purgatory/Xray-docs-next
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-docs-next.git synced 2025-01-31 23:11:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

Translate into English #3 (#384)

Browse Source 
* Translate into English #3

* Update trojan.md

* Update
This commit is contained in:
Winston2084 2023-06-14 22:17:07 +08:00 committed by GitHub
parent cd3f10bdfd
commit 5fe3b0c50a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 283 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/en/config/inbounds/dokodemo.md
View File

@ -1,6 +1,6 @@
# Dokodemo-Door
Dokodemo door(任意门)可以监听一个本地端口,并把所有进入此端口的数据发送至指定服务器的一个端口,从而达到端口映射的效果。
Dokodemo door (Anywhere Door) can listen to a local port and forward all incoming data on this port to a specified server's port, achieving the effect of port mapping.
## InboundConfigurationObject
@ -17,34 +17,34 @@ Dokodemo door任意门可以监听一个本地端口并把所有进入
> `address`: address
将流量转发到此地址。可以是一个 IP 地址,形如 `"1.2.3.4"`,或者一个域名,形如 `"xray.com"`。字符串类型。
The address to forward the traffic to. It can be an IP address like `"1.2.3.4"` or a domain name like `"xray.com"`. It is a string type.
`followRedirect`(见下文)为 `true` 时,`address` 可为空。
When `followRedirect` (see below) is set to `true`, `address` can be empty.
> `port`: number
将流量转发到目标地址的指定端口,范围 \[1, 65535\],数值类型。必填参数。
The specified port on the destination address to forward the traffic to. It should be in the range 1,655351,65535. It is a numeric value and is a required parameter.
> `network`: "tcp" | "udp" | "tcp,udp"
可接收的网络协议类型。比如当指定为 `"tcp"` 时,仅会接收 TCP 流量。默认值为 `"tcp"`
The supported network protocol type. For example, when specified as `"tcp"`, it will only receive TCP traffic. The default value is `"tcp"`.
> `timeout`: number
连接空闲的时间限制。单位为秒。默认值为 `300`。处理一个连接时,如果在 `timeout` 时间内,没有任何数据被传输,则中断该连接。
The idle timeout in seconds. The default value is `300`. When handling a connection, if no data is transmitted within the timeout period, the connection will be terminated.
> `followRedirect`: true | false
当值为 `true`dokodemo-door 会识别出由 iptables 转发而来的数据,并转发到相应的目标地址。
When set to `true`, dokodemo-door will recognize data forwarded by iptables and forward it to the corresponding destination address.
可参考 [传输配置](../transport.md#sockoptobject) 中的 `tproxy` 设置。
Refer to the `tproxy` setting in the [Transport Configuration](../transport.md#sockoptobject) for more information.
> `userLevel`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值. 如不指定, 默认为 0。
The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
## 透明代理配置样例
## Transparent Proxy Configuration Example
此部分请参考[透明代理TProxy配置教程](../../document/level-2/tproxy)。
Please refer to the [Transparent Proxy (TProxy) Configuration Tutorial](../../document/level-2/tproxy) for this section.

34
docs/en/config/inbounds/http.md
View File

@ -1,23 +1,23 @@
# HTTP
HTTP 协议。
HTTP protocol.
::: warning
**http 协议没有对传输加密,不适宜经公网中传输,更容易成为被人用作攻击的肉鸡。**
**The HTTP protocol does not provide encryption for transmission and is not suitable for transmission over public networks, as it can easily be used as a target for attacks.**
:::
`http` 入站更有意义的用法是在局域网或本机环境下监听,为其他程序提供本地服务。
The more meaningful use of `http` inbound is to listen in a local network or on the local machine to provide local services for other programs.
::: tip TIP 1
`http proxy` 只能代理 tcp 协议udp 系的协议均不能通过。
`http proxy` can only proxy the TCP protocol and cannot handle protocols based on UDP.
:::
::: tip TIP 2
在 Linux 中使用以下环境变量即可在当前 session 使用全局 HTTP 代理(很多软件都支持这一设置,也有不支持的)。
In Linux, you can use the following environment variables to enable global HTTP proxy for the current session (many software support this setting, but some may not).
- `export http_proxy=http://127.0.0.1:8080/` (地址须改成你配置的 HTTP 入站代理地址)
- `export http_proxy=http://127.0.0.1:8080/` (Change the address to the configured inbound HTTP proxy address)
- `export https_proxy=$http_proxy`
:::
- :::
## InboundConfigurationObject
@ -37,29 +37,29 @@ HTTP 协议。
> `timeout`: number
连接空闲的时间限制。单位为秒。默认值为 `300`, 0 表示不限时。
The idle timeout in seconds. The default value is `300`, and 0 means no timeout.
处理一个连接时,如果在 `timeout` 时间内,没有任何数据被传输,则中断该连接。
When handling a connection, if no data is transmitted within the timeout period, the connection will be terminated.
> `accounts`: \[[AccountObject](#accountobject)\]
一个数组,数组中每个元素为一个用户帐号。默认值为空。
An array where each element represents a user account. The default value is an empty array.
`accounts` 非空时HTTP 代理将对入站连接进行 Basic Authentication 验证。
When `accounts` is not empty, the HTTP proxy will perform Basic Authentication verification for inbound connections.
> `allowTransparent`: true | false
当为 `true` 时,会转发所有 HTTP 请求,而非只是代理请求。
When set to `true`, it will forward all HTTP requests instead of just proxy requests.
::: tip
若配置不当,开启此选项会导致死循环。
Enabling this option without proper configuration may cause an infinite loop.
:::
> `userLevel`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
### AccountObject
@ -72,8 +72,8 @@ userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值
> `user`: string
用户名,字符串类型。必填。
The username. It is a string and is required.
> `pass`: string
密码,字符串类型。必填。
The password. It is a string and is required.

62
docs/en/config/inbounds/shadowsocks.md
View File

@ -1,30 +1,30 @@
# Shadowsocks
[Shadowsocks](https://zh.wikipedia.org/wiki/Shadowsocks) 协议,兼容大部分其它版本的实现。
The [Shadowsocks](https://en.wikipedia.org/wiki/Shadowsocks) protocol is compatible with most other implementations of Shadowsocks.
目前兼容性如下:
The current compatibility is as follows:
- 支持 TCP 和 UDP 数据包转发,其中 UDP 可选择性关闭;
- 推荐的加密方式:
- Supports TCP and UDP packet forwarding, with the option to selectively disable UDP.
- Recommended encryption methods:
- 2022-blake3-aes-128-gcm
- 2022-blake3-aes-256-gcm
- 2022-blake3-chacha20-poly1305
- 其他加密方式
- Other encryption methods:
- aes-256-gcm
- aes-128-gcm
- chacha20-poly1305 或称 chacha20-ietf-poly1305
- xchacha20-poly1305 或称 xchacha20-ietf-poly1305
- none plain
- chacha20-poly1305 or chacha20-ietf-poly1305
- xchacha20-poly1305 or xchacha20-ietf-poly1305
- none or plain
Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,解决了旧协议的以下安全问题:
The Shadowsocks 2022 new protocol format improves performance and includes complete replay protection, addressing the following security issues in the old protocol:
- [Shadowsocks AEAD 加密方式设计存在严重漏洞,无法保证通信内容的可靠性](https://github.com/shadowsocks/shadowsocks-org/issues/183)
- 原有 TCP 重放过滤器误报率随时间增加
- 没有 UDP 重放保护
- 可用于主动探测的 TCP 行为
- [Serious vulnerabilities in Shadowsocks AEAD encryption, which cannot guarantee the integrity of the communication content](https://github.com/shadowsocks/shadowsocks-org/issues/183)
- Increasing false positive rate of the original TCP replay filter over time
- Lack of UDP replay protection
- TCP behaviors that can be used for active probing
::: danger
"none" 不加密方式下流量将明文传输。为确保安全性, 不要在公共网络上使用。
Traffic transmitted without encryption using the "none" method will be in plain text. Do not use it on public networks for security reasons.
:::
## InboundConfigurationObject
@ -32,7 +32,7 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
```json
{
"settings": {
"password": "密码",
"password": "password",
"method": "aes-256-gcm",
"level": 0,
"email": "love@xray.com",
@ -43,7 +43,7 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
> `network`: "tcp" | "udp" | "tcp,udp"
可接收的网络协议类型。比如当指定为 `"tcp"` 时,仅会接收 TCP 流量。默认值为 `"tcp"`
The supported network protocol type. For example, when specified as `"tcp"`, it will only handle TCP traffic. The default value is `"tcp"`.
## ClientObject
@ -58,36 +58,36 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
> `method`: string
必填。
Required.
> `password`: string
必填。
Required.
- Shadowsocks 2022
使用与 WireGuard 类似的预共享密钥作为密码。
Use a pre-shared key similar to WireGuard as the password.
使用 `openssl rand -base64 <长度>` 以生成与 shadowsocks-rust 兼容的密钥,长度取决于所使用的加密方法。
Use `openssl rand -base64 <length>` to generate a compatible key with shadowsocks-rust, where the length depends on the encryption method used.
| 加密方法 | 密钥长度 |
| ----------------------------- | -------: |
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
| Encryption Method | Key Length |
| ----------------------------- | ---------: |
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
在 Go 实现中32 位密钥始终工作。
In the Go implementation, a 32-byte key always works.
- 其他加密方法
- Other encryption methods
任意字符串。 不限制密码长度,但短密码会更可能被破解,建议使用 16 字符或更长的密码。
Any string. There is no limitation on the password length, but shorter passwords are more susceptible to cracking. It is recommended to use a password of 16 characters or longer.
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
`level` 的值, 对应 [policy](../policy.md#levelpolicyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `level` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
> `email`: string
用户邮箱,用于区分不同用户的流量(日志、统计)。
The user's email, used to differentiate traffic from different users (logs, statistics).

34
docs/en/config/inbounds/socks.md
View File

@ -1,12 +1,12 @@
# Socks
# SOCKS
标准 Socks 协议实现,兼容 [Socks 4](http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol)、Socks 4a 和 [Socks 5](http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol)。
The standard SOCKS protocol implementation is compatible with [SOCKS 4](http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol), SOCKS 4a, and [SOCKS 5](http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol).
::: danger
**Socks 协议没有对传输加密,不适宜经公网中传输**
The SOCKS protocol does not provide encryption for transport and is not suitable for transmitting data over public networks.
:::
`Socks` 入站更有意义的用法是在局域网或本机环境下监听,为其他程序提供本地服务。
The use of `SOCKS` inbound is more meaningful in a local area network or local environment, where it can be used to listen for incoming connections and provide local services to other programs.
## InboundConfigurationObject
@ -27,35 +27,35 @@
> `auth`: "noauth" | "password"
Socks 协议的认证方式,支持 `"noauth"` 匿名方式和 `"password"` 用户密码方式。
The authentication method for the SOCKS protocol, supporting `"noauth"` for anonymous mode and `"password"` for username/password authentication.
默认值为 `"noauth"`
The default value is `"noauth"`.
> `accounts`: \[ [AccountObject](#accountobject) \]
一个数组,数组中每个元素为一个用户帐号。
An array where each element represents a user account.
此选项仅当 `auth``password` 时有效。
This option is only valid when `auth` is set to `"password"`.
默认值为空。
The default value is an empty array.
> `udp`: true | false
是否开启 UDP 协议的支持。
Whether to enable UDP protocol support.
默认值为 `false`
The default value is `false`.
> `ip`: address
当开启 UDP 时Xray 需要知道本机的 IP 地址。
When UDP is enabled, Xray needs to know the local IP address.
默认值为 `"127.0.0.1"`
The default value is `"127.0.0.1"`.
> `userLevel`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
### AccountObject
@ -68,8 +68,8 @@ userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值
> `user`: string
用户名,字符串类型。必填。
The username as a string. Required.
> `pass`: string
密码,字符串类型。必填。
The password as a string. Required.

24
docs/en/config/inbounds/trojan.md
View File

@ -1,9 +1,9 @@
# Trojan
[Trojan](https://trojan-gfw.github.io/trojan/protocol) 协议
The [Trojan](https://trojan-gfw.github.io/trojan/protocol) protocol.
::: danger
Trojan 被设计工作在正确配置的加密 TLS 隧道
Trojan is designed to work with correctly configured encrypted TLS tunnels.
:::
## InboundConfigurationObject
@ -27,18 +27,16 @@ Trojan 被设计工作在正确配置的加密 TLS 隧道
> `clients`: \[ [ClientObject](#clientobject) \]
一个数组,代表一组服务端认可的用户.
An array representing a group of users approved by the server.
其中每一项是一个用户 [ClientObject](#clientobject)。
Each item in the array is a user [ClientObject](#clientobject).
> `fallbacks`: \[ [FallbackObject](../features/fallback.md) \]
一个数组,包含一系列强大的回落分流配置(可选)。
fallbacks 的具体配置请点击[FallbackObject](../features/fallback.md#fallbacks-配置)
An array that contains a series of powerful fallback configurations (optional). The specific configuration for `fallbacks` can be found in the [FallbackObject](../features/fallback.md#fallbacks-configuration) documentation.
::: tip
Xray 的 Trojan 有完整的 fallbacks 支持,配置方式完全一致。
触发回落的条件也与 VLESS 类似:首包长度 < 58 或第 57 个字节不为 `\r`因为 Trojan 没有协议版本或身份认证失败
Xray's Trojan has full support for fallbacks, and the configuration is identical. The conditions triggering fallback are similar to VLESS: first packet length < 58 or the 57th byte is not `\r` (because Trojan does not have a protocol version) or authentication failure.
:::
### ClientObject
@ -53,18 +51,18 @@ Xray 的 Trojan 有完整的 fallbacks 支持,配置方式完全一致。
> `password`: string
必填,任意字符串。
Required. Any string.
> `email`: string
邮件地址,可选,用于标识用户
Email address. Optional. Used to identify the user.
::: danger
如果存在多个 ClientObject, 请注意 email 不可以重复。
If there are multiple `ClientObject`s, please make sure that the email addresses are not duplicated.
:::
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `level` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.

48
docs/en/config/inbounds/vless.md
View File

@ -1,12 +1,12 @@
# VLESS
::: danger
目前 VLESS 没有自带加密,请用于可靠信道,如 TLS。
Currently, VLESS does not provide built-in encryption. Please use it with a reliable channel, such as TLS.
:::
VLESS 是一个无状态的轻量传输协议,它分为入站和出站两部分,可以作为 Xray 客户端和服务器之间的桥梁。
VLESS is a stateless lightweight transport protocol that consists of inbound and outbound parts. It can serve as a bridge between Xray clients and servers.
与 [VMess](./vmess.md) 不同VLESS 不依赖于系统时间,认证方式同样为 UUID但不需要 alterId。
Unlike [VMess](./vmess.md), VLESS does not rely on system time. The authentication method is still UUID-based, but it does not require alterId.
## InboundConfigurationObject
@ -31,22 +31,19 @@ VLESS 是一个无状态的轻量传输协议,它分为入站和出站两部
> `clients`: \[ [ClientObject](#clientobject) \]
一个数组,代表一组服务端认可的用户.
An array representing a group of users approved by the server.
其中每一项是一个用户 [ClientObject](#clientobject)。
Each item in the array is a user [ClientObject](#clientobject).
> `decryption`: "none"
现阶段需要填 `"none"`,不能留空。
若未正确设置 decryption 的值,使用 Xray 或 -test 时会收到错误信息。
Currently, you need to specify `"none"`. It cannot be left empty. If the `decryption` value is not set correctly, you will receive an error message when using Xray or `-test`.
注意这里是 decryption和 clients 同级。
decryption 和 vmess 协议的 encryption 的位置不同,是因为若套一层约定加密,服务端需要先解密才能知道是哪个用户。
Note that `decryption` is at the same level as `clients`. The placement of `decryption` is different from the `encryption` in the vmess protocol because if there is a layer of agreed encryption, the server needs to decrypt it first to know which user it belongs to.
> `fallbacks`: \[ [FallbackObject](../features/fallback.md) \]
一个数组,包含一系列强大的回落分流配置(可选)。
fallbacks 的具体配置请点击 [FallbackObject](../features/fallback.md#fallbacks-配置)
An array that contains a series of powerful fallback configurations (optional). The specific configuration for `fallbacks` can be found in the [FallbackObject](../features/fallback.md#fallbacks-configuration) documentation.
### ClientObject
@ -61,35 +58,34 @@ fallbacks 的具体配置请点击 [FallbackObject](../features/fallback.md#fall
> `id`: string
VLESS 的用户 ID可以是任意小于 30 字节的字符串, 也可以是一个合法的 UUID.
自定义字符串和其映射的 UUID 是等价的, 这意味着你将可以这样在配置文件中写 id 来标识同一用户,即
The user ID for VLESS. It can be any string less than 30 bytes or a valid UUID. Custom strings and their corresponding UUIDs are equivalent, which means you can use either of the following in the configuration file to identify the same user:
- `"id": "我爱🍉老师1314"`,
- 或写 `"id": "5783a3e7-e373-51cd-8642-c83782b807c5"` (此 UUID 是 `我爱🍉老师1314` 的 UUID 映射)
- `"id": "我爱🍉老师1314"`
- `"id": "5783a3e7-e373-51cd-8642-c83782b807c5"` (This UUID is the mapping of the string "我爱 🍉 老师 1314")
其映射标准在 [VLESS UUID 映射标准:将自定义字符串映射为一个 UUIDv5](https://github.com/XTLS/Xray-core/issues/158)
The mapping standard is described in the [VLESS UUID Mapping Standard: Mapping a Custom String to a UUIDv5](https://github.com/XTLS/Xray-core/issues/158).
你可以使用命令 `xray uuid -i "自定义字符串"` 生成自定义字符串所映射的的 UUID。
You can use the command `xray uuid -i "custom string"` to generate the UUID corresponding to a custom string.
> 也可以使用命令 `xray uuid` 生成随机的 UUID.
> You can also use the command `xray uuid` to generate a random UUID.
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `level` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
> `email`: string
用户邮箱,用于区分不同用户的流量(会体现在日志、统计中)。
User email address used to differentiate traffic from different users (reflected in logs and statistics).
> `flow`: string
流控模式,用于选择 XTLS 的算法。
Flow control mode used to select the XTLS algorithm.
目前入站协议中有以下流控模式可选:
Currently, the following flow control modes are available for inbound protocols:
- `flow`,空字符或者 `none`:使用普通 TLS 代理
- `xtls-rprx-vision`:使用新 XTLS 模式 包含内层握手随机填充
- No `flow`, empty string, or `none`: Use regular TLS proxy.
- `xtls-rprx-vision`: Use the new XTLS mode, including inner-handshake random padding.
此外,目前 XTLS 仅支持 TCP、mKCP、DomainSocket 这三种传输方式。
Additionally, XTLS currently only supports TCP, mKCP, and DomainSocket as transport methods.

77
docs/en/config/inbounds/vmess.md
View File

@ -1,9 +1,9 @@
# VMess
[VMess](../../development/protocols/vmess.md) 是一个加密传输协议,通常作为 Xray 客户端和服务器之间的桥梁。
[VMess](../../development/protocols/vmess.md) is an encrypted transport protocol that is commonly used as a bridge between Xray clients and servers.
::: danger
VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在 90 秒之内,时区无关。在 Linux 系统中可以安装`ntp`服务来自动同步系统时间。
VMess relies on system time. Please ensure that the system UTC time used by Xray is within 90 seconds of the actual time, regardless of time zone. On Linux systems, you can install the `ntp` service to automatically synchronize the system time.
:::
## InboundConfigurationObject
@ -31,28 +31,28 @@ VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在
> `clients`: \[ [ClientObject](#clientobject) \]
一个数组,代表一组服务端认可的用户.
An array representing a group of users approved by the server.
其中每一项是一个用户[ClientObject](#clientobject)。
Each item in the array is a user [ClientObject](#clientobject).
当此配置用作动态端口时Xray 会自动创建用户。
When this configuration is used for dynamic ports, Xray will automatically create users.
> `detour`: [DetourObject](#detourobject)
指示对应的出站协议使用另一个服务器。
Indicates that another server should be used for the corresponding outbound protocol.
> `default`: [DefaultObject](#defaultobject)
可选clients 的默认配置。仅在配合`detour`时有效。
Optional. The default configuration for clients. Only effective when used with `detour`.
> `disableInsecureEncryption`: true | false
是否禁止客户端使用不安全的加密方式,如果设置为 true 当客户端指定下列加密方式时,服务器会主动断开连接。
Whether to disable the use of insecure encryption methods by clients. If set to true, the server will actively disconnect the connection when the client specifies the following encryption methods:
- `"none"`
- `"aes-128-cfb"`
默认值为`false`
The default value is `false`.
### ClientObject
@ -67,42 +67,39 @@ VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在
> `id`: string
Vmess 的用户 ID可以是任意小于 30 字节的字符串, 也可以是一个合法的 UUID.
The user ID for VMess. It can be any string less than 30 bytes or a valid UUID.
::: tip
自定义字符串和其映射的 UUID 是等价的, 这意味着你将可以这样在配置文件中写 id 来标识同一用户,即
Custom strings and their corresponding UUIDs are equivalent, which means you can use either of the following in the configuration file to identify the same user:
- 写 `"id": "我爱🍉老师1314"`,
- 或写 `"id": "5783a3e7-e373-51cd-8642-c83782b807c5"` (此 UUID 是 `我爱🍉老师1314` 的 UUID 映射)
:::
- `"id": "我爱🍉老师1314"`
- `"id": "5783a3e7-e373-51cd-8642-c83782b807c5"` (This UUID is the mapping of the string "我爱 🍉 老师 1314")
其映射标准在 [VLESS UUID 映射标准:将自定义字符串映射为一个 UUIDv5](https://github.com/XTLS/Xray-core/issues/158)
The mapping standard is described in the [VLESS UUID Mapping Standard: Mapping a Custom String to a UUIDv5](https://github.com/XTLS/Xray-core/issues/158).
你可以使用命令 `xray uuid -i "自定义字符串"` 生成自定义字符串所映射的的 UUID。
You can use the command `xray uuid -i "custom string"` to generate the UUID corresponding to a custom string.
> 也可以使用命令 `xray uuid` 生成随机的 UUID.
You can also use the command `xray uuid` to generate a random UUID. :::
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `level` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
> `alterId`: number
为了进一步防止被探测,一个用户可以在主 ID 的基础上,再额外生成多个 ID。这里只需要指定额外的 ID 的数量,推荐值为 0 代表启用 VMessAEAD。
最大值 65535。这个值不能超过服务器端所指定的值。
To further prevent detection, a user can generate additional IDs in addition to the main ID. Here, you only need to specify the number of additional IDs. The recommended value is 0, which means enabling VMessAEAD. The maximum value is 65535. This value cannot exceed the value specified on the server side.
不指定的话,默认值是 0。
If not specified, the default value is 0.
::: tip
客户端 AlterID 设置为 0 代表启用 VMessAEAD ;服务端为自动适配,可同时兼容启用和未开启 VMessAEAD 的客户端。
客户端可通过设置环境变量 `Xray_VMESS_AEAD_DISABLED=true` 强行禁用 VMessAEAD
Setting the client's AlterID to 0 means enabling VMessAEAD. The server automatically adapts to both clients with VMessAEAD enabled and disabled. Clients can force disable VMessAEAD by setting the environment variable `Xray_VMESS_AEAD_DISABLED=true`.
:::
> `email`: string
用户邮箱地址,用于区分不同用户的流量。
The user's email address, used to differentiate traffic from different users.
### DetourObject
@ -114,7 +111,7 @@ level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。
> `to`: string
一个 inbound 的`tag`, 指定的 inbound 的必须是使用 VMess 协议的 inbound.
The `tag` of an inbound that specifies the inbound using the VMess protocol.
### DefaultObject
@ -127,38 +124,36 @@ level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level that the connection will use to determine the corresponding [Local Policy](../policy.md#levelpolicyobject).
level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `level` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
> `alterId`: number
动态端口的默认`alterId`,默认值为`0`
The default `alterId` for dynamic ports. The default value is 0.
## VMess MD5 认证信息 玷污机制
## VMess MD5 Authentication Tainting Mechanism
为了进一步对抗可能的探测和封锁,每个 VMess 认证数据的服务端结构都会包含一个一次写入的玷污状态标记,初始状态为无瑕状态,当服务器检测到重放探测时或者因为其他原因入站连接出错以致校验数据不正确时,该连接所对应的请求认证数据会被玷污。
To further combat possible detection and blocking, the server-side structure of each VMess authentication data includes a one-time writable taint status flag. The initial state is an untainted state. When the server detects replay attacks or the inbound connection encounters errors that result in incorrect verification data, the authentication data corresponding to that connection will be tainted.
被玷污的认证数据无法被用于建立连接,当攻击者或客户端使用被玷污的认证数据建立连接时,服务器会输出包含 `invalid user` `ErrTainted` 的错误信息,并阻止该连接。
Tainted authentication data cannot be used to establish a connection. When an attacker or client uses tainted authentication data to establish a connection, the server will output an error message containing `invalid user` and `ErrTainted`, and block the connection.
当服务器没有受到重放攻击时,该机制对正常连接的客户端没有影响。
如果服务器正在被重放攻击,可能会出现连接不稳定的情况。
This mechanism has no impact on normal clients when the server is not subjected to replay attacks.
::: tip
拥有服务器 UUID 以及其他连接数据的恶意程序可能根据此机制对服务器发起拒绝服务攻击,受到此类攻击的服务可以通过修改 `proxy/vmess/validator.go` 文件中 `func (v \*TimedUserValidator) BurnTaintFuse(userHash []byte) error` 函数的 `atomic.CompareAndSwapUint32(pair.taintedFuse, 0, 1)` 语句为 `atomic.CompareAndSwapUint32(pair.taintedFuse, 0, 0)` 来解除服务器对此类攻击的安全保护机制。使用 VMessAEAD 认证机制的客户端不受到 VMess MD5 认证信息 玷污机制 的影响。
Malicious programs that have the server UUID and other connection data may launch denial-of-service attacks against the server based on this mechanism. Services that are targeted by such attacks can disable the server's security protection against such attacks by modifying the `atomic.CompareAndSwapUint32(pair.taintedFuse, 0, 1)` statement in the `func (v *TimedUserValidator) BurnTaintFuse(userHash []byte) error` function in the `proxy/vmess/validator.go` file to `atomic.CompareAndSwapUint32(pair.taintedFuse, 0, 0)`. Clients using the VMessAEAD authentication mechanism are not affected by the VMess MD5 authentication tainting mechanism.
:::
## VMess MD5 认证信息 淘汰机制
## VMess MD5 Authentication Elimination Mechanism
VMess MD5 认证信息 的淘汰机制已经启动。
The elimination mechanism for VMess MD5 authentication has been activated.
自 2022 年 1 月 1 日起,服务器端默认禁用对于 MD5 认证信息 的兼容。任何使用 MD5 认证信息的客户端将无法连接到禁用 VMess MD5 认证信息的服务器端。
Starting from January 1, 2022, the server-side compatibility for MD5 authentication is disabled by default. Any client using MD5 authentication will be unable to connect to servers that have disabled VMess MD5 authentication.
::: tip
在服务器端可以通过设置环境变量 xray.vmess.aead.forced=true 以关闭对于 MD5 认证信息的兼容,或者 xray.vmess.aead.forced=false 以强制开启对于 MD5 认证信息 认证机制的兼容(不受到 2022 年自动禁用机制的影响)。
On the server side, you can disable the automatic disabling of MD5 authentication by setting the environment variable `xray.vmess.aead.forced=true`, or force enable compatibility with the MD5 authentication mechanism by setting `xray.vmess.aead.forced=false` (not affected by the automatic disabling mechanism in 2022).
:::
::: tip
如无兼容旧客户端必要,应在服务端配置移除 `"alterID"` 参数。
If there is no need to support old clients, the `"alterID"` parameter should be removed from the server-side configuration.
:::

11
docs/en/config/outbounds/blackhole.md
View File

@ -1,6 +1,6 @@
# Blackhole
Blackhole(黑洞)是一个出站数据协议,它会阻碍所有数据的出站,配合 [路由配置](../routing.md) 一起使用,可以达到禁止访问某些网站的效果。
Blackhole is an outbound data protocol that blocks all outbound data. When used in conjunction with [routing configurations](../routing.md), it can be used to block access to certain websites.
## OutboundConfigurationObject
@ -14,10 +14,9 @@ Blackhole黑洞是一个出站数据协议它会阻碍所有数据的
> `response`: [ResponseObject](#responseobject)
配置黑洞的响应数据。
Configures the response data for the blackhole.
Blackhole 会在收到待转发数据之后,发送指定的响应数据,然后关闭连接,待转发的数据将被丢弃。
如不指定此项Blackhole 将直接关闭连接。
After receiving the data to be forwarded, the blackhole will send the specified response data and then close the connection. The data to be forwarded will be discarded. If this field is not specified, the blackhole will simply close the connection.
### ResponseObject
@ -29,6 +28,6 @@ Blackhole 会在收到待转发数据之后,发送指定的响应数据,然
> `type`: "http" | "none"
`type``"none"`默认值Blackhole 将直接关闭连接。
When `type` is set to `"none"` (default value), the blackhole will simply close the connection.
`type``"http"`Blackhole 会发回一个简单的 HTTP 403 数据包,然后关闭连接。
When `type` is set to `"http"`, the blackhole will send a simple HTTP 403 packet as the response and then close the connection.

14
docs/en/config/outbounds/dns.md
View File

@ -1,10 +1,10 @@
# DNS
DNS 是一个出站协议,主要用于拦截和转发 DNS 查询。
DNS is an outbound protocol used for intercepting and forwarding DNS queries.
此出站协议只能接收 DNS 流量(包含基于 UDP 和 TCP 协议的查询),其它类型的流量会导致错误。
This outbound protocol can only handle DNS traffic, including queries based on UDP and TCP protocols. Other types of traffic will result in an error.
在处理 DNS 查询时,此出站协议会将 IP 查询(即 A 和 AAAA转发给内置的 [DNS 服务器](../dns.md)。其它类型的查询流量将被转发至它们原本的目标地址。
When handling DNS queries, this outbound protocol will forward IP queries (A and AAAA) to the built-in [DNS server](../dns.md). Other types of query traffic will be forwarded to their original destination addresses.
## OutboundConfigurationObject
@ -18,14 +18,14 @@ DNS 是一个出站协议,主要用于拦截和转发 DNS 查询。
> `network`: "tcp" | "udp"
修改 DNS 流量的传输层协议,可选的值有 `"tcp"``"udp"`。当不指定时,保持来源的传输方式不变。
Modifies the transport layer protocol for DNS traffic. The possible values are `"tcp"` and `"udp"`. When not specified, the original transport method will be retained.
> `address`: address
修改 DNS 服务器地址。当不指定时,保持来源中指定的地址不变。
Modifies the DNS server address. When not specified, the original address specified in the source will be retained.
> `port`: number
修改 DNS 服务器端口。当不指定时,保持来源中指定的端口不变。
Modifies the DNS server port. When not specified, the original port specified in the source will be retained.
## DNS 配置实例 <Badge text="WIP" type="warning"/>
## DNS Configuration Example <Badge text="WIP" type="warning"/>

24
docs/en/config/outbounds/freedom.md
View File

@ -1,6 +1,6 @@
# Freedom
Freedom 是一个出站协议,可以用来向任意网络发送(正常的) TCP 或 UDP 数据。
Freedom is an outbound protocol that can be used to send (normal) TCP or UDP data to any network.
## OutboundConfigurationObject
@ -14,31 +14,29 @@ Freedom 是一个出站协议,可以用来向任意网络发送(正常的)
> `domainStrategy`: "AsIs" | "UseIP" | "UseIPv4" | "UseIPv6"
在目标地址为域名时, 配置相应的值, Freedom 的行为模式如下:
When the destination address is a domain name, configure the corresponding value for Freedom's behavior:
- `"AsIs"`: Freedom 通过系统 DNS 服务器解析获取 IP, 向此域名发出连接.
- `"UseIP"``"UseIPv4"``"UseIPv6"`: Xray 使用 [内置 DNS 服务器](../dns.md) 解析获取 IP, 向此域名发出连接.
默认值为 `"AsIs"`
- `"AsIs"`: Freedom resolves the domain name using the system DNS server and connects to it.
- `"UseIP"`, `"UseIPv4"`, and `"UseIPv6"`: Xray resolves the domain name using the built-in [DNS server](../dns.md) and connects to it. The default value is `"AsIs"`.
::: tip TIP 1
当使用 `"UseIP"` 模式,并且 [出站连接配置](../outbound.md#outboundobject) 中指定了 `sendThrough`Freedom 会根据 `sendThrough` 的值自动判断所需的 IP 类型IPv4 或 IPv6。
When using the `"UseIP"` mode and the `sendThrough` field is specified in the [outbound connection configuration](../outbound.md#outboundobject), Freedom will automatically determine the required IP type, IPv4 or IPv6, based on the value of `sendThrough`.
:::
::: tip TIP 2
当使用 `"UseIPv4"``"UseIPv6"` 模式时Freedom 会只使用对应的 IPv4 或 IPv6 地址。当 `sendThrough` 指定了不匹配的本地地址时,将导致连接失败。
When using the `"UseIPv4"` or `"UseIPv6"` mode, Freedom will only use the corresponding IPv4 or IPv6 address. If `sendThrough` specifies a mismatched local address, the connection will fail.
:::
> `redirect`: address_port
Freedom 会强制将所有数据发送到指定地址(而不是 inbound 指定的地址)。
Freedom will force all data to be sent to the specified address (instead of the address specified in the inbound).
其值为一个字符串,样例:`"127.0.0.1:80"``":1234"`
It is a string value, for example: `"127.0.0.1:80"`, `":1234"`.
当地址不指定时,如 `":443"`Freedom 不会修改原先的目标地址。
当端口为 `0` 时,如 `"xray.com: 0"`Freedom 不会修改原先的端口。
When the address is not specified, such as `":443"`, Freedom will not modify the original destination address. When the port is `0`, such as `"xray.com:0"`, Freedom will not modify the original port.
> `userLevel`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
User level. The connection will use the corresponding [local policy](../policy.md#levelpolicyobject) for this user level.
userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0.

20
docs/en/config/outbounds/http.md
View File

@ -1,13 +1,13 @@
# HTTP
HTTP 协议。
HTTP is a protocol that is used for communication over the internet. Please note that HTTP does not provide encryption for data transmission and is not suitable for transmitting sensitive information over public networks, as it can be easily targeted for attacks.
::: danger
**http 协议没有对传输加密,不适宜经公网中传输,更容易成为被人用作攻击的肉鸡。**
**The HTTP protocol does not provide encryption for transmission, making it unsuitable for transmitting over public networks and more susceptible to being used as a compromised host for attacks.**
:::
::: tip
`http` 只能代理 tcp 协议udp 系的协议均不能通过。
HTTP can only proxy TCP protocols, and cannot handle UDP-based protocols.
:::
## OutboundConfigurationObject
@ -30,12 +30,12 @@ HTTP 协议。
```
::: tip
目前 HTTP 协议 outbound 中 `streamSettings` 设置 `security``tlsSettings` 是生效的。
Currently, in the HTTP outbound protocol, the `streamSettings` configuration with `security` and `tlsSettings` is effective.
:::
> `servers`: \[ [ServerObject](#serverobject) \]
HTTP 服务器列表,其中每一项是一个服务器配置,若配置多个,循环使用 (RoundRobin)。
A list of HTTP servers, where each item represents a server configuration. If multiple servers are configured, they will be used in a round-robin manner.
### ServerObject
@ -54,15 +54,15 @@ HTTP 服务器列表,其中每一项是一个服务器配置,若配置多个
> `address`: string
HTTP 代理服务器地址,必填。
The address of the HTTP proxy server. Required.
> `port`: int
HTTP 代理服务器端口,必填。
The port of the HTTP proxy server. Required.
> `user`: \[[AccountObject](#accountobject)\]
一个数组,数组中每个元素为一个用户帐号。默认值为空。
An array of user accounts. Default value is an empty array.
#### AccountObject
@ -75,8 +75,8 @@ HTTP 代理服务器端口,必填。
> `user`: string
用户名,字符串类型。必填。
The username. Required.
> `pass`: string
密码,字符串类型。必填。
The password. Required.

73
docs/en/config/outbounds/shadowsocks.md
View File

@ -1,29 +1,29 @@
# Shadowsocks
[Shadowsocks](https://zh.wikipedia.org/wiki/Shadowsocks) 协议,兼容大部分其它版本的实现。
[Shadowsocks](https://en.wikipedia.org/wiki/Shadowsocks) protocol is compatible with most other implementations.
目前兼容性如下:
Here are the features and compatibility of Shadowsocks:
- 支持 TCP 和 UDP 数据包转发,其中 UDP 可选择性关闭;
- 推荐的加密方式:
- It supports TCP and UDP packet forwarding, with the option to disable UDP.
- Recommended encryption methods:
- 2022-blake3-aes-128-gcm
- 2022-blake3-aes-256-gcm
- 2022-blake3-chacha20-poly1305
- 其他加密方式
- Other encryption methods:
- aes-256-gcm
- aes-128-gcm
- chacha20-poly1305 或称 chacha20-ietf-poly1305
- none plain
- chacha20-poly1305 (also known as chacha20-ietf-poly1305)
- none or plain
Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,解决了旧协议的以下安全问题:
The new protocol format of Shadowsocks 2022 improves performance and includes full replay protection, addressing security issues present in the old protocol:
- [Shadowsocks AEAD 加密方式设计存在严重漏洞,无法保证通信内容的可靠性](https://github.com/shadowsocks/shadowsocks-org/issues/183)
- 原有 TCP 重放过滤器误报率随时间增加
- 没有 UDP 重放保护
- 可用于主动探测的 TCP 行为
- [Serious vulnerabilities in Shadowsocks AEAD encryption methods that compromise the integrity of communications](https://github.com/shadowsocks/shadowsocks-org/issues/183)
- Increasing false-positive rate of TCP replay filters over time
- Lack of replay protection for UDP
- TCP behaviors that can be used for active probing
::: danger
"none" 不加密方式下流量将明文传输。为确保安全性, 不要在公共网络上使用。
Using the "none" encryption method will transmit traffic in plaintext. It is not recommended to use "none" encryption on public networks to ensure security.
:::
## OutboundConfigurationObject
@ -35,8 +35,9 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
"email": "love@xray.com",
"address": "127.0.0.1",
"port": 1234,
"method": "加密方式",
"password": "密码",
"method": "encryption method",
"password": "password",
"uot": true,
"level": 0
}
]
@ -45,7 +46,7 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
> `servers`: \[[ServerObject](#serverobject)\]
一个数组,代表一组 Shadowsocks 服务端设置, 其中每一项是一个 [ServerObject](#serverobject)。
An array representing a group of Shadowsocks server settings, where each item is a [ServerObject](#serverobject).
### ServerObject
@ -54,8 +55,8 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
"email": "love@xray.com",
"address": "127.0.0.1",
"port": 1234,
"method": "加密方式",
"password": "密码",
"method": "encryption method",
"password": "password",
"uot": true,
"level": 0
}
@ -63,48 +64,48 @@ Shadowsocks 2022 新协议格式提升了性能并带有完整的重放保护,
> `email`: string
邮件地址,可选,用于标识用户
Email address (optional) used to identify the user.
> `address`: address
Shadowsocks 服务端地址,支持 IPv4、IPv6 和域名。必填。
The address of the Shadowsocks server, supporting IPv4, IPv6, and domain names. Required.
> `port`: number
Shadowsocks 服务端端口。必填。
The port of the Shadowsocks server. Required.
> `method`: string
必填。
Encryption method. Required.
> `password`: string
必填。
Password. Required.
> `uot`: bool
当开启后,会启用`udp over tcp`
When enabled, UDP over TCP (UOT) will be used.
- Shadowsocks 2022
使用与 WireGuard 类似的预共享密钥作为密码。
Use a pre-shared key (PSK) similar to WireGuard as the password.
使用 `openssl rand -base64 <长度>` 以生成与 shadowsocks-rust 兼容的密钥,长度取决于所使用的加密方法。
To generate a compatible key with shadowsocks-rust, use `openssl rand -base64 <length>`, where the length depends on the encryption method used.
| 加密方法 | 密钥长度 |
| ----------------------------- | -------: |
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
| Encryption Method | Key Length |
| ----------------------------- | ---------: |
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
在 Go 实现中32 位密钥始终工作。
In the Go implementation, a 32-byte key always works.
- 其他加密方法
- Other encryption methods
任意字符串。不限制密码长度,但短密码会更可能被破解,建议使用 16 字符或更长的密码。
Any string can be used as a password. There is no limit on the password length, but shorter passwords are more susceptible to cracking. It is recommended to use a password of 16 characters or longer.
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
User level. Connections will use the corresponding [local policy](../policy.md#levelpolicyobject) associated with this user level.
`level` 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The `level` value corresponds to the `level` value in the [policy](../policy.md#policyobject). If not specified, the default value is 0.

26
docs/en/config/outbounds/socks.md
View File

@ -1,9 +1,9 @@
# Socks
标准 Socks 协议实现,兼容 [Socks 5](http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol)。
The Socks protocol is a standard protocol implementation that is compatible with [Socks 5](http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol).
::: danger
**Socks 协议没有对传输加密,不适宜经公网中传输**
The Socks protocol does not provide encryption for transmission and is not suitable for transmitting data over public networks.
:::
## OutboundConfigurationObject
@ -28,7 +28,7 @@
> `servers`: \[ [ServerObject](#serverobject) \]
Socks 服务器列表,其中每一项是一个服务器配置。
An array representing a list of Socks servers, where each item is a server configuration.
### ServerObject
@ -48,23 +48,23 @@ Socks 服务器列表,其中每一项是一个服务器配置。
> `address`: address
服务器地址, 必填
The server address. Required.
::: tip
仅支持连接到 Socks 5 服务器。
Only connections to Socks 5 servers are supported.
:::
> `port`: number
服务器端口, 必填
The server port. Required.
> `users`: \[ [UserObject](#userobject) \]
一个数组表示的用户列表,数组中每个元素为一个用户配置。
An array representing a list of users. Each item in the array is a user configuration.
当列表不为空时Socks 客户端会使用用户信息进行认证;如未指定,则不进行认证。
When the list is not empty, the Socks client will authenticate using the user information. If not specified, no authentication is performed.
默认值为空。
The default value is an empty array.
#### UserObject
@ -78,14 +78,14 @@ Socks 服务器列表,其中每一项是一个服务器配置。
> `user`: string
用户名,字符串类型。必填。
The username. Required.
> `pass`: string
密码,字符串类型。必填。
The password. Required.
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level. Connections will use the corresponding [local policy](../policy.md#levelpolicyobject) associated with this user level.
userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The `level` value corresponds to the `level` value in the [policy](../policy.md#policyobject). If not specified, the default value is 0.

18
docs/en/config/outbounds/trojan.md
View File

@ -1,9 +1,9 @@
# Trojan
[Trojan](https://trojan-gfw.github.io/trojan/protocol) 协议
[Trojan](https://trojan-gfw.github.io/trojan/protocol) protocol
::: danger
Trojan 被设计工作在正确配置的加密 TLS 隧道
Trojan is designed to work with correctly configured encrypted TLS tunnels.
:::
## OutboundConfigurationObject
@ -24,7 +24,7 @@ Trojan 被设计工作在正确配置的加密 TLS 隧道
> `servers`: \[ [ServerObject](#serverobject) \]
一个数组,其中每一项是一个 [ServerObject](#serverobject)。
An array representing a list of servers, where each item is a [ServerObject](#serverobject).
### ServerObject
@ -40,22 +40,22 @@ Trojan 被设计工作在正确配置的加密 TLS 隧道
> `address`: address
服务端地址,支持 IPv4、IPv6 和域名。必填。
The server address, which can be an IPv4, IPv6, or domain name. Required.
> `port`: number
服务端端口,通常与服务端监听的端口相同。
The server port, usually the same port that the server is listening on.
> `password`: string
密码. 必填,任意字符串。
The password for authentication. Required. It can be any string.
> `email`: string
邮件地址,可选,用于标识用户
The email address, optional, used to identify the user.
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level. Connections will use the corresponding [local policy](../policy.md#levelpolicyobject) associated with this user level.
level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The `level` value corresponds to the `level` value in the [policy](../policy.md#policyobject). If not specified, the default value is 0.

68
docs/en/config/outbounds/vmess.md
View File

@ -1,9 +1,9 @@
# VMess
[VMess](../../development/protocols/vmess.md) 是一个加密传输协议,通常作为 Xray 客户端和服务器之间的桥梁。
[VMess](../../development/protocols/vmess.md) is an encrypted transport protocol commonly used as a bridge between Xray clients and servers.
::: danger
VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在 90 秒之内,时区无关。在 Linux 系统中可以安装`ntp`服务来自动同步系统时间。
VMess relies on system time. Please ensure that the UTC time of your system, when using Xray, has an error within 90 seconds, regardless of the time zone. On Linux systems, you can install the `ntp` service to automatically synchronize the system time.
:::
## OutboundConfigurationObject
@ -29,9 +29,9 @@ VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在
> `vnext`\[ [ServerObject](#serverobject) \]
一个数组,包含一组的服务端配置.
An array containing a set of server configurations.
其中每一项是一个服务端配置[ServerObject](#serverobject)。
Each item in the array is a server configuration [ServerObject](#serverobject).
### ServerObject
@ -45,17 +45,17 @@ VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在
> `address`: address
服务端地址,支持 IP 地址或者域名。
The server address, which can be an IP address or domain name.
> `port`: number
服务端监听的端口号, 必填。
The port number that the server is listening on. Required.
> `users`: \[ [UserObject](#userobject) \]
一个数组,代表一组服务端认可的用户.
An array representing a group of users authorized by the server.
其中每一项是一个用户[UserObject](#userobject)。
Each item is a user configuration [UserObject](#userobject).
#### UserObject
@ -68,57 +68,51 @@ VMess 依赖于系统时间,请确保使用 Xray 的系统 UTC 时间误差在
}
```
> `id`string
> `id`: string
Vmess 的用户 ID可以是任意小于 30 字节的字符串, 也可以是一个合法的 UUID.
The user ID for VMess, which can be any string less than 30 bytes or a valid UUID.
自定义字符串和其映射的 UUID 是等价的, 这意味着你将可以这样在配置文件中写 id 来标识同一用户,即
Custom strings and their corresponding UUIDs are equivalent. This means that you can use either a custom string or its corresponding UUID to identify the same user in the configuration file. For example:
- `"id": "我爱🍉老师1314"`,
- 或写 `"id": "5783a3e7-e373-51cd-8642-c83782b807c5"` (此 UUID 是 `我爱🍉老师1314` 的 UUID 映射)
- Write `"id": "我爱🍉老师1314"`,
- Or write `"id": "5783a3e7-e373-51cd-8642-c83782b807c5"` (this UUID is the mapping of the custom string "我爱 🍉 老师 1314")
其映射标准在 [VLESS UUID 映射标准:将自定义字符串映射为一个 UUIDv5](https://github.com/XTLS/Xray-core/issues/158)
The mapping standard is described in the [VLESS UUID Mapping Standard: Mapping a Custom String to a UUIDv5](https://github.com/XTLS/Xray-core/issues/158).
你可以使用命令 `xray uuid -i "自定义字符串"` 生成自定义字符串所映射的的 UUID, 也可以使用命令 `xray uuid` 生成随机的 UUID。
You can use the command `xray uuid -i "custom string"` to generate the UUID corresponding to a custom string, or use the command `xray uuid` to generate a random UUID.
> `alterId`number
为了进一步防止被探测,一个用户可以在主 ID 的基础上,再额外生成多个 ID。这里只需要指定额外的 ID 的数量,推荐值为 0 代表启用 VMessAEAD。
最大值 65535。这个值不能超过服务器端所指定的值。
To further prevent detection, a user can generate additional IDs in addition to the main ID. Here, you only need to specify the number of additional IDs. The recommended value is 0, which means VMessAEAD is enabled. The maximum value is 65535. This value cannot exceed the value specified on the server side.
不指定的话,默认值是 0。
If not specified, the default value is 0.
::: tip
客户端 AlterID 设置为 0 代表启用 VMessAEAD ;服务端为自动适配,可同时兼容启用和未开启 VMessAEAD 的客户端。
客户端可通过设置环境变量 `Xray_VMESS_AEAD_DISABLED=true` 强行禁用 VMessAEAD
:::
::: tip Setting the client's AlterID to 0 enables VMessAEAD. The server automatically adapts and can simultaneously be compatible with clients that have enabled or disabled VMessAEAD. The client can forcefully disable VMessAEAD by setting the environment variable `Xray_VMESS_AEAD_DISABLED=true`. :::
> `level`: number
用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。
The user level. Connections will use the corresponding [local policy](../policy.md#levelpolicyobject) associated with this user level.
level 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。
The `level` value corresponds to the `level` value in the [policy](../policy.md#policyobject). If not specified, the default value is 0.
> `security`: "aes-128-gcm" | "chacha20-poly1305" | "auto" | "none" | "zero"
加密方式,客户端将使用配置的加密方式发送数据,服务器端自动识别,无需配置。
The encryption method. The client will use the configured encryption method to send data, and the server will automatically recognize it without the need for configuration.
- `"aes-128-gcm"`:推荐在 PC 上使用
- `"chacha20-poly1305"`:推荐在手机端使用
- `"auto"`:默认值,自动选择(运行框架为 AMD64、ARM64 或 s390x 时为 aes-128-gcm 加密方式,其他情况则为 Chacha20-Poly1305 加密方式)
- `"none"`:不加密
* `"zero"`:不加密,也不进行消息认证 (v1.4.0+)
- `"aes-128-gcm"`: Recommended for use on PCs.
- `"chacha20-poly1305"`: Recommended for use on mobile devices.
- `"auto"`: Default value. Automatically selects the encryption method (uses aes-128-gcm when running on AMD64, ARM64, or s390x architecture, and Chacha20-Poly1305 in other cases).
- `"none"`: No encryption.
- `"zero"`: No encryption and no message authentication (v1.4.0+).
::: tip
推荐使用`"auto"`加密方式,这样可以永久保证安全性和兼容性。
It is recommended to use the `"auto"` encryption method as it ensures long-term security and compatibility.
`"none"` 伪加密方式会计算并验证数据包的校验数据,由于认证算法没有硬件支持,在部分平台可能速度比有硬件加速的 `"aes-128-gcm"` 还慢。
The `"none"` pseudo-encryption method calculates and verifies the packet's checksum. However, due to the lack of hardware support for the authentication algorithm, it may be slower than the hardware-accelerated `"aes-128-gcm"` on some platforms.
`"zero"` 伪加密方式不会加密消息也不会计算数据的校验数据,因此理论上速度会高于其他任何加密方式。实际速度可能受到其他因素影响。
The `"zero"` pseudo-encryption method neither encrypts the message nor calculates the checksum, theoretically providing higher speed than any other encryption method. The actual speed may be influenced by other factors.
不推荐在未开启 TLS 加密并强制校验证书的情况下使用 `"none"` `"zero"` 伪加密方式。
如果使用 CDN 或其他会解密 TLS 的中转平台或网络环境建立连接,不建议使用 `"none"` `"zero"` 伪加密方式。
It is not recommended to use the `"none"` or `"zero"` pseudo-encryption methods without enabling TLS encryption and forcibly verifying certificates. If you use a CDN or other intermediate platforms or network environments that decrypt TLS connections, it is not recommended to use the `"none"` or `"zero"` pseudo-encryption methods.
无论使用哪种加密方式, VMess 的包头都会受到加密和认证的保护。
Regardless of the encryption method used, the VMess packet header is protected by encryption and authentication.
:::

28
docs/en/config/outbounds/wireguard.md
View File

@ -1,9 +1,9 @@
# Wireguard
标准 Wireguard 协议实现。
Wireguard is a standard implementation of the Wireguard protocol.
::: danger
**Wireguard 协议并非专门为翻墙而设计,若在最外层过墙,存在特征可能导致服务器被封锁**
**The Wireguard protocol is not specifically designed for circumvention purposes. If used as the outer layer for circumvention, its characteristics may lead to server blocking.**
:::
## OutboundConfigurationObject
@ -29,28 +29,28 @@
```
::: tip
目前 Wireguard 协议 outbound 中不支持设置 `streamSettings`
Currently, the Wireguard protocol outbound does not support setting `streamSettings`.
:::
> `secretKey`: string
用户私钥。必填。
The user's private key. Required.
> `address`: string array
Wireguard 会在本地开启虚拟网卡 tun。使用一个或多个 IP 地址,支持 IPv6
Wireguard will create a virtual network interface `tun` locally. Use one or more IP addresses, including IPv6.
> `mtu`: int
Wireguard 底层 tun 的分片大小
The fragment size of the underlying `tun` device in Wireguard.
> `workers`: int
Wireguard 使用线程数
The number of threads used by Wireguard.
> `peers`: \[ [Peers](#peers) \]
Wireguard 服务器列表,其中每一项是一个服务器配置。
A list of Wireguard servers, where each item is a server configuration.
### Peers
@ -66,24 +66,24 @@ Wireguard 服务器列表,其中每一项是一个服务器配置。
> `endpoint`: address
服务器地址, 必填
The server address. Required.
::: tip
使用 url:端口号 格式,形如 `engage.cloudflareclient.com:2408`
Use the format `url:port`, for example, `engage.cloudflareclient.com:2408`.
:::
> `publicKey`: string
服务器公钥,用于验证, 必填
The server's public key used for verification. Required.
> `preSharedKey`: string
额外的对称加密密钥
An additional symmetric encryption key.
> `keepAlive`: int
心跳包时间间隔,单位为秒,默认为 0 表示无心跳
The interval of keep-alive packets in seconds. The default is 0, which means no keep-alive.
> `allowedIPs`: string array
Wireguard 仅允许特定源 IP 的流量
Only allow traffic from specific source IP addresses in Wireguard.