From e1364b2990741a49efd242f9a96498d8c7e7f328 Mon Sep 17 00:00:00 2001 From: mmmray <142015632+mmmray@users.noreply.github.com> Date: Fri, 26 Jul 2024 09:03:26 -0500 Subject: [PATCH] Sync chinese changes to english --- docs/en/config/transport.md | 6 ++++++ docs/en/document/level-0/ch04-security.md | 8 +++++++- docs/en/document/level-1/routing-lv1-part2.md | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/en/config/transport.md b/docs/en/config/transport.md index 4ed2993..10c58f0 100644 --- a/docs/en/config/transport.md +++ b/docs/en/config/transport.md @@ -274,6 +274,12 @@ Specifies the fingerprint of the `TLS Client Hello` message. When empty, fingerp This feature only **simulates** the fingerprint of `TLS Client Hello` message, leaving other behaviours the same as vanilla Go TLS. If you want to simulate a browser `TLS` more completely, use the [Browser Dialer](./transports/websocket.md#browser-dialer). ::: +::: tip +When using this feature, some TLS options that affect the TLS fingerprint will be overridden by the utls library and will no longer be effective, such as ALPN. +The parameters that will be passed are +`"serverName" "allowInsecure" "disableSystemRoot" "pinnedPeerCertificateChainSha256" "masterKeyLog"` +::: + > `pinnedPeerCertificateChainSha256`: [string] Specifies the SHA256 hash values of the certificate chain of the remote server, using the standard encoding format. Only when the hash value of the server-side certificate chain matches any of the specified can a TLS connection be successfully established. diff --git a/docs/en/document/level-0/ch04-security.md b/docs/en/document/level-0/ch04-security.md index f4a04eb..cd0fe77 100644 --- a/docs/en/document/level-0/ch04-security.md +++ b/docs/en/document/level-0/ch04-security.md @@ -87,6 +87,12 @@ This article uses `9753` as an example, which means that with the release of thi - If you observed carefully in step 3, you would have noticed that saving is not done by the common `ctrl+s`. - The correct shortcut keys: save is `ctrl+o` + `enter`, and exit is `ctrl+x`. +- (For some operating systems) Add a firewall rule to set the new SSH port, otherwise, you won't be able to log in via SSH after the instance restarts. +- For example, on Ubuntu using ufw. + +```shell +sudo ufw allow 9753/tcp +``` 7. The last thing we need to do is to [restart the SSH service to make the changes take effect]. @@ -94,7 +100,7 @@ This article uses `9753` as an example, which means that with the release of thi systemctl restart ssh ``` -This is a shell command to restart the SSH service. +Then you can try opening a new session in your SSH software to check if you can connect. If there are any issues, you can modify the configuration through the old SSH session (SSH connections that are already open will not be closed when restarting sshd). 8. The complete process demonstration is as follows: diff --git a/docs/en/document/level-1/routing-lv1-part2.md b/docs/en/document/level-1/routing-lv1-part2.md index 27c1fc2..14905cb 100644 --- a/docs/en/document/level-1/routing-lv1-part2.md +++ b/docs/en/document/level-1/routing-lv1-part2.md @@ -80,7 +80,7 @@ ### 5.2 基于 IP 文件分流:`geoip.dat` -与 `geosite.dat` 规则文件十分类似的,我们还有 `geoip.dat` 这个规则文件,它致力于为用户提供成熟完善的【IP 分类表】。让用户可以简单的通过 `geoip:xxx` 这种格式方便的调用任何子类,定制符合自身需求的路由规则 。 +除了使用 `geosite.dat` 核心自然也支持直接使用IP进行路由以满足各种需求。 1. 解决前面的 `[问题3], [问题4]`,我们使用 `geoip:private` 类别来指定 `[direct-out]` 2. 解决前面的 `[问题7]`,我们使用 `geoip:cn` 类别来指定 `[direct-out]`