purgatory/Xray-docs-next
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-docs-next.git synced 2025-01-19 09:11:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix prettier format

Browse Source
This commit is contained in:
yuhan6665 2023-05-19 11:06:51 -04:00
parent 80bb764114
commit 289cda827a
14 changed files with 88 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/en/development/intro/compile.md
View File

@ -51,7 +51,7 @@ If you need to compile a program that can be debugged, i.e., you can use dlv to
- w option disables the generation of debug information. After using this option, gdb cannot be used for debugging.
- s option disables the symbol table.
PS: Actually, debugging with vscode or other IDEs seems to be more convenient.
PS: Actually, debugging with vscode or other IDEs seems to be more convenient.
## Cross compilation:

2
docs/en/document/level-0/ch01-preface.md
View File

@ -66,7 +66,7 @@ The so-called "airport" refers to the "line provider". They are responsible for
2. **Multiple Line Options**: Can unlock network services in different countries and regions, such as iplc dedicated line services, game acceleration services, etc.
3. **Multiple Access Nodes**: Therefore, it has a stronger ability to resist node blocking, if one is blocked, just switch to another one.
2. Risks of "Airport"
- Risks of "Airport"
"The other side of the coin of 'convenience' is 'risk'. Based on the technical characteristics and market conditions of the 'airport', its risks include at least:"

4
docs/en/document/level-0/ch02-preparation.md
View File

@ -35,12 +35,12 @@ This is **not** a real usable website. Please replace it with your real website
1. SSH remote login tool
- Windows: [PuTTY](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)
- macOS/Linux: Terminal
- macOS/Linux: Terminal
2. Remote file copying tool
- Windows: [WinSCP](https://winscp.net/eng/index.php)
- macOS/Linux: Terminal
- macOS/Linux: Terminal
3. Reliable text editor
- Windows/macOS/Linux: [VSCode](https://code.visualstudio.com)

45
docs/en/document/level-0/ch04-security.md
View File

@ -73,7 +73,7 @@ This is a command in the shell terminal to open the `sshd_config` file located i
![Interface of nano](./ch04-img01-nano-ui.png)
5) The second thing we need to do is to **find the `Port` item in the opened file and modify its port**. The number after `Port` is the SSH port. It is generally recommended to change it to an integer greater than `1024` and less than `65535` (this article takes `9753` as an example). Please think about how to operate it with the shortcut keys of `nano`. You are right again! It is:
5. The second thing we need to do is to **find the `Port` item in the opened file and modify its port**. The number after `Port` is the SSH port. It is generally recommended to change it to an integer greater than `1024` and less than `65535` (this article takes `9753` as an example). Please think about how to operate it with the shortcut keys of `nano`. You are right again! It is:
- Use `ctrl+w` to enter search mode, then type `Port 22` and press Enter
- Delete `22` and replace it with `9753`
@ -131,8 +131,8 @@ After executing the command, follow the prompts to operate. Be sure to set a use
![Creating a new user](./ch04-img03-adduser.png)
::: warning
This article takes "vpsadmin" as an example, which means that with the release of this article, this username will also become a significant feature, and may be the first choice for attackers to try. Therefore, just like ports, I strongly recommend that you use another username that you come up with yourself.
:::
This article takes "vpsadmin" as an example, which means that with the release of this article, this username will also become a significant feature, and may be the first choice for attackers to try. Therefore, just like ports, I strongly recommend that you use another username that you come up with yourself.
:::
3. The complete process demonstration is as follows:
@ -234,8 +234,8 @@ Now let's configure the [Key Authentication]!
![Generate Key](./ch04-img08-puttygen-save.png)
::: warning
The example in this image is based on a `2048`-bit `RSA` key. However, in reality, if you want to achieve the same level of security as a `256`-bit key for `EDCSA/Ed25519`, you need to use a `3072`-bit `RSA` key. (i.e., change the number in the bottom right corner to `3072`)
:::
The example in this image is based on a `2048`-bit `RSA` key. However, in reality, if you want to achieve the same level of security as a `256`-bit key for `EDCSA/Ed25519`, you need to use a `3072`-bit `RSA` key. (i.e., change the number in the bottom right corner to `3072`)
:::
2. You can add a password to your private key to increase security.
3. Click on `Save public key` to save the public key with the file name `id_rsa.pub`.
@ -246,48 +246,47 @@ Now let's configure the [Key Authentication]!
2. Upload the public key to the "vpsadmin" user on the VPS.
1. This step requires the use of the previously prepared `WinSCP`.
2. Go to the [official website](https://winscp.net/eng/index.php) to download and install. It will prompt you to import PuTTY settings, and of course, you can import them with one click!
1, This step requires the use of the previously prepared `WinSCP`.
2, Go to the [official website](https://winscp.net/eng/index.php) to download and install. It will prompt you to import PuTTY settings, and of course, you can import them with one click!
![One-click Import Session](./ch04-img10-winscp-import-session.png)
3. If there is no prompt for import or you have already installed it in advance, configure it according to the following figure.
3, If there is no prompt for import or you have already installed it in advance, configure it according to the following figure.
![WinSCP login settings](./ch04-img11-winscp-ui.png)
4. The directory on the left side of WinSCP is the folder and files on your local computer. Please locate the folder where the key is stored.
4, The directory on the left side of WinSCP is the folder and files on your local computer. Please locate the folder where the key is stored.
5. The directory on the right side of WinSCP is the folder and files on the VPS server, which are located in the `/home/vpsadmin/` folder by default. To display hidden files, please click on `X hidden` in the lower right corner.
5, The directory on the right side of WinSCP is the folder and files on the VPS server, which are located in the `/home/vpsadmin/` folder by default. To display hidden files, please click on `X hidden` in the lower right corner.
![Local and remote folders](./ch04-img12-winscp-locations.png)
6. Right-click on the right side (in VPS) and create a new folder named `.ssh` (note the period at the beginning).
6, Right-click on the right side (in VPS) and create a new folder named `.ssh` (note the period at the beginning).
![Create a folder to place public key in VPS](./ch04-img13-winscp-newfolder-key.png)
7. Upload the [public key] `authorized_keys` to the `.ssh` folder.
7, Upload the [public key] `authorized_keys` to the `.ssh` folder.
![Upload authorized_keys](./ch04-img14-winscp-upload-key.png)
8. When uploading, rename the [public key] from `authorized_keys.txt` to `authorized_keys` (remove the `.txt` extension).
8, When uploading, rename the [public key] from `authorized_keys.txt` to `authorized_keys` (remove the `.txt` extension).
![Ensure there is no file extension](./ch04-img15-winscp-rename-key.png)
9. The complete process demonstration is as follows:
9, The complete process demonstration is as follows:
![Complete demonstration of WinSCP operation](./ch04-img16-winscp-full.gif)
3. Enable RSA key authentication for SSH login and disable password authentication login on the VPS side.
1. Basic Linux Commands:
| Number | Command | Description |
| :------: | :-----: | :-----------------------------------------------: |
| `cmd-08` | `sudo` | Run a command with `root` privileges |
| `cmd-09` | `chmod` | Change the permissions of a target file/directory |
2. SSH remote connection to VPS (PuTTY)
3. Change the permission of the `authorized_keys` file to `600` (only the owner can read and write).
- Basic Linux Commands:
| Number | Command | Description |
| :------: | :-----: | :-----------------------------------------------: |
| `cmd-08` | `sudo` | Run a command with `root` privileges |
| `cmd-09` | `chmod` | Change the permissions of a target file/directory |
- SSH remote connection to VPS (PuTTY)
- Change the permission of the `authorized_keys` file to `600` (only the owner can read and write).
```shell
chmod 600 ~/.ssh/authorized_keys

9
docs/en/document/level-0/ch05-webpage.md
View File

@ -31,15 +31,15 @@ Now let's answer the second question:
## 5.3 Create the simplest web page
1. Basic Linux commands for beginners:
| No. | Command Name | Command Description |
| No. | Command Name | Command Description |
| :------: | :----------------: | :-----------------------: |
| `cmd-10` | `mkdir` | Create a new folder |
| `cmd-10` | `mkdir` | Create a new folder |
| `cmd-11` | `systemctl reload` | Reload a specific service |
2. Basic Linux configuration files for beginners:
| No. | Configuration File Location | File Description |
| No. | Configuration File Location | File Description |
| :-------: | :-------------------------: | :--------------------: |
| `conf-02` | `/etc/nginx/nginx.conf` | Nginx program settings |
| `conf-02` | `/etc/nginx/nginx.conf` | Nginx program settings |
3. Create a dedicated folder `/home/vpsadmin/www/webpage/` for the website and create the web page file `index.html`
```shell
@ -152,7 +152,6 @@ If you encounter any errors, please carefully review the explanations in Steps 3
::: warning
In the early stages of this article, a lot of space has been devoted to explaining the importance of using a **non-root user** for security, and the entire article is written based on this premise. So, issues caused by using a **root user** are not within the scope of this article.
But I believe that students who persist in using the `root` user should have their own opinions, strong hands-on ability, or have a certain foundation in Linux. I have already explained the crux of the problem, and I believe you can solve it on your own.
## 5.5 Your Progress

14
docs/en/document/level-0/ch06-certificates.md
View File

@ -15,9 +15,9 @@ In addition, I believe that you have gradually become familiar with the basic op
## 6.2 Install `acme.sh`
1. Basic Linux commands for beginners:
| Number | Command | Description |
| Number | Command | Description |
| :------: | :-------: | :------------------------------------------------: |
| `cmd-12` | `wget` | Retrieve (or download) a webpage file |
| `cmd-12` | `wget` | Retrieve (or download) a webpage file |
| `cmd-13` | `acme.sh` | Commands related to acme.sh certificate management |
2. Run the installation script.
@ -57,13 +57,13 @@ acme.sh --issue --server letsencrypt --test -d subdomain.yourdomain.com -w /home
(Note: This is a command in shell script for obtaining SSL certificate from Let's Encrypt CA using ACME protocol. It specifies the test server, the subdomain for which the certificate is requested, the webroot directory of the subdomain, and the key length to use for the certificate.)
::: warning Explanation
The main advantage of the `ECC` certificate is that its `Keysize` is smaller, which means that security is improved and encryption and decryption speed is faster for the same size. Why not choose ECC-256bit, which is approximately equivalent to RSA-3072bit in strength? Of course, some people say that the ECC certificate handshake is significantly faster, which I think is a bit exaggerated, because RSA handshake is not too slow either. Even if there is a difference, it should be in milliseconds and difficult to perceive directly.
The main advantage of the `ECC` certificate is that its `Keysize` is smaller, which means that security is improved and encryption and decryption speed is faster for the same size. Why not choose ECC-256bit, which is approximately equivalent to RSA-3072bit in strength? Of course, some people say that the ECC certificate handshake is significantly faster, which I think is a bit exaggerated, because RSA handshake is not too slow either. Even if there is a difference, it should be in milliseconds and difficult to perceive directly.
In addition, if some websites do need to be compatible with certain old devices, please still choose RSA certificates according to your needs.
2. You should eventually see a prompt similar to this:
```log
````log
[Wed 30 Dec 2022 04:25:12 AM EST] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 30 Dec 2022 04:25:13 AM EST] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 30 Dec 2022 04:25:13 AM EST] Create account key ok.
@ -118,7 +118,7 @@ yiLKcBFc5H7dgJCImo7us7aJeftC44uWkPIjw9AKH=
```shell
acme.sh --issue --server letsencrypt --test -d subdomain.yourdomain.com -w /home/vpsadmin/www/webpage --keylength ec-256 --debug
```
````
(Note: This command is written in Chinese characters, therefore I have translated it into English. The command is used to issue SSL/TLS certificates using acme.sh client with Let's Encrypt CA in test mode for a subdomain of your domain with the specified webroot path, key length and in debug mode.)
@ -143,8 +143,8 @@ acme.sh --issue -d subdomain.yourdomain.com -w /home/vpsadmin/www/webpage --keyl
(Note: This is a command written in shell script that requests a SSL certificate from ACME server using the ACME client "acme.sh". It specifies the subdomain of the domain name, the web root directory of the website, the key length, and forces the re-issuance of the certificate.)
::: warning Explanation
The meaning of the `--force` parameter is to manually (forcefully) update the certificate before the existing certificate expires. Although the certificate we applied for from the "test server" in the previous step cannot be used directly, it has not expired yet, so this parameter is needed.
:::
The meaning of the `--force` parameter is to manually (forcefully) update the certificate before the existing certificate expires. Although the certificate we applied for from the "test server" in the previous step cannot be used directly, it has not expired yet, so this parameter is needed.
:::
2. You should eventually see a prompt that looks similar to the one above.

42
docs/en/document/level-1/fallbacks-with-sni.md
View File

@ -194,27 +194,27 @@ Suggestion: Use only two types of fillings for the `alpn` item as needed: [^4]
If you use Caddy, you don't need to be so complicated, because **it can** listen to HTTP/1.1 and h2c on the same port at the same time. The configuration changes are as follows:
```json
{
"fallbacks": [
{
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
"dest": 5001,
"xver": 1
},
{
"name": "blog.example.com",
"dest": 5002,
"xver": 1
}
]
}
```
```json
{
"fallbacks": [
{
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
"dest": 5001,
"xver": 1
},
{
"name": "blog.example.com",
"dest": 5002,
"xver": 1
}
]
}
```
(Note: This is a JSON code block. It describes fallback configurations for a service.)