github
/
Xray-docs-next
mirror of https://github.com/XTLS/Xray-docs-next
1
0
Fork 0
Code Issues Releases Wiki Activity

Prettified Code!

pull/705/head
dependabot[bot] 2025-07-06 21:32:54 +00:00 committed by GitHub Action
parent ff25282156
commit 64dea2aae4
3 changed files with 24 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/document/level-0/ch04-security.md
View File

@ -226,11 +226,7 @@ Linux 服务器的安全防护是一个纷繁复杂的巨大课题。无数的
::: warning ::: warning
本图中是以 `2048` 位的 `RSA` 密钥为例的。但实际上,如果要获得与 `EDCSA/Ed25519``256` 位密钥相同的安全性,你需要使用 `3072` 位的 `RSA` 密钥。(即右下角的数字改成 `3072` 本图中是以 `2048` 位的 `RSA` 密钥为例的。但实际上,如果要获得与 `EDCSA/Ed25519``256` 位密钥相同的安全性,你需要使用 `3072` 位的 `RSA` 密钥。(即右下角的数字改成 `3072`
::: ::: 2. 你可以给私钥设置密码,增加一层安全性 3. 点击 `Save public key` 保存公钥,文件名为 `id_rsa.pub` 4. 点击 `Save private key` 保存私钥,文件名为 `id_rsa` (PuTTY 私钥自带`.ppk`后缀) 5. 最重要的,将上方红框内的内容,向下滚动全部复制出来并保存,文件名为 `authorized_keys`。(用 vscode 保存,默认会变成带`txt`后缀的文本文件,这没关系,之后上传 VPS 时我们会把后缀名去掉)
2. 你可以给私钥设置密码,增加一层安全性
3. 点击 `Save public key` 保存公钥,文件名为 `id_rsa.pub`
4. 点击 `Save private key` 保存私钥,文件名为 `id_rsa` (PuTTY 私钥自带`.ppk`后缀)
5. 最重要的,将上方红框内的内容,向下滚动全部复制出来并保存,文件名为 `authorized_keys`。(用 vscode 保存,默认会变成带`txt`后缀的文本文件,这没关系,之后上传 VPS 时我们会把后缀名去掉)
![保存密钥](./ch04-img09-puttygen-save-keys.png) ![保存密钥](./ch04-img09-puttygen-save-keys.png)

19
docs/en/document/level-0/ch07-xray-server.md
View File

@ -122,8 +122,7 @@ chmod +r ~/xray_cert/xray.key
In addition, when recording animated images, the script did not include a command to restart `Xray` because `Xray` plans to support the [Certificate Hot Update] function, which means that `Xray` will automatically identify certificate updates and reload certificates without manual restart. After the function is added, I will modify `config.json` appropriately In addition, when recording animated images, the script did not include a command to restart `Xray` because `Xray` plans to support the [Certificate Hot Update] function, which means that `Xray` will automatically identify certificate updates and reload certificates without manual restart. After the function is added, I will modify `config.json` appropriately
to enable this setting and delete the restart command in the script. to enable this setting and delete the restart command in the script.
::: ::: 4. Add [executable] permissions to this file
4. Add [executable] permissions to this file
``` ```
chmod +x ~/xray_cert/xray-cert-renew.sh chmod +x ~/xray_cert/xray-cert-renew.sh
@ -177,8 +176,8 @@ First, you can refer to the [official VLESS configuration example](https://githu
::: warning ::: warning
This location is not the standard log file location of `Xray`. It is placed here to avoid permission issues that cause trouble for new users. Once you are familiar with it, it is recommended to return to the default location: `/var/log/xray/access.log` and `/var/log/xray/error.log`. This location is not the standard log file location of `Xray`. It is placed here to avoid permission issues that cause trouble for new users. Once you are familiar with it, it is recommended to return to the default location: `/var/log/xray/access.log` and `/var/log/xray/error.log`.
::: ::: 4. Because Xray is used by the nobody user by default, we need to allow other users to have "write" permissions (`*.log` means all files with the suffix `log`, and the efficiency advantage of the `CLI` interface gradually appears at this time)
4. Because Xray is used by the nobody user by default, we need to allow other users to have "write" permissions (`*.log` means all files with the suffix `log`, and the efficiency advantage of the `CLI` interface gradually appears at this time)
```shell ```shell
chmod a+w ~/xray_log/*.log chmod a+w ~/xray_log/*.log
``` ```
@ -409,8 +408,7 @@ If your line really has a very high packet loss rate, the only reliable solution
This article takes Debian 10 as an example, so there is still no problem using `/etc/apt/sources.list`, but if you are not starting from scratch according to this article, or using other Linux This article takes Debian 10 as an example, so there is still no problem using `/etc/apt/sources.list`, but if you are not starting from scratch according to this article, or using other Linux
distributions, it is recommended that you create a `/etc/apt/sources.list.d/` folder and create your own configuration file in this folder, such as `/etc/apt/sources.list.d/vpsadmin.list` distributions, it is recommended that you create a `/etc/apt/sources.list.d/` folder and create your own configuration file in this folder, such as `/etc/apt/sources.list.d/vpsadmin.list`
, to ensure compatibility and avoid the default file being overwritten in unforeseen circumstances and causing configuration loss. , to ensure compatibility and avoid the default file being overwritten in unforeseen circumstances and causing configuration loss.
::: ::: 2. Then add the following item at the end, save and exit.
2. Then add the following item at the end, save and exit.
``` ```
deb http://deb.debian.org/debian buster-backports main deb http://deb.debian.org/debian buster-backports main
@ -430,8 +428,7 @@ If your line really has a very high packet loss rate, the only reliable solution
- Take a system snapshot before trying, or - Take a system snapshot before trying, or
- You have `vnc` to save the day (and you know how to use it) - You have `vnc` to save the day (and you know how to use it)
::: ::: 4. Modify the `kernel` parameter configuration file `sysctl.conf` and specify to enable `BBR`
4. Modify the `kernel` parameter configuration file `sysctl.conf` and specify to enable `BBR`
```shell ```shell
sudo nano /etc/sysctl.conf sudo nano /etc/sysctl.conf
@ -441,8 +438,7 @@ If your line really has a very high packet loss rate, the only reliable solution
This article takes Debian 10 as an example, so it is still no problem to use `/etc/sysctl.conf`, but if you are not following this article from scratch, or use other Linux distributions, it is recommended that you create a `/etc/sysctl.d/` This article takes Debian 10 as an example, so it is still no problem to use `/etc/sysctl.conf`, but if you are not following this article from scratch, or use other Linux distributions, it is recommended that you create a `/etc/sysctl.d/`
folder and create your own configuration file in this folder, such as `/etc/sysctl.d/vpsadmin.conf`, to ensure compatibility, because some distributions no longer read parameters from `/etc/sysctl.conf` after `systemd` folder and create your own configuration file in this folder, such as `/etc/sysctl.d/vpsadmin.conf`, to ensure compatibility, because some distributions no longer read parameters from `/etc/sysctl.conf` after `systemd`
207 version. Using a custom configuration file can also prevent the default file from being overwritten in unexpected circumstances, resulting in configuration loss. 207 version. Using a custom configuration file can also prevent the default file from being overwritten in unexpected circumstances, resulting in configuration loss.
::: ::: 5. Add the following content
5. Add the following content
``` ```
net.core.default_qdisc=fq net.core.default_qdisc=fq
@ -463,8 +459,7 @@ If your line really has a very high packet loss rate, the only reliable solution
If you are not sure whether your VPS supports it, please follow the command in step 3 and use the regular kernel `linux-image-amd64`. If you are not sure whether your VPS supports it, please follow the command in step 3 and use the regular kernel `linux-image-amd64`.
::: :::
![Update Debian kernel and enable `BBR`](./ch07-img06-bbr-proper.gif) ![Update Debian kernel and enable `BBR`](./ch07-img06-bbr-proper.gif) 8. Confirm that `BBR` is enabled
8. Confirm that `BBR` is enabled
If you want to confirm whether `BBR` is enabled correctly, you can use the following command: If you want to confirm whether `BBR` is enabled correctly, you can use the following command:
`shell `shell

6
docs/ru/document/level-0/ch04-security.md
View File

@ -226,11 +226,7 @@
::: warning ::: warning
На скриншоте показан пример генерации 2048-битного RSA-ключа. Однако для достижения уровня безопасности, со comparableного с 256-битным ключом ECDSA/Ed25519, вам нужно сгенерировать 3072-битный RSA-ключ (т.е. ввести значение `3072` в поле «Number of bits in a generated key»). На скриншоте показан пример генерации 2048-битного RSA-ключа. Однако для достижения уровня безопасности, со comparableного с 256-битным ключом ECDSA/Ed25519, вам нужно сгенерировать 3072-битный RSA-ключ (т.е. ввести значение `3072` в поле «Number of bits in a generated key»).
::: ::: 2. Вы можете установить пароль для защиты приватного ключа. 3. Нажмите кнопку **Save public key**, чтобы сохранить публичный ключ в файл `id_rsa.pub`. 4. Нажмите кнопку **Save private key**, чтобы сохранить приватный ключ в файл `id_rsa` (приватные ключи PuTTY имеют расширение `.ppk`). 5. **Важно!** Скопируйте содержимое поля, выделенного красной рамкой (не забудьте прокрутить текст до конца!), и сохраните его в файл `authorized_keys`. (Если вы будете использовать для этого VSCode, файл будет сохранён с расширением `.txt``authorized_keys.txt`. Это нормально, позже мы переименуем файл).
2. Вы можете установить пароль для защиты приватного ключа.
3. Нажмите кнопку **Save public key**, чтобы сохранить публичный ключ в файл `id_rsa.pub`.
4. Нажмите кнопку **Save private key**, чтобы сохранить приватный ключ в файл `id_rsa` (приватные ключи PuTTY имеют расширение `.ppk`).
5. **Важно!** Скопируйте содержимое поля, выделенного красной рамкой (не забудьте прокрутить текст до конца!), и сохраните его в файл `authorized_keys`. (Если вы будете использовать для этого VSCode, файл будет сохранён с расширением `.txt``authorized_keys.txt`. Это нормально, позже мы переименуем файл).
![Сохранение ключей](./ch04-img09-puttygen-save-keys.png) ![Сохранение ключей](./ch04-img09-puttygen-save-keys.png)