0,0 +1,50 @@
|
|||
### 服务器要求
|
||||
|
||||
`sing-box` :)
|
||||
|
||||
### 结构
|
||||
|
||||
```json
|
||||
{
|
||||
"enabled": true,
|
||||
"protocol": "smux",
|
||||
"max_connections": 4,
|
||||
"min_streams": 4,
|
||||
"max_streams": 0
|
||||
}
|
||||
```
|
||||
|
||||
### 字段
|
||||
|
||||
#### enabled
|
||||
|
||||
启用多路复用
|
||||
|
||||
#### protocol
|
||||
|
||||
多路复用协议
|
||||
|
||||
| 协议 | 描述 |
|
||||
|-------|------------------------------------|
|
||||
| smux | https://github.com/xtaci/smux |
|
||||
| yamux | https://github.com/hashicorp/yamux |
|
||||
|
||||
默认使用 SMux.
|
||||
|
||||
#### max_connections
|
||||
|
||||
最大连接数量
|
||||
|
||||
与 `max_streams` 冲突.
|
||||
|
||||
#### min_streams
|
||||
|
||||
在打开新连接之前,连接中的最小多路复用流数量
|
||||
|
||||
与 `max_streams` 冲突.
|
||||
|
||||
#### max_streams
|
||||
|
||||
在打开新连接之前,连接中的最大多路复用流数量
|
||||
|
||||
与 `max_connections` 和 `min_streams` 冲突.
|
|
@ -1,4 +1,4 @@
|
|||
### Inbound Structure
|
||||
### Inbound
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -34,7 +34,7 @@
|
|||
|
||||
ACME is not included by default, see [Installation](/#installation).
|
||||
|
||||
### Outbound Structure
|
||||
### Outbound
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -115,20 +115,13 @@ See [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Appli
|
|||
The minimum TLS version that is acceptable.
|
||||
|
||||
By default, TLS 1.2 is currently used as the minimum when acting as a
|
||||
client, and TLS 1.0 when acting as a server. TLS 1.0 is the minimum
|
||||
supported by this package, both as a client and as a server.
|
||||
|
||||
The client-side default can temporarily be reverted to TLS 1.0 by
|
||||
including the value "x509sha1=1" in the GODEBUG environment variable.
|
||||
Note that this option will be removed in Go 1.19 (but it will still be
|
||||
possible to set this field to VersionTLS10 explicitly).
|
||||
client, and TLS 1.0 when acting as a server.
|
||||
|
||||
#### max_version
|
||||
|
||||
The maximum TLS version that is acceptable.
|
||||
|
||||
By default, the maximum version supported by this package is used,
|
||||
which is currently TLS 1.3.
|
||||
By default, the maximum version is currently TLS 1.3.
|
||||
|
||||
#### cipher_suites
|
||||
|
||||
|
|
219
docs/configuration/shared/tls.zh.md
Normal file
219
docs/configuration/shared/tls.zh.md
Normal file
|
@ -0,0 +1,219 @@
|
|||
### 入站
|
||||
|
||||
```json
|
||||
{
|
||||
"enabled": true,
|
||||
"server_name": "",
|
||||
"alpn": [],
|
||||
"min_version": "",
|
||||
"max_version": "",
|
||||
"cipher_suites": [],
|
||||
"certificate": "",
|
||||
"certificate_path": "",
|
||||
"key": "",
|
||||
"key_path": "",
|
||||
"acme": {
|
||||
"domain": [],
|
||||
"data_directory": "",
|
||||
"default_server_name": "",
|
||||
"email": "",
|
||||
"provider": "",
|
||||
"disable_http_challenge": false,
|
||||
"disable_tls_alpn_challenge": false,
|
||||
"alternative_http_port": 0,
|
||||
"alternative_tls_port": 0,
|
||||
"external_account": {
|
||||
"key_id": "",
|
||||
"mac_key": ""
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包括 ACME, 参阅 [安装](/zh/#installation).
|
||||
|
||||
### 出站
|
||||
|
||||
```json
|
||||
{
|
||||
"enabled": true,
|
||||
"server_name": "",
|
||||
"insecure": false,
|
||||
"alpn": [],
|
||||
"min_version": "",
|
||||
"max_version": "",
|
||||
"cipher_suites": [],
|
||||
"certificate": "",
|
||||
"certificate_path": ""
|
||||
}
|
||||
```
|
||||
|
||||
TLS 版本值:
|
||||
|
||||
* `1.0`
|
||||
* `1.1`
|
||||
* `1.2`
|
||||
* `1.3`
|
||||
|
||||
密码套件值:
|
||||
|
||||
* `TLS_RSA_WITH_AES_128_CBC_SHA`
|
||||
* `TLS_RSA_WITH_AES_256_CBC_SHA`
|
||||
* `TLS_RSA_WITH_AES_128_GCM_SHA256`
|
||||
* `TLS_RSA_WITH_AES_256_GCM_SHA384`
|
||||
* `TLS_AES_128_GCM_SHA256`
|
||||
* `TLS_AES_256_GCM_SHA384`
|
||||
* `TLS_CHACHA20_POLY1305_SHA256`
|
||||
* `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`
|
||||
* `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`
|
||||
* `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`
|
||||
* `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`
|
||||
* `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
|
||||
* `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
|
||||
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
|
||||
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
|
||||
* `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
|
||||
* `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`
|
||||
|
||||
!!! note ""
|
||||
|
||||
当内容只有一项时,可以忽略 JSON 数组 [] 标签
|
||||
|
||||
### 字段
|
||||
|
||||
#### enabled
|
||||
|
||||
启用 TLS
|
||||
|
||||
#### server_name
|
||||
|
||||
用于验证返回证书上的主机名,除非设置不安全。
|
||||
|
||||
它还包含在 ClientHello 中以支持虚拟主机,除非它是 IP 地址。
|
||||
|
||||
检阅 [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication).
|
||||
|
||||
#### insecure
|
||||
|
||||
==仅客户端==
|
||||
|
||||
接受任何服务器证书
|
||||
|
||||
#### alpn
|
||||
|
||||
支持的应用层协议协商列表,按优先顺序排列。
|
||||
|
||||
如果两个对等点都支持 ALPN,则选择的协议将是此列表中的一个,如果没有相互支持的协议则连接将失败。
|
||||
|
||||
检阅 [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation).
|
||||
|
||||
#### min_version
|
||||
|
||||
可接受的最低 TLS 版本。
|
||||
|
||||
默认情况下,当前使用 TLS 1.2 作为客户端的最低要求。作为服务器时使用 TLS 1.0.
|
||||
|
||||
#### max_version
|
||||
|
||||
可接受的最大 TLS 版本。
|
||||
|
||||
默认情况下,当前最高版本为 TLS 1.3。
|
||||
|
||||
#### cipher_suites
|
||||
|
||||
将在 ECDHE 握手中使用的椭圆曲线,按优先顺序排列。
|
||||
|
||||
如果为空,将使用默认值。
|
||||
|
||||
客户端将使用第一个首选项作为其在 TLS 1.3 中的密钥共享类型。
|
||||
这在未来可能会改变。
|
||||
|
||||
#### certificate
|
||||
|
||||
服务器 PEM 证书
|
||||
|
||||
#### certificate_path
|
||||
|
||||
服务器 PEM 证书路径
|
||||
|
||||
#### key
|
||||
|
||||
==仅服务器==
|
||||
|
||||
服务器 PEM 私钥
|
||||
|
||||
#### key_path
|
||||
|
||||
==仅服务器==
|
||||
|
||||
服务器 PEM 私钥路径
|
||||
|
||||
### ACME 字段
|
||||
|
||||
#### domain
|
||||
|
||||
一组域名。
|
||||
|
||||
如果为空,将禁用 ACME。
|
||||
|
||||
#### data_directory
|
||||
|
||||
ACME 数据目录。
|
||||
|
||||
如果为空,则使用 `$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic`。
|
||||
|
||||
#### default_server_name
|
||||
|
||||
如果 ClientHello 的 ServerName 字段为空,则选择证书时要使用的服务器名称。
|
||||
|
||||
#### email
|
||||
|
||||
创建或选择现有 ACME 服务器帐户时使用的电子邮件地址。
|
||||
|
||||
#### provider
|
||||
|
||||
要使用的 ACME CA 供应商。
|
||||
|
||||
| 值 | 供应商 |
|
||||
|--------------------|---------------|
|
||||
| `letsencrypt (默认)` | Let's Encrypt |
|
||||
| `zerossl` | ZeroSSL |
|
||||
| `https://...` | 自定义 |
|
||||
|
||||
#### disable_http_challenge
|
||||
|
||||
禁用所有 HTTP 质询。
|
||||
|
||||
#### disable_tls_alpn_challenge
|
||||
|
||||
禁用所有 TLS-ALPN 质询。
|
||||
|
||||
#### alternative_http_port
|
||||
|
||||
用于 ACME HTTP 质询的备用端口;如果非空,将使用此端口而不是 80 来启动 HTTP 质询的侦听器。
|
||||
|
||||
#### alternative_tls_port
|
||||
|
||||
用于 ACME TLS-ALPN 质询的备用端口; 系统必须将 443 转发到此端口以使质询成功。
|
||||
|
||||
### Reload
|
||||
|
||||
对于服务器配置,如果修改,证书和密钥将自动重新加载。
|
||||
|
||||
#### external_account
|
||||
|
||||
EAB(外部帐户绑定)包含将 ACME 帐户绑定或映射到其他已知帐户所需的信息由 CA。
|
||||
|
||||
外部帐户绑定“用于将 ACME 帐户与非 ACME 系统中的现有帐户相关联,例如 CA 客户数据库。
|
||||
|
||||
为了启用 ACME 帐户绑定,运行 ACME 服务器的 CA 需要向 ACME 客户端提供 MAC 密钥和密钥标识符,使用 ACME 之外的一些机制。 §7.3.4
|
||||
|
||||
#### external_account.key_id
|
||||
|
||||
密钥标识符
|
||||
|
||||
#### external_account.mac_key
|
||||
|
||||
MAC 密钥
|
130
docs/configuration/shared/v2ray-transport.zh.md
Normal file
130
docs/configuration/shared/v2ray-transport.zh.md
Normal file
|
@ -0,0 +1,130 @@
|
|||
V2Ray Transport 是 v2ray 发明的一组私有协议,并污染了其他协议的名称,如 clash 中的 `trojan-grpc`。
|
||||
|
||||
### 结构
|
||||
|
||||
```json
|
||||
{
|
||||
"type": ""
|
||||
}
|
||||
```
|
||||
|
||||
可用的传输协议:
|
||||
|
||||
* HTTP
|
||||
* WebSocket
|
||||
* QUIC
|
||||
* gRPC
|
||||
|
||||
!!! warning "与 v2ray-core 的区别"
|
||||
|
||||
* 没有 TCP 传输层, 纯 HTTP 已合并到 HTTP 传输层。
|
||||
* 没有 mKCP 传输层。
|
||||
* 没有 DomainSocket 传输层。
|
||||
|
||||
!!! note
|
||||
|
||||
当内容只有一项时,可以忽略 JSON 数组 [] 标签
|
||||
|
||||
### HTTP
|
||||
|
||||
```json
|
||||
{
|
||||
"type": "http",
|
||||
"host": [],
|
||||
"path": "",
|
||||
"method": "",
|
||||
"headers": {}
|
||||
}
|
||||
```
|
||||
|
||||
!!! warning "与 v2ray-core 的区别"
|
||||
|
||||
不强制执行 TLS。 如果未配置 TLS,则使用纯 HTTP 1.1。
|
||||
|
||||
#### host
|
||||
|
||||
主机域名列表。
|
||||
|
||||
客户端将随机选择,如果不为空,服务器将验证。
|
||||
|
||||
#### path
|
||||
|
||||
HTTP 请求路径
|
||||
|
||||
如果不为空,服务器将验证。
|
||||
|
||||
#### method
|
||||
|
||||
HTTP 请求方法
|
||||
|
||||
如果不为空,服务器将验证。
|
||||
|
||||
#### headers
|
||||
|
||||
HTTP 请求的额外标头
|
||||
|
||||
如果不为空,服务器将写入响应。
|
||||
|
||||
### WebSocket
|
||||
|
||||
```json
|
||||
{
|
||||
"type": "ws",
|
||||
"path": "",
|
||||
"headers": {},
|
||||
"max_early_data": 0,
|
||||
"early_data_header_name": ""
|
||||
}
|
||||
```
|
||||
|
||||
#### path
|
||||
|
||||
HTTP 请求路径
|
||||
|
||||
如果不为空,服务器将验证。
|
||||
|
||||
#### headers
|
||||
|
||||
HTTP 请求的额外标头
|
||||
|
||||
#### max_early_data
|
||||
|
||||
请求中允许的最大有效负载大小。 如果不为零则启用。
|
||||
|
||||
#### early_data_header_name
|
||||
|
||||
默认情况下,早期数据在路径而不是标头中发送。
|
||||
|
||||
要与 Xray-core 兼容,请将其设置为 `Sec-WebSocket-Protocol`。
|
||||
|
||||
它需要与服务器保持一致。
|
||||
|
||||
### QUIC
|
||||
|
||||
```json
|
||||
{
|
||||
"type": "quic"
|
||||
}
|
||||
```
|
||||
|
||||
!!! warning "与 v2ray-core 的区别"
|
||||
|
||||
没有额外的加密支持:
|
||||
它基本上是重复加密。 并且 Xray-core 在这里与 v2ray-core 不兼容。
|
||||
|
||||
### gRPC
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包括 gRPC, 参阅 [安装](/zh/#installation).
|
||||
|
||||
```json
|
||||
{
|
||||
"type": "grpc",
|
||||
"service_name": "TunService"
|
||||
}
|
||||
```
|
||||
|
||||
#### service_name
|
||||
|
||||
gRPC 服务名称
|
|
@ -21,7 +21,7 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat
|
|||
| 构建标志 | 描述 |
|
||||
|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `with_quic` | 启用 QUIC 支持, 参阅 [QUIC 和 HTTP3 DNS 传输层](./configuration/dns/server), [Naive 入站](./configuration/inbound/naive), [Hysteria 入站](./configuration/inbound/hysteria) 和 [Hysteria 出站](./configuration/outbound/hysteria). |
|
||||
| `with_grpc` | 启用 gRPC 之后, 参阅 [V2Ray 传输层#gRPC](/configuration/shared/v2ray-transport#grpc). |
|
||||
| `with_grpc` | 启用 gRPC 支持, 参阅 [V2Ray 传输层#gRPC](/configuration/shared/v2ray-transport#grpc). |
|
||||
| `with_wireguard` | 启用 WireGuard 支持, 参阅 [WireGuard 出站](./configuration/outbound/wireguard). |
|
||||
| `with_acme` | 启用 ACME TLS 证书签发支持, 参阅 [TLS](./configuration/shared/tls). |
|
||||
| `with_clash_api` | 启用 Clash api 支持, 参阅 [实验性](./configuration/experimental#clash-api-fields). |
|
||||
|
|
|
@ -144,7 +144,7 @@ plugins:
|
|||
Protocol Sniff: 协议探测
|
||||
Experimental: 实验性
|
||||
Shared: 通用
|
||||
Multiple: 多路复用
|
||||
Multiplex: 多路复用
|
||||
V2Ray Transport: V2Ray 传输层
|
||||
Inbound: 入站
|
||||
Outbound: 出站
|
||||
|
|
Loading…
Reference in a new issue