First Commmit

2026-04-14 22:41:14 +08:00
commit 9f867b19da
1086 changed files with 147554 additions and 0 deletions
--- a/docs/configuration/endpoint/index.md
+++ b/docs/configuration/endpoint/index.md
@@ -0,0 +1,29 @@
+!!! question "Since sing-box 1.11.0"
+
+# Endpoint
+
+An endpoint is a protocol with inbound and outbound behavior.
+
+### Structure
+
+```json
+{
+  "endpoints": [
+    {
+      "type": "",
+      "tag": ""
+    }
+  ]
+}
+```
+
+### Fields
+
+| Type        | Format                    |
+|-------------|---------------------------|
+| `wireguard` | [WireGuard](./wireguard/) |
+| `tailscale` | [Tailscale](./tailscale/) |
+
+#### tag
+
+The tag of the endpoint.
--- a/docs/configuration/endpoint/index.zh.md
+++ b/docs/configuration/endpoint/index.zh.md
@@ -0,0 +1,29 @@
+!!! question "自 sing-box 1.11.0 起"
+
+# 端点
+
+端点是具有入站和出站行为的协议。
+
+### 结构
+
+```json
+{
+  "endpoints": [
+    {
+      "type": "",
+      "tag": ""
+    }
+  ]
+}
+```
+
+### 字段
+
+| 类型          | 格式                        |
+|-------------|---------------------------|
+| `wireguard` | [WireGuard](./wireguard/) |
+| `tailscale` | [Tailscale](./tailscale/) |
+
+#### tag
+
+端点的标签。
--- a/docs/configuration/endpoint/tailscale.md
+++ b/docs/configuration/endpoint/tailscale.md
@@ -0,0 +1,157 @@
+---
+icon: material/new-box
+---
+
+!!! quote "Changes in sing-box 1.13.0"
+
+    :material-plus: [relay_server_port](#relay_server_port)  
+    :material-plus: [relay_server_static_endpoints](#relay_server_static_endpoints)  
+    :material-plus: [system_interface](#system_interface)  
+    :material-plus: [system_interface_name](#system_interface_name)  
+    :material-plus: [system_interface_mtu](#system_interface_mtu)  
+    :material-plus: [advertise_tags](#advertise_tags)
+
+!!! question "Since sing-box 1.12.0"
+
+### Structure
+
+```json
+{
+  "type": "tailscale",
+  "tag": "ts-ep",
+  "state_directory": "",
+  "auth_key": "",
+  "control_url": "",
+  "ephemeral": false,
+  "hostname": "",
+  "accept_routes": false,
+  "exit_node": "",
+  "exit_node_allow_lan_access": false,
+  "advertise_routes": [],
+  "advertise_exit_node": false,
+  "advertise_tags": [],
+  "relay_server_port": 0,
+  "relay_server_static_endpoints": [],
+  "system_interface": false,
+  "system_interface_name": "",
+  "system_interface_mtu": 0,
+  "udp_timeout": "5m",
+
+  ... // Dial Fields
+}
+```
+
+### Fields
+
+#### state_directory
+
+The directory where the Tailscale state is stored.
+
+`tailscale` is used by default.
+
+Example: `$HOME/.tailscale`
+
+#### auth_key
+
+!!! note
+    
+    Auth key is not required. By default, sing-box will log the login URL (or popup a notification on graphical clients).
+
+The auth key to create the node. If the node is already created (from state previously stored), then this field is not
+used.
+
+#### control_url
+
+The coordination server URL.
+
+`https://controlplane.tailscale.com` is used by default.
+
+#### ephemeral
+
+Indicates whether the instance should register as an Ephemeral node (https://tailscale.com/s/ephemeral-nodes).
+
+#### hostname
+
+The hostname of the node.
+
+System hostname is used by default.
+
+Example: `localhost`
+
+#### accept_routes
+
+Indicates whether the node should accept routes advertised by other nodes.
+
+#### exit_node
+
+The exit node name or IP address to use.
+
+#### exit_node_allow_lan_access
+
+!!! note
+
+    When the exit node does not have a corresponding advertised route, private traffics cannot be routed to the exit node even if `exit_node_allow_lan_access is` set.
+
+Indicates whether locally accessible subnets should be routed directly or via the exit node.
+
+#### advertise_routes
+
+CIDR prefixes to advertise into the Tailscale network as reachable through the current node.
+
+Example: `["192.168.1.1/24"]`
+
+#### advertise_exit_node
+
+Indicates whether the node should advertise itself as an exit node.
+
+#### advertise_tags
+
+!!! question "Since sing-box 1.13.0"
+
+Tags to advertise for this node, for ACL enforcement purposes.
+
+Example: `["tag:server"]`
+
+#### relay_server_port
+
+!!! question "Since sing-box 1.13.0"
+
+The port to listen on for incoming relay connections from other Tailscale nodes.
+
+#### relay_server_static_endpoints
+
+!!! question "Since sing-box 1.13.0"
+
+Static endpoints to advertise for the relay server.
+
+#### system_interface
+
+!!! question "Since sing-box 1.13.0"
+
+Create a system TUN interface for Tailscale.
+
+#### system_interface_name
+
+!!! question "Since sing-box 1.13.0"
+
+Custom TUN interface name. By default, `tailscale` (or `utun` on macOS) will be used.
+
+#### system_interface_mtu
+
+!!! question "Since sing-box 1.13.0"
+
+Override the TUN MTU. By default, Tailscale's own MTU is used.
+
+#### udp_timeout
+
+UDP NAT expiration time.
+
+`5m` will be used by default.
+
+### Dial Fields
+
+!!! note
+
+    Dial Fields in Tailscale endpoints only control how it connects to the control plane and have nothing to do with actual connections.
+
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/endpoint/tailscale.zh.md
+++ b/docs/configuration/endpoint/tailscale.zh.md
@@ -0,0 +1,156 @@
+---
+icon: material/new-box
+---
+
+!!! quote "sing-box 1.13.0 中的更改"
+
+    :material-plus: [relay_server_port](#relay_server_port)  
+    :material-plus: [relay_server_static_endpoints](#relay_server_static_endpoints)  
+    :material-plus: [system_interface](#system_interface)  
+    :material-plus: [system_interface_name](#system_interface_name)  
+    :material-plus: [system_interface_mtu](#system_interface_mtu)  
+    :material-plus: [advertise_tags](#advertise_tags)
+
+!!! question "自 sing-box 1.12.0 起"
+
+### 结构
+
+```json
+{
+  "type": "tailscale",
+  "tag": "ts-ep",
+  "state_directory": "",
+  "auth_key": "",
+  "control_url": "",
+  "ephemeral": false,
+  "hostname": "",
+  "accept_routes": false,
+  "exit_node": "",
+  "exit_node_allow_lan_access": false,
+  "advertise_routes": [],
+  "advertise_exit_node": false,
+  "advertise_tags": [],
+  "relay_server_port": 0,
+  "relay_server_static_endpoints": [],
+  "system_interface": false,
+  "system_interface_name": "",
+  "system_interface_mtu": 0,
+  "udp_timeout": "5m",
+
+  ... // 拨号字段
+}
+```
+
+### 字段
+
+#### state_directory
+
+存储 Tailscale 状态的目录。
+
+默认使用 `tailscale`。
+
+示例：`$HOME/.tailscale`
+
+#### auth_key
+
+!!! note
+
+    认证密钥不是必需的。默认情况下，sing-box 将记录登录 URL（或在图形客户端上弹出通知）。
+
+用于创建节点的认证密钥。如果节点已经创建（从之前存储的状态），则不使用此字段。
+
+#### control_url
+
+协调服务器 URL。
+
+默认使用 `https://controlplane.tailscale.com`。
+
+#### ephemeral
+
+指示实例是否应注册为临时节点 (https://tailscale.com/s/ephemeral-nodes)。
+
+#### hostname
+
+节点的主机名。
+
+默认使用系统主机名。
+
+示例：`localhost`
+
+#### accept_routes
+
+指示节点是否应接受其他节点通告的路由。
+
+#### exit_node
+
+要使用的出口节点名称或 IP 地址。
+
+#### exit_node_allow_lan_access
+
+!!! note
+
+    当出口节点没有相应的通告路由时，即使设置了 `exit_node_allow_lan_access`，私有流量也无法路由到出口节点。
+
+指示本地可访问的子网应该直接路由还是通过出口节点路由。
+
+#### advertise_routes
+
+通告到 Tailscale 网络的 CIDR 前缀，作为可通过当前节点访问的路由。
+
+示例：`["192.168.1.1/24"]`
+
+#### advertise_exit_node
+
+指示节点是否应将自己通告为出口节点。
+
+#### advertise_tags
+
+!!! question "自 sing-box 1.13.0 起"
+
+为此节点通告的标签，用于 ACL 执行。
+
+示例：`["tag:server"]`
+
+#### relay_server_port
+
+!!! question "自 sing-box 1.13.0 起"
+
+监听来自其他 Tailscale 节点的中继连接的端口。
+
+#### relay_server_static_endpoints
+
+!!! question "自 sing-box 1.13.0 起"
+
+为中继服务器通告的静态端点。
+
+#### system_interface
+
+!!! question "自 sing-box 1.13.0 起"
+
+为 Tailscale 创建系统 TUN 接口。
+
+#### system_interface_name
+
+!!! question "自 sing-box 1.13.0 起"
+
+自定义 TUN 接口名。默认使用 `tailscale`（macOS 上为 `utun`）。
+
+#### system_interface_mtu
+
+!!! question "自 sing-box 1.13.0 起"
+
+覆盖 TUN 的 MTU。默认使用 Tailscale 自己的 MTU。
+
+#### udp_timeout
+
+UDP NAT 过期时间。
+
+默认使用 `5m`。
+
+### 拨号字段
+
+!!! note
+
+    Tailscale 端点中的拨号字段仅控制它如何连接到控制平面，与实际连接无关。
+
+参阅 [拨号字段](/zh/configuration/shared/dial/) 了解详情。
--- a/docs/configuration/endpoint/wireguard.md
+++ b/docs/configuration/endpoint/wireguard.md
@@ -0,0 +1,129 @@
+!!! question "Since sing-box 1.11.0"
+
+### Structure
+
+```json
+{
+  "type": "wireguard",
+  "tag": "wg-ep",
+  
+  "system": false,
+  "name": "",
+  "mtu": 1408,
+  "address": [],
+  "private_key": "",
+  "listen_port": 10000,
+  "peers": [
+    {
+      "address": "127.0.0.1",
+      "port": 10001,
+      "public_key": "",
+      "pre_shared_key": "",
+      "allowed_ips": [],
+      "persistent_keepalive_interval": 0,
+      "reserved": [0, 0, 0]
+    }
+  ],
+  "udp_timeout": "",
+  "workers": 0,
+ 
+  ... // Dial Fields
+}
+```
+
+!!! note ""
+
+    You can ignore the JSON Array [] tag when the content is only one item
+
+### Fields
+
+#### system
+
+Use system interface.
+
+Requires privilege and cannot conflict with exists system interfaces.
+
+#### name
+
+Custom interface name for system interface.
+
+#### mtu
+
+WireGuard MTU.
+
+`1408` will be used by default.
+
+#### address
+
+==Required==
+
+List of IP (v4 or v6) address prefixes to be assigned to the interface.
+
+#### private_key
+
+==Required==
+
+WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:
+
+```shell
+wg genkey
+echo "private key" || wg pubkey
+```
+
+or `sing-box generate wg-keypair`.
+
+#### peers
+
+==Required==
+
+List of WireGuard peers.
+
+#### peers.address
+
+WireGuard peer address.
+
+#### peers.port
+
+WireGuard peer port.
+
+#### peers.public_key
+
+==Required==
+
+WireGuard peer public key.
+
+#### peers.pre_shared_key
+
+WireGuard peer pre-shared key.
+
+#### peers.allowed_ips
+
+==Required==
+
+WireGuard allowed IPs.
+
+#### peers.persistent_keepalive_interval
+
+WireGuard persistent keepalive interval, in seconds.
+
+Disabled by default.
+
+#### peers.reserved
+
+WireGuard reserved field bytes.
+
+#### udp_timeout
+
+UDP NAT expiration time.
+
+`5m` will be used by default.
+
+#### workers
+
+WireGuard worker count.
+
+CPU count is used by default.
+
+### Dial Fields
+
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/endpoint/wireguard.zh.md
+++ b/docs/configuration/endpoint/wireguard.zh.md
@@ -0,0 +1,131 @@
+!!! question "自 sing-box 1.11.0 起"
+
+### 结构
+
+```json
+{
+  "type": "wireguard",
+  "tag": "wg-ep",
+
+  "system": false,
+  "name": "",
+  "mtu": 1408,
+  "address": [],
+  "private_key": "",
+  "listen_port": 10000,
+  "peers": [
+    {
+      "address": "127.0.0.1",
+      "port": 10001,
+      "public_key": "",
+      "pre_shared_key": "",
+      "allowed_ips": [],
+      "persistent_keepalive_interval": 0,
+      "reserved": [0, 0, 0]
+    }
+  ],
+  "udp_timeout": "",
+  "workers": 0,
+
+  ... // 拨号字段
+}
+```
+
+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签
+
+### 字段
+
+#### system
+
+使用系统设备。
+
+需要特权且不能与已有系统接口冲突。
+
+#### name
+
+为系统接口自定义设备名称。
+
+#### mtu
+
+WireGuard MTU。
+
+默认使用 1408。
+
+#### address
+
+==必填==
+
+接口的 IPv4/IPv6 地址或地址段的列表。
+
+要分配给接口的 IP（v4 或 v6）地址段列表。
+
+#### private_key
+
+==必填==
+
+WireGuard 需要 base64 编码的公钥和私钥。 这些可以使用 wg(8) 实用程序生成：
+
+```shell
+wg genkey
+echo "private key" || wg pubkey
+```
+
+或 `sing-box generate wg-keypair`.
+
+#### peers
+
+==必填==
+
+WireGuard 对等方的列表。
+
+#### peers.address
+
+对等方的 IP 地址。
+
+#### peers.port
+
+对等方的 WireGuard 端口。
+
+#### peers.public_key
+
+==必填==
+
+对等方的 WireGuard 公钥。
+
+#### peers.pre_shared_key
+
+对等方的预共享密钥。
+
+#### peers.allowed_ips
+
+==必填==
+
+对等方的允许 IP 地址。
+
+#### peers.persistent_keepalive_interval
+
+对等方的持久性保持活动间隔，以秒为单位。
+
+默认禁用。
+
+#### peers.reserved
+
+对等方的保留字段字节。
+
+#### udp_timeout
+
+UDP NAT 过期时间。
+
+默认使用 `5m`。
+
+#### workers
+
+WireGuard worker 数量。
+
+默认使用 CPU 数量。
+
+### 拨号字段
+
+参阅 [拨号字段](/zh/configuration/shared/dial/)。