diff --git a/docs/configuration/dns/rule.zh.md b/docs/configuration/dns/rule.zh.md index 3a5fd2d5..5a6a6cc8 100644 --- a/docs/configuration/dns/rule.zh.md +++ b/docs/configuration/dns/rule.zh.md @@ -206,7 +206,7 @@ #### server -==必须== +==必填== 目标 DNS 服务器的标签。 @@ -234,7 +234,7 @@ #### server -==必须== +==必填== 目标 DNS 服务器的标签。 diff --git a/docs/configuration/dns/server.zh.md b/docs/configuration/dns/server.zh.md index accb516a..1d65308f 100644 --- a/docs/configuration/dns/server.zh.md +++ b/docs/configuration/dns/server.zh.md @@ -26,7 +26,7 @@ DNS 服务器的标签。 #### address -==必须== +==必填== DNS 服务器的地址。 @@ -47,7 +47,7 @@ DNS 服务器的地址。 !!! warning "" - 默认安装下包括 QUIC 和 HTTP3 传输层,请参阅 [安装](/zh/#installation)。 + 默认安装不包含 QUIC 和 HTTP3 传输层,请参阅 [安装](/zh/#installation)。 !!! info "" @@ -74,7 +74,7 @@ DNS 服务器的地址。 可选项:`prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. -如果为空,则使用 `dns.strategy`. +如果为空,将使用 `dns.strategy`. #### strategy @@ -88,4 +88,4 @@ DNS 服务器的地址。 用于连接到 DNS 服务器的出站的标签。 -如果为空,则使用默认出站。 +如果为空,将使用默认出站。 diff --git a/docs/configuration/inbound/direct.md b/docs/configuration/inbound/direct.md index 0ce9fab3..26bf558f 100644 --- a/docs/configuration/inbound/direct.md +++ b/docs/configuration/inbound/direct.md @@ -16,9 +16,9 @@ "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", "udp_timeout": 300, - "network": "udp", "proxy_protocol": false, - + + "network": "udp", "override_address": "1.0.0.1", "override_port": 53 } @@ -64,7 +64,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/direct.zh.md b/docs/configuration/inbound/direct.zh.md new file mode 100644 index 00000000..2d6d0a3d --- /dev/null +++ b/docs/configuration/inbound/direct.zh.md @@ -0,0 +1,89 @@ +`direct` 入站是一个隧道服务器。 + +### 结构 + +```json +{ + "inbounds": [ + { + "type": "direct", + "tag": "direct-in", + + "listen": "::", + "listen_port": 5353, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "udp_timeout": 300, + + "network": "udp", + "proxy_protocol": false, + "override_address": "1.0.0.1", + "override_port": 53 + } + ] +} +``` + +### Direct 字段 + +#### network + +监听的网络协议,`tcp` `udp` 之一。 + +默认所有。 + +#### override_address + +覆盖连接目标地址 + +#### override_port + +覆盖连接目标端口。 + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### udp_timeout + +UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/http.md b/docs/configuration/inbound/http.md index eaf26939..f84453bc 100644 --- a/docs/configuration/inbound/http.md +++ b/docs/configuration/inbound/http.md @@ -32,7 +32,7 @@ #### tls -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound). +TLS configuration, see [TLS](/configuration/shared/tls/#inbound). #### users @@ -70,7 +70,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/http.zh.md b/docs/configuration/inbound/http.zh.md new file mode 100644 index 00000000..0530b415 --- /dev/null +++ b/docs/configuration/inbound/http.zh.md @@ -0,0 +1,91 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "http", + "tag": "http-in", + + "listen": "::", + "listen_port": 2080, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, + + "users": [ + { + "username": "admin", + "password": "admin" + } + ], + "tls": {}, + "set_system_proxy": false + } + ] +} +``` + +### HTTP 字段 + +#### tls + +TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound). + +#### users + +HTTP 用户 + +如果为空则不需要验证。 + +#### set_system_proxy + +!!! error "" + + 仅支持 Linux, Android, Windows, 和 macOS. + +启动时自动设置系统代理,停止时自动清理。 + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/hysteria.md b/docs/configuration/inbound/hysteria.md index 370b1ded..85295e24 100644 --- a/docs/configuration/inbound/hysteria.md +++ b/docs/configuration/inbound/hysteria.md @@ -53,8 +53,7 @@ Supported units (case sensitive, b = bits, B = bytes, 8b=1B): Gbps (gigabits per second) GBps (gigabytes per second) Tbps (terabits per second) - TBps (terabytes per`socks` inbound is a http server. - second) + TBps (terabytes per second) #### up_mbps, down_mbps @@ -102,7 +101,7 @@ Force enabled on for systems other than Linux and Windows (according to upstream ==Required== -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound). +TLS configuration, see [TLS](/configuration/shared/tls/#inbound). ### Listen Fields @@ -122,7 +121,7 @@ Listen port. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/hysteria.zh.md b/docs/configuration/inbound/hysteria.zh.md new file mode 100644 index 00000000..ede5b4c4 --- /dev/null +++ b/docs/configuration/inbound/hysteria.zh.md @@ -0,0 +1,138 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "hysteria", + "tag": "hysteria-in", + + "listen": "::", + "listen_port": 443, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + + "up": "100 Mbps", + "up_mbps": 100, + "down": "100 Mbps", + "down_mbps": 100, + "obfs": "fuck me till the daylight", + "auth": "", + "auth_str": "password", + "recv_window_conn": 0, + "recv_window_client": 0, + "max_conn_client": 0, + "disable_mtu_discovery": false, + "tls": {} + } + ] +} +``` + +!!! warning "" + + 默认安装不包含被 Hysteria 需要的 QUIC, 参阅 [安装](/zh/#installation). + +### Hysteria 字段 + +#### up, down + +==必填== + +格式: `[Integer] [Unit]` e.g. `100 Mbps, 640 KBps, 2 Gbps` + +支持的单位 (大小写敏感, b = bits, B = bytes, 8b=1B): + + bps (bits per second) + Bps (bytes per second) + Kbps (kilobits per second) + KBps (kilobytes per second) + Mbps (megabits per second) + MBps (megabytes per second) + Gbps (gigabits per second) + GBps (gigabytes per second) + Tbps (terabits per second) + TBps (terabytes per second) + +#### up_mbps, down_mbps + +==必填== + +以 Mbps 为单位的 `up, down`. + +#### obfs + +混淆密码 + +#### auth + +base64 编码的认证密码 + +#### auth_str + +认证密码 + +#### recv_window_conn + +用于接收数据的 QUIC 流级流控制窗口。 + +如果为空,将使用 `15728640 (15 MB/s)`。 + +#### recv_window_client + +用于接收数据的 QUIC 连接级流控制窗口。 + +如果为空,将使用 `67108864 (64 MB/s)`。 + +#### max_conn_client + +允许对等点打开的 QUIC 并发双向流的最大数量。 + +如果为空,将使用 `1024`。 + +#### disable_mtu_discovery + +禁用路径 MTU 发现 (RFC 8899)。 数据包的大小最多为 1252 (IPv4) / 1232 (IPv6) 字节。 + +强制为 Linux 和 Windows 以外的系统启用(根据上游)。 + +#### tls + +==必填== + +TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound). + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 \ No newline at end of file diff --git a/docs/configuration/inbound/index.zh.md b/docs/configuration/inbound/index.zh.md new file mode 100644 index 00000000..3e00fac0 --- /dev/null +++ b/docs/configuration/inbound/index.zh.md @@ -0,0 +1,35 @@ +# 入站 + +### 结构 + +```json +{ + "inbounds": [ + { + "type": "", + "tag": "" + } + ] +} +``` + +### 字段 + +| 类型 | 格式 | +|---------------|------------------------------| +| `direct` | [Direct](./direct) | +| `mixed` | [Mixed](./mixed) | +| `socks` | [Socks](./socks) | +| `http` | [HTTP](./http) | +| `shadowsocks` | [Shadowsocks](./shadowsocks) | +| `vmess` | [VMess](./vmess) | +| `trojan` | [Trojan](./trojan) | +| `naive` | [Naive](./naive) | +| `hysteria` | [Hysteria](./hysteria) | +| `tun` | [Tun](./tun) | +| `redirect` | [Redirect](./redirect) | +| `tproxy` | [TProxy](./tproxy) | + +#### tag + +入站的标签。 \ No newline at end of file diff --git a/docs/configuration/inbound/mixed.md b/docs/configuration/inbound/mixed.md index 2633bc33..9e788011 100644 --- a/docs/configuration/inbound/mixed.md +++ b/docs/configuration/inbound/mixed.md @@ -67,7 +67,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/mixed.zh.md b/docs/configuration/inbound/mixed.zh.md new file mode 100644 index 00000000..bf49f9fd --- /dev/null +++ b/docs/configuration/inbound/mixed.zh.md @@ -0,0 +1,88 @@ +`mixed` 入站是一个 socks4, socks4a, socks5 和 http 服务器. + +### 结构 + +```json +{ + "inbounds": [ + { + "type": "mixed", + "tag": "mixed-in", + + "listen": "::", + "listen_port": 2080, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, + + "users": [ + { + "username": "admin", + "password": "admin" + } + ], + "set_system_proxy": false + } + ] +} +``` + +### Mixed 字段 + +#### users + +SOCKS 和 HTTP 用户 + +如果为空则不需要验证。 + +#### set_system_proxy + +!!! error "" + + 仅支持 Linux, Android, Windows, 和 macOS. + +启动时自动设置系统代理,停止时自动清理。 + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/naive.md b/docs/configuration/inbound/naive.md index 4c3f9325..1448692c 100644 --- a/docs/configuration/inbound/naive.md +++ b/docs/configuration/inbound/naive.md @@ -14,7 +14,7 @@ "sniff_override_destination": false, "domain_strategy": "prefer_ipv6", "proxy_protocol": false, - + "network": "udp", "users": [ { @@ -34,9 +34,11 @@ ### Naive Fields -#### tls +#### network -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound). +Listen network, one of `tcp` `udp`. + +Both if empty. #### users @@ -44,11 +46,9 @@ TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inboun Naive users. -#### network +#### tls -Listen network, one of `tcp` `udp`. - -Both if empty. +TLS configuration, see [TLS](/configuration/shared/tls/#inbound). ### Listen Fields @@ -72,7 +72,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/naive.zh.md b/docs/configuration/inbound/naive.zh.md new file mode 100644 index 00000000..95e19aaa --- /dev/null +++ b/docs/configuration/inbound/naive.zh.md @@ -0,0 +1,93 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "naive", + "tag": "naive-in", + + "listen": "::", + "listen_port": 443, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, + + "network": "udp", + "users": [ + { + "username": "sekai", + "password": "password" + } + ], + "tls": {} + } + ] +} +``` + +!!! warning "" + + 默认安装不包含 HTTP3 传输层, 参阅 [安装](/zh/#installation). + +### Naive 字段 + +#### network + +监听的网络协议,`tcp` `udp` 之一。 + +默认所有。 + +#### users + +==必填== + +Naive 用户 + +#### tls + +TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound). + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/redirect.md b/docs/configuration/inbound/redirect.md index 6f716b7c..c5a695bf 100644 --- a/docs/configuration/inbound/redirect.md +++ b/docs/configuration/inbound/redirect.md @@ -1,5 +1,3 @@ -`redirect` inbound is a Linux redirect server. - ### Structure ```json @@ -37,7 +35,7 @@ Listen port. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/redirect.zh.md b/docs/configuration/inbound/redirect.zh.md new file mode 100644 index 00000000..8c36a23f --- /dev/null +++ b/docs/configuration/inbound/redirect.zh.md @@ -0,0 +1,52 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "redirect", + "tag": "redirect-in", + + "listen": "::", + "listen_port": 5353, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6" + } + ] +} +``` + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 \ No newline at end of file diff --git a/docs/configuration/inbound/shadowsocks.md b/docs/configuration/inbound/shadowsocks.md index 4fe83476..cf67f277 100644 --- a/docs/configuration/inbound/shadowsocks.md +++ b/docs/configuration/inbound/shadowsocks.md @@ -122,7 +122,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/shadowsocks.zh.md b/docs/configuration/inbound/shadowsocks.zh.md new file mode 100644 index 00000000..98b66026 --- /dev/null +++ b/docs/configuration/inbound/shadowsocks.zh.md @@ -0,0 +1,145 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "shadowsocks", + "tag": "ss-in", + "listen": "::", + "listen_port": 5353, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "udp_timeout": 300, + "network": "udp", + "proxy_protocol": false, + "method": "2022-blake3-aes-128-gcm", + "password": "8JCsPssfgS8tiRwiMlhARg==" + } + ] +} +``` + +### 多用户结构 + +```json +{ + "inbounds": [ + { + "type": "shadowsocks", + "method": "2022-blake3-aes-128-gcm", + "password": "8JCsPssfgS8tiRwiMlhARg==", + "users": [ + { + "name": "sekai", + "password": "PCD2Z4o12bKUoFa3cC97Hw==" + } + ] + } + ] +} +``` + +### 中转结构 + +```json +{ + "inbounds": [ + { + "type": "shadowsocks", + "method": "2022-blake3-aes-128-gcm", + "password": "8JCsPssfgS8tiRwiMlhARg==", + "destinations": [ + { + "name": "test", + "server": "example.com", + "server_port": 8080, + "password": "PCD2Z4o12bKUoFa3cC97Hw==" + } + ] + } + ] +} +``` + +### Shadowsocks 字段 + +#### network + +监听的网络协议,`tcp` `udp` 之一。 + +默认所有。 + +#### method + +==必填== + +| 方法 | 密钥长度 | +|-------------------------------|------| +| 2022-blake3-aes-128-gcm | 16 | +| 2022-blake3-aes-256-gcm | 32 | +| 2022-blake3-chacha20-poly1305 | 32 | +| none | / | +| aes-128-gcm | / | +| aes-192-gcm | / | +| aes-256-gcm | / | +| chacha20-ietf-poly1305 | / | +| xchacha20-ietf-poly1305 | / | + +#### password + +==必填== + +| 方法 | 密码格式 | +|---------------|-------------------------------| +| none | / | +| 2022 methods | `openssl rand -base64 <密钥长度>` | +| other methods | 任意字符串 | + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### udp_timeout + +UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/socks.md b/docs/configuration/inbound/socks.md index 4f747abd..91572d0e 100644 --- a/docs/configuration/inbound/socks.md +++ b/docs/configuration/inbound/socks.md @@ -28,7 +28,7 @@ } ``` -### Socks Fields +### SOCKS Fields #### users @@ -36,44 +36,44 @@ SOCKS users. No authentication required if empty. -### Listen Fields +### 监听字段 #### listen -==Required== +==必填== -Listen address. +监听地址 #### listen_port -==Required== +==必填== -Listen port. +监听端口 #### tcp_fast_open -Enable tcp fast open for listener. +为监听器启用 TCP 快速打开 #### sniff -Enable sniffing. +启用协议探测。 -See [Sniff](/configuration/route/sniff/) for details. +参阅 [协议探测](/zh/configuration/route/sniff/) #### sniff_override_destination -Override the connection destination address with the sniffed domain. +用探测出的域名覆盖连接目标地址。 -If the domain name is invalid (like tor), this will not work. +如果域名无效(如 Tor),将不生效。 #### domain_strategy -One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. -If set, the requested domain name will be resolved to IP before routing. +如果设置,请求的域名将在路由之前解析为 IP。 -If `sniff_override_destination` is in effect, its value will be taken as a fallback. +如果 `sniff_override_destination` 生效,它的值将作为后备。 #### proxy_protocol -Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/socks.zh.md b/docs/configuration/inbound/socks.zh.md new file mode 100644 index 00000000..fb9accff --- /dev/null +++ b/docs/configuration/inbound/socks.zh.md @@ -0,0 +1,79 @@ +`socks` 入站是一个 socks4, socks4a 和 socks5 服务器. + +### 结构 + +```json +{ + "inbounds": [ + { + "type": "socks", + "tag": "socks-in", + + "listen": "::", + "listen_port": 2080, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, + + "users": [ + { + "username": "admin", + "password": "admin" + } + ] + } + ] +} +``` + +### SOCKS 字段 + +#### users + +SOCKS 用户 + +如果为空则不需要验证。 + +### Listen Fields + +#### listen + +==Required== + +Listen address. + +#### listen_port + +==Required== + +Listen port. + +#### tcp_fast_open + +Enable tcp fast open for listener. + +#### sniff + +Enable sniffing. + +See [Protocol Sniff](/configuration/route/sniff/) for details. + +#### sniff_override_destination + +Override the connection destination address with the sniffed domain. + +If the domain name is invalid (like tor), this will not work. + +#### domain_strategy + +One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +If set, the requested domain name will be resolved to IP before routing. + +If `sniff_override_destination` is in effect, its value will be taken as a fallback. + +#### proxy_protocol + +Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. \ No newline at end of file diff --git a/docs/configuration/inbound/tproxy.md b/docs/configuration/inbound/tproxy.md index dfadc44c..2ce672d6 100644 --- a/docs/configuration/inbound/tproxy.md +++ b/docs/configuration/inbound/tproxy.md @@ -46,7 +46,7 @@ Listen port. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/tproxy.zh.md b/docs/configuration/inbound/tproxy.zh.md new file mode 100644 index 00000000..bf7383a6 --- /dev/null +++ b/docs/configuration/inbound/tproxy.zh.md @@ -0,0 +1,67 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "tproxy", + "tag": "tproxy-in", + + "listen": "::", + "listen_port": 5353, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "udp_timeout": 300, + + "network": "udp" + } + ] +} +``` + +### TProxy 字段 + +#### network + +监听的网络协议,`tcp` `udp` 之一。 + +默认所有。 + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### udp_timeout + +UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 \ No newline at end of file diff --git a/docs/configuration/inbound/trojan.md b/docs/configuration/inbound/trojan.md index 1d71d6e9..1bccff68 100644 --- a/docs/configuration/inbound/trojan.md +++ b/docs/configuration/inbound/trojan.md @@ -36,11 +36,13 @@ #### users +==Required== + Trojan users. #### tls -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound). +TLS configuration, see [TLS](/configuration/shared/tls/#inbound). #### fallback @@ -76,7 +78,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/trojan.zh.md b/docs/configuration/inbound/trojan.zh.md new file mode 100644 index 00000000..5e115f97 --- /dev/null +++ b/docs/configuration/inbound/trojan.zh.md @@ -0,0 +1,101 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "trojan", + "tag": "trojan-in", + + "listen": "::", + "listen_port": 2080, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, + + "users": [ + { + "name": "sekai", + "password": "8JCsPssfgS8tiRwiMlhARg==" + } + ], + "tls": {}, + "fallback": { + "server": "127.0.0.0.1", + "server_port": 8080 + }, + "transport": {} + } + ] +} +``` + +### Trojan 字段 + +#### users + +==必填== + +Trojan 用户. + +#### tls + +==如果启用 HTTP3 则必填== + +TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound). + +#### fallback + +!!! error "" + + 没有证据表明 GFW 基于 HTTP 响应检测并阻止木马服务器,并且在服务器上打开标准 http/s 端口是一个更大的特征。 + +备用服务器配置。 如果为空则禁用。 + +#### transport + +V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。 + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index 9f5f4ed9..7cbb3a4d 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -156,7 +156,7 @@ Exclude android packages in route. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md new file mode 100644 index 00000000..6695115b --- /dev/null +++ b/docs/configuration/inbound/tun.zh.md @@ -0,0 +1,173 @@ +!!! error "" + + 仅支持 Linux, Windows, 和 macOS. + +### 结构 + +```json +{ + "inbounds": [ + { + "type": "tun", + "tag": "tun-in", + "interface_name": "tun0", + "inet4_address": "172.19.0.1/30", + "inet6_address": "fdfe:dcba:9876::1/128", + "mtu": 1500, + "auto_route": true, + "endpoint_independent_nat": false, + "udp_timeout": 300, + "stack": "gvisor", + "include_uid": [ + 0 + ], + "include_uid_range": [ + [ + "1000-99999" + ] + ], + "exclude_uid": [ + 1000 + ], + "exclude_uid_range": [ + "1000-99999" + ], + "include_android_user": [ + 0, + 10 + ], + "include_package": [ + "com.android.chrome" + ], + "exclude_package": [ + "com.android.captiveportallogin" + ], + "sniff": true, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv4" + } + ] +} +``` + +!!! note "" + + 当内容只有一项时,可以忽略 JSON 数组 [] 标签 + +!!! warning "" + + 如果 tun 在非特权模式下运行,地址和 MTU 将不会自动配置,请确保设置正确。 + +### Tun 字段 + +#### interface_name + +虚拟设备名称,如果为空则自动选择。 + +#### inet4_address + +==必填== + +tun 接口的 IPv4 前缀。 + +#### inet6_address + +tun 接口的 IPv6 前缀。 + +#### mtu + +最大传输单元 + +#### auto_route + +设置到 Tun 的默认路由。 + +!!! error "" + + 为避免流量环回,请设置 `route.auto_detect_interface` 或 `route.default_interface` 或 `outbound.bind_interface` + +#### endpoint_independent_nat + +启用独立于端点的 NAT。 + +性能可能会略有下降,所以不建议在不需要的时候开启。 + +#### udp_timeout + +UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 + +#### stack + +TCP/IP 栈. + +| 栈 | 上游 | 状态 | +|------------------|-----------------------------------------------------------------------|-------| +| gVisor (default) | [google/gvisor](https://github.com/google/gvisor) | 推荐 | +| LWIP | [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 | + +!!! warning "" + + 默认安装不包含 LWIP 栈, 请参阅 [安装](/zh/#installation)。 + +#### include_uid + +!!! error "" + + UID 规则仅在 Linux 下被支持,并且需要 `auto_route`. + +限制被路由的的用户。 默认不限制。 + +#### include_uid_range + +限制被路由的的用户范围。 + +#### exclude_uid + +排除路由的的用户。 + +#### exclude_uid_range + +排除路由的的用户范围。 + +#### include_android_user + +!!! error "" + + Android 用户和应用规则仅在 Android 下被支持,并且需要 `auto_route`. + +限制被路由的 Android 用户。 + +| Common user | ID | +|--------------|-----| +| Main | 0 | +| Work Profile | 10 | + +#### include_package + +限制被路由的 Android 应用包名。 + +#### exclude_package + +排除路由的 Android 应用包名。 + +### 监听字段 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 diff --git a/docs/configuration/inbound/vmess.md b/docs/configuration/inbound/vmess.md index 61e49970..3a185502 100644 --- a/docs/configuration/inbound/vmess.md +++ b/docs/configuration/inbound/vmess.md @@ -33,6 +33,8 @@ #### users +==Required== + VMess users. | Alter ID | Description | @@ -46,7 +48,7 @@ VMess users. #### tls -TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound). +TLS configuration, see [TLS](/configuration/shared/tls/#inbound). #### transport @@ -74,7 +76,7 @@ Enable tcp fast open for listener. Enable sniffing. -See [Sniff](/configuration/route/sniff/) for details. +See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/vmess.zh.md b/docs/configuration/inbound/vmess.zh.md new file mode 100644 index 00000000..900cc2e2 --- /dev/null +++ b/docs/configuration/inbound/vmess.zh.md @@ -0,0 +1,97 @@ +### 结构 + +```json +{ + "inbounds": [ + { + "type": "vmess", + "tag": "vmess-in", + + "listen": "::", + "listen_port": 2080, + "tcp_fast_open": false, + "sniff": false, + "sniff_override_destination": false, + "domain_strategy": "prefer_ipv6", + "proxy_protocol": false, + + "users": [ + { + "name": "sekai", + "uuid": "bf000d23-0752-40b4-affe-68f7707a9661", + "alterId": 0 + } + ], + "tls": {}, + "transport": {} + } + ] +} +``` + +### VMess 字段 + +#### users + +==必填== + +VMess 用户. + +| Alter ID | 描述 | +|----------|-------| +| 0 | 禁用旧协议 | +| > 0 | 启用旧协议 | + +!!! warning "" + + 提供旧协议支持(VMess MD5 身份验证)仅出于兼容性目的,不建议使用 alterId > 1。 + +#### tls + +TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound). + +#### transport + +V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。 + +### 监听字段 + +#### listen + +==必填== + +监听地址 + +#### listen_port + +==必填== + +监听端口 + +#### tcp_fast_open + +为监听器启用 TCP 快速打开 + +#### sniff + +启用协议探测。 + +参阅 [协议探测](/zh/configuration/route/sniff/) + +#### sniff_override_destination + +用探测出的域名覆盖连接目标地址。 + +如果域名无效(如 Tor),将不生效。 + +#### domain_strategy + +可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. + +如果设置,请求的域名将在路由之前解析为 IP。 + +如果 `sniff_override_destination` 生效,它的值将作为后备。 + +#### proxy_protocol + +解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 diff --git a/docs/configuration/route/geoip.zh.md b/docs/configuration/route/geoip.zh.md index 43bb4f61..1dceef70 100644 --- a/docs/configuration/route/geoip.zh.md +++ b/docs/configuration/route/geoip.zh.md @@ -18,7 +18,7 @@ 指定 GeoIP 资源的路径。 -如果为空,则使用 `geoip.db`。 +如果为空,将使用 `geoip.db`。 #### download_url @@ -30,4 +30,4 @@ 用于下载 GeoIP 资源的出站的标签。 -如果为空,则使用默认出站。 \ No newline at end of file +如果为空,将使用默认出站。 \ No newline at end of file diff --git a/docs/configuration/route/geosite.zh.md b/docs/configuration/route/geosite.zh.md index 633a227a..fb184c7c 100644 --- a/docs/configuration/route/geosite.zh.md +++ b/docs/configuration/route/geosite.zh.md @@ -18,7 +18,7 @@ 指定 GeoSite 资源的路径。 -如果为空,则使用 `geosite.db`。 +如果为空,将使用 `geosite.db`。 #### download_url @@ -30,4 +30,4 @@ 用于下载 GeoSite 资源的出站的标签。 -如果为空,则使用默认出站。 \ No newline at end of file +如果为空,将使用默认出站。 \ No newline at end of file diff --git a/docs/configuration/route/rule.zh.md b/docs/configuration/route/rule.zh.md index ac80b143..b9a4074a 100644 --- a/docs/configuration/route/rule.zh.md +++ b/docs/configuration/route/rule.zh.md @@ -212,7 +212,7 @@ #### outbound -==必须== +==必填== 目标出站的标签。 @@ -236,6 +236,6 @@ #### outbound -==必须== +==必填== 目标出站的标签。 diff --git a/docs/configuration/shared/tls.zh.md b/docs/configuration/shared/tls.zh.md index 41eda2af..2e46a31c 100644 --- a/docs/configuration/shared/tls.zh.md +++ b/docs/configuration/shared/tls.zh.md @@ -32,7 +32,7 @@ !!! warning "" - 默认安装不包括 ACME, 参阅 [安装](/zh/#installation). + 默认安装不包含 ACME, 参阅 [安装](/zh/#installation). ### 出站 @@ -93,7 +93,7 @@ TLS 版本值: 它还包含在 ClientHello 中以支持虚拟主机,除非它是 IP 地址。 -检阅 [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication). +参阅 [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication). #### insecure @@ -107,7 +107,7 @@ TLS 版本值: 如果两个对等点都支持 ALPN,则选择的协议将是此列表中的一个,如果没有相互支持的协议则连接将失败。 -检阅 [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation). +参阅 [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation). #### min_version @@ -162,7 +162,7 @@ TLS 版本值: ACME 数据目录。 -如果为空,则使用 `$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic`。 +如果为空,将使用 `$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic`。 #### default_server_name diff --git a/docs/configuration/shared/v2ray-transport.md b/docs/configuration/shared/v2ray-transport.md index ae771d31..a1e4b277 100644 --- a/docs/configuration/shared/v2ray-transport.md +++ b/docs/configuration/shared/v2ray-transport.md @@ -22,7 +22,7 @@ Available transports: * No mKCP transport. * No DomainSocket transport. -!!! note +!!! note "" You can ignore the JSON Array [] tag when the content is only one item diff --git a/docs/configuration/shared/v2ray-transport.zh.md b/docs/configuration/shared/v2ray-transport.zh.md index 8c243168..651b27f8 100644 --- a/docs/configuration/shared/v2ray-transport.zh.md +++ b/docs/configuration/shared/v2ray-transport.zh.md @@ -21,7 +21,7 @@ V2Ray Transport 是 v2ray 发明的一组私有协议,并污染了其他协议 * 没有 mKCP 传输层。 * 没有 DomainSocket 传输层。 -!!! note +!!! note "" 当内容只有一项时,可以忽略 JSON 数组 [] 标签 @@ -39,7 +39,7 @@ V2Ray Transport 是 v2ray 发明的一组私有协议,并污染了其他协议 !!! warning "与 v2ray-core 的区别" - 不强制执行 TLS。 如果未配置 TLS,则使用纯 HTTP 1.1。 + 不强制执行 TLS。 如果未配置 TLS,将使用纯 HTTP 1.1。 #### host @@ -116,7 +116,7 @@ HTTP 请求的额外标头 !!! warning "" - 默认安装不包括 gRPC, 参阅 [安装](/zh/#installation). + 默认安装不包含 gRPC, 参阅 [安装](/zh/#installation). ```json {