Initial zh-CN document translation: shared

Author: nekohasekai

docs/configuration/dns/index.zh.md

@@ -1,3 +1,5 @@
+# DNS
+
 ### 结构
 
 ```json

docs/configuration/inbound/http.md

@@ -32,7 +32,7 @@
 
 #### tls
 
-TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
+TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
 
 #### users
 

docs/configuration/inbound/hysteria.md

@@ -102,7 +102,7 @@ Force enabled on for systems other than Linux and Windows (according to upstream
 
 ==Required==
 
-TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
+TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
 
 ### Listen Fields
 

docs/configuration/inbound/naive.md

@@ -36,7 +36,7 @@
 
 #### tls
 
-TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
+TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
 
 #### users
 

docs/configuration/inbound/trojan.md

@@ -40,7 +40,7 @@ Trojan users.
 
 #### tls
 
-TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
+TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
 
 #### fallback
 

docs/configuration/inbound/vmess.md

@@ -46,7 +46,7 @@ VMess users.
 
 #### tls
 
-TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound-structure).
+TLS configuration, see [TLS inbound structure](/configuration/shared/tls/#inbound).
 
 #### transport
 

docs/configuration/outbound/http.md

@@ -53,7 +53,7 @@ Basic authorization password.
 
 #### tls
 
-TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
+TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
 
 ### Dial Fields
 

docs/configuration/outbound/hysteria.md

@@ -113,7 +113,7 @@ Force enabled on for systems other than Linux and Windows (according to upstream
 
 ==Required==
 
-TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
+TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
 
 #### network
 

docs/configuration/outbound/trojan.md

@@ -59,7 +59,7 @@ Both is enabled by default.
 
 #### tls
 
-TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
+TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
 
 #### multiplex
 

docs/configuration/outbound/vmess.md

@@ -93,7 +93,7 @@ Both is enabled by default.
 
 #### tls
 
-TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound-structure).
+TLS configuration, see [TLS outbound structure](/configuration/shared/tls/#outbound).
 
 #### multiplex
 

docs/configuration/shared/multiplex.zh.md

@@ -0,0 +1,50 @@
+### 服务器要求
+
+`sing-box` :)
+
+### 结构
+
+```json
+{
+  "enabled": true,
+  "protocol": "smux",
+  "max_connections": 4,
+  "min_streams": 4,
+  "max_streams": 0
+}
+```
+
+### 字段
+
+#### enabled
+
+启用多路复用
+
+#### protocol
+
+多路复用协议
+
+| 协议    | 描述                                 |
+|-------|------------------------------------|
+| smux  | https://github.com/xtaci/smux      |
+| yamux | https://github.com/hashicorp/yamux |
+
+默认使用 SMux.
+
+#### max_connections
+
+最大连接数量
+
+与 `max_streams` 冲突.
+
+#### min_streams
+
+在打开新连接之前，连接中的最小多路复用流数量
+
+与 `max_streams` 冲突.
+
+#### max_streams
+
+在打开新连接之前，连接中的最大多路复用流数量
+
+与 `max_connections` 和 `min_streams` 冲突.

docs/configuration/shared/tls.md

@@ -1,4 +1,4 @@
-### Inbound Structure
+### Inbound
 
 ```json
 {
@@ -34,7 +34,7 @@
 
     ACME is not included by default, see [Installation](/#installation).
 
-### Outbound Structure
+### Outbound
 
 ```json
 {
@@ -115,20 +115,13 @@ See [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Appli
 The minimum TLS version that is acceptable.
 
 By default, TLS 1.2 is currently used as the minimum when acting as a
-client, and TLS 1.0 when acting as a server. TLS 1.0 is the minimum
-supported by this package, both as a client and as a server.
-
-The client-side default can temporarily be reverted to TLS 1.0 by
-including the value "x509sha1=1" in the GODEBUG environment variable.
-Note that this option will be removed in Go 1.19 (but it will still be
-possible to set this field to VersionTLS10 explicitly).
+client, and TLS 1.0 when acting as a server.
 
 #### max_version
 
 The maximum TLS version that is acceptable.
 
-By default, the maximum version supported by this package is used,
-which is currently TLS 1.3.
+By default, the maximum version is currently TLS 1.3.
 
 #### cipher_suites
 

docs/configuration/shared/tls.zh.md

@@ -0,0 +1,219 @@
+### 入站
+
+```json
+{
+  "enabled": true,
+  "server_name": "",
+  "alpn": [],
+  "min_version": "",
+  "max_version": "",
+  "cipher_suites": [],
+  "certificate": "",
+  "certificate_path": "",
+  "key": "",
+  "key_path": "",
+  "acme": {
+    "domain": [],
+    "data_directory": "",
+    "default_server_name": "",
+    "email": "",
+    "provider": "",
+    "disable_http_challenge": false,
+    "disable_tls_alpn_challenge": false,
+    "alternative_http_port": 0,
+    "alternative_tls_port": 0,
+    "external_account": {
+      "key_id": "",
+      "mac_key": ""
+    }
+  }
+}
+```
+
+!!! warning ""
+
+    默认安装不包括 ACME, 参阅 [安装](/zh/#installation).
+
+### 出站
+
+```json
+{
+  "enabled": true,
+  "server_name": "",
+  "insecure": false,
+  "alpn": [],
+  "min_version": "",
+  "max_version": "",
+  "cipher_suites": [],
+  "certificate": "",
+  "certificate_path": ""
+}
+```
+
+TLS 版本值:
+
+* `1.0`
+* `1.1`
+* `1.2`
+* `1.3`
+
+密码套件值:
+
+* `TLS_RSA_WITH_AES_128_CBC_SHA`
+* `TLS_RSA_WITH_AES_256_CBC_SHA`
+* `TLS_RSA_WITH_AES_128_GCM_SHA256`
+* `TLS_RSA_WITH_AES_256_GCM_SHA384`
+* `TLS_AES_128_GCM_SHA256`
+* `TLS_AES_256_GCM_SHA384`
+* `TLS_CHACHA20_POLY1305_SHA256`
+* `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`
+* `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`
+* `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`
+* `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`
+* `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
+* `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
+* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
+* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
+* `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
+* `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`
+
+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签
+
+### 字段
+
+#### enabled
+
+启用 TLS
+
+#### server_name
+
+用于验证返回证书上的主机名，除非设置不安全。
+
+它还包含在 ClientHello 中以支持虚拟主机，除非它是 IP 地址。
+
+检阅 [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication).
+
+#### insecure
+
+==仅客户端==
+
+接受任何服务器证书
+
+#### alpn
+
+支持的应用层协议协商列表，按优先顺序排列。
+
+如果两个对等点都支持 ALPN，则选择的协议将是此列表中的一个，如果没有相互支持的协议则连接将失败。
+
+检阅 [Application-Layer Protocol Negotiation](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation).
+
+#### min_version
+
+可接受的最低 TLS 版本。
+
+默认情况下，当前使用 TLS 1.2 作为客户端的最低要求。作为服务器时使用 TLS 1.0.
+
+#### max_version
+
+可接受的最大 TLS 版本。
+
+默认情况下，当前最高版本为 TLS 1.3。
+
+#### cipher_suites
+
+将在 ECDHE 握手中使用的椭圆曲线，按优先顺序排列。
+
+如果为空，将使用默认值。
+
+客户端将使用第一个首选项作为其在 TLS 1.3 中的密钥共享类型。
+这在未来可能会改变。
+
+#### certificate
+
+服务器 PEM 证书
+
+#### certificate_path
+
+服务器 PEM 证书路径
+
+#### key
+
+==仅服务器==
+
+服务器 PEM 私钥
+
+#### key_path
+
+==仅服务器==
+
+服务器 PEM 私钥路径
+
+### ACME 字段
+
+#### domain
+
+一组域名。
+
+如果为空，将禁用 ACME。
+
+#### data_directory
+
+ACME 数据目录。
+
+如果为空，则使用 `$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic`。
+
+#### default_server_name
+
+如果 ClientHello 的 ServerName 字段为空，则选择证书时要使用的服务器名称。
+
+#### email
+
+创建或选择现有 ACME 服务器帐户时使用的电子邮件地址。
+
+#### provider
+
+要使用的 ACME CA 供应商。
+
+| 值                  | 供应商           |
+|--------------------|---------------|
+| `letsencrypt (默认)` | Let's Encrypt |
+| `zerossl`          | ZeroSSL       |
+| `https://...`      | 自定义           |
+
+#### disable_http_challenge
+
+禁用所有 HTTP 质询。
+
+#### disable_tls_alpn_challenge
+
+禁用所有 TLS-ALPN 质询。
+
+#### alternative_http_port
+
+用于 ACME HTTP 质询的备用端口；如果非空，将使用此端口而不是 80 来启动 HTTP 质询的侦听器。
+
+#### alternative_tls_port
+
+用于 ACME TLS-ALPN 质询的备用端口； 系统必须将 443 转发到此端口以使质询成功。
+
+### Reload
+
+对于服务器配置，如果修改，证书和密钥将自动重新加载。
+
+#### external_account
+
+EAB（外部帐户绑定）包含将 ACME 帐户绑定或映射到其他已知帐户所需的信息由 CA。
+
+外部帐户绑定“用于将 ACME 帐户与非 ACME 系统中的现有帐户相关联，例如 CA 客户数据库。
+
+为了启用 ACME 帐户绑定，运行 ACME 服务器的 CA 需要向 ACME 客户端提供 MAC 密钥和密钥标识符，使用 ACME 之外的一些机制。 §7.3.4
+
+#### external_account.key_id
+
+密钥标识符
+
+#### external_account.mac_key
+
+MAC 密钥