mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-22 00:21:30 +00:00
Update documentation
This commit is contained in:
parent
d727710d60
commit
ebf5cbf1b9
|
@ -1,6 +1,6 @@
|
|||
package constant
|
||||
|
||||
var (
|
||||
Version = "1.1-beta1"
|
||||
Version = "1.1-beta2"
|
||||
Commit = ""
|
||||
)
|
||||
|
|
|
@ -1,3 +1,28 @@
|
|||
#### 1.1-beta2
|
||||
|
||||
* Add Clash mode and persistence support **1**
|
||||
* Add TLS ECH and uTLS support for outbound TLS options **2**
|
||||
* Fix socks4 request
|
||||
* Fix processing empty dns result
|
||||
|
||||
*1*:
|
||||
|
||||
Switching modes using the Clash API, and `store-selected` are now supported,
|
||||
see [Experimental](/configuration/experimental).
|
||||
|
||||
*2*:
|
||||
|
||||
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
|
||||
message, see [TLS#ECH](/configuration/shared/tls#ech).
|
||||
|
||||
uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance,
|
||||
see [TLS#uTLS](/configuration/shared/tls#utls).
|
||||
|
||||
#### 1.0.2
|
||||
|
||||
* Fix socks4 request
|
||||
* Fix processing empty dns result
|
||||
|
||||
#### 1.1-beta1
|
||||
|
||||
* Add support for use with android VPNService **1**
|
||||
|
|
|
@ -73,6 +73,7 @@
|
|||
"user_id": [
|
||||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"invert": false,
|
||||
"outbound": [
|
||||
"direct"
|
||||
|
@ -208,6 +209,10 @@ Match user name.
|
|||
|
||||
Match user id.
|
||||
|
||||
#### clash_mode
|
||||
|
||||
Match Clash mode.
|
||||
|
||||
#### invert
|
||||
|
||||
Invert match result.
|
||||
|
|
|
@ -72,6 +72,7 @@
|
|||
"user_id": [
|
||||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"invert": false,
|
||||
"outbound": [
|
||||
"direct"
|
||||
|
@ -207,6 +208,10 @@
|
|||
|
||||
匹配用户 ID。
|
||||
|
||||
#### clash_mode
|
||||
|
||||
匹配 Clash 模式。
|
||||
|
||||
#### invert
|
||||
|
||||
反选匹配结果。
|
||||
|
|
|
@ -8,7 +8,10 @@
|
|||
"clash_api": {
|
||||
"external_controller": "127.0.0.1:9090",
|
||||
"external_ui": "folder",
|
||||
"secret": ""
|
||||
"secret": "",
|
||||
"default_mode": "rule",
|
||||
"store_selected": false,
|
||||
"cache_file": "cache.db"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -26,7 +29,7 @@
|
|||
|
||||
#### external_controller
|
||||
|
||||
RESTful web API listening address. Disabled if empty.
|
||||
RESTful web API listening address. Clash API will be disabled if empty.
|
||||
|
||||
#### external_ui
|
||||
|
||||
|
@ -38,4 +41,22 @@ serve it at `http://{{external-controller}}/ui`.
|
|||
|
||||
Secret for the RESTful API (optional)
|
||||
Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
|
||||
ALWAYS set a secret if RESTful API is listening on 0.0.0.0
|
||||
ALWAYS set a secret if RESTful API is listening on 0.0.0.0
|
||||
|
||||
#### default_mode
|
||||
|
||||
Default mode in clash, `rule` will be used if empty.
|
||||
|
||||
This setting has no direct effect, but can be used in routing and DNS rules via the `clash_mode` rule item.
|
||||
|
||||
#### store_selected
|
||||
|
||||
!!! note ""
|
||||
|
||||
The tag must be set for target outbounds.
|
||||
|
||||
Store selected outbound for the `Selector` outbound in cache file.
|
||||
|
||||
#### cache_file
|
||||
|
||||
Cache file path, `cache.db` will be used if empty.
|
|
@ -8,7 +8,10 @@
|
|||
"clash_api": {
|
||||
"external_controller": "127.0.0.1:9090",
|
||||
"external_ui": "folder",
|
||||
"secret": ""
|
||||
"secret": "",
|
||||
"default_mode": "rule",
|
||||
"store_selected": false,
|
||||
"cache_file": "cache.db"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -26,7 +29,7 @@
|
|||
|
||||
#### external_controller
|
||||
|
||||
RESTful web API 监听地址。
|
||||
RESTful web API 监听地址。如果为空,则禁用 Clash API。
|
||||
|
||||
#### external_ui
|
||||
|
||||
|
@ -36,4 +39,22 @@ RESTful web API 监听地址。
|
|||
|
||||
RESTful API 的密钥(可选)
|
||||
通过指定 HTTP 标头 `Authorization: Bearer ${secret}` 进行身份验证
|
||||
如果 RESTful API 正在监听 0.0.0.0,请始终设置一个密钥。
|
||||
如果 RESTful API 正在监听 0.0.0.0,请始终设置一个密钥。
|
||||
|
||||
#### default_mode
|
||||
|
||||
Clash 中的默认模式,默认使用 `rule`。
|
||||
|
||||
此设置没有直接影响,但可以通过 `clash_mode` 规则项在路由和 DNS 规则中使用。
|
||||
|
||||
#### store_selected
|
||||
|
||||
!!! note ""
|
||||
|
||||
必须为目标出站设置标签。
|
||||
|
||||
将 `Selector` 中出站的选定的目标出站存储在缓存文件中。
|
||||
|
||||
#### cache_file
|
||||
|
||||
缓存文件路径,默认使用`cache.db`。
|
|
@ -80,6 +80,7 @@
|
|||
"user_id": [
|
||||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"invert": false,
|
||||
"outbound": "direct"
|
||||
},
|
||||
|
@ -219,6 +220,10 @@ Match user name.
|
|||
|
||||
Match user id.
|
||||
|
||||
#### clash_mode
|
||||
|
||||
Match Clash mode.
|
||||
|
||||
#### invert
|
||||
|
||||
Invert match result.
|
||||
|
|
|
@ -78,6 +78,7 @@
|
|||
"user_id": [
|
||||
1000
|
||||
],
|
||||
"clash_mode": "direct",
|
||||
"invert": false,
|
||||
"outbound": "direct"
|
||||
},
|
||||
|
@ -217,6 +218,10 @@
|
|||
|
||||
匹配用户 ID。
|
||||
|
||||
#### clash_mode
|
||||
|
||||
匹配 Clash 模式。
|
||||
|
||||
#### invert
|
||||
|
||||
反选匹配结果。
|
||||
|
|
|
@ -30,10 +30,6 @@
|
|||
}
|
||||
```
|
||||
|
||||
!!! warning ""
|
||||
|
||||
ACME is not included by default, see [Installation](/#installation).
|
||||
|
||||
### Outbound
|
||||
|
||||
```json
|
||||
|
@ -47,7 +43,17 @@
|
|||
"max_version": "",
|
||||
"cipher_suites": [],
|
||||
"certificate": "",
|
||||
"certificate_path": ""
|
||||
"certificate_path": "",
|
||||
"ech": {
|
||||
"enabled": false,
|
||||
"pq_signature_schemes_enabled": false,
|
||||
"dynamic_record_sizing_disabled": false,
|
||||
"config": ""
|
||||
},
|
||||
"utls": {
|
||||
"enabled": false,
|
||||
"fingerprint": ""
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -155,8 +161,48 @@ The server private key, in PEM format.
|
|||
|
||||
The path to the server private key, in PEM format.
|
||||
|
||||
#### ech
|
||||
|
||||
==Client only==
|
||||
|
||||
!!! warning ""
|
||||
|
||||
ECH is not included by default, see [Installation](/#installation).
|
||||
|
||||
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
|
||||
message.
|
||||
|
||||
If you don't know how to fill in the other configuration, just set `enabled`.
|
||||
|
||||
#### utls
|
||||
|
||||
==Client only==
|
||||
|
||||
!!! warning ""
|
||||
|
||||
uTLS is not included by default, see [Installation](/#installation).
|
||||
|
||||
!!! note ""
|
||||
|
||||
uTLS is poorly maintained and the effect may be unproven, use at your own risk.
|
||||
|
||||
uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance.
|
||||
|
||||
Available fingerprint values:
|
||||
|
||||
* chrome
|
||||
* firefox
|
||||
* ios
|
||||
* android
|
||||
* random
|
||||
|
||||
|
||||
### ACME Fields
|
||||
|
||||
!!! warning ""
|
||||
|
||||
ACME is not included by default, see [Installation](/#installation).
|
||||
|
||||
#### domain
|
||||
|
||||
List of domain.
|
||||
|
@ -205,10 +251,6 @@ listener for the HTTP challenge.
|
|||
The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to
|
||||
succeed.
|
||||
|
||||
### Reload
|
||||
|
||||
For server configuration, certificate and key will be automatically reloaded if modified.
|
||||
|
||||
#### external_account
|
||||
|
||||
EAB (External Account Binding) contains information necessary to bind or map an ACME account to some other account known
|
||||
|
@ -226,4 +268,8 @@ The key identifier.
|
|||
|
||||
#### external_account.mac_key
|
||||
|
||||
The MAC key.
|
||||
The MAC key.
|
||||
|
||||
### Reload
|
||||
|
||||
For server configuration, certificate and key will be automatically reloaded if modified.
|
|
@ -30,10 +30,6 @@
|
|||
}
|
||||
```
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包含 ACME,参阅 [安装](/zh/#_2)。
|
||||
|
||||
### 出站
|
||||
|
||||
```json
|
||||
|
@ -47,7 +43,17 @@
|
|||
"max_version": "",
|
||||
"cipher_suites": [],
|
||||
"certificate": "",
|
||||
"certificate_path": ""
|
||||
"certificate_path": "",
|
||||
"ech": {
|
||||
"enabled": false,
|
||||
"pq_signature_schemes_enabled": false,
|
||||
"dynamic_record_sizing_disabled": false,
|
||||
"config": ""
|
||||
},
|
||||
"utls": {
|
||||
"enabled": false,
|
||||
"fingerprint": ""
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -155,8 +161,47 @@ TLS 版本值:
|
|||
|
||||
服务器 PEM 私钥路径。
|
||||
|
||||
#### ech
|
||||
|
||||
==仅客户端==
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包含 ECH, 参阅 [安装](/zh/#_2)。
|
||||
|
||||
ECH (Encrypted Client Hello) 是一个 TLS 扩展,它允许客户端加密其 ClientHello 的第一部分
|
||||
信息。
|
||||
|
||||
如果您不知道如何填写其他配置,只需设置 `enabled` 即可。
|
||||
|
||||
#### utls
|
||||
|
||||
==仅客户端==
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包含 uTLS, 参阅 [安装](/zh/#_2)。
|
||||
|
||||
!!! note ""
|
||||
|
||||
uTLS 维护不善且其效果可能未经证实,使用风险自负。
|
||||
|
||||
uTLS 是 "crypto/tls" 的一个分支,它提供了 ClientHello 指纹识别阻力。
|
||||
|
||||
可用的指纹值:
|
||||
|
||||
* chrome
|
||||
* firefox
|
||||
* ios
|
||||
* android
|
||||
* random
|
||||
|
||||
### ACME 字段
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包含 ACME,参阅 [安装](/zh/#_2)。
|
||||
|
||||
#### domain
|
||||
|
||||
一组域名。
|
||||
|
@ -203,10 +248,6 @@ ACME 数据目录。
|
|||
|
||||
用于 ACME TLS-ALPN 质询的备用端口; 系统必须将 443 转发到此端口以使质询成功。
|
||||
|
||||
### Reload
|
||||
|
||||
对于服务器配置,如果修改,证书和密钥将自动重新加载。
|
||||
|
||||
#### external_account
|
||||
|
||||
EAB(外部帐户绑定)包含将 ACME 帐户绑定或映射到其他已知帐户所需的信息由 CA。
|
||||
|
@ -222,4 +263,8 @@ EAB(外部帐户绑定)包含将 ACME 帐户绑定或映射到其他已知
|
|||
|
||||
#### external_account.mac_key
|
||||
|
||||
MAC 密钥。
|
||||
MAC 密钥。
|
||||
|
||||
### 重载
|
||||
|
||||
对于服务器配置,如果修改,证书和密钥将自动重新加载。
|
|
@ -27,6 +27,8 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat
|
|||
| `with_quic` | Build with QUIC support, see [QUIC and HTTP3 dns transports](./configuration/dns/server), [Naive inbound](./configuration/inbound/naive), [Hysteria Inbound](./configuration/inbound/hysteria), [Hysteria Outbound](./configuration/outbound/hysteria) and [V2Ray Transport#QUIC](./configuration/shared/v2ray-transport#quic). |
|
||||
| `with_grpc` | Build with standard gRPC support, see [V2Ray Transport#gRPC](./configuration/shared/v2ray-transport#grpc). |
|
||||
| `with_wireguard` | Build with WireGuard support, see [WireGuard outbound](./configuration/outbound/wireguard). |
|
||||
| `with_ech` | Build with TLS ECH extension support for TLS outbound, see [TLS](./configuration/shared/tls#ech). |
|
||||
| `with_utls` | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](./configuration/shared/tls#utls). |
|
||||
| `with_acme` | Build with ACME TLS certificate issuer support, see [TLS](./configuration/shared/tls). |
|
||||
| `with_clash_api` | Build with Clash API support, see [Experimental](./configuration/experimental#clash-api-fields). |
|
||||
| `no_gvisor` | Build without gVisor Tun stack support, see [Tun inbound](./configuration/inbound/tun#stack). |
|
||||
|
|
|
@ -27,6 +27,8 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat
|
|||
| `with_quic` | 启用 QUIC 支持,参阅 [QUIC 和 HTTP3 DNS 传输层](./configuration/dns/server),[Naive 入站](./configuration/inbound/naive),[Hysteria 入站](./configuration/inbound/hysteria),[Hysteria 出站](./configuration/outbound/hysteria) 和 [V2Ray 传输层#QUIC](./configuration/shared/v2ray-transport#quic)。 |
|
||||
| `with_grpc` | 启用标准 gRPC 支持,参阅 [V2Ray 传输层#gRPC](./configuration/shared/v2ray-transport#grpc)。 |
|
||||
| `with_wireguard` | 启用 WireGuard 支持,参阅 [WireGuard 出站](./configuration/outbound/wireguard)。 |
|
||||
| `with_ech` | 启用 TLS ECH 扩展支持,参阅 [TLS](./configuration/shared/tls#ech)。 |
|
||||
| `with_utls` | 启用 [uTLS](https://github.com/refraction-networking/utls) 支持, 参阅 [TLS](./configuration/shared/tls#utls)。 |
|
||||
| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](./configuration/shared/tls)。 |
|
||||
| `with_clash_api` | 启用 Clash api 支持,参阅 [实验性](./configuration/experimental#clash-api-fields)。 |
|
||||
| `no_gvisor` | 禁用 gVisor Tun 栈支持,参阅 [Tun 入站](./configuration/inbound/tun#stack)。 |
|
||||
|
|
Loading…
Reference in a new issue