CN-JS-HuiBai/SingboxForPanel
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

documentation: Bump version & Refactor docs

Browse Source
This commit is contained in:
世界
2023-11-09 17:04:08 +08:00
parent 253976d6c0
commit e8c4c942c0
104 changed files with 2170 additions and 1767 deletions
Download Patch File Download Diff File Expand all files Collapse all files

211
docs/manual/proxy-protocol/hysteria2.md Normal file
View File

@@ -0,0 +1,211 @@
---
icon: material/lightning-bolt
---
# Hysteria 2
The most popular Chinese-made simple protocol based on QUIC, the selling point is Brutal,
a congestion control algorithm that can resist packet loss by manually specifying the required rate by the user.
!!! warning
Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.
| Specification | Binary Characteristics | Active Detect Hiddenness |
|---------------------------------------------------------------------------|------------------------|--------------------------|
| [hysteria.network](https://v2.hysteria.network/docs/developers/Protocol/) | :material-alert: | :material-check: |
## :material-text-box-check: Password Generator
| Generate Password | Action |
|----------------------------|-----------------------------------------------------------------|
| <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
<script>
function generate() {
const array = new Uint8Array(16);
window.crypto.getRandomValues(array);
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
}
generate();
</script>
## :material-alert: Difference from official Hysteria
The official program supports an authentication method called **userpass**,
which essentially uses a combination of `<username>:<password>` as the actual password,
while sing-box does not provide this alias.
To use sing-box with the official program, you need to fill in that combination as the actual password.
## :material-server: Server Example
!!! info ""
Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your server.
=== ":material-harddisk: With local certificate"
```json
{
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 8080,
"up_mbps": 100,
"down_mbps": 100,
"users": [
{
"name": "sekai",
"password": "<password>"
}
],
"tls": {
"enabled": true,
"server_name": "example.org",
"key_path": "/path/to/key.pem",
"certificate_path": "/path/to/certificate.pem"
}
}
]
}
```
=== ":material-auto-fix: With ACME"
```json
{
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 8080,
"up_mbps": 100,
"down_mbps": 100,
"users": [
{
"name": "sekai",
"password": "<password>"
}
],
"tls": {
"enabled": true,
"server_name": "example.org",
"acme": {
"domain": "example.org",
"email": "admin@example.org"
}
}
}
]
}
```
=== ":material-cloud: With ACME and Cloudflare API"
```json
{
"inbounds": [
{
"type": "hysteria2",
"listen": "::",
"listen_port": 8080,
"up_mbps": 100,
"down_mbps": 100,
"users": [
{
"name": "sekai",
"password": "<password>"
}
],
"tls": {
"enabled": true,
"server_name": "example.org",
"acme": {
"domain": "example.org",
"email": "admin@example.org",
"dns01_challenge": {
"provider": "cloudflare",
"api_token": "my_token"
}
}
}
}
]
}
```
## :material-cellphone-link: Client Example
!!! info ""
Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your client.
=== ":material-web-check: With valid certificate"
```json
{
"outbounds": [
{
"type": "hysteria2",
"server": "127.0.0.1",
"server_port": 8080,
"up_mbps": 100,
"down_mbps": 100,
"password": "<password>",
"tls": {
"enabled": true,
"server_name": "example.org"
}
}
]
}
```
=== ":material-check: With self-sign certificate"
!!! info "Tip"
Use `sing-box merge` command to merge configuration and certificate into one file.
```json
{
"outbounds": [
{
"type": "hysteria2",
"server": "127.0.0.1",
"server_port": 8080,
"up_mbps": 100,
"down_mbps": 100,
"password": "<password>",
"tls": {
"enabled": true,
"server_name": "example.org",
"certificate_path": "/path/to/certificate.pem"
}
}
]
}
```
=== ":material-alert: Ignore certificate verification"
```json
{
"outbounds": [
{
"type": "hysteria2",
"server": "127.0.0.1",
"server_port": 8080,
"up_mbps": 100,
"down_mbps": 100,
"password": "<password>",
"tls": {
"enabled": true,
"server_name": "example.org",
"insecure": true
}
}
]
}
```

126
docs/manual/proxy-protocol/shadowsocks.md Normal file
View File

@@ -0,0 +1,126 @@
---
icon: material/send
---
# Shadowsocks
As the most well-known Chinese-made proxy protocol,
Shadowsocks exists in multiple versions,
but only AEAD 2022 ciphers TCP with multiplexing is recommended.
| Ciphers | Specification | Cryptographic Security | Binary Characteristics | Active Detect Hiddenness |
|----------------|------------------------------------------------------------|------------------------|------------------------|--------------------------|
| Stream Ciphers | [shadowsocks.org](https://shadowsocks.org/doc/stream.html) | :material-alert: | :material-alert: | :material-alert: |
| AEAD | [shadowsocks.org](https://shadowsocks.org/doc/aead.html) | :material-check: | :material-alert: | :material-alert: |
| AEAD 2022 | [shadowsocks.org](https://shadowsocks.org/doc/sip022.html) | :material-check: | :material-check: | :material-help: |
## :material-text-box-check: Password Generator
| For `2022-blake3-aes-128-gcm` cipher | For other ciphers | Action |
|--------------------------------------|-------------------------------|-----------------------------------------------------------------|
| <code id="password_16"><code> | <code id="password_32"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
<script>
function generatePassword(element, length) {
const array = new Uint8Array(length);
window.crypto.getRandomValues(array);
document.getElementById(element).textContent = btoa(String.fromCharCode.apply(null, array));
}
function generate() {
generatePassword("password_16", 16);
generatePassword("password_32", 32);
}
generate();
</script>
## :material-server: Server Example
!!! info ""
Password of cipher `2022-blake3-aes-128-gcm` can be generated by command `sing-box generate rand 16 --base64`
=== ":material-account: Single-user"
```json
{
"inbounds": [
{
"type": "shadowsocks",
"listen": "::",
"listen_port": 8080,
"network": "tcp",
"method": "2022-blake3-aes-128-gcm",
"password": "<password>",
"multiplex": {
"enabled": true
}
}
]
}
```
=== ":material-account-multiple: Multi-user"
```json
{
"inbounds": [
{
"type": "shadowsocks",
"listen": "::",
"listen_port": 8080,
"network": "tcp",
"method": "2022-blake3-aes-128-gcm",
"password": "<server_password>",
"users": [
{
"name": "sekai",
"password": "<user_password>"
}
],
"multiplex": {
"enabled": true
}
}
]
}
```
## :material-cellphone-link: Client Example
=== ":material-account: Single-user"
```json
{
"outbounds": [
{
"type": "shadowsocks",
"server": "127.0.0.1",
"server_port": 8080,
"method": "2022-blake3-aes-128-gcm",
"password": "<pasword>",
"multiplex": {
"enabled": true
}
}
]
}
```
=== ":material-account-multiple: Multi-user"
```json
{
"outbounds": [
{
"type": "shadowsocks",
"server": "127.0.0.1",
"server_port": 8080,
"method": "2022-blake3-aes-128-gcm",
"password": "<server_pasword>:<user_password>",
"multiplex": {
"enabled": true
}
}
]
}
```

214
docs/manual/proxy-protocol/trojan.md Normal file
View File

@@ -0,0 +1,214 @@
---
icon: material/horse
---
# Trojan
As the most commonly used TLS proxy made in China, Trojan can be used in various combinations,
but only the combination of uTLS and multiplexing is recommended.
| Protocol and implementation combination | Specification | Binary Characteristics | Active Detect Hiddenness |
|-----------------------------------------|----------------------------------------------------------------------|------------------------|--------------------------|
| Origin / trojan-gfw | [trojan-gfw.github.io](https://trojan-gfw.github.io/trojan/protocol) | :material-check: | :material-check: |
| Basic Go implementation | / | :material-alert: | :material-check: |
| with privates transport by V2Ray | No formal definition | :material-alert: | :material-alert: |
| with uTLS enabled | No formal definition | :material-help: | :material-check: |
## :material-text-box-check: Password Generator
| Generate Password | Action |
|----------------------------|-----------------------------------------------------------------|
| <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
<script>
function generate() {
const array = new Uint8Array(16);
window.crypto.getRandomValues(array);
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
}
generate();
</script>
## :material-server: Server Example
=== ":material-harddisk: With local certificate"
```json
{
"inbounds": [
{
"type": "trojan",
"listen": "::",
"listen_port": 8080,
"users": [
{
"name": "example",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "example.org",
"key_path": "/path/to/key.pem",
"certificate_path": "/path/to/certificate.pem"
},
"multiplex": {
"enabled": true
}
}
]
}
```
=== ":material-auto-fix: With ACME"
```json
{
"inbounds": [
{
"type": "trojan",
"listen": "::",
"listen_port": 8080,
"users": [
{
"name": "example",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "example.org",
"acme": {
"domain": "example.org",
"email": "admin@example.org"
}
},
"multiplex": {
"enabled": true
}
}
]
}
```
=== ":material-cloud: With ACME and Cloudflare API"
```json
{
"inbounds": [
{
"type": "trojan",
"listen": "::",
"listen_port": 8080,
"users": [
{
"name": "example",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "example.org",
"acme": {
"domain": "example.org",
"email": "admin@example.org",
"dns01_challenge": {
"provider": "cloudflare",
"api_token": "my_token"
}
}
},
"multiplex": {
"enabled": true
}
}
]
}
```
## :material-cellphone-link: Client Example
=== ":material-web-check: With valid certificate"
```json
{
"outbounds": [
{
"type": "trojan",
"server": "127.0.0.1",
"server_port": 8080,
"password": "password",
"tls": {
"enabled": true,
"server_name": "example.org",
"utls": {
"enabled": true,
"fingerprint": "firefox"
}
},
"multiplex": {
"enabled": true
}
}
]
}
```
=== ":material-check: With self-sign certificate"
!!! info "Tip"
Use `sing-box merge` command to merge configuration and certificate into one file.
```json
{
"outbounds": [
{
"type": "trojan",
"server": "127.0.0.1",
"server_port": 8080,
"password": "password",
"tls": {
"enabled": true,
"server_name": "example.org",
"certificate_path": "/path/to/certificate.pem",
"utls": {
"enabled": true,
"fingerprint": "firefox"
}
},
"multiplex": {
"enabled": true
}
}
]
}
```
=== ":material-alert: Ignore certificate verification"
```json
{
"outbounds": [
{
"type": "trojan",
"server": "127.0.0.1",
"server_port": 8080,
"password": "password",
"tls": {
"enabled": true,
"server_name": "example.org",
"insecure": true,
"utls": {
"enabled": true,
"fingerprint": "firefox"
}
},
"multiplex": {
"enabled": true
}
}
]
}
```

208
docs/manual/proxy-protocol/tuic.md Normal file
View File

@@ -0,0 +1,208 @@
---
icon: material/alpha-t-box
---
# TUIC
A recently popular Chinese-made simple protocol based on QUIC, the selling point is the BBR congestion control algorithm.
!!! warning
Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies.
| Specification | Binary Characteristics | Active Detect Hiddenness |
|-----------------------------------------------------------|------------------------|--------------------------|
| [GitHub](https://github.com/EAimTY/tuic/blob/dev/SPEC.md) | :material-alert: | :material-check: |
## Password Generator
| Generated UUID | Generated Password | Action |
|------------------------|----------------------------|-----------------------------------------------------------------|
| <code id="uuid"><code> | <code id="password"><code> | <button class="md-button" onclick="generate()">Refresh</button> |
<script>
function generateUUID() {
const uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
let r = Math.random() * 16 | 0,
v = c === 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
});
document.getElementById("uuid").textContent = uuid;
}
function generatePassword() {
const array = new Uint8Array(16);
window.crypto.getRandomValues(array);
document.getElementById("password").textContent = btoa(String.fromCharCode.apply(null, array));
}
function generate() {
generateUUID();
generatePassword();
}
generate();
</script>
## :material-server: Server Example
=== ":material-harddisk: With local certificate"
```json
{
"inbounds": [
{
"type": "tuic",
"listen": "::",
"listen_port": 8080,
"users": [
{
"name": "sekai",
"uuid": "<uuid>",
"password": "<password>"
}
],
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "example.org",
"key_path": "/path/to/key.pem",
"certificate_path": "/path/to/certificate.pem"
}
}
]
}
```
=== ":material-auto-fix: With ACME"
```json
{
"inbounds": [
{
"type": "tuic",
"listen": "::",
"listen_port": 8080,
"users": [
{
"name": "sekai",
"uuid": "<uuid>",
"password": "<password>"
}
],
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "example.org",
"acme": {
"domain": "example.org",
"email": "admin@example.org"
}
}
}
]
}
```
=== ":material-cloud: With ACME and Cloudflare API"
```json
{
"inbounds": [
{
"type": "tuic",
"listen": "::",
"listen_port": 8080,
"users": [
{
"name": "sekai",
"uuid": "<uuid>",
"password": "<password>"
}
],
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "example.org",
"acme": {
"domain": "example.org",
"email": "admin@example.org",
"dns01_challenge": {
"provider": "cloudflare",
"api_token": "my_token"
}
}
}
}
]
}
```
## :material-cellphone-link: Client Example
=== ":material-web-check: With valid certificate"
```json
{
"outbounds": [
{
"type": "tuic",
"server": "127.0.0.1",
"server_port": 8080,
"uuid": "<uuid>",
"password": "<password>",
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "example.org"
}
}
]
}
```
=== ":material-check: With self-sign certificate"
!!! info "Tip"
Use `sing-box merge` command to merge configuration and certificate into one file.
```json
{
"outbounds": [
{
"type": "tuic",
"server": "127.0.0.1",
"server_port": 8080,
"uuid": "<uuid>",
"password": "<password>",
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "example.org",
"certificate_path": "/path/to/certificate.pem"
}
}
]
}
```
=== ":material-alert: Ignore certificate verification"
```json
{
"outbounds": [
{
"type": "tuic",
"server": "127.0.0.1",
"server_port": 8080,
"uuid": "<uuid>",
"password": "<password>",
"congestion_control": "bbr",
"tls": {
"enabled": true,
"server_name": "example.org",
"insecure": true
}
}
]
}
```