Update documentation

2022-09-10 22:42:20 +08:00
parent d727710d60
commit ebf5cbf1b9
12 changed files with 209 additions and 27 deletions
--- a/docs/configuration/dns/rule.md
+++ b/docs/configuration/dns/rule.md
@@ -73,6 +73,7 @@
        "user_id": [
          1000
        ],
+        "clash_mode": "direct",
        "invert": false,
        "outbound": [
          "direct"
@@ -208,6 +209,10 @@ Match user name.

 Match user id.

+#### clash_mode
+
+Match Clash mode.
+
 #### invert

 Invert match result.
--- a/docs/configuration/dns/rule.zh.md
+++ b/docs/configuration/dns/rule.zh.md
@@ -72,6 +72,7 @@
        "user_id": [
          1000
        ],
+        "clash_mode": "direct",
        "invert": false,
        "outbound": [
          "direct"
@@ -207,6 +208,10 @@

 匹配用户 ID。

+#### clash_mode
+
+匹配 Clash 模式。
+
 #### invert

 反选匹配结果。
--- a/docs/configuration/experimental/index.md
+++ b/docs/configuration/experimental/index.md
@@ -8,7 +8,10 @@
    "clash_api": {
      "external_controller": "127.0.0.1:9090",
      "external_ui": "folder",
-      "secret": ""
+      "secret": "",
+      "default_mode": "rule",
+      "store_selected": false,
+      "cache_file": "cache.db"
    }
  }
 }
@@ -26,7 +29,7 @@

 #### external_controller

-RESTful web API listening address. Disabled if empty.
+RESTful web API listening address. Clash API will be disabled if empty.

 #### external_ui

@@ -38,4 +41,22 @@ serve it at `http://{{external-controller}}/ui`.

 Secret for the RESTful API (optional)
 Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
-ALWAYS set a secret if RESTful API is listening on 0.0.0.0
+ALWAYS set a secret if RESTful API is listening on 0.0.0.0
+
+#### default_mode
+
+Default mode in clash, `rule` will be used if empty.
+
+This setting has no direct effect, but can be used in routing and DNS rules via the `clash_mode` rule item.
+
+#### store_selected
+
+!!! note ""
+
+    The tag must be set for target outbounds.
+
+Store selected outbound for the `Selector` outbound in cache file.
+
+#### cache_file
+
+Cache file path, `cache.db` will be used if empty.
--- a/docs/configuration/experimental/index.zh.md
+++ b/docs/configuration/experimental/index.zh.md
@@ -8,7 +8,10 @@
    "clash_api": {
      "external_controller": "127.0.0.1:9090",
      "external_ui": "folder",
-      "secret": ""
+      "secret": "",
+      "default_mode": "rule",
+      "store_selected": false,
+      "cache_file": "cache.db"
    }
  }
 }
@@ -26,7 +29,7 @@

 #### external_controller

-RESTful web API 监听地址。
+RESTful web API 监听地址。如果为空，则禁用 Clash API。

 #### external_ui

@@ -36,4 +39,22 @@ RESTful web API 监听地址。

 RESTful API 的密钥（可选）
 通过指定 HTTP 标头 `Authorization: Bearer ${secret}` 进行身份验证
-如果 RESTful API 正在监听 0.0.0.0，请始终设置一个密钥。
+如果 RESTful API 正在监听 0.0.0.0，请始终设置一个密钥。
+
+#### default_mode
+
+Clash 中的默认模式，默认使用 `rule`。
+
+此设置没有直接影响，但可以通过 `clash_mode` 规则项在路由和 DNS 规则中使用。
+
+#### store_selected
+
+!!! note ""
+
+    必须为目标出站设置标签。
+
+将 `Selector` 中出站的选定的目标出站存储在缓存文件中。
+
+#### cache_file
+
+缓存文件路径，默认使用`cache.db`。
--- a/docs/configuration/route/rule.md
+++ b/docs/configuration/route/rule.md
@@ -80,6 +80,7 @@
        "user_id": [
          1000
        ],
+        "clash_mode": "direct",
        "invert": false,
        "outbound": "direct"
      },
@@ -219,6 +220,10 @@ Match user name.

 Match user id.

+#### clash_mode
+
+Match Clash mode.
+
 #### invert

 Invert match result.
--- a/docs/configuration/route/rule.zh.md
+++ b/docs/configuration/route/rule.zh.md
@@ -78,6 +78,7 @@
        "user_id": [
          1000
        ],
+        "clash_mode": "direct",
        "invert": false,
        "outbound": "direct"
      },
@@ -217,6 +218,10 @@

 匹配用户 ID。

+#### clash_mode
+
+匹配 Clash 模式。
+
 #### invert

 反选匹配结果。
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -30,10 +30,6 @@
 }
 ```

-!!! warning ""
-
-    ACME is not included by default, see [Installation](/#installation).
-
 ### Outbound

 ```json
@@ -47,7 +43,17 @@
  "max_version": "",
  "cipher_suites": [],
  "certificate": "",
-  "certificate_path": ""
+  "certificate_path": "",
+  "ech": {
+    "enabled": false,
+    "pq_signature_schemes_enabled": false,
+    "dynamic_record_sizing_disabled": false,
+    "config": ""
+  },
+  "utls": {
+    "enabled": false,
+    "fingerprint": ""
+  }
 }
 ```

@@ -155,8 +161,48 @@ The server private key, in PEM format.

 The path to the server private key, in PEM format.

+#### ech
+
+==Client only==
+
+!!! warning ""
+
+    ECH is not included by default, see [Installation](/#installation).
+
+ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
+message.
+
+If you don't know how to fill in the other configuration, just set `enabled`.
+
+#### utls
+
+==Client only==
+
+!!! warning ""
+
+    uTLS is not included by default, see [Installation](/#installation).
+
+!!! note ""
+
+    uTLS is poorly maintained and the effect may be unproven, use at your own risk.
+
+uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance.
+
+Available fingerprint values:
+
+* chrome
+* firefox
+* ios
+* android
+* random
+
+
 ### ACME Fields

+!!! warning ""
+
+    ACME is not included by default, see [Installation](/#installation).
+
 #### domain

 List of domain.
@@ -205,10 +251,6 @@ listener for the HTTP challenge.
 The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to
 succeed.

-### Reload
-
-For server configuration, certificate and key will be automatically reloaded if modified.
-
 #### external_account

 EAB (External Account Binding) contains information necessary to bind or map an ACME account to some other account known
@@ -226,4 +268,8 @@ The key identifier.

 #### external_account.mac_key

-The MAC key.
+The MAC key.
+
+### Reload
+
+For server configuration, certificate and key will be automatically reloaded if modified.
--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@@ -30,10 +30,6 @@
 }
 ```

-!!! warning ""
-
-    默认安装不包含 ACME，参阅 [安装](/zh/#_2)。
-
 ### 出站

 ```json
@@ -47,7 +43,17 @@
  "max_version": "",
  "cipher_suites": [],
  "certificate": "",
-  "certificate_path": ""
+  "certificate_path": "",
+  "ech": {
+    "enabled": false,
+    "pq_signature_schemes_enabled": false,
+    "dynamic_record_sizing_disabled": false,
+    "config": ""
+  },
+  "utls": {
+    "enabled": false,
+    "fingerprint": ""
+  }
 }
 ```

@@ -155,8 +161,47 @@ TLS 版本值：

 服务器 PEM 私钥路径。

+#### ech
+
+==仅客户端==
+
+!!! warning ""
+
+    默认安装不包含 ECH, 参阅 [安装](/zh/#_2)。
+
+ECH (Encrypted Client Hello) 是一个 TLS 扩展，它允许客户端加密其 ClientHello 的第一部分
+信息。
+
+如果您不知道如何填写其他配置，只需设置 `enabled` 即可。
+
+#### utls
+
+==仅客户端==
+
+!!! warning ""
+
+    默认安装不包含 uTLS, 参阅 [安装](/zh/#_2)。
+
+!!! note ""
+
+    uTLS 维护不善且其效果可能未经证实，使用风险自负。
+
+uTLS 是 "crypto/tls" 的一个分支，它提供了 ClientHello 指纹识别阻力。
+
+可用的指纹值：
+
+* chrome
+* firefox
+* ios
+* android
+* random
+
 ### ACME 字段

+!!! warning ""
+
+    默认安装不包含 ACME，参阅 [安装](/zh/#_2)。
+
 #### domain

 一组域名。
@@ -203,10 +248,6 @@ ACME 数据目录。

 用于 ACME TLS-ALPN 质询的备用端口； 系统必须将 443 转发到此端口以使质询成功。

-### Reload
-
-对于服务器配置，如果修改，证书和密钥将自动重新加载。
-
 #### external_account

 EAB（外部帐户绑定）包含将 ACME 帐户绑定或映射到其他已知帐户所需的信息由 CA。
@@ -222,4 +263,8 @@ EAB（外部帐户绑定）包含将 ACME 帐户绑定或映射到其他已知

 #### external_account.mac_key

-MAC 密钥。
+MAC 密钥。
+
+### 重载
+
+对于服务器配置，如果修改，证书和密钥将自动重新加载。