CN-JS-HuiBai/SingboxForPanel
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add hysteria and acme TLS certificate issuer (#18)

Browse Source 
* Add hysteria client/server
* Add acme TLS certificate issuer
This commit is contained in:
世界
2022-08-19 15:42:57 +08:00
committed by GitHub
parent 3dfa99efe1
commit d1c3dd0ee1
42 changed files with 2670 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
docs/configuration/shared/tls.md
View File

@@ -11,10 +11,25 @@
"certificate": "",
"certificate_path": "",
"key": "",
"key_path": ""
"key_path": "",
"acme": {
"domain": [],
"data_directory": "",
"default_server_name": "",
"email": "",
"provider": "",
"disable_http_challenge": false,
"disable_tls_alpn_challenge": false,
"alternative_http_port": 0,
"alternative_tls_port": 0
}
}
```
!!! warning ""
ACME is not included by default, see [Installation](/#Installation).
### Outbound Structure
```json
@@ -59,6 +74,10 @@ Cipher suite values:
* `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
* `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`
!!! note ""
You can ignore the JSON Array [] tag when the content is only one item
### Fields
#### enabled
@@ -135,6 +154,56 @@ The server private key, in PEM format.
The path to the server private key, in PEM format.
### ACME Fields
#### domain
List of domain.
ACME will be disabled if empty.
#### data_directory
The directory to store ACME data.
`$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic` will be used if empty.
#### default_server_name
Server name to use when choosing a certificate if the ClientHello's ServerName field is empty.
#### email
The email address to use when creating or selecting an existing ACME server account
#### provider
The ACME CA provider to use.
| Value | Provider |
|-------------------------|---------------|
| `letsenctypt (default)` | Let's Encrypt |
| `zerossl` | ZeroSSL |
| `https://...` | Custom |
#### disable_http_challenge
Disable all HTTP challenges.
#### disable_tls_alpn_challenge
Disable all TLS-ALPN challenges
#### alternative_http_port
The alternate port to use for the ACME HTTP challenge; if non-empty, this port will be used instead of 80 to spin up a
listener for the HTTP challenge.
#### alternative_tls_port
The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to
succeed.
### Reload
For server configuration, certificate and key will be automatically reloaded if modified.