XTLS
diff --git a/‎docs/config/inbounds/vless.md‎
Lines changed: 2 additions & 3 deletions b/‎docs/config/inbounds/vless.md‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎docs/config/outbounds/vless.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/config/outbounds/vless.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/config/reverse.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/config/reverse.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/document/level-2/nginx_or_haproxy_tls_tunnel.md‎
Lines changed: 156 additions & 181 deletions b/‎docs/document/level-2/nginx_or_haproxy_tls_tunnel.md‎
Lines changed: 156 additions & 181 deletions
@@ -44,10 +44,9 @@ VLESS 是一个无状态的轻量传输协议，它分为入站和出站两部
 - 第2个块为加密方式，可选 `native`/`xorpub`/`random`, 分别对应: 原始格式数据包/原始格式+混淆公钥部分/全随机数（类似 VMESS/Shadows socks）。要求服务端与客户端一致
 - 第3个块为会话恢复票据有效时间。格式为 `600s` 或 `100-500s`. 前者将在该时长和该时长的一半之间随机一个时间(如 `600s`=`300-600s`)，后者则手动指定随即范围
 
-往后为 padding, 连接建立后服务端发送一些垃圾数据用以混淆长度特征，无需与客户端相同(出站的相同部分为客户端向服务端方向发送的 padding)，属于可变长部分，格式为 `padding.delay.padding`+`(.delay.padding)`*n（可插入多个 padding, 要求两个 padding 块之间必须包含一个 delay 块） 比如可以写一个超长的 `padding.delay.padding.delay.padding.delay.padding.delay.padding.delay.padding`
+往后为 padding, 连接建立后服务端发送一些垃圾数据用以混淆长度特征，无需与客户端相同(出站的相同部分为客户端向服务端方向发送的 padding)，属于可变长部分，格式为 `padding.delay.padding`+`(.delay.padding)`\*n（可插入多个 padding, 要求两个 padding 块之间必须包含一个 delay 块） 比如可以写一个超长的 `padding.delay.padding.delay.padding.delay.padding.delay.padding.delay.padding`
 
--`padding` 格式为 `probability-min-max` 如 `100-111-1111` 含义为 100% 发送一个长度 111~1111 的padding.
--`delay` 格式同样为 `probability-min-max` 如 `75-0-111` 含义为 75% 的概率等待 0~111 毫秒
+-`padding` 格式为 `probability-min-max` 如 `100-111-1111` 含义为 100% 发送一个长度 111~1111 的padding. -`delay` 格式同样为 `probability-min-max` 如 `75-0-111` 含义为 75% 的概率等待 0~111 毫秒
 
 第一个 padding 块存在特殊要求，要求概率为 100% 且最小长度大于 0. 若不存在任何 padding, 核心自动使用 `100-111-1111.75-0-111.50-0-3333` 作为 padding 设置。
 
 
@@ -152,6 +152,7 @@ VLESS 极简反向代理配置，和核心内部自带的的通用反向代理
 **内网端可以设 CDN 等多条冗余线路均为 `"reverse": { "tag": "yyy" }` 对应公网端多个相同的 `"reverse": { "tag": "xxx" }`**
 
 ### 安全注意事项
+
 公网端可以给不同 id 设不同 reverse 穿透至不同的内网设备，**客户端应当用新的 id，不然拿到客户端配置就能劫持你的反向代理**
 
 用于内网穿透的连接即使开了 XTLS Vision，也只是吃到了 padding，并没有裸奔，是否给用于使用的连接开 XTLS 裸奔自行分析
 
@@ -2,7 +2,7 @@
 
 反向代理可以把服务器端的流量向客户端转发，即逆向流量转发。
 
-::: tip 
+::: tip
 这个反向代理为通用反向代理（不限制代理协议类型），配置更为复杂，不要和 VLESS 简易配置反向弄混（见 VLESS 出入站文档相关部分）。
 :::
 
 
@@ -106,199 +106,174 @@ WantedBy=multi-user.target
 
 ```json
 {
-	"log": {
-		"loglevel": "none"
-	},
-	"inbounds": [
-		{
-			"listen": "/dev/shm/vless.sock,0666",
-			"protocol": "vless",
-			"settings": {
-				"clients": [
-					{
-						"id": "uuid"
-					}
-				],
-				"decryption": "none"
-			},
-			"streamSettings": {
-				"network": "tcp"
-			},
-			"sniffing": {
-				"enabled": true,
-				"destOverride": [
-					"http",
-					"tls"
-				]
-			}
-		}
-	],
-	"outbounds": [
-		{
-			"protocol": "freedom"
-		}
-	]
+  "log": {
+    "loglevel": "none"
+  },
+  "inbounds": [
+    {
+      "listen": "/dev/shm/vless.sock,0666",
+      "protocol": "vless",
+      "settings": {
+        "clients": [
+          {
+            "id": "uuid"
+          }
+        ],
+        "decryption": "none"
+      },
+      "streamSettings": {
+        "network": "tcp"
+      },
+      "sniffing": {
+        "enabled": true,
+        "destOverride": ["http", "tls"]
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "freedom"
+    }
+  ]
 }
 ```
 
 客户端 xray 配置，此处以旁路由透明代理为例
 
 ```json
 {
-    "log": {
-        "loglevel": "none"
-    },
-    "dns": {
-        "servers": [
-            "1.1.1.1",
-            {
-                "address": "119.29.29.29",
-                "domains": [
-                    "geosite:cn"
-                ],
-                "expectIP": [
-                    "geoip:cn"
-                ]
-            }
-        ],
-        "disableFallback": true,
-        "disableFallbackIfMatch": true
+  "log": {
+    "loglevel": "none"
+  },
+  "dns": {
+    "servers": [
+      "1.1.1.1",
+      {
+        "address": "119.29.29.29",
+        "domains": ["geosite:cn"],
+        "expectIP": ["geoip:cn"]
+      }
+    ],
+    "disableFallback": true,
+    "disableFallbackIfMatch": true
+  },
+  "inbounds": [
+    {
+      "tag": "tproxy-in",
+      "port": 12345,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "network": "tcp,udp",
+        "followRedirect": true
+      },
+      "sniffing": {
+        "enabled": true,
+        "destOverride": ["http", "tls"]
+      },
+      "streamSettings": {
+        "sockopt": {
+          "tproxy": "tproxy",
+          "mark": 255
+        }
+      }
     },
-    "inbounds": [
-        {
-            "tag": "tproxy-in",
-            "port": 12345,
-            "protocol": "dokodemo-door",
-            "settings": {
-                "network": "tcp,udp",
-                "followRedirect": true
-            },
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls"
-                ]
-            },
-            "streamSettings": {
-                "sockopt": {
-                    "tproxy": "tproxy",
-                    "mark": 255
-                }
-            }
+    {
+      "tag": "http",
+      "port": 10808,
+      "listen": "127.0.0.1",
+      "protocol": "http",
+      "sniffing": {
+        "enabled": true,
+        "destOverride": ["http", "tls"]
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "tag": "nginxtls",
+      "protocol": "vless",
+      "settings": {
+        "vnext": [
+          {
+            "address": "127.0.0.1",
+            "port": 6666,
+            "users": [
+              {
+                "id": "uuid",
+                "encryption": "none"
+              }
+            ]
+          }
+        ]
+      },
+      "streamSettings": {
+        "sockopt": {
+          "mark": 255
         },
-        {
-            "tag": "http",
-            "port": 10808,
-            "listen": "127.0.0.1",
-            "protocol": "http",
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls"
-                ]
-            }
+        "network": "tcp"
+      }
+    },
+    {
+      "tag": "direct",
+      "protocol": "freedom",
+      "streamSettings": {
+        "sockopt": {
+          "mark": 255
         }
-    ],
-    "outbounds": [
-        {
-            "tag": "nginxtls",
-            "protocol": "vless",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "127.0.0.1",
-                        "port": 6666,
-                        "users": [
-                            {
-                                "id": "uuid",
-                                "encryption": "none"
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "sockopt": {
-                    "mark": 255
-                },
-                "network": "tcp"
-            }
-        },
-        {
-            "tag": "direct",
-            "protocol": "freedom",
-            "streamSettings": {
-                "sockopt": {
-                    "mark": 255
-                }
-            }
-        },
-        {
-            "tag": "block",
-            "protocol": "blackhole",
-            "settings": {
-                "response": {
-                    "type": "http"
-                }
-            }
+      }
+    },
+    {
+      "tag": "block",
+      "protocol": "blackhole",
+      "settings": {
+        "response": {
+          "type": "http"
         }
-    ],
-    "routing": {
-        "domainMatcher": "mph",
-        "domainStrategy": "AsIs",
-        "rules": [
-            {
-                "type": "field",
-                "domain": [
-                    "geosite:category-ads-all"
-                ],
-                "outboundTag": "block"
-            },
-            {
-                "type": "field",
-                "port": 123,
-                "network": "udp",
-                "outboundTag": "direct"
-            },
-            {
-                "type": "field",
-                "ip": [
-                    "1.1.1.1"
-                ],
-                "outboundTag": "proxy"
-            },
-            {
-                "type": "field",
-                "domain": [
-                    "geosite:cn"
-                ],
-                "outboundTag": "direct"
-            },
-            {
-                "type": "field",
-                "protocol": [
-                    "bittorrent"
-                ],
-                "outboundTag": "direct"
-            },
-            {
-                "type": "field",
-                "ip": [
-                    "geoip:private"
-                ],
-                "outboundTag": "direct"
-            },
-            {
-                "type": "field",
-                "inboundTag": [
-                    "tproxy-in"
-                ],
-                "outboundTag": "nginxtls"
-            }
-        ]
+      }
     }
+  ],
+  "routing": {
+    "domainMatcher": "mph",
+    "domainStrategy": "AsIs",
+    "rules": [
+      {
+        "type": "field",
+        "domain": ["geosite:category-ads-all"],
+        "outboundTag": "block"
+      },
+      {
+        "type": "field",
+        "port": 123,
+        "network": "udp",
+        "outboundTag": "direct"
+      },
+      {
+        "type": "field",
+        "ip": ["1.1.1.1"],
+        "outboundTag": "proxy"
+      },
+      {
+        "type": "field",
+        "domain": ["geosite:cn"],
+        "outboundTag": "direct"
+      },
+      {
+        "type": "field",
+        "protocol": ["bittorrent"],
+        "outboundTag": "direct"
+      },
+      {
+        "type": "field",
+        "ip": ["geoip:private"],
+        "outboundTag": "direct"
+      },
+      {
+        "type": "field",
+        "inboundTag": ["tproxy-in"],
+        "outboundTag": "nginxtls"
+      }
+    ]
+  }
 }
 ```