purgatory/Xray-docs-next
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-docs-next.git synced 2025-01-19 09:11:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix prettier format

Browse Source
This commit is contained in:
yuhan6665 2023-05-19 11:06:51 -04:00
parent 80bb764114
commit 289cda827a
14 changed files with 88 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/en/development/intro/compile.md
View File

@ -51,7 +51,7 @@ If you need to compile a program that can be debugged, i.e., you can use dlv to
- w option disables the generation of debug information. After using this option, gdb cannot be used for debugging.
- s option disables the symbol table.
PS: Actually, debugging with vscode or other IDEs seems to be more convenient.
PS: Actually, debugging with vscode or other IDEs seems to be more convenient.
## Cross compilation:
@ -77,4 +77,4 @@ Following the above steps, it is possible to compile and release an identical bi
::: warning
Please confirm that you are using the same Golang version as the one used to compile the release.
:::
:::

2
docs/en/development/intro/design.md
View File

@ -40,4 +40,4 @@ The two parts are independent of each other, where the inbound proxy does not re
### Transport Layer
The transport layer provides a set of tools and modules related to network data transmission.
The transport layer provides a set of tools and modules related to network data transmission.

2
docs/en/development/intro/guide.md
View File

@ -128,4 +128,4 @@ Basic practices are consistent with the recommendations of the official Golang,
#### Content Organization
- A file contains a main type and its related private functions;
- Testing-related files, such as Mock tools, should be placed in the testing subdirectory.
- Testing-related files, such as Mock tools, should be placed in the testing subdirectory.

2
docs/en/document/level-0/README.md
View File

@ -22,4 +22,4 @@ Made with ❤️ by [@ricuhkaen](https://github.com/ricuhkaen)
[Chapter 8: Xray Client](./ch08-xray-clients.md) - A New Beginning.
[Chapter 9] Appendix - All the exam points are here.
[Chapter 9] Appendix - All the exam points are here.

4
docs/en/document/level-0/ch01-preface.md
View File

@ -66,7 +66,7 @@ The so-called "airport" refers to the "line provider". They are responsible for
2. **Multiple Line Options**: Can unlock network services in different countries and regions, such as iplc dedicated line services, game acceleration services, etc.
3. **Multiple Access Nodes**: Therefore, it has a stronger ability to resist node blocking, if one is blocked, just switch to another one.
2. Risks of "Airport"
- Risks of "Airport"
"The other side of the coin of 'convenience' is 'risk'. Based on the technical characteristics and market conditions of the 'airport', its risks include at least:"
@ -97,4 +97,4 @@ In short, the goal of this article is to serve as a starting point for users wit
## 1.8 Your Progress
> ⬛⬜⬜⬜⬜⬜⬜⬜ 12.5%
> ⬛⬜⬜⬜⬜⬜⬜⬜ 12.5%

6
docs/en/document/level-0/ch02-preparation.md
View File

@ -35,12 +35,12 @@ This is **not** a real usable website. Please replace it with your real website
1. SSH remote login tool
- Windows: [PuTTY](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)
- macOS/Linux: Terminal
- macOS/Linux: Terminal
2. Remote file copying tool
- Windows: [WinSCP](https://winscp.net/eng/index.php)
- macOS/Linux: Terminal
- macOS/Linux: Terminal
3. Reliable text editor
- Windows/macOS/Linux: [VSCode](https://code.visualstudio.com)
@ -49,4 +49,4 @@ This is **not** a real usable website. Please replace it with your real website
If you have all the raw materials ready as mentioned above, you have already obtained the key to unlocking the door to a new world. So, what are you waiting for? Let's quickly move on to the next chapter and step through this door!
> ⬛⬛⬜⬜⬜⬜⬜⬜ 25%
> ⬛⬛⬜⬜⬜⬜⬜⬜ 25%

4
docs/en/document/level-0/ch03-ssh.md
View File

@ -66,7 +66,7 @@ The first two are pretty straightforward, no need to explain further. The third
```shell
apt update
```
```
This is a command used in a Linux terminal to update the package list from the repositories configured on the system.
@ -86,4 +86,4 @@ This is a command in the shell terminal to upgrade the installed packages on a D
**Congratulations on taking another solid step!** Now, you can log in to your remote server via SSH! After logging in, besides upgrading the software, what else should you do? Please enter the next chapter to find out!
> ⬛⬛⬛⬜⬜⬜⬜⬜ 37.5%
> ⬛⬛⬛⬜⬜⬜⬜⬜ 37.5%

61
docs/en/document/level-0/ch04-security.md
View File

@ -65,7 +65,7 @@ Now, let's solve the problem of "port = `22`". (Note: some VPS service providers
```shell
nano /etc/ssh/sshd_config
```
```
This is a command in the shell terminal to open the `sshd_config` file located in the `/etc/ssh/` directory using the `nano` text editor.
@ -73,7 +73,7 @@ This is a command in the shell terminal to open the `sshd_config` file located i
![Interface of nano](./ch04-img01-nano-ui.png)
5) The second thing we need to do is to **find the `Port` item in the opened file and modify its port**. The number after `Port` is the SSH port. It is generally recommended to change it to an integer greater than `1024` and less than `65535` (this article takes `9753` as an example). Please think about how to operate it with the shortcut keys of `nano`. You are right again! It is:
5. The second thing we need to do is to **find the `Port` item in the opened file and modify its port**. The number after `Port` is the SSH port. It is generally recommended to change it to an integer greater than `1024` and less than `65535` (this article takes `9753` as an example). Please think about how to operate it with the shortcut keys of `nano`. You are right again! It is:
- Use `ctrl+w` to enter search mode, then type `Port 22` and press Enter
- Delete `22` and replace it with `9753`
@ -92,7 +92,7 @@ This article uses `9753` as an example, which means that with the release of thi
```shell
systemctl restart ssh
```
```
This is a shell command to restart the SSH service.
@ -131,8 +131,8 @@ After executing the command, follow the prompts to operate. Be sure to set a use
![Creating a new user](./ch04-img03-adduser.png)
::: warning
This article takes "vpsadmin" as an example, which means that with the release of this article, this username will also become a significant feature, and may be the first choice for attackers to try. Therefore, just like ports, I strongly recommend that you use another username that you come up with yourself.
:::
This article takes "vpsadmin" as an example, which means that with the release of this article, this username will also become a significant feature, and may be the first choice for attackers to try. Therefore, just like ports, I strongly recommend that you use another username that you come up with yourself.
:::
3. The complete process demonstration is as follows:
@ -152,7 +152,7 @@ You may have noticed that this command actually consists of two commands. The fi
```shell
visudo
```
```
(Note: `visudo` is a command used in Linux/Unix systems to edit the sudoers file, which specifies which users or groups are allowed to run certain commands with administrative privileges.)
@ -173,7 +173,7 @@ If you want to follow the traditional practice and enter a password every time y
```shell
nano /etc/ssh/sshd_config
```
```
This is a command line instruction to open and edit the `sshd_config` file located at `/etc/ssh/` using the `nano` text editor.
@ -234,8 +234,8 @@ Now let's configure the [Key Authentication]!
![Generate Key](./ch04-img08-puttygen-save.png)
::: warning
The example in this image is based on a `2048`-bit `RSA` key. However, in reality, if you want to achieve the same level of security as a `256`-bit key for `EDCSA/Ed25519`, you need to use a `3072`-bit `RSA` key. (i.e., change the number in the bottom right corner to `3072`)
:::
The example in this image is based on a `2048`-bit `RSA` key. However, in reality, if you want to achieve the same level of security as a `256`-bit key for `EDCSA/Ed25519`, you need to use a `3072`-bit `RSA` key. (i.e., change the number in the bottom right corner to `3072`)
:::
2. You can add a password to your private key to increase security.
3. Click on `Save public key` to save the public key with the file name `id_rsa.pub`.
@ -246,52 +246,51 @@ Now let's configure the [Key Authentication]!
2. Upload the public key to the "vpsadmin" user on the VPS.
1. This step requires the use of the previously prepared `WinSCP`.
2. Go to the [official website](https://winscp.net/eng/index.php) to download and install. It will prompt you to import PuTTY settings, and of course, you can import them with one click!
1, This step requires the use of the previously prepared `WinSCP`.
2, Go to the [official website](https://winscp.net/eng/index.php) to download and install. It will prompt you to import PuTTY settings, and of course, you can import them with one click!
![One-click Import Session](./ch04-img10-winscp-import-session.png)
3. If there is no prompt for import or you have already installed it in advance, configure it according to the following figure.
3, If there is no prompt for import or you have already installed it in advance, configure it according to the following figure.
![WinSCP login settings](./ch04-img11-winscp-ui.png)
4. The directory on the left side of WinSCP is the folder and files on your local computer. Please locate the folder where the key is stored.
4, The directory on the left side of WinSCP is the folder and files on your local computer. Please locate the folder where the key is stored.
5. The directory on the right side of WinSCP is the folder and files on the VPS server, which are located in the `/home/vpsadmin/` folder by default. To display hidden files, please click on `X hidden` in the lower right corner.
5, The directory on the right side of WinSCP is the folder and files on the VPS server, which are located in the `/home/vpsadmin/` folder by default. To display hidden files, please click on `X hidden` in the lower right corner.
![Local and remote folders](./ch04-img12-winscp-locations.png)
6. Right-click on the right side (in VPS) and create a new folder named `.ssh` (note the period at the beginning).
6, Right-click on the right side (in VPS) and create a new folder named `.ssh` (note the period at the beginning).
![Create a folder to place public key in VPS](./ch04-img13-winscp-newfolder-key.png)
7. Upload the [public key] `authorized_keys` to the `.ssh` folder.
7, Upload the [public key] `authorized_keys` to the `.ssh` folder.
![Upload authorized_keys](./ch04-img14-winscp-upload-key.png)
8. When uploading, rename the [public key] from `authorized_keys.txt` to `authorized_keys` (remove the `.txt` extension).
8, When uploading, rename the [public key] from `authorized_keys.txt` to `authorized_keys` (remove the `.txt` extension).
![Ensure there is no file extension](./ch04-img15-winscp-rename-key.png)
9. The complete process demonstration is as follows:
9, The complete process demonstration is as follows:
![Complete demonstration of WinSCP operation](./ch04-img16-winscp-full.gif)
3. Enable RSA key authentication for SSH login and disable password authentication login on the VPS side.
1. Basic Linux Commands:
| Number | Command | Description |
| :------: | :-----: | :-----------------------------------------------: |
| `cmd-08` | `sudo` | Run a command with `root` privileges |
| `cmd-09` | `chmod` | Change the permissions of a target file/directory |
2. SSH remote connection to VPS (PuTTY)
3. Change the permission of the `authorized_keys` file to `600` (only the owner can read and write).
- Basic Linux Commands:
| Number | Command | Description |
| :------: | :-----: | :-----------------------------------------------: |
| `cmd-08` | `sudo` | Run a command with `root` privileges |
| `cmd-09` | `chmod` | Change the permissions of a target file/directory |
- SSH remote connection to VPS (PuTTY)
- Change the permission of the `authorized_keys` file to `600` (only the owner can read and write).
```shell
chmod 600 ~/.ssh/authorized_keys
```
```
This is a command in shell script to change the permissions of the `authorized_keys` file to `600` for the current user's SSH directory (`~/.ssh/`).
@ -299,7 +298,7 @@ This is a command in shell script to change the permissions of the `authorized_k
```shell
sudo nano /etc/ssh/sshd_config
```
```
(This is a command in the shell/terminal to open the sshd_config file located in the /etc/ssh/ directory with the sudo privilege using the nano text editor.)
@ -311,7 +310,7 @@ sudo nano /etc/ssh/sshd_config
```shell
sudo systemctl restart ssh
```
```
This is a command in the shell terminal to restart the SSH service with root privileges using the `systemctl` command.
@ -343,4 +342,4 @@ Up to this point, your VPS has completed the basic security measures of [port],
Now that we finally have a secure system foundation, in the next chapter, we can start step by step to install and configure the infrastructure that Xray needs! (What infrastructure? A web page, a certificate)
> ⬛⬛⬛⬛⬜⬜⬜⬜ 50%
> ⬛⬛⬛⬛⬜⬜⬜⬜ 50%

11
docs/en/document/level-0/ch05-webpage.md
View File

@ -31,15 +31,15 @@ Now let's answer the second question:
## 5.3 Create the simplest web page
1. Basic Linux commands for beginners:
| No. | Command Name | Command Description |
| No. | Command Name | Command Description |
| :------: | :----------------: | :-----------------------: |
| `cmd-10` | `mkdir` | Create a new folder |
| `cmd-10` | `mkdir` | Create a new folder |
| `cmd-11` | `systemctl reload` | Reload a specific service |
2. Basic Linux configuration files for beginners:
| No. | Configuration File Location | File Description |
| No. | Configuration File Location | File Description |
| :-------: | :-------------------------: | :--------------------: |
| `conf-02` | `/etc/nginx/nginx.conf` | Nginx program settings |
| `conf-02` | `/etc/nginx/nginx.conf` | Nginx program settings |
3. Create a dedicated folder `/home/vpsadmin/www/webpage/` for the website and create the web page file `index.html`
```shell
@ -152,11 +152,10 @@ If you encounter any errors, please carefully review the explanations in Steps 3
::: warning
In the early stages of this article, a lot of space has been devoted to explaining the importance of using a **non-root user** for security, and the entire article is written based on this premise. So, issues caused by using a **root user** are not within the scope of this article.
But I believe that students who persist in using the `root` user should have their own opinions, strong hands-on ability, or have a certain foundation in Linux. I have already explained the crux of the problem, and I believe you can solve it on your own.
## 5.5 Your Progress
So far, Xray's first infrastructure [webpage] has been established. Let's now move on to the second infrastructure [certificate]!
> ⬛⬛⬛⬛⬛⬜⬜⬜ 62.5%
> ⬛⬛⬛⬛⬛⬜⬜⬜ 62.5%

20
docs/en/document/level-0/ch06-certificates.md
View File

@ -15,9 +15,9 @@ In addition, I believe that you have gradually become familiar with the basic op
## 6.2 Install `acme.sh`
1. Basic Linux commands for beginners:
| Number | Command | Description |
| Number | Command | Description |
| :------: | :-------: | :------------------------------------------------: |
| `cmd-12` | `wget` | Retrieve (or download) a webpage file |
| `cmd-12` | `wget` | Retrieve (or download) a webpage file |
| `cmd-13` | `acme.sh` | Commands related to acme.sh certificate management |
2. Run the installation script.
@ -52,18 +52,18 @@ Before officially applying for the certificate, we use the testing command (`--i
```shell
acme.sh --issue --server letsencrypt --test -d subdomain.yourdomain.com -w /home/vpsadmin/www/webpage --keylength ec-256
```
```
(Note: This is a command in shell script for obtaining SSL certificate from Let's Encrypt CA using ACME protocol. It specifies the test server, the subdomain for which the certificate is requested, the webroot directory of the subdomain, and the key length to use for the certificate.)
::: warning Explanation
The main advantage of the `ECC` certificate is that its `Keysize` is smaller, which means that security is improved and encryption and decryption speed is faster for the same size. Why not choose ECC-256bit, which is approximately equivalent to RSA-3072bit in strength? Of course, some people say that the ECC certificate handshake is significantly faster, which I think is a bit exaggerated, because RSA handshake is not too slow either. Even if there is a difference, it should be in milliseconds and difficult to perceive directly.
The main advantage of the `ECC` certificate is that its `Keysize` is smaller, which means that security is improved and encryption and decryption speed is faster for the same size. Why not choose ECC-256bit, which is approximately equivalent to RSA-3072bit in strength? Of course, some people say that the ECC certificate handshake is significantly faster, which I think is a bit exaggerated, because RSA handshake is not too slow either. Even if there is a difference, it should be in milliseconds and difficult to perceive directly.
In addition, if some websites do need to be compatible with certain old devices, please still choose RSA certificates according to your needs.
2. You should eventually see a prompt similar to this:
```log
````log
[Wed 30 Dec 2022 04:25:12 AM EST] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 30 Dec 2022 04:25:13 AM EST] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 30 Dec 2022 04:25:13 AM EST] Create account key ok.
@ -118,7 +118,7 @@ yiLKcBFc5H7dgJCImo7us7aJeftC44uWkPIjw9AKH=
```shell
acme.sh --issue --server letsencrypt --test -d subdomain.yourdomain.com -w /home/vpsadmin/www/webpage --keylength ec-256 --debug
```
````
(Note: This command is written in Chinese characters, therefore I have translated it into English. The command is used to issue SSL/TLS certificates using acme.sh client with Let's Encrypt CA in test mode for a subdomain of your domain with the specified webroot path, key length and in debug mode.)
@ -143,8 +143,8 @@ acme.sh --issue -d subdomain.yourdomain.com -w /home/vpsadmin/www/webpage --keyl
(Note: This is a command written in shell script that requests a SSL certificate from ACME server using the ACME client "acme.sh". It specifies the subdomain of the domain name, the web root directory of the website, the key length, and forces the re-issuance of the certificate.)
::: warning Explanation
The meaning of the `--force` parameter is to manually (forcefully) update the certificate before the existing certificate expires. Although the certificate we applied for from the "test server" in the previous step cannot be used directly, it has not expired yet, so this parameter is needed.
:::
The meaning of the `--force` parameter is to manually (forcefully) update the certificate before the existing certificate expires. Although the certificate we applied for from the "test server" in the previous step cannot be used directly, it has not expired yet, so this parameter is needed.
:::
2. You should eventually see a prompt that looks similar to the one above.
@ -208,7 +208,7 @@ vpsadmin@vps-server:~$ acme.sh --installcert -d subdomain.yourdomain.com --cert-
[Mon 14 Feb 2022 03:00:25 PM CST] Installing cert to: /etc/xray/cert/cert.crt
[Mon 14 Feb 2022 03:00:25 PM CST] Installing key to: /etc/xray/cert/cert.key
[Mon 14 Feb 2022 03:00:25 PM CST] Installing full chain to: /etc/xray/cert/fullchain.crt
```
```
(Note: This is a shell command for installing a SSL certificate using acme.sh. The command is specifying the domain, file paths for the certificate, private key, and full chain, as well as indicating that an ECC certificate should be used.)
@ -216,4 +216,4 @@ vpsadmin@vps-server:~$ acme.sh --installcert -d subdomain.yourdomain.com --cert-
At this point, the two basic infrastructures required by Xray are finally in place! Xray, which has been eagerly awaited, is about to be revealed, and we are finally about to enter the most exciting chapter!
> ⬛⬛⬛⬛⬛⬛⬜⬜ 75%
> ⬛⬛⬛⬛⬛⬛⬜⬜ 75%

2
docs/en/document/level-1/README.md
View File

@ -10,4 +10,4 @@
[Analysis of Xray's Working Mode](./work.md)
[Fallbacks with SNI for Disguising and Domain-based Routing](./fallbacks-with-sni.md)
[Fallbacks with SNI for Disguising and Domain-based Routing](./fallbacks-with-sni.md)

56
docs/en/document/level-1/fallbacks-with-sni.md
View File

@ -194,27 +194,27 @@ Suggestion: Use only two types of fillings for the `alpn` item as needed: [^4]
If you use Caddy, you don't need to be so complicated, because **it can** listen to HTTP/1.1 and h2c on the same port at the same time. The configuration changes are as follows:
```json
{
"fallbacks": [
{
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
"dest": 5001,
"xver": 1
},
{
"name": "blog.example.com",
"dest": 5002,
"xver": 1
}
]
}
```
```json
{
"fallbacks": [
{
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
"dest": 5001,
"xver": 1
},
{
"name": "blog.example.com",
"dest": 5002,
"xver": 1
}
]
}
```
(Note: This is a JSON code block. It describes fallback configurations for a service.)
@ -222,15 +222,15 @@ If you use Caddy, you don't need to be so complicated, because **it can** listen
Nginx will be installed through official sources.
This is a set of Bash commands to install Nginx on Ubuntu.
This is a set of Bash commands to install Nginx on Ubuntu.
The first command installs the necessary packages for the installation process.
The first command installs the necessary packages for the installation process.
The second command adds the Nginx repository to the list of sources that Ubuntu uses to find software packages.
The second command adds the Nginx repository to the list of sources that Ubuntu uses to find software packages.
The third command downloads the Nginx signing key and adds it to the system's keyring, which verifies the authenticity of the package.
The third command downloads the Nginx signing key and adds it to the system's keyring, which verifies the authenticity of the package.
The fourth command updates the package list with the newly added Nginx repository.
The fourth command updates the package list with the newly added Nginx repository.
```bash
sudo apt install curl gnupg2 ca-certificates lsb-release
@ -295,7 +295,7 @@ It is recommended to install Caddy through the official website documentation fi
Edit `/etc/caddy/Caddyfile`:
This is a Caddyfile, which is a configuration file used by the Caddy web server.
This is a Caddyfile, which is a configuration file used by the Caddy web server.
In this specific configuration, there are two servers defined: one listening on `127.0.0.1:5001` and another on `127.0.0.1:5002`. Both servers have a `listener_wrapper` defined for `proxy_protocol`, which is a protocol used for passing client connection information through a proxy or load balancer. Additionally, both servers have the `allow_h2c` option enabled, which allows clients to connect using HTTP/2 cleartext (h2c) protocol.
@ -349,4 +349,4 @@ http://blog.example.com:5002 {
[^1]: [Frequently Asked Questions - Let's Encrypt - Free SSL/TLS Certificates](https://letsencrypt.org/docs/faq/)
[^2]: [Proxy Protocol - HAProxy Technologies](https://www.haproxy.com/blog/haproxy/proxy-protocol/)
[^3]: [Introduction to Proxy Protocol and Nginx Configuration - Jianshu](https://www.jianshu.com/p/cc8d592582c9)
[^4]: [v2fly-github-io/vless.md at master · rprx/v2fly-github-io](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md)
[^4]: [v2fly-github-io/vless.md at master · rprx/v2fly-github-io](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md)

2
docs/en/document/level-2/README.md
View File

@ -32,4 +32,4 @@ Introduction to using WireGuard for outbound traffic added in Xray v1.6.5.
[Xray Traffic Statistics](./traffic_stats.md) by <img src="https://avatars.githubusercontent.com/u/1588741?s=32" width="32" height="32" alt="a"/> [@yuhan6665](https://github.com/yuhan6665)
Adapt traffic statistics and scripts compatible with Xray.
Adapt traffic statistics and scripts compatible with Xray.

2
docs/en/document/level-2/warp.md
View File

@ -119,4 +119,4 @@ Add the following to the existing router:
}
]
}
```
```