Add inbound documentation

.github/workflows/mkdocs.yml

@@ -4,7 +4,7 @@ on:
     branches:
       - dev
     paths:
-      - docs
+      - docs/**
       - .github/workflows/mkdocs.yml
 jobs:
   deploy:

docs/configuration/inbound/direct.md

@@ -0,0 +1,82 @@
+`direct` inbound is a tunnel server.
+
+### Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "type": "direct",
+      "tag": "direct-in",
+      
+      "listen": "::",
+      "listen_port": 5353,
+      "tcp_fast_open": false,
+      "sniff": false,
+      "sniff_override_destination": false,
+      "domain_strategy": "prefer_ipv6",
+      "udp_timeout": 300,
+      
+      "network": "udp",
+      "override_address": "1.0.0.1",
+      "override_port": 53
+    }
+  ]
+}
+```
+
+### Listen Fields
+
+#### listen
+
+Listen address.
+
+#### listen_port
+
+Listen port.
+
+#### tcp_fast_open
+
+Enable tcp fast open for listener.
+
+#### sniff
+
+Enable sniffing.
+
+Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP.
+
+This does not break zero copy, like splice.
+
+#### sniff_override_destination
+
+Override the connection destination address with the sniffed domain.
+
+If the domain name is invalid (like tor), this will not work.
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the requested domain name will be resolved to IP before routing.
+
+If `sniff_override_destination` is in effect, its value will be taken as a fallback.
+
+#### udp_timeout
+
+UDP NAT expiration time in seconds, default is 300 (5 minutes).
+
+### Direct Fields
+
+#### network
+
+Listen network, one of `tcp` `udp`.
+
+Both if empty.
+
+#### override_address
+
+Override the connection destination address.
+
+#### override_port
+
+Override the connection destination port.

docs/configuration/inbound/http.md

@@ -0,0 +1,72 @@
+`socks` inbound is a http server.
+
+### Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "type": "http",
+      "tag": "http-in",
+      
+      "listen": "::",
+      "listen_port": 2080,
+      "tcp_fast_open": false,
+      "sniff": false,
+      "sniff_override_destination": false,
+      "domain_strategy": "prefer_ipv6",
+      
+      "users": [
+        {
+          "username": "admin",
+          "password": "admin"
+        }
+      ]
+    }
+  ]
+}
+```
+
+### Listen Fields
+
+#### listen
+
+Listen address.
+
+#### listen_port
+
+Listen port.
+
+#### tcp_fast_open
+
+Enable tcp fast open for listener.
+
+#### sniff
+
+Enable sniffing.
+
+Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP.
+
+This does not break zero copy, like splice.
+
+#### sniff_override_destination
+
+Override the connection destination address with the sniffed domain.
+
+If the domain name is invalid (like tor), this will not work.
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the requested domain name will be resolved to IP before routing.
+
+If `sniff_override_destination` is in effect, its value will be taken as a fallback.
+
+### HTTP Fields
+
+#### users
+
+HTTP users.
+
+No authentication required if empty.

docs/configuration/inbound/index.md

@@ -5,9 +5,22 @@
   "inbounds": [
     {
       "type": "",
-      "tag": "",
-      ...
+      "tag": ""
     }
   ]
 }
-```
+```
+
+### Fields
+
+| Type          | Format                       |
+|---------------|------------------------------|
+| `mixed`       | [Mixed](./mixed)             |
+| `socks`       | [Socks](./socks)             |
+| `http`        | [HTTP](./http)               |
+| `direct`      | [Direct](./direct)           |
+| `shadowsocks` | [Shadowsocks](./shadowsocks) |
+
+#### tag
+
+The tag of the inbound.

docs/configuration/inbound/mixed.md

@@ -0,0 +1,72 @@
+`mixed` inbound is a socks4, socks4a, socks5 and http server.
+
+### Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      
+      "listen": "::",
+      "listen_port": 2080,
+      "tcp_fast_open": false,
+      "sniff": false,
+      "sniff_override_destination": false,
+      "domain_strategy": "prefer_ipv6",
+      
+      "users": [
+        {
+          "username": "admin",
+          "password": "admin"
+        }
+      ]
+    }
+  ]
+}
+```
+
+### Listen Fields
+
+#### listen
+
+Listen address.
+
+#### listen_port
+
+Listen port.
+
+#### tcp_fast_open
+
+Enable tcp fast open for listener.
+
+#### sniff
+
+Enable sniffing.
+
+Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP.
+
+This does not break zero copy, like splice.
+
+#### sniff_override_destination
+
+Override the connection destination address with the sniffed domain.
+
+If the domain name is invalid (like tor), this will not work.
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the requested domain name will be resolved to IP before routing.
+
+If `sniff_override_destination` is in effect, its value will be taken as a fallback.
+
+### Mixed Fields
+
+#### users
+
+Socks and HTTP users.
+
+No authentication required if empty.

docs/configuration/inbound/shadowsocks.md

@@ -0,0 +1,136 @@
+`shadowsocks` inbound is a shadowsocks server.
+
+### Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "type": "shadowsocks",
+      "tag": "ss-in",
+      
+      "listen": "::",
+      "listen_port": 5353,
+      "tcp_fast_open": false,
+      "sniff": false,
+      "sniff_override_destination": false,
+      "domain_strategy": "prefer_ipv6",
+      "udp_timeout": 300,
+      "network": "udp",
+      
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "8JCsPssfgS8tiRwiMlhARg=="
+    }
+  ]
+}
+```
+
+### Listen Fields
+
+#### listen
+
+Listen address.
+
+#### listen_port
+
+Listen port.
+
+#### tcp_fast_open
+
+Enable tcp fast open for listener.
+
+#### sniff
+
+Enable sniffing.
+
+Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP.
+
+This does not break zero copy, like splice.
+
+#### sniff_override_destination
+
+Override the connection destination address with the sniffed domain.
+
+If the domain name is invalid (like tor), this will not work.
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the requested domain name will be resolved to IP before routing.
+
+If `sniff_override_destination` is in effect, its value will be taken as a fallback.
+
+#### udp_timeout
+
+UDP NAT expiration time in seconds, default is 300 (5 minutes).
+
+### Shadowsocks Fields
+
+#### network
+
+Listen network, one of `tcp` `udp`.
+
+Both if empty.
+
+#### method
+
+| Method                        | Key Length |
+|-------------------------------|------------|
+| 2022-blake3-aes-128-gcm       | 16         |
+| 2022-blake3-aes-256-gcm       | 32         |
+| 2022-blake3-chacha20-poly1305 | 32         |
+| none                          | /          |
+| aes-128-gcm                   | /          |
+| aes-192-gcm                   | /          |
+| aes-256-gcm                   | /          |
+| chacha20-ietf-poly1305        | /          |
+| xchacha20-ietf-poly1305       | /          |
+
+#### password
+
+| Method        | Password Format                     |
+|---------------|-------------------------------------|
+| none          | /                                   |
+| 2022 methods  | `openssl rand -base64 <Key Length>` |
+| other methods | any string                          |
+
+### Multi-User Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "8JCsPssfgS8tiRwiMlhARg==",
+      "users": [
+        {
+          "name": "sekai",
+          "password": "PCD2Z4o12bKUoFa3cC97Hw=="
+        }
+      ]
+    }
+  ]
+}
+```
+
+### Relay Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "8JCsPssfgS8tiRwiMlhARg==",
+      "destinations": [
+        {
+          "name": "test",
+          "server": "example.com",
+          "server_port": 8080,
+          "password": "PCD2Z4o12bKUoFa3cC97Hw=="
+        }
+      ]
+    }
+  ]
+}
+```

docs/configuration/inbound/socks.md

@@ -0,0 +1,72 @@
+`socks` inbound is a socks4, socks4a, socks5 server.
+
+### Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "type": "socks",
+      "tag": "socks-in",
+      
+      "listen": "::",
+      "listen_port": 2080,
+      "tcp_fast_open": false,
+      "sniff": false,
+      "sniff_override_destination": false,
+      "domain_strategy": "prefer_ipv6",
+      
+      "users": [
+        {
+          "username": "admin",
+          "password": "admin"
+        }
+      ]
+    }
+  ]
+}
+```
+
+### Listen Fields
+
+#### listen
+
+Listen address.
+
+#### listen_port
+
+Listen port.
+
+#### tcp_fast_open
+
+Enable tcp fast open for listener.
+
+#### sniff
+
+Enable sniffing.
+
+Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP.
+
+This does not break zero copy, like splice.
+
+#### sniff_override_destination
+
+Override the connection destination address with the sniffed domain.
+
+If the domain name is invalid (like tor), this will not work.
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the requested domain name will be resolved to IP before routing.
+
+If `sniff_override_destination` is in effect, its value will be taken as a fallback.
+
+### Socks Fields
+
+#### users
+
+Socks users.
+
+No authentication required if empty.

docs/index.md

@@ -2,4 +2,37 @@
 
 Welcome to the wiki page for the sing-box project.
 
-The universal proxy platform.
+The universal proxy platform.
+
+## Installation
+
+sing-box requires Golang 1.18 or a higher version.
+
+```bash
+$ go install github.com/sagernet/sing-box@latest
+```
+
+The binary is built under $GOPATH/bin
+
+```bash
+$ sing-box version
+```
+
+## License
+
+```
+Copyright (C) 2022 by nekohasekai <[email protected]>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+```

docs/installation.md

@@ -1,13 +0,0 @@
-# Installation
-
-sing-box requires Golang 1.18 or a higher version.
-
-```bash
-$ go install github.com/sagernet/sing-box@latest
-```
-
-The binary is built under $GOPATH/bin
-
-```bash
-$ sing-box version
-```

docs/license.md

@@ -1,18 +0,0 @@
-# License
-
-```
-Copyright (C) 2022 by nekohasekai <[email protected]>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-```

mkdocs.yml

@@ -28,10 +28,7 @@ theme:
     - navigation.sections
     - header.autohide
 nav:
-  - Getting Started:
-      - index.md
-      - Installation: installation.md
-      - License: license.md
+  - Getting Started: index.md
   - Configuration:
       - configuration/index.md
       - Log: configuration/log.md
@@ -41,6 +38,11 @@ nav:
           - DNS Rule: configuration/dns/rule.md
       - Inbound:
           - configuration/inbound/index.md
+          - Mixed: configuration/inbound/mixed.md
+          - Socks: configuration/inbound/socks.md
+          - HTTP: configuration/inbound/http.md
+          - Direct: configuration/inbound/direct.md
+          - Shadowsocks: configuration/inbound/shadowsocks.md
 markdown_extensions:
   - pymdownx.highlight:
       anchor_linenums: true