From 718bf8b133fe449be6e5e7a4820d0131418ccf5c Mon Sep 17 00:00:00 2001 From: Mahdi Butcher Date: Sat, 4 Oct 2025 19:20:37 +0000 Subject: [PATCH] Add SSL activation and certificate issuance documentation for PasarGuard - Created comprehensive guides for SSL activation using Caddy, Uvicorn, and HAProxy. - Added instructions for obtaining SSL certificates using acme.sh and for Cloudflare domains. - Introduced CloudFlare Warp activation guide with detailed steps for configuration on both Windows and Linux. - Translated all documentation into Persian, ensuring accessibility for Persian-speaking users. - Enhanced CLI and TUI documentation for better user experience in managing PasarGuard. Co-authored-by: Ona --- .devcontainer/Dockerfile | 5 + .devcontainer/devcontainer.json | 20 ++ content/docs/en/cli-tui/CLI.mdx | 86 ++++++ content/docs/en/cli-tui/TUI.mdx | 69 +++++ content/docs/en/cli-tui/index.mdx | 155 ----------- content/docs/en/learn/meta.json | 10 + content/docs/en/learn/ssl-activation-cli.mdx | 197 ++++++++++++++ content/docs/en/learn/ssl-certificate-cli.mdx | 118 +++++++++ content/docs/en/learn/warp.mdx | 245 +++++++++++++++++ content/docs/en/meta.json | 1 + content/docs/fa/cli-tui/cli.mdx | 86 ++++++ content/docs/fa/cli-tui/index.mdx | 155 ----------- content/docs/fa/cli-tui/tui.mdx | 70 +++++ content/docs/fa/learn/meta.json | 10 + content/docs/fa/learn/ssl-activation-cli.mdx | 197 ++++++++++++++ content/docs/fa/learn/ssl-certificate-cli.mdx | 187 +++++++++++++ content/docs/fa/learn/warp.mdx | 248 ++++++++++++++++++ content/docs/fa/meta.json | 1 + content/docs/ru/cli-tui/CLI.mdx | 86 ++++++ content/docs/ru/cli-tui/TUI.mdx | 69 +++++ content/docs/ru/cli-tui/index.mdx | 155 ----------- content/docs/ru/cli-tui/meta.json | 16 +- content/docs/ru/learn/meta.json | 10 + content/docs/ru/learn/ssl-activation-cli.mdx | 197 ++++++++++++++ content/docs/ru/learn/ssl-certificate-cli.mdx | 118 +++++++++ content/docs/ru/learn/warp.mdx | 245 +++++++++++++++++ content/docs/ru/meta.json | 1 + content/docs/zh/cli-tui/CLI.mdx | 86 ++++++ content/docs/zh/cli-tui/TUI.mdx | 69 +++++ content/docs/zh/cli-tui/index.mdx | 155 ----------- content/docs/zh/cli-tui/meta.json | 16 +- content/docs/zh/learn/meta.json | 10 + content/docs/zh/learn/ssl-activation-cli.mdx | 197 ++++++++++++++ content/docs/zh/learn/ssl-certificate-cli.mdx | 118 +++++++++ content/docs/zh/learn/warp.mdx | 245 +++++++++++++++++ content/docs/zh/meta.json | 1 + 36 files changed, 3018 insertions(+), 636 deletions(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json create mode 100644 content/docs/en/cli-tui/CLI.mdx create mode 100644 content/docs/en/cli-tui/TUI.mdx delete mode 100644 content/docs/en/cli-tui/index.mdx create mode 100644 content/docs/en/learn/meta.json create mode 100644 content/docs/en/learn/ssl-activation-cli.mdx create mode 100644 content/docs/en/learn/ssl-certificate-cli.mdx create mode 100644 content/docs/en/learn/warp.mdx create mode 100644 content/docs/fa/cli-tui/cli.mdx delete mode 100644 content/docs/fa/cli-tui/index.mdx create mode 100644 content/docs/fa/cli-tui/tui.mdx create mode 100644 content/docs/fa/learn/meta.json create mode 100644 content/docs/fa/learn/ssl-activation-cli.mdx create mode 100644 content/docs/fa/learn/ssl-certificate-cli.mdx create mode 100644 content/docs/fa/learn/warp.mdx create mode 100644 content/docs/ru/cli-tui/CLI.mdx create mode 100644 content/docs/ru/cli-tui/TUI.mdx delete mode 100644 content/docs/ru/cli-tui/index.mdx create mode 100644 content/docs/ru/learn/meta.json create mode 100644 content/docs/ru/learn/ssl-activation-cli.mdx create mode 100644 content/docs/ru/learn/ssl-certificate-cli.mdx create mode 100644 content/docs/ru/learn/warp.mdx create mode 100644 content/docs/zh/cli-tui/CLI.mdx create mode 100644 content/docs/zh/cli-tui/TUI.mdx delete mode 100644 content/docs/zh/cli-tui/index.mdx create mode 100644 content/docs/zh/learn/meta.json create mode 100644 content/docs/zh/learn/ssl-activation-cli.mdx create mode 100644 content/docs/zh/learn/ssl-certificate-cli.mdx create mode 100644 content/docs/zh/learn/warp.mdx diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..3a78960 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,5 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04 + +# use this Dockerfile to install additional tools you might need, e.g. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..ed151c3 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,20 @@ +// The Dev Container format allows you to configure your environment. At the heart of it +// is a Docker image or Dockerfile which controls the tools available in your environment. +// +// See https://aka.ms/devcontainer.json for more information. +{ + "name": "Ona", + // Use "image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04", + // instead of the build to use a pre-built image. + "build": { + "context": ".", + "dockerfile": "Dockerfile" + } + // Features add additional features to your environment. See https://containers.dev/features + // Beware: features are not supported on all platforms and may have unintended side-effects. + // "features": { + // "ghcr.io/devcontainers/features/docker-in-docker": { + // "moby": false + // } + // } +} diff --git a/content/docs/en/cli-tui/CLI.mdx b/content/docs/en/cli-tui/CLI.mdx new file mode 100644 index 0000000..148d170 --- /dev/null +++ b/content/docs/en/cli-tui/CLI.mdx @@ -0,0 +1,86 @@ +--- +title: CLI +navigation: CLI +icon: Terminal +--- + +# PasarGuard CLI + +Modern command-line tools for managing PasarGuard with efficiency and style. + +--- + +## CLI - Command-Line Interface + +A modern, type-safe command-line interface for managing PasarGuard, built with Typer. + +### Features + +- 🎯 **Type-safe CLI** with rich output formatting +- 📊 **Beautiful tables and panels** for data visualization +- 🔒 **Secure admin management** with interactive prompts +- 📈 **System status monitoring** and diagnostics +- ⌨️ **Interactive prompts** with confirmations for safety + +### Installation + +The CLI is included with PasarGuard and can be used directly: + +```bash +pasarguard cli --help + +# Or from the project root +uv run pasarguard-cli.py --help +``` + +### Usage + +#### General Commands + +```bash +# Show version +pasarguard cli version + +# Show help +pasarguard cli --help +``` + +#### Admin Management + +```bash +# List all admins +pasarguard cli admins --list + +# Create new admin +pasarguard cli admins --create username + +# Delete admin +pasarguard cli admins --delete username + +# Modify admin (password and sudo status) +pasarguard cli admins --modify username + +# Reset admin usage statistics +pasarguard cli admins --reset-usage username +``` + +#### System Information + +```bash +# Show system status +pasarguard cli system +``` + +### Examples + +**Creating a new admin:** +```bash +pasarguard cli admins --create john_admin +# You'll be prompted to enter password and sudo permissions +``` + +**Listing all admins with formatted output:** +```bash +pasarguard cli admins --list +# Displays a beautiful table with admin details +``` \ No newline at end of file diff --git a/content/docs/en/cli-tui/TUI.mdx b/content/docs/en/cli-tui/TUI.mdx new file mode 100644 index 0000000..92c8cbd --- /dev/null +++ b/content/docs/en/cli-tui/TUI.mdx @@ -0,0 +1,69 @@ +--- +title: TUI +navigation: TUI +icon: Terminal +--- + +# PasarGuard TUI + +Modern text-based user interface tools for managing PasarGuard with efficiency and style. + +--- + +## TUI - Text User Interface + +A modern, interactive command-line interface for managing PasarGuard, built with Textual. + +### Features + +- 🎯 **Interactive TUI** with mouse and keyboard support +- 📱 **Responsive design** with dark mode support +- ⌨️ **Keyboard shortcuts** for quick navigation +- 🔄 **Real-time updates** and live data refresh +- 📊 **Rich data visualization** with colors and formatting +- 🔒 **Secure admin management** with visual feedback + +### Starting the TUI + +```bash +pasarguard tui +``` + +Once launched, you'll see a beautiful interactive interface with navigation panels, data tables, and action buttons. + +### Keyboard Shortcuts + +#### Global Commands + +- `q` - Quit the application +- `?` - Show help and keyboard shortcuts +- `Tab` - Navigate between panels +- `Shift+Tab` - Navigate backwards +- `Escape` - Cancel current action + +#### Admin Section + +- `c` - Create new admin +- `m` - Modify admin +- `r` - Reset admin usage statistics +- `d` - Delete admin +- `i` - Import admins from environment variables + +### Admin Management + +The TUI provides a visual interface for all admin operations: + +- **Create** - Interactive forms for new admin accounts +- **Modify** - Edit admin passwords and permissions +- **Delete** - Safe deletion with confirmation prompts +- **Reset Usage** - Clear usage statistics for admins +- **Import** - Bulk import admins from environment variables +- **View Details** - Detailed admin information and status + +### Navigation Tips + +1. Use **arrow keys** or **mouse** to navigate +2. Press **Enter** to select items or confirm actions +3. Use **Tab** to move between input fields +4. Press **Escape** to cancel dialogs +5. Press **?** anytime to see available shortcuts \ No newline at end of file diff --git a/content/docs/en/cli-tui/index.mdx b/content/docs/en/cli-tui/index.mdx deleted file mode 100644 index 16a24af..0000000 --- a/content/docs/en/cli-tui/index.mdx +++ /dev/null @@ -1,155 +0,0 @@ ---- -title: CLI & TUI -navigation: CLI & TUI -icon: Terminal ---- - -# PasarGuard CLI & TUI - -Modern command-line and text-based user interface tools for managing PasarGuard with efficiency and style. - -## Overview - -PasarGuard provides two powerful command-line tools for system administration: - -- **CLI (Command-Line Interface)** - Type-safe, feature-rich commands for automation and scripting -- **TUI (Text User Interface)** - Interactive, visual terminal interface for hands-on management - -Both tools are built with modern Python frameworks and provide secure, efficient access to all PasarGuard management functions. - ---- - -## CLI - Command-Line Interface - -A modern, type-safe command-line interface for managing PasarGuard, built with Typer. - -### Features - -- 🎯 **Type-safe CLI** with rich output formatting -- 📊 **Beautiful tables and panels** for data visualization -- 🔒 **Secure admin management** with interactive prompts -- 📈 **System status monitoring** and diagnostics -- ⌨️ **Interactive prompts** with confirmations for safety - -### Installation - -The CLI is included with PasarGuard and can be used directly: - -```bash -pasarguard cli --help - -# Or from the project root -uv run pasarguard-cli.py --help -``` - -### Usage - -#### General Commands - -```bash -# Show version -pasarguard cli version - -# Show help -pasarguard cli --help -``` - -#### Admin Management - -```bash -# List all admins -pasarguard cli admins --list - -# Create new admin -pasarguard cli admins --create username - -# Delete admin -pasarguard cli admins --delete username - -# Modify admin (password and sudo status) -pasarguard cli admins --modify username - -# Reset admin usage statistics -pasarguard cli admins --reset-usage username -``` - -#### System Information - -```bash -# Show system status -pasarguard cli system -``` - -### Examples - -**Creating a new admin:** -```bash -pasarguard cli admins --create john_admin -# You'll be prompted to enter password and sudo permissions -``` - -**Listing all admins with formatted output:** -```bash -pasarguard cli admins --list -# Displays a beautiful table with admin details -``` - ---- - -## TUI - Text User Interface - -A modern, interactive command-line interface for managing PasarGuard, built with Textual. - -### Features - -- 🎯 **Interactive TUI** with mouse and keyboard support -- 📱 **Responsive design** with dark mode support -- ⌨️ **Keyboard shortcuts** for quick navigation -- 🔄 **Real-time updates** and live data refresh -- 📊 **Rich data visualization** with colors and formatting -- 🔒 **Secure admin management** with visual feedback - -### Starting the TUI - -```bash -pasarguard tui -``` - -Once launched, you'll see a beautiful interactive interface with navigation panels, data tables, and action buttons. - -### Keyboard Shortcuts - -#### Global Commands - -- `q` - Quit the application -- `?` - Show help and keyboard shortcuts -- `Tab` - Navigate between panels -- `Shift+Tab` - Navigate backwards -- `Escape` - Cancel current action - -#### Admin Section - -- `c` - Create new admin -- `m` - Modify admin -- `r` - Reset admin usage statistics -- `d` - Delete admin -- `i` - Import admins from environment variables - -### Admin Management - -The TUI provides a visual interface for all admin operations: - -- **Create** - Interactive forms for new admin accounts -- **Modify** - Edit admin passwords and permissions -- **Delete** - Safe deletion with confirmation prompts -- **Reset Usage** - Clear usage statistics for admins -- **Import** - Bulk import admins from environment variables -- **View Details** - Detailed admin information and status - -### Navigation Tips - -1. Use **arrow keys** or **mouse** to navigate -2. Press **Enter** to select items or confirm actions -3. Use **Tab** to move between input fields -4. Press **Escape** to cancel dialogs -5. Press **?** anytime to see available shortcuts \ No newline at end of file diff --git a/content/docs/en/learn/meta.json b/content/docs/en/learn/meta.json new file mode 100644 index 0000000..b11b9af --- /dev/null +++ b/content/docs/en/learn/meta.json @@ -0,0 +1,10 @@ +{ + "title": "Learn", + "description": "Step-by-step guides for advanced configurations", + "pages": [ + "ssl-certificate", + "ssl-activation", + "warp" + ], + "icon": "BookOpen" +} diff --git a/content/docs/en/learn/ssl-activation-cli.mdx b/content/docs/en/learn/ssl-activation-cli.mdx new file mode 100644 index 0000000..3cff3e0 --- /dev/null +++ b/content/docs/en/learn/ssl-activation-cli.mdx @@ -0,0 +1,197 @@ +--- +title: SSL Activation +navigation: SSL Activation +icon: Lock +--- + +# SSL Activation in PasarGuard + +By enabling SSL in PasarGuard, the dashboard and subscription link will be accessible via https. +There are different approaches to enabling SSL in PasarGuard, which we'll cover below in order from simple to complex. + + +In all examples below, the `docker-compose.yml` and `.env` files can be found at `/opt/PasarGuard`, and `xray_config.json` at `/var/lib/PasarGuard`. + +If you installed PasarGuard manually, you'll need to make the necessary changes yourself. + + +## SSL Activation with Caddy + +In this method, you don't need to create an SSL certificate - Caddy does all the work for you! + +### Modifying docker-compose.yml + +Modify the `docker-compose.yml` file as follows: + +```yml {9-10,12-22,24-25} +services: + PasarGuard: + image: PasarGuard/panel:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - caddy + + caddy: + image: caddy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy_volume:/data + - caddy_volume:/config + +volumes: + caddy_volume: +``` + +### Creating Caddyfile + +Create a new file named `Caddyfile` at `/opt/pasarguard` and replace `YOUR_DOMAIN` with your desired domain or subdomain. + + +The first letter in the `Caddyfile` filename must be uppercase `C`. + + +```caddy +YOUR_DOMAIN { + reverse_proxy unix//var/lib/pasarguard/pasarguard.socket +} +``` + + +If you want the subscription domain or subdomain to be different from the panel, duplicate the above content in your Caddyfile and replace both domains or subdomains in place of `YOUR_DOMAIN`. + + +### Setting Environment Variables + +Set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### Restarting PasarGuard + +Restart PasarGuard: + +```bash +PasarGuard restart +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. + +## SSL Activation with Uvicorn + +PasarGuard runs with `Uvicorn` by default. `Uvicorn` also allows you to define SSL certificate files. + +### Obtaining SSL Certificate + +First, you need to obtain certificate files for your domain or subdomain. For this, see the [SSL Certificate Issuance](ssl-certificate-cli) tutorial. + +### Setting Environment Variables + +After creating the SSL certificate files, set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_PORT = 443 +UVICORN_SSL_CERTFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer" +UVICORN_SSL_KEYFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer.key" +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. + +## SSL Activation with HAProxy + +`HAProxy` is one of the best tools for this task. In this method, we run PasarGuard on https with the help of `HAProxy`. + +### Obtaining SSL Certificate + +First, you need to obtain certificate files for your domain or subdomain. For this, see the [SSL Certificate Issuance](ssl-certificate-cli) tutorial. + +### Modifying docker-compose.yml + +Modify the `docker-compose.yml` file as follows: + +```yml {9-10,12-20} +services: + PasarGuard: + image: gozargah/PasarGuard:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - haproxy + + haproxy: + image: haproxy:latest + restart: always + volumes: + - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg + - /var/lib/PasarGuard:/var/lib/PasarGuard + ports: + - 80:80 + - 443:443 +``` + +### Creating haproxy.cfg + +Create a new file named `haproxy.cfg` at `/opt/PasarGuard` and replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```cfg +defaults + mode tcp + timeout client 30s + timeout connect 4s + timeout server 30s + +global + maxconn 10000000 + +frontend http_frontend + bind *:80 + mode http + redirect scheme https code 301 if !{ ssl_fc } + +frontend https_frontend + bind *:443 ssl crt /var/lib/PasarGuard/certs/YOUR_DOMAIN.cer + default_backend PasarGuard_backend + +backend PasarGuard_backend + server PasarGuard /var/lib/pasarguard/pasarguard.socket +``` + +### Setting Environment Variables + +Set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### Restarting PasarGuard + +Restart PasarGuard: + +```bash +PasarGuard restart +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. diff --git a/content/docs/en/learn/ssl-certificate-cli.mdx b/content/docs/en/learn/ssl-certificate-cli.mdx new file mode 100644 index 0000000..fd22c9b --- /dev/null +++ b/content/docs/en/learn/ssl-certificate-cli.mdx @@ -0,0 +1,118 @@ +--- +title: SSL Certificate Issuance +navigation: SSL Certificate +icon: Shield +--- + +# SSL Certificate Issuance + +The following tutorials are for obtaining SSL certificates for use with pasarguard using the command line (CLI). + + +Certificate files must be accessible at `/var/lib/pasarguard/certs` for pasarguard to access them. + +In all examples below, files will be installed at this location. + + + +You must register DNS records for your domain before obtaining an SSL certificate. + + +## Obtaining Certificate with acme.sh + +### Installing Prerequisites + +Install socat using the following command for standalone mode: + +```bash +apt install curl socat -y +``` + + +If you have already installed socat, you don't need to perform this step. + + +### Installing acme.sh + +Install [acme.sh](https://github.com/acmesh-official/acme.sh) with the following command. + +Replace `YOUR_EMAIL` with your email address. + + +If you have already installed acme.sh, you don't need to perform this step. + + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Obtaining Certificate + +To obtain a certificate, execute the following commands in order. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```bash +export DOMAIN=YOUR_DOMAIN + +mkdir -p /var/lib/pasarguard/certs + +~/.acme.sh/acme.sh \ + --issue --force --standalone -d "$DOMAIN" \ + --fullchain-file "/var/lib/pasarguard/certs/$DOMAIN.cer" \ + --key-file "/var/lib/pasarguard/certs/$DOMAIN.cer.key" +``` + +## Obtaining Certificate for Cloudflare Domain + +If your domain is registered on Cloudflare and the above methods don't work, use manual mode. + +Replace `example.com` with your domain. + +### Installing acme.sh + +After installing acme, execute the following steps: + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Step 1: Request Certificate + +```bash +~/.acme.sh/acme.sh --issue -d example.com --dns \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +After execution, you will receive two values as shown in the image below: + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/538c8341-fa77-4b06-96a4-73c29f3e0ded) + +### Step 2: Configure DNS Record + +Go to Cloudflare and create a TXT record, entering the values as shown in the image below: + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/dad9c59a-da1f-440b-aa6e-ad524aff212a) + +### Step 3: Obtain Certificate + +Obtain the certificate with the following command: + +```bash +~/.acme.sh/acme.sh --renew -d example.com \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +### File Paths + +Finally, your domain certificate file will be at: + +``` +/root/.acme.sh/example.com_ecc/fullchain.cer +``` + +And the private key file will be saved at: + +``` +/root/.acme.sh/example.com_ecc/example.com.key +``` diff --git a/content/docs/en/learn/warp.mdx b/content/docs/en/learn/warp.mdx new file mode 100644 index 0000000..f613af6 --- /dev/null +++ b/content/docs/en/learn/warp.mdx @@ -0,0 +1,245 @@ +--- +title: CloudFlare Warp Activation +navigation: CloudFlare Warp +icon: Cloud +--- + +# CloudFlare Warp Activation + +Using this tutorial, you can bypass certain restrictions imposed by large companies like Google and Spotify on your IP and use their services without issues. + + +Note that Warp configs have a maximum connection limit of 5 simultaneous devices. To solve this issue, you can use multiple configs. + + +## Step 1: Creating Wireguard Config + +### Method 1: Using Windows + +1. First, download the required `Asset` from the [releases](https://github.com/ViRb3/wgcf/releases) section. This file varies depending on your processor. +2. Rename the `Asset` file to `wgcf`. +3. Now enter `cmd.exe` in the File Explorer address bar. + +![image](https://github.com/Gozargah/gozargah.github.io/assets/50927468/fb9f3eae-8390-45a5-a7b3-c50db4aa82a1) + +4. In the opened terminal, enter `wgcf.exe`. +5. Execute `wgcf.exe register` once, then `wgcf.exe generate`. +6. A new file named `wgcf-profile.conf` will be created - this is the `Wireguard` config we need. +7. Your config is ready and you can use it. + +### Method 2: Using Linux + +First, download the required `Asset` from the [releases](https://github.com/ViRb3/wgcf/releases) section. This file varies depending on your processor. + +You can do this using the `wget` command. + +#### For AMD64 architecture processors: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_amd64 +``` + +#### For ARM64 architecture processors: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_arm64 +``` + +Move the file to `/usr/bin/` and rename it to `wgcf`. + +#### For AMD64 architecture processors: + +```bash +mv wgcf_2.2.22_linux_amd64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +#### For ARM64 architecture processors: + +```bash +mv wgcf_2.2.22_linux_arm64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +Then create the config using these 2 commands: + +```bash +wgcf register +wgcf generate +``` + +A file named `wgcf-profile.conf` will be created - this is the config we need. + +## Step 2: Using Warp+ (Optional) + +To obtain a license and use Warp+, you can get a `license_key` through [this](https://t.me/generatewarpplusbot) Telegram bot. + +After obtaining the `license_key`, you need to replace it in the `wgcf-account.toml` file. + + +You can make this change in Linux with `nano` and in Windows with `Notepad` or any other software. + + + +To use commands on Windows, you need to use `wgcf.exe` instead of `wgcf`. + + +Then update the config information: + +```bash +wgcf update +``` + +Then create a new config file: + +```bash +wgcf generate +``` + +## Step 3: Activating Warp on PasarGuard + +### Method 1: Using Xray Core + + +- This method is only recommended for Xray version 1.8.3 or higher. In older versions, you may encounter Memory Leak issues. +- If your `Xray` version is lower than this, you can upgrade your `Xray` version using the Xray-core version change tutorial. + + +Go to Core Setting in the PasarGuard panel. + +First, add an outbound like the example and place the `wgcf-profile.conf` file information in it. + +```json +{ + "tag": "warp", + "protocol": "wireguard", + "settings": { + "secretKey": "Your_Secret_Key", + "DNS": "1.1.1.1", + "address": ["172.16.0.2/32", "2606:4700:110:8756:9135:af04:3778:40d9/128"], + "peers": [ + { + "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", + "endpoint": "engage.cloudflareclient.com:2408" + } + ], + "kernelMode": false + } +} +``` + + +If you want all traffic to pass through Warp by default, place this Outbound first and you don't need to perform the next step. + + +### Method 2: Using Wireguard Core + +First, install the Wireguard prerequisites on the server: + +```bash +sudo apt install wireguard-dkms wireguard-tools resolvconf +``` + +If you're using Ubuntu 24, use the following command to install Wireguard: + +```bash +sudo apt install wireguard +``` + +Then add `Table = off` to the Wireguard file as shown in the example: + +```conf +[Interface] +PrivateKey = Your_Private_Key +Address = 172.16.0.2/32 +Address = 2606:4700:110:8a1a:85ef:da37:b891:8d01/128 +DNS = 1.1.1.1 +MTU = 1280 +Table = off +[Peer] +PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= +AllowedIPs = 0.0.0.0/0 +AllowedIPs = ::/0 +Endpoint = engage.cloudflareclient.com:2408 +``` + + +If you don't add `Table = off`, your server access will be cut off and you won't be able to connect to the server. You'll need to access the server through your datacenter's website and disconnect from `Warp` to be able to establish a normal connection again. + + +Then rename the file from `wgcf-profile.conf` to `warp.conf`. + +Place the file in the `/etc/wireguard` folder on the server: + +```bash +sudo mv wgcf-profile.conf /etc/wireguard/warp.conf +``` + +Enable Wireguard with the following command: + +```bash +sudo systemctl enable --now wg-quick@warp +``` + +You can also disable `Warp` with this command: + +```bash +sudo systemctl disable --now wg-quick@warp +``` + +Go to Core Setting in the PasarGuard panel. + +First, add an outbound like the example: + +```json +{ + "tag": "warp", + "protocol": "freedom", + "streamSettings": { + "sockopt": { + "tcpFastOpen": true, + "interface": "warp" + } + } +} +``` + + +If you want all traffic to pass through Warp by default, place this Outbound first and you don't need to perform the next step. + + +## Step 4: Routing Configuration + +First, add a `rule` in the `routing` section like the example: + +```json +{ + "outboundTag": "warp", + "domain": [], + "type": "field" +} +``` + +Now add your desired websites like the example: + +```json +{ + "outboundTag": "warp", + "domain": [ + "geosite:google", + "openai.com", + "ai.com", + "ipinfo.io", + "iplocation.net", + "spotify.com" + ], + "type": "field" +} +``` + +Save the changes - you can now use `Warp`. + +### PasarGuard Node + +- If you're using `Warp` with the xray core, you don't need to make changes to the node - it will be applied automatically. +- If you're using the `Wireguard` core, you need to perform step three, method two on the node as well. diff --git a/content/docs/en/meta.json b/content/docs/en/meta.json index 04e0ad9..76ab435 100644 --- a/content/docs/en/meta.json +++ b/content/docs/en/meta.json @@ -6,6 +6,7 @@ "panel", "node", "cli-tui", + "learn", "migration" ] } diff --git a/content/docs/fa/cli-tui/cli.mdx b/content/docs/fa/cli-tui/cli.mdx new file mode 100644 index 0000000..3adccc1 --- /dev/null +++ b/content/docs/fa/cli-tui/cli.mdx @@ -0,0 +1,86 @@ +--- +title: CLI +navigation: CLI +icon: Terminal +--- + +# CLI پاسارگارد + +ابزارهای مدرن خط فرمان برای مدیریت پاسارگارد با کارایی و زیبایی. + +--- + +## CLI - رابط خط فرمان + +یک رابط خط فرمان مدرن و امن برای مدیریت پاسارگارد که با Typer ساخته شده. + +### امکانات + +- 🎯 **CLI امن** با فرمت‌بندی خروجی زیبا +- 📊 **جداول و پنل‌های زیبا** برای نمایش داده‌ها +- 🔒 **مدیریت امن ادمین‌ها** با پرامپت‌های تعاملی +- 📈 **مانیتورینگ وضعیت سیستم** و تشخیص مشکلات +- ⌨️ **پرامپت‌های تعاملی** با تأیید برای امنیت بیشتر + +### نصب + +CLI همراه با پاسارگارد نصب می‌شود و می‌توانید مستقیماً از آن استفاده کنید: + +```bash +pasarguard cli --help + +# یا از ریشه پروژه +uv run pasarguard-cli.py --help +``` + +### استفاده + +#### دستورات عمومی + +```bash +# نمایش نسخه +pasarguard cli version + +# نمایش راهنما +pasarguard cli --help +``` + +#### مدیریت ادمین‌ها + +```bash +# لیست تمام ادمین‌ها +pasarguard cli admins --list + +# ساخت ادمین جدید +pasarguard cli admins --create username + +# حذف ادمین +pasarguard cli admins --delete username + +# ویرایش ادمین (رمز عبور و دسترسی sudo) +pasarguard cli admins --modify username + +# ریست آمار استفاده ادمین +pasarguard cli admins --reset-usage username +``` + +#### اطلاعات سیستم + +```bash +# نمایش وضعیت سیستم +pasarguard cli system +``` + +### مثال‌ها + +**ساخت یک ادمین جدید:** +```bash +pasarguard cli admins --create john_admin +# از شما خواسته می‌شود رمز عبور و دسترسی sudo را وارد کنید +``` + +**نمایش لیست ادمین‌ها با فرمت زیبا:** +```bash +pasarguard cli admins --list +# یک جدول زیبا با جزئیات ادمین‌ها نمایش می‌دهد +``` diff --git a/content/docs/fa/cli-tui/index.mdx b/content/docs/fa/cli-tui/index.mdx deleted file mode 100644 index fa6c31d..0000000 --- a/content/docs/fa/cli-tui/index.mdx +++ /dev/null @@ -1,155 +0,0 @@ ---- -title: CLI و TUI -navigation: CLI و TUI -icon: Terminal ---- - -# CLI و TUI پاسارگارد - -ابزارهای مدرن خط فرمان و رابط کاربری متنی برای مدیریت پاسارگارد با کارایی و زیبایی. - -## نمای کلی - -پاسارگارد دو ابزار قدرتمند خط فرمان برای مدیریت سیستم ارائه می‌دهد: - -- **CLI (رابط خط فرمان)** - دستورات ایمن و پر امکانات برای اتوماسیون و اسکریپت‌نویسی -- **TUI (رابط کاربری متنی)** - رابط تعاملی و بصری ترمینال برای مدیریت مستقیم - -هر دو ابزار با فریم‌ورک‌های مدرن Python ساخته شده‌اند و دسترسی امن و کارآمد به تمام قابلیت‌های مدیریتی پاسارگارد را فراهم می‌کنند. - ---- - -## CLI - رابط خط فرمان - -یک رابط خط فرمان مدرن و امن برای مدیریت پاسارگارد که با Typer ساخته شده. - -### امکانات - -- 🎯 **CLI امن** با فرمت‌بندی خروجی زیبا -- 📊 **جداول و پنل‌های زیبا** برای نمایش داده‌ها -- 🔒 **مدیریت امن ادمین‌ها** با پرامپت‌های تعاملی -- 📈 **مانیتورینگ وضعیت سیستم** و تشخیص مشکلات -- ⌨️ **پرامپت‌های تعاملی** با تأیید برای امنیت بیشتر - -### نصب - -CLI همراه با پاسارگارد نصب می‌شود و می‌توانید مستقیماً از آن استفاده کنید: - -```bash -pasarguard cli --help - -# یا از ریشه پروژه -uv run pasarguard-cli.py --help -``` - -### استفاده - -#### دستورات عمومی - -```bash -# نمایش نسخه -pasarguard cli version - -# نمایش راهنما -pasarguard cli --help -``` - -#### مدیریت ادمین‌ها - -```bash -# لیست تمام ادمین‌ها -pasarguard cli admins --list - -# ساخت ادمین جدید -pasarguard cli admins --create username - -# حذف ادمین -pasarguard cli admins --delete username - -# ویرایش ادمین (رمز عبور و دسترسی sudo) -pasarguard cli admins --modify username - -# ریست آمار استفاده ادمین -pasarguard cli admins --reset-usage username -``` - -#### اطلاعات سیستم - -```bash -# نمایش وضعیت سیستم -pasarguard cli system -``` - -### مثال‌ها - -**ساخت یک ادمین جدید:** -```bash -pasarguard cli admins --create john_admin -# از شما خواسته می‌شود رمز عبور و دسترسی sudo را وارد کنید -``` - -**نمایش لیست ادمین‌ها با فرمت زیبا:** -```bash -pasarguard cli admins --list -# یک جدول زیبا با جزئیات ادمین‌ها نمایش می‌دهد -``` - ---- - -## TUI - رابط کاربری متنی - -یک رابط تعاملی و مدرن خط فرمان برای مدیریت پاسارگارد که با Textual ساخته شده. - -### امکانات - -- 🎯 **TUI تعاملی** با پشتیبانی از ماوس و صفحه کلید -- 📱 **طراحی واکنش‌گرا** با پشتیبانی از حالت تاریک -- ⌨️ **میانبرهای صفحه کلید** برای ناوبری سریع -- 🔄 **به‌روزرسانی لحظه‌ای** و رفرش زنده داده‌ها -- 📊 **نمایش بصری داده‌ها** با رنگ‌ها و فرمت‌بندی -- 🔒 **مدیریت امن ادمین‌ها** با بازخورد بصری - -### راه‌اندازی TUI - -```bash -pasarguard tui -``` - -بعد از اجرا، یک رابط تعاملی زیبا با پنل‌های ناوبری، جداول داده و دکمه‌های اکشن می‌بینید. - -### میانبرهای صفحه کلید - -#### دستورات کلی - -- `q` - خروج از برنامه -- `?` - نمایش راهنما و میانبرهای صفحه کلید -- `Tab` - جابجایی بین پنل‌ها -- `Shift+Tab` - جابجایی به عقب -- `Escape` - لغو عملیات فعلی - -#### بخش مدیریت ادمین - -- `c` - ساخت ادمین جدید -- `m` - ویرایش ادمین -- `r` - ریست آمار استفاده ادمین -- `d` - حذف ادمین -- `i` - ایمپورت ادمین‌ها از متغیرهای محیطی - -### مدیریت ادمین‌ها - -TUI یک رابط بصری برای تمام عملیات ادمین ارائه می‌دهد: - -- **ساخت** - فرم‌های تعاملی برای اکانت‌های ادمین جدید -- **ویرایش** - ویرایش رمز عبور و دسترسی‌های ادمین -- **حذف** - حذف امن با پرامپت‌های تأیید -- **ریست آمار** - پاک کردن آمار استفاده ادمین‌ها -- **ایمپورت** - ایمپورت دسته‌جمعی ادمین‌ها از متغیرهای محیطی -- **نمایش جزئیات** - اطلاعات دقیق و وضعیت ادمین - -### نکات ناوبری - -1. از **کلیدهای جهت‌دار** یا **ماوس** برای حرکت استفاده کنید -2. **Enter** را برای انتخاب یا تأیید عملیات فشار دهید -3. از **Tab** برای جابجایی بین فیلدهای ورودی استفاده کنید -4. **Escape** را برای لغو دیالوگ‌ها فشار دهید -5. هر زمان **?** را فشار دهید تا میانبرها را ببینید \ No newline at end of file diff --git a/content/docs/fa/cli-tui/tui.mdx b/content/docs/fa/cli-tui/tui.mdx new file mode 100644 index 0000000..fb14be5 --- /dev/null +++ b/content/docs/fa/cli-tui/tui.mdx @@ -0,0 +1,70 @@ +--- +title: TUI +navigation: TUI +icon: Terminal +--- + +# TUI پاسارگارد + + +رابط کاربری متنی برای مدیریت پاسارگارد با کارایی و زیبایی . + +--- + +## TUI - رابط کاربری متنی + +یک رابط تعاملی و مدرن خط فرمان برای مدیریت پاسارگارد که با Textual ساخته شده. + +### امکانات + +- 🎯 **TUI تعاملی** با پشتیبانی از ماوس و صفحه کلید +- 📱 **طراحی واکنش‌گرا** با پشتیبانی از حالت تاریک +- ⌨️ **میانبرهای صفحه کلید** برای ناوبری سریع +- 🔄 **به‌روزرسانی لحظه‌ای** و رفرش زنده داده‌ها +- 📊 **نمایش بصری داده‌ها** با رنگ‌ها و فرمت‌بندی +- 🔒 **مدیریت امن ادمین‌ها** با بازخورد بصری + +### راه‌اندازی TUI + +```bash +pasarguard tui +``` + +بعد از اجرا، یک رابط تعاملی زیبا با پنل‌های ناوبری، جداول داده و دکمه‌های اکشن می‌بینید. + +### میانبرهای صفحه کلید + +#### دستورات کلی + +- `q` - خروج از برنامه +- `?` - نمایش راهنما و میانبرهای صفحه کلید +- `Tab` - جابجایی بین پنل‌ها +- `Shift+Tab` - جابجایی به عقب +- `Escape` - لغو عملیات فعلی + +#### بخش مدیریت ادمین + +- `c` - ساخت ادمین جدید +- `m` - ویرایش ادمین +- `r` - ریست آمار استفاده ادمین +- `d` - حذف ادمین +- `i` - ایمپورت ادمین‌ها از متغیرهای محیطی + +### مدیریت ادمین‌ها + +TUI یک رابط بصری برای تمام عملیات ادمین ارائه می‌دهد: + +- **ساخت** - فرم‌های تعاملی برای اکانت‌های ادمین جدید +- **ویرایش** - ویرایش رمز عبور و دسترسی‌های ادمین +- **حذف** - حذف امن با پرامپت‌های تأیید +- **ریست آمار** - پاک کردن آمار استفاده ادمین‌ها +- **ایمپورت** - ایمپورت دسته‌جمعی ادمین‌ها از متغیرهای محیطی +- **نمایش جزئیات** - اطلاعات دقیق و وضعیت ادمین + +### نکات ناوبری + +1. از **کلیدهای جهت‌دار** یا **ماوس** برای حرکت استفاده کنید +2. **Enter** را برای انتخاب یا تأیید عملیات فشار دهید +3. از **Tab** برای جابجایی بین فیلدهای ورودی استفاده کنید +4. **Escape** را برای لغو دیالوگ‌ها فشار دهید +5. هر زمان **?** را فشار دهید تا میانبرها را ببینید \ No newline at end of file diff --git a/content/docs/fa/learn/meta.json b/content/docs/fa/learn/meta.json new file mode 100644 index 0000000..4923761 --- /dev/null +++ b/content/docs/fa/learn/meta.json @@ -0,0 +1,10 @@ +{ + "title": "Learn", + "description": "راهنماهای گام‌به‌گام برای پیکربندی‌های پیشرفته", + "pages": [ + "ssl-certificate", + "ssl-activation", + "warp" + ], + "icon": "BookOpen" +} diff --git a/content/docs/fa/learn/ssl-activation-cli.mdx b/content/docs/fa/learn/ssl-activation-cli.mdx new file mode 100644 index 0000000..68c86c6 --- /dev/null +++ b/content/docs/fa/learn/ssl-activation-cli.mdx @@ -0,0 +1,197 @@ +--- +title: فعال‌سازی SSL +navigation: فعال‌سازی SSL +icon: Lock +--- + +# فعال‌سازی SSL در پاسارگارد + +با فعال‌سازی SSL در پاسارگارد، داشبورد و لینک اشتراک‌گذاری از طریق https در دسترس خواهند بود. +در ادامه چند روش مختلف برای فعال‌سازی SSL در پاسارگارد را از ساده به پیچیده توضیح می‌دهیم. + + +در تمام مثال‌های زیر فایل‌های `docker-compose.yml` و `.env` در مسیر `/opt/PasarGuard` و فایل `xray_config.json` در مسیر `/var/lib/PasarGuard` قرار دارند. + +اگر پاسارگارد را به‌صورت دستی نصب کرده‌اید، باید تغییرات لازم را خودتان اعمال کنید. + + +## فعال‌سازی SSL با Caddy + +در این روش نیازی به ایجاد دستی گواهی SSL نیست — Caddy همهٔ کارها را برای شما انجام می‌دهد. + +### تغییر در `docker-compose.yml` + +فایل `docker-compose.yml` را به صورت زیر ویرایش کنید: + +```yml {9-10,12-22,24-25} +services: + PasarGuard: + image: PasarGuard/panel:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - caddy + + caddy: + image: caddy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy_volume:/data + - caddy_volume:/config + +volumes: + caddy_volume: +``` + +### ایجاد فایل `Caddyfile` + +یک فایل جدید به نام `Caddyfile` در مسیر `/opt/pasarguard` بسازید و `YOUR_DOMAIN` را با دامنه یا زیردامنهٔ مدنظر خود جایگزین کنید. + + +نام فایل `Caddyfile` باید با حرف بزرگ `C` شروع شود. + + +```caddy +YOUR_DOMAIN { + reverse_proxy unix//var/lib/pasarguard/pasarguard.socket +} +``` + + +اگر می‌خواهید دامنهٔ اشتراک (subscription) با دامنهٔ پنل متفاوت باشد، محتوای بالا را برای هر دامنه/زیردامنه تکرار کرده و `YOUR_DOMAIN` را در هر مورد جایگزین کنید. + + +### تنظیم متغیرهای محیطی + +متغیرهای زیر را در فایل `.env` تنظیم کنید. + +`YOUR_DOMAIN` را با دامنه یا زیردامنهٔ موردنظر جایگزین کنید. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### راه‌اندازی مجدد پاسارگارد + +پاسارگارد را ری‌استارت کنید: + +```bash +PasarGuard restart +``` + +حالا داشبورد پاسارگارد از طریق https و دامنه/زیردامنهٔ شما در دسترس خواهد بود. + +## فعال‌سازی SSL با Uvicorn + +پاسارگارد به‌صورت پیش‌فرض با `Uvicorn` اجرا می‌شود. `Uvicorn` همچنین امکان تعریف فایل‌های گواهی SSL را فراهم می‌کند. + +### دریافت گواهی SSL + +ابتدا باید فایل‌های گواهی برای دامنه یا زیردامنهٔ خود را تهیه کنید. برای این کار به آموزش [صدور گواهی SSL](ssl-certificate-cli) مراجعه کنید. + +### تنظیم متغیرهای محیطی + +پس از ایجاد فایل‌های گواهی، متغیرهای زیر را در فایل `.env` تنظیم کنید. + +`YOUR_DOMAIN` را با دامنه یا زیردامنهٔ موردنظر جایگزین کنید. + +```env +UVICORN_PORT = 443 +UVICORN_SSL_CERTFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer" +UVICORN_SSL_KEYFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer.key" +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +حالا داشبورد پاسارگارد از طریق https و دامنه/زیردامنهٔ شما در دسترس خواهد بود. + +## فعال‌سازی SSL با HAProxy + +`HAProxy` یکی از ابزارهای مناسب برای این کار است. در این روش با کمک `HAProxy`، پاسارگارد را از طریق https اجرا می‌کنیم. + +### دریافت گواهی SSL + +ابتدا باید فایل‌های گواهی برای دامنه یا زیردامنهٔ خود را تهیه کنید. برای این کار به آموزش [صدور گواهی SSL](ssl-certificate-cli) مراجعه کنید. + +### تغییر در `docker-compose.yml` + +فایل `docker-compose.yml` را به صورت زیر ویرایش کنید: + +```yml {9-10,12-20} +services: + PasarGuard: + image: gozargah/PasarGuard:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - haproxy + + haproxy: + image: haproxy:latest + restart: always + volumes: + - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg + - /var/lib/PasarGuard:/var/lib/PasarGuard + ports: + - 80:80 + - 443:443 +``` + +### ایجاد `haproxy.cfg` + +یک فایل جدید به نام `haproxy.cfg` در مسیر `/opt/PasarGuard` بسازید و `YOUR_DOMAIN` را با دامنه یا زیردامنهٔ مدنظر جایگزین کنید. + +```cfg +defaults + mode tcp + timeout client 30s + timeout connect 4s + timeout server 30s + +global + maxconn 10000000 + +frontend http_frontend + bind *:80 + mode http + redirect scheme https code 301 if !{ ssl_fc } + +frontend https_frontend + bind *:443 ssl crt /var/lib/PasarGuard/certs/YOUR_DOMAIN.cer + default_backend PasarGuard_backend + +backend PasarGuard_backend + server PasarGuard /var/lib/pasarguard/pasarguard.socket +``` + +### تنظیم متغیرهای محیطی + +متغیرهای زیر را در فایل `.env` تنظیم کنید. + +`YOUR_DOMAIN` را با دامنه یا زیردامنهٔ موردنظر جایگزین کنید. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### راه‌اندازی مجدد پاسارگارد + +پاسارگارد را ری‌استارت کنید: + +```bash +PasarGuard restart +``` + +حالا داشبورد پاسارگارد از طریق https و دامنه/زیردامنهٔ شما در دسترس خواهد بود. diff --git a/content/docs/fa/learn/ssl-certificate-cli.mdx b/content/docs/fa/learn/ssl-certificate-cli.mdx new file mode 100644 index 0000000..b097cd6 --- /dev/null +++ b/content/docs/fa/learn/ssl-certificate-cli.mdx @@ -0,0 +1,187 @@ +--- +title: SSL Certificate Issuance +navigation: SSL Certificate +icon: Shield +--- + +# SSL Certificate Issuance + +The following tutorials are for obtaining SSL certificates for use with pasarguard using the command line (CLI). + + +Certificate files must be accessible at `/var/lib/pasarguard/certs` for pasarguard to access them. + +In all examples below, files will be installed at this location. + + + +You must register DNS records for your domain before obtaining an SSL certificate. + + +## Obtaining Certificate with acme.sh + +### Installing Prerequisites + +Install socat using the following command for standalone mode: + +```bash +apt install curl socat -y +``` + + +If you have already installed socat, you don't need to perform this step. + + +### Installing acme.sh + +Install [acme.sh](https://github.com/acmesh-official/acme.sh) with the following command. + +Replace `YOUR_EMAIL` with your email address. + + +If you have already installed acme.sh, you don't need to perform this step. + + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Obtaining Certificate + +To obtain a certificate, execute the following commands in order. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```bash +export DOMAIN=YOUR_DOMAIN + +mkdir -p /var/lib/pasarguard/certs + +~/.acme.sh/acme.sh \ + --issue --force --standalone -d "$DOMAIN" \ + --fullchain-file "/var/lib/pasarguard/certs/$DOMAIN.cer" \ + --key-file "/var/lib/pasarguard/certs/$DOMAIN.cer.key" +``` + +## Obtaining Certificate for Cloudflare Domain + +If your domain is registered on Cloudflare and the above methods don't work, use manual mode. + +Replace `example.com` with your domain. + +title: صدور گواهی SSL +navigation: گواهی SSL +icon: Shield + +## صدور گواهی SSL + +راهنمای زیر نحوهٔ دریافت گواهی‌های SSL برای استفاده با پاسارگارد از طریق خط فرمان (CLI) را نشان می‌دهد. + + +فایل‌های گواهی باید قابل دسترسی در مسیر `/var/lib/pasarguard/certs` باشند تا پاسارگارد بتواند از آن‌ها استفاده کند. + +در تمام مثال‌های زیر فایل‌ها در این مسیر نصب خواهند شد. + + + +قبل از درخواست گواهی، باید رکوردهای DNS مربوط به دامنهٔ خود را ثبت کنید. + + +## دریافت گواهی با acme.sh + +### نصب پیش‌نیازها + +برای حالت standalone بستهٔ `socat` را نصب کنید: + +```bash +apt install curl socat -y +``` + + +اگر قبلاً `socat` را نصب کرده‌اید، نیازی به تکرار این مرحله نیست. + + +### نصب acme.sh + +ابزار [acme.sh](https://github.com/acmesh-official/acme.sh) را به‌صورت زیر نصب کنید. + +`YOUR_EMAIL` را با آدرس ایمیل خود جایگزین کنید. + + +اگر قبلاً `acme.sh` را نصب کرده‌اید، این مرحله را رد کنید. + + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### درخواست گواهی + +برای دریافت گواهی دستورات زیر را به‌ترتیب اجرا کنید. + +`YOUR_DOMAIN` را با دامنه یا زیردامنهٔ موردنظر جایگزین کنید. + +```bash +export DOMAIN=YOUR_DOMAIN + +mkdir -p /var/lib/pasarguard/certs + +~/.acme.sh/acme.sh \ + --issue --force --standalone -d "$DOMAIN" \ + --fullchain-file "/var/lib/pasarguard/certs/$DOMAIN.cer" \ + --key-file "/var/lib/pasarguard/certs/$DOMAIN.cer.key" +``` + +## دریافت گواهی برای دامنه‌های Cloudflare + +اگر دامنه‌تان در Cloudflare ثبت شده و روش‌های بالا جواب نداد، از حالت دستی (manual) استفاده کنید. + +`example.com` را با دامنهٔ خود جایگزین کنید. + +### نصب acme.sh + +پس از نصب acme، مراحل زیر را اجرا کنید: + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### مرحلهٔ ۱: درخواست گواهی + +```bash +~/.acme.sh/acme.sh --issue -d example.com --dns \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +پس از اجرا، دو مقدار به شما نمایش داده می‌شود (مطابق تصویر): + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/538c8341-fa77-4b06-96a4-73c29f3e0ded) + +### مرحلهٔ ۲: تنظیم رکورد DNS + +به Cloudflare مراجعه کرده و یک رکورد TXT بسازید و مقادیر نمایش داده‌شده را وارد کنید (مطابق تصویر): + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/dad9c59a-da1f-440b-aa6e-ad524aff212a) + +### مرحلهٔ ۳: دریافت نهایی گواهی + +گواهی نهایی را با دستور زیر دریافت کنید: + +```bash +~/.acme.sh/acme.sh --renew -d example.com \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +### مسیر فایل‌ها + +در نهایت فایل گواهی دامنه شما در مسیر زیر قرار خواهد داشت: + +``` +/root/.acme.sh/example.com_ecc/fullchain.cer +``` + +و کلید خصوصی در مسیر زیر ذخیره خواهد شد: + +``` +/root/.acme.sh/example.com_ecc/example.com.key +``` diff --git a/content/docs/fa/learn/warp.mdx b/content/docs/fa/learn/warp.mdx new file mode 100644 index 0000000..58f025d --- /dev/null +++ b/content/docs/fa/learn/warp.mdx @@ -0,0 +1,248 @@ +--- +title: CloudFlare Warp Activation +navigation: CloudFlare Warp +icon: Cloud + +title: فعال‌سازی CloudFlare Warp +navigation: فعال‌سازی CloudFlare Warp +icon: Cloud + +## فعال‌سازی CloudFlare Warp + +با دنبال کردن این راهنما می‌توانید از محدودیت‌هایی که برخی سرویس‌های بزرگ مثل Google و Spotify روی IP اعمال می‌کنند عبور کرده و بدون مشکل از سرویس‌های آن‌ها استفاده کنید. + + +توجه کنید که کانفیگ‌های Warp محدودیت اتصال هم‌زمان برای حداکثر ۵ دستگاه دارند. برای رفع این محدودیت می‌توانید از چندین کانفیگ استفاده کنید. + + +## گام ۱: ساخت کانفیگ Wireguard + +### روش ۱: استفاده از ویندوز + +1. ابتدا `Asset` مورد نیاز را از بخش [releases](https://github.com/ViRb3/wgcf/releases) دانلود کنید. این فایل بر اساس پردازندهٔ شما متفاوت است. +2. فایل دانلودشده را به نام `wgcf` تغییر نام دهید. +3. در نوار آدرس File Explorer عبارت `cmd.exe` را وارد کنید. + +![image](https://github.com/Gozargah/gozargah.github.io/assets/50927468/fb9f3eae-8390-45a5-a7b3-c50db4aa82a1) + +4. در ترمینال بازشده `wgcf.exe` را اجرا کنید. +5. یک‌بار `wgcf.exe register` و سپس `wgcf.exe generate` را اجرا کنید. +6. فایلی به نام `wgcf-profile.conf` ایجاد خواهد شد — این همان کانفیگ Wireguard مورد نیاز است. +7. کانفیگ شما آماده است و می‌توانید از آن استفاده کنید. + +### روش ۲: استفاده از لینوکس + +ابتدا `Asset` مناسب پردازندهٔ خود را از [releases](https://github.com/ViRb3/wgcf/releases) دانلود کنید. + +می‌توانید از دستور `wget` برای دانلود استفاده کنید. + +#### برای پردازنده‌های AMD64: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_amd64 +``` + +#### برای پردازنده‌های ARM64: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_arm64 +``` + +فایل دانلودشده را به `/usr/bin/` منتقل کرده و نام آن را به `wgcf` تغییر دهید. + +#### برای AMD64: + +```bash +mv wgcf_2.2.22_linux_amd64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +#### برای ARM64: + +```bash +mv wgcf_2.2.22_linux_arm64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +سپس کانفیگ را با دو دستور زیر ایجاد کنید: + +```bash +wgcf register +wgcf generate +``` + +فایلی به نام `wgcf-profile.conf` ایجاد خواهد شد — این همان کانفیگ مورد نیاز است. + +## گام ۲: استفاده از Warp+ (اختیاری) + +برای دریافت لایسنس و استفاده از Warp+ می‌توانید یک `license_key` از طریق ربات تلگرامی [این‌جا](https://t.me/generatewarpplusbot) دریافت کنید. + +پس از دریافت `license_key` باید آن را در فایل `wgcf-account.toml` جایگذاری کنید. + + +این تغییر را در لینوکس با `nano` و در ویندوز با `Notepad` یا هر ویرایشگر دیگری می‌توانید انجام دهید. + + + +برای اجرای دستورات در ویندوز از `wgcf.exe` به‌جای `wgcf` استفاده کنید. + + +سپس اطلاعات کانفیگ را به‌روزرسانی کنید: + +```bash +wgcf update +``` + +سپس یک فایل کانفیگ جدید ایجاد کنید: + +```bash +wgcf generate +``` + +## گام ۳: فعال‌سازی Warp در پاسارگارد + +### روش ۱: استفاده از Xray Core + + +- این روش تنها برای نسخهٔ Xray برابر یا بالاتر از 1.8.3 توصیه می‌شود. در نسخه‌های قدیمی‌تر ممکن است با مشکلاتی مثل Memory Leak مواجه شوید. +- اگر نسخهٔ `Xray` شما پایین‌تر است، می‌توانید آن را مطابق آموزش تغییر نسخهٔ Xray-core ارتقا دهید. + + +به بخش Core Setting در پنل پاسارگارد بروید. + +ابتدا یک outbound شبیه مثال اضافه کنید و اطلاعات فایل `wgcf-profile.conf` را در تنظیمات آن قرار دهید. + +```json +{ + "tag": "warp", + "protocol": "wireguard", + "settings": { + "secretKey": "Your_Secret_Key", + "DNS": "1.1.1.1", + "address": ["172.16.0.2/32", "2606:4700:110:8756:9135:af04:3778:40d9/128"], + "peers": [ + { + "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", + "endpoint": "engage.cloudflareclient.com:2408" + } + ], + "kernelMode": false + } +} +``` + + +اگر می‌خواهید تمام ترافیک به‌صورت پیش‌فرض از طریق Warp عبور کند، این Outbound را در ابتدا قرار دهید تا نیازی به مرحلهٔ بعدی نداشته باشید. + + +### روش ۲: استفاده از Wireguard Core + +ابتدا پیش‌نیازهای Wireguard را روی سرور نصب کنید: + +```bash +sudo apt install wireguard-dkms wireguard-tools resolvconf +``` + +اگر از Ubuntu 24 استفاده می‌کنید، از دستور زیر برای نصب Wireguard استفاده کنید: + +```bash +sudo apt install wireguard +``` + +سپس `Table = off` را به فایل Wireguard اضافه کنید همان‌طور که در مثال آمده است: + +```conf +[Interface] +PrivateKey = Your_Private_Key +Address = 172.16.0.2/32 +Address = 2606:4700:110:8a1a:85ef:da37:b891:8d01/128 +DNS = 1.1.1.1 +MTU = 1280 +Table = off +[Peer] +PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= +AllowedIPs = 0.0.0.0/0 +AllowedIPs = ::/0 +Endpoint = engage.cloudflareclient.com:2408 +``` + + +اگر `Table = off` را اضافه نکنید، دسترسی شما به سرور قطع خواهد شد و دیگر قادر به اتصال به سرور نخواهید بود. در این صورت باید از طریق پنل دیتاسنتر وارد شوید و Warp را غیرفعال کنید تا مجدداً اتصال عادی برقرار شود. + + +فایل `wgcf-profile.conf` را به `warp.conf` تغییر نام دهید. + +فایل را در پوشهٔ `/etc/wireguard` روی سرور قرار دهید: + +```bash +sudo mv wgcf-profile.conf /etc/wireguard/warp.conf +``` + +Wireguard را با دستور زیر فعال کنید: + +```bash +sudo systemctl enable --now wg-quick@warp +``` + +می‌توانید Warp را با دستور زیر غیرفعال کنید: + +```bash +sudo systemctl disable --now wg-quick@warp +``` + +به بخش Core Setting در پنل پاسارگارد بروید. + +ابتدا یک outbound مشابه مثال اضافه کنید: + +```json +{ + "tag": "warp", + "protocol": "freedom", + "streamSettings": { + "sockopt": { + "tcpFastOpen": true, + "interface": "warp" + } + } +} +``` + + +اگر می‌خواهید تمام ترافیک به‌صورت پیش‌فرض از طریق Warp عبور کند، این Outbound را در ابتدا قرار دهید تا نیازی به مرحلهٔ بعدی نداشته باشید. + + +## گام ۴: تنظیم روتینگ + +ابتدا یک `rule` در بخش `routing` مانند مثال اضافه کنید: + +```json +{ + "outboundTag": "warp", + "domain": [], + "type": "field" +} +``` + +حالا وب‌سایت‌های موردنظر خود را مانند مثال زیر اضافه کنید: + +```json +{ + "outboundTag": "warp", + "domain": [ + "geosite:google", + "openai.com", + "ai.com", + "ipinfo.io", + "iplocation.net", + "spotify.com" + ], + "type": "field" +} +``` + +تغییرات را ذخیره کنید — اکنون می‌توانید از `Warp` استفاده کنید. + +### نود پاسارگارد + +- اگر از `Warp` با هستهٔ xray استفاده می‌کنید، نیازی به تغییرات روی نود نیست — تنظیمات به‌صورت خودکار اعمال خواهد شد. +- اگر از هستهٔ `Wireguard` استفاده می‌کنید، باید روش دوم (گام سه) را روی نود نیز اجرا کنید. diff --git a/content/docs/fa/meta.json b/content/docs/fa/meta.json index 5768483..82cb39e 100644 --- a/content/docs/fa/meta.json +++ b/content/docs/fa/meta.json @@ -6,6 +6,7 @@ "panel", "node", "cli-tui", + "learn", "migration" ] } diff --git a/content/docs/ru/cli-tui/CLI.mdx b/content/docs/ru/cli-tui/CLI.mdx new file mode 100644 index 0000000..cfe7ab2 --- /dev/null +++ b/content/docs/ru/cli-tui/CLI.mdx @@ -0,0 +1,86 @@ +--- +title: CLI +navigation: CLI +icon: Terminal +--- + +# PasarGuard CLI + +Modern command-line tools for managing PasarGuard with efficiency and style. + +--- + +## CLI - Command-Line Interface + +A modern, type-safe command-line interface for managing PasarGuard, built with Typer. + +### Features + +- 🎯 **Type-safe CLI** with rich output formatting +- 📊 **Beautiful tables and panels** for data visualization +- 🔒 **Secure admin management** with interactive prompts +- 📈 **System status monitoring** and diagnostics +- ⌨️ **Interactive prompts** with confirmations for safety + +### Installation + +The CLI is included with PasarGuard and can be used directly: + +```bash +pasarguard cli --help + +# Or from the project root +uv run pasarguard-cli.py --help +``` + +### Usage + +#### General Commands + +```bash +# Show version +pasarguard cli version + +# Show help +pasarguard cli --help +``` + +#### Admin Management + +```bash +# List all admins +pasarguard cli admins --list + +# Create new admin +pasarguard cli admins --create username + +# Delete admin +pasarguard cli admins --delete username + +# Modify admin (password and sudo status) +pasarguard cli admins --modify username + +# Reset admin usage statistics +pasarguard cli admins --reset-usage username +``` + +#### System Information + +```bash +# Show system status +pasarguard cli system +``` + +### Examples + +**Creating a new admin:** +```bash +pasarguard cli admins --create john_admin +# You'll be prompted to enter password and sudo permissions +``` + +**Listing all admins with formatted output:** +```bash +pasarguard cli admins --list +# Displays a beautiful table with admin details +``` diff --git a/content/docs/ru/cli-tui/TUI.mdx b/content/docs/ru/cli-tui/TUI.mdx new file mode 100644 index 0000000..c2ca5b0 --- /dev/null +++ b/content/docs/ru/cli-tui/TUI.mdx @@ -0,0 +1,69 @@ +--- +title: TUI +navigation: TUI +icon: Terminal +--- + +# PasarGuard TUI + +Modern text-based user interface tools for managing PasarGuard with efficiency and style. + +--- + +## TUI - Text User Interface + +A modern, interactive command-line interface for managing PasarGuard, built with Textual. + +### Features + +- 🎯 **Interactive TUI** with mouse and keyboard support +- 📱 **Responsive design** with dark mode support +- ⌨️ **Keyboard shortcuts** for quick navigation +- 🔄 **Real-time updates** and live data refresh +- 📊 **Rich data visualization** with colors and formatting +- 🔒 **Secure admin management** with visual feedback + +### Starting the TUI + +```bash +pasarguard tui +``` + +Once launched, you'll see a beautiful interactive interface with navigation panels, data tables, and action buttons. + +### Keyboard Shortcuts + +#### Global Commands + +- `q` - Quit the application +- `?` - Show help and keyboard shortcuts +- `Tab` - Navigate between panels +- `Shift+Tab` - Navigate backwards +- `Escape` - Cancel current action + +#### Admin Section + +- `c` - Create new admin +- `m` - Modify admin +- `r` - Reset admin usage statistics +- `d` - Delete admin +- `i` - Import admins from environment variables + +### Admin Management + +The TUI provides a visual interface for all admin operations: + +- **Create** - Interactive forms for new admin accounts +- **Modify** - Edit admin passwords and permissions +- **Delete** - Safe deletion with confirmation prompts +- **Reset Usage** - Clear usage statistics for admins +- **Import** - Bulk import admins from environment variables +- **View Details** - Detailed admin information and status + +### Navigation Tips + +1. Use **arrow keys** or **mouse** to navigate +2. Press **Enter** to select items or confirm actions +3. Use **Tab** to move between input fields +4. Press **Escape** to cancel dialogs +5. Press **?** anytime to see available shortcuts diff --git a/content/docs/ru/cli-tui/index.mdx b/content/docs/ru/cli-tui/index.mdx deleted file mode 100644 index 983535d..0000000 --- a/content/docs/ru/cli-tui/index.mdx +++ /dev/null @@ -1,155 +0,0 @@ ---- -title: CLI и TUI -navigation: CLI и TUI -icon: Terminal ---- - -# CLI и TUI PasarGuard - -Современные инструменты командной строки и текстового пользовательского интерфейса для эффективного управления PasarGuard со стилем. - -## Обзор - -PasarGuard предоставляет два мощных инструмента командной строки для системного администрирования: - -- **CLI (Command-Line Interface)** - типобезопасные команды с богатым функционалом для автоматизации и создания скриптов -- **TUI (Text User Interface)** - интерактивный визуальный терминальный интерфейс для практического управления - -Оба инструмента построены на современных Python-фреймворках и обеспечивают безопасный, эффективный доступ ко всем функциям управления PasarGuard. - ---- - -## CLI - Интерфейс командной строки - -Современный, типобезопасный интерфейс командной строки для управления PasarGuard, построенный на Typer. - -### Возможности - -- 🎯 **Типобезопасный CLI** с форматированным выводом -- 📊 **Красивые таблицы и панели** для визуализации данных -- 🔒 **Безопасное управление администраторами** с интерактивными запросами -- 📈 **Мониторинг состояния системы** и диагностика -- ⌨️ **Интерактивные запросы** с подтверждениями для безопасности - -### Установка - -CLI включён в PasarGuard и может использоваться напрямую: - -```bash -pasarguard cli --help - -# Или из корневой директории проекта -uv run pasarguard-cli.py --help -``` - -### Использование - -#### Общие команды - -```bash -# Показать версию -pasarguard cli version - -# Показать справку -pasarguard cli --help -``` - -#### Управление администраторами - -```bash -# Список всех администраторов -pasarguard cli admins --list - -# Создать нового администратора -pasarguard cli admins --create username - -# Удалить администратора -pasarguard cli admins --delete username - -# Изменить администратора (пароль и sudo статус) -pasarguard cli admins --modify username - -# Сбросить статистику использования администратора -pasarguard cli admins --reset-usage username -``` - -#### Информация о системе - -```bash -# Показать состояние системы -pasarguard cli system -``` - -### Примеры - -**Создание нового администратора:** -```bash -pasarguard cli admins --create john_admin -# Вам будет предложено ввести пароль и права sudo -``` - -**Список всех администраторов с форматированным выводом:** -```bash -pasarguard cli admins --list -# Отображает красивую таблицу с подробностями об администраторах -``` - ---- - -## TUI - Текстовый пользовательский интерфейс - -Современный интерактивный интерфейс командной строки для управления PasarGuard, построенный на Textual. - -### Возможности - -- 🎯 **Интерактивный TUI** с поддержкой мыши и клавиатуры -- 📱 **Адаптивный дизайн** с поддержкой тёмной темы -- ⌨️ **Горячие клавиши** для быстрой навигации -- 🔄 **Обновления в реальном времени** и живое обновление данных -- 📊 **Богатая визуализация данных** с цветами и форматированием -- 🔒 **Безопасное управление администраторами** с визуальной обратной связью - -### Запуск TUI - -```bash -pasarguard tui -``` - -После запуска вы увидите красивый интерактивный интерфейс с навигационными панелями, таблицами данных и кнопками действий. - -### Горячие клавиши - -#### Глобальные команды - -- `q` - Выйти из приложения -- `?` - Показать справку и горячие клавиши -- `Tab` - Переключение между панелями -- `Shift+Tab` - Переключение назад -- `Escape` - Отменить текущее действие - -#### Раздел администрирования - -- `c` - Создать нового администратора -- `m` - Изменить администратора -- `r` - Сбросить статистику использования администратора -- `d` - Удалить администратора -- `i` - Импортировать администраторов из переменных окружения - -### Управление администраторами - -TUI предоставляет визуальный интерфейс для всех операций с администраторами: - -- **Создание** - Интерактивные формы для новых учётных записей администраторов -- **Изменение** - Редактирование паролей и прав администраторов -- **Удаление** - Безопасное удаление с запросами подтверждения -- **Сброс статистики** - Очистка статистики использования администраторов -- **Импорт** - Массовый импорт администраторов из переменных окружения -- **Просмотр деталей** - Подробная информация и статус администратора - -### Советы по навигации - -1. Используйте **клавиши со стрелками** или **мышь** для навигации -2. Нажмите **Enter** для выбора элементов или подтверждения действий -3. Используйте **Tab** для перемещения между полями ввода -4. Нажмите **Escape** для отмены диалогов -5. Нажмите **?** в любое время, чтобы увидеть доступные сочетания клавиш \ No newline at end of file diff --git a/content/docs/ru/cli-tui/meta.json b/content/docs/ru/cli-tui/meta.json index f4cc99d..cf98650 100644 --- a/content/docs/ru/cli-tui/meta.json +++ b/content/docs/ru/cli-tui/meta.json @@ -1,8 +1,8 @@ -{ - "title": "CLI и TUI", - "description": "Инструменты командной строки и текстового интерфейса", - "pages": [ - "index" - ], - "icon": "Terminal" -} +{ + "title": "CLI & TUI", + "description": "Command-line and Text User Interface tools", + "pages": [ + "index" + ], + "icon": "Terminal" +} diff --git a/content/docs/ru/learn/meta.json b/content/docs/ru/learn/meta.json new file mode 100644 index 0000000..b11b9af --- /dev/null +++ b/content/docs/ru/learn/meta.json @@ -0,0 +1,10 @@ +{ + "title": "Learn", + "description": "Step-by-step guides for advanced configurations", + "pages": [ + "ssl-certificate", + "ssl-activation", + "warp" + ], + "icon": "BookOpen" +} diff --git a/content/docs/ru/learn/ssl-activation-cli.mdx b/content/docs/ru/learn/ssl-activation-cli.mdx new file mode 100644 index 0000000..3cff3e0 --- /dev/null +++ b/content/docs/ru/learn/ssl-activation-cli.mdx @@ -0,0 +1,197 @@ +--- +title: SSL Activation +navigation: SSL Activation +icon: Lock +--- + +# SSL Activation in PasarGuard + +By enabling SSL in PasarGuard, the dashboard and subscription link will be accessible via https. +There are different approaches to enabling SSL in PasarGuard, which we'll cover below in order from simple to complex. + + +In all examples below, the `docker-compose.yml` and `.env` files can be found at `/opt/PasarGuard`, and `xray_config.json` at `/var/lib/PasarGuard`. + +If you installed PasarGuard manually, you'll need to make the necessary changes yourself. + + +## SSL Activation with Caddy + +In this method, you don't need to create an SSL certificate - Caddy does all the work for you! + +### Modifying docker-compose.yml + +Modify the `docker-compose.yml` file as follows: + +```yml {9-10,12-22,24-25} +services: + PasarGuard: + image: PasarGuard/panel:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - caddy + + caddy: + image: caddy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy_volume:/data + - caddy_volume:/config + +volumes: + caddy_volume: +``` + +### Creating Caddyfile + +Create a new file named `Caddyfile` at `/opt/pasarguard` and replace `YOUR_DOMAIN` with your desired domain or subdomain. + + +The first letter in the `Caddyfile` filename must be uppercase `C`. + + +```caddy +YOUR_DOMAIN { + reverse_proxy unix//var/lib/pasarguard/pasarguard.socket +} +``` + + +If you want the subscription domain or subdomain to be different from the panel, duplicate the above content in your Caddyfile and replace both domains or subdomains in place of `YOUR_DOMAIN`. + + +### Setting Environment Variables + +Set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### Restarting PasarGuard + +Restart PasarGuard: + +```bash +PasarGuard restart +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. + +## SSL Activation with Uvicorn + +PasarGuard runs with `Uvicorn` by default. `Uvicorn` also allows you to define SSL certificate files. + +### Obtaining SSL Certificate + +First, you need to obtain certificate files for your domain or subdomain. For this, see the [SSL Certificate Issuance](ssl-certificate-cli) tutorial. + +### Setting Environment Variables + +After creating the SSL certificate files, set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_PORT = 443 +UVICORN_SSL_CERTFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer" +UVICORN_SSL_KEYFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer.key" +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. + +## SSL Activation with HAProxy + +`HAProxy` is one of the best tools for this task. In this method, we run PasarGuard on https with the help of `HAProxy`. + +### Obtaining SSL Certificate + +First, you need to obtain certificate files for your domain or subdomain. For this, see the [SSL Certificate Issuance](ssl-certificate-cli) tutorial. + +### Modifying docker-compose.yml + +Modify the `docker-compose.yml` file as follows: + +```yml {9-10,12-20} +services: + PasarGuard: + image: gozargah/PasarGuard:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - haproxy + + haproxy: + image: haproxy:latest + restart: always + volumes: + - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg + - /var/lib/PasarGuard:/var/lib/PasarGuard + ports: + - 80:80 + - 443:443 +``` + +### Creating haproxy.cfg + +Create a new file named `haproxy.cfg` at `/opt/PasarGuard` and replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```cfg +defaults + mode tcp + timeout client 30s + timeout connect 4s + timeout server 30s + +global + maxconn 10000000 + +frontend http_frontend + bind *:80 + mode http + redirect scheme https code 301 if !{ ssl_fc } + +frontend https_frontend + bind *:443 ssl crt /var/lib/PasarGuard/certs/YOUR_DOMAIN.cer + default_backend PasarGuard_backend + +backend PasarGuard_backend + server PasarGuard /var/lib/pasarguard/pasarguard.socket +``` + +### Setting Environment Variables + +Set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### Restarting PasarGuard + +Restart PasarGuard: + +```bash +PasarGuard restart +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. diff --git a/content/docs/ru/learn/ssl-certificate-cli.mdx b/content/docs/ru/learn/ssl-certificate-cli.mdx new file mode 100644 index 0000000..fd22c9b --- /dev/null +++ b/content/docs/ru/learn/ssl-certificate-cli.mdx @@ -0,0 +1,118 @@ +--- +title: SSL Certificate Issuance +navigation: SSL Certificate +icon: Shield +--- + +# SSL Certificate Issuance + +The following tutorials are for obtaining SSL certificates for use with pasarguard using the command line (CLI). + + +Certificate files must be accessible at `/var/lib/pasarguard/certs` for pasarguard to access them. + +In all examples below, files will be installed at this location. + + + +You must register DNS records for your domain before obtaining an SSL certificate. + + +## Obtaining Certificate with acme.sh + +### Installing Prerequisites + +Install socat using the following command for standalone mode: + +```bash +apt install curl socat -y +``` + + +If you have already installed socat, you don't need to perform this step. + + +### Installing acme.sh + +Install [acme.sh](https://github.com/acmesh-official/acme.sh) with the following command. + +Replace `YOUR_EMAIL` with your email address. + + +If you have already installed acme.sh, you don't need to perform this step. + + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Obtaining Certificate + +To obtain a certificate, execute the following commands in order. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```bash +export DOMAIN=YOUR_DOMAIN + +mkdir -p /var/lib/pasarguard/certs + +~/.acme.sh/acme.sh \ + --issue --force --standalone -d "$DOMAIN" \ + --fullchain-file "/var/lib/pasarguard/certs/$DOMAIN.cer" \ + --key-file "/var/lib/pasarguard/certs/$DOMAIN.cer.key" +``` + +## Obtaining Certificate for Cloudflare Domain + +If your domain is registered on Cloudflare and the above methods don't work, use manual mode. + +Replace `example.com` with your domain. + +### Installing acme.sh + +After installing acme, execute the following steps: + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Step 1: Request Certificate + +```bash +~/.acme.sh/acme.sh --issue -d example.com --dns \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +After execution, you will receive two values as shown in the image below: + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/538c8341-fa77-4b06-96a4-73c29f3e0ded) + +### Step 2: Configure DNS Record + +Go to Cloudflare and create a TXT record, entering the values as shown in the image below: + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/dad9c59a-da1f-440b-aa6e-ad524aff212a) + +### Step 3: Obtain Certificate + +Obtain the certificate with the following command: + +```bash +~/.acme.sh/acme.sh --renew -d example.com \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +### File Paths + +Finally, your domain certificate file will be at: + +``` +/root/.acme.sh/example.com_ecc/fullchain.cer +``` + +And the private key file will be saved at: + +``` +/root/.acme.sh/example.com_ecc/example.com.key +``` diff --git a/content/docs/ru/learn/warp.mdx b/content/docs/ru/learn/warp.mdx new file mode 100644 index 0000000..f613af6 --- /dev/null +++ b/content/docs/ru/learn/warp.mdx @@ -0,0 +1,245 @@ +--- +title: CloudFlare Warp Activation +navigation: CloudFlare Warp +icon: Cloud +--- + +# CloudFlare Warp Activation + +Using this tutorial, you can bypass certain restrictions imposed by large companies like Google and Spotify on your IP and use their services without issues. + + +Note that Warp configs have a maximum connection limit of 5 simultaneous devices. To solve this issue, you can use multiple configs. + + +## Step 1: Creating Wireguard Config + +### Method 1: Using Windows + +1. First, download the required `Asset` from the [releases](https://github.com/ViRb3/wgcf/releases) section. This file varies depending on your processor. +2. Rename the `Asset` file to `wgcf`. +3. Now enter `cmd.exe` in the File Explorer address bar. + +![image](https://github.com/Gozargah/gozargah.github.io/assets/50927468/fb9f3eae-8390-45a5-a7b3-c50db4aa82a1) + +4. In the opened terminal, enter `wgcf.exe`. +5. Execute `wgcf.exe register` once, then `wgcf.exe generate`. +6. A new file named `wgcf-profile.conf` will be created - this is the `Wireguard` config we need. +7. Your config is ready and you can use it. + +### Method 2: Using Linux + +First, download the required `Asset` from the [releases](https://github.com/ViRb3/wgcf/releases) section. This file varies depending on your processor. + +You can do this using the `wget` command. + +#### For AMD64 architecture processors: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_amd64 +``` + +#### For ARM64 architecture processors: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_arm64 +``` + +Move the file to `/usr/bin/` and rename it to `wgcf`. + +#### For AMD64 architecture processors: + +```bash +mv wgcf_2.2.22_linux_amd64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +#### For ARM64 architecture processors: + +```bash +mv wgcf_2.2.22_linux_arm64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +Then create the config using these 2 commands: + +```bash +wgcf register +wgcf generate +``` + +A file named `wgcf-profile.conf` will be created - this is the config we need. + +## Step 2: Using Warp+ (Optional) + +To obtain a license and use Warp+, you can get a `license_key` through [this](https://t.me/generatewarpplusbot) Telegram bot. + +After obtaining the `license_key`, you need to replace it in the `wgcf-account.toml` file. + + +You can make this change in Linux with `nano` and in Windows with `Notepad` or any other software. + + + +To use commands on Windows, you need to use `wgcf.exe` instead of `wgcf`. + + +Then update the config information: + +```bash +wgcf update +``` + +Then create a new config file: + +```bash +wgcf generate +``` + +## Step 3: Activating Warp on PasarGuard + +### Method 1: Using Xray Core + + +- This method is only recommended for Xray version 1.8.3 or higher. In older versions, you may encounter Memory Leak issues. +- If your `Xray` version is lower than this, you can upgrade your `Xray` version using the Xray-core version change tutorial. + + +Go to Core Setting in the PasarGuard panel. + +First, add an outbound like the example and place the `wgcf-profile.conf` file information in it. + +```json +{ + "tag": "warp", + "protocol": "wireguard", + "settings": { + "secretKey": "Your_Secret_Key", + "DNS": "1.1.1.1", + "address": ["172.16.0.2/32", "2606:4700:110:8756:9135:af04:3778:40d9/128"], + "peers": [ + { + "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", + "endpoint": "engage.cloudflareclient.com:2408" + } + ], + "kernelMode": false + } +} +``` + + +If you want all traffic to pass through Warp by default, place this Outbound first and you don't need to perform the next step. + + +### Method 2: Using Wireguard Core + +First, install the Wireguard prerequisites on the server: + +```bash +sudo apt install wireguard-dkms wireguard-tools resolvconf +``` + +If you're using Ubuntu 24, use the following command to install Wireguard: + +```bash +sudo apt install wireguard +``` + +Then add `Table = off` to the Wireguard file as shown in the example: + +```conf +[Interface] +PrivateKey = Your_Private_Key +Address = 172.16.0.2/32 +Address = 2606:4700:110:8a1a:85ef:da37:b891:8d01/128 +DNS = 1.1.1.1 +MTU = 1280 +Table = off +[Peer] +PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= +AllowedIPs = 0.0.0.0/0 +AllowedIPs = ::/0 +Endpoint = engage.cloudflareclient.com:2408 +``` + + +If you don't add `Table = off`, your server access will be cut off and you won't be able to connect to the server. You'll need to access the server through your datacenter's website and disconnect from `Warp` to be able to establish a normal connection again. + + +Then rename the file from `wgcf-profile.conf` to `warp.conf`. + +Place the file in the `/etc/wireguard` folder on the server: + +```bash +sudo mv wgcf-profile.conf /etc/wireguard/warp.conf +``` + +Enable Wireguard with the following command: + +```bash +sudo systemctl enable --now wg-quick@warp +``` + +You can also disable `Warp` with this command: + +```bash +sudo systemctl disable --now wg-quick@warp +``` + +Go to Core Setting in the PasarGuard panel. + +First, add an outbound like the example: + +```json +{ + "tag": "warp", + "protocol": "freedom", + "streamSettings": { + "sockopt": { + "tcpFastOpen": true, + "interface": "warp" + } + } +} +``` + + +If you want all traffic to pass through Warp by default, place this Outbound first and you don't need to perform the next step. + + +## Step 4: Routing Configuration + +First, add a `rule` in the `routing` section like the example: + +```json +{ + "outboundTag": "warp", + "domain": [], + "type": "field" +} +``` + +Now add your desired websites like the example: + +```json +{ + "outboundTag": "warp", + "domain": [ + "geosite:google", + "openai.com", + "ai.com", + "ipinfo.io", + "iplocation.net", + "spotify.com" + ], + "type": "field" +} +``` + +Save the changes - you can now use `Warp`. + +### PasarGuard Node + +- If you're using `Warp` with the xray core, you don't need to make changes to the node - it will be applied automatically. +- If you're using the `Wireguard` core, you need to perform step three, method two on the node as well. diff --git a/content/docs/ru/meta.json b/content/docs/ru/meta.json index 1e6fd64..1315734 100644 --- a/content/docs/ru/meta.json +++ b/content/docs/ru/meta.json @@ -6,6 +6,7 @@ "panel", "node", "cli-tui", + "learn", "migration" ] } diff --git a/content/docs/zh/cli-tui/CLI.mdx b/content/docs/zh/cli-tui/CLI.mdx new file mode 100644 index 0000000..cfe7ab2 --- /dev/null +++ b/content/docs/zh/cli-tui/CLI.mdx @@ -0,0 +1,86 @@ +--- +title: CLI +navigation: CLI +icon: Terminal +--- + +# PasarGuard CLI + +Modern command-line tools for managing PasarGuard with efficiency and style. + +--- + +## CLI - Command-Line Interface + +A modern, type-safe command-line interface for managing PasarGuard, built with Typer. + +### Features + +- 🎯 **Type-safe CLI** with rich output formatting +- 📊 **Beautiful tables and panels** for data visualization +- 🔒 **Secure admin management** with interactive prompts +- 📈 **System status monitoring** and diagnostics +- ⌨️ **Interactive prompts** with confirmations for safety + +### Installation + +The CLI is included with PasarGuard and can be used directly: + +```bash +pasarguard cli --help + +# Or from the project root +uv run pasarguard-cli.py --help +``` + +### Usage + +#### General Commands + +```bash +# Show version +pasarguard cli version + +# Show help +pasarguard cli --help +``` + +#### Admin Management + +```bash +# List all admins +pasarguard cli admins --list + +# Create new admin +pasarguard cli admins --create username + +# Delete admin +pasarguard cli admins --delete username + +# Modify admin (password and sudo status) +pasarguard cli admins --modify username + +# Reset admin usage statistics +pasarguard cli admins --reset-usage username +``` + +#### System Information + +```bash +# Show system status +pasarguard cli system +``` + +### Examples + +**Creating a new admin:** +```bash +pasarguard cli admins --create john_admin +# You'll be prompted to enter password and sudo permissions +``` + +**Listing all admins with formatted output:** +```bash +pasarguard cli admins --list +# Displays a beautiful table with admin details +``` diff --git a/content/docs/zh/cli-tui/TUI.mdx b/content/docs/zh/cli-tui/TUI.mdx new file mode 100644 index 0000000..c2ca5b0 --- /dev/null +++ b/content/docs/zh/cli-tui/TUI.mdx @@ -0,0 +1,69 @@ +--- +title: TUI +navigation: TUI +icon: Terminal +--- + +# PasarGuard TUI + +Modern text-based user interface tools for managing PasarGuard with efficiency and style. + +--- + +## TUI - Text User Interface + +A modern, interactive command-line interface for managing PasarGuard, built with Textual. + +### Features + +- 🎯 **Interactive TUI** with mouse and keyboard support +- 📱 **Responsive design** with dark mode support +- ⌨️ **Keyboard shortcuts** for quick navigation +- 🔄 **Real-time updates** and live data refresh +- 📊 **Rich data visualization** with colors and formatting +- 🔒 **Secure admin management** with visual feedback + +### Starting the TUI + +```bash +pasarguard tui +``` + +Once launched, you'll see a beautiful interactive interface with navigation panels, data tables, and action buttons. + +### Keyboard Shortcuts + +#### Global Commands + +- `q` - Quit the application +- `?` - Show help and keyboard shortcuts +- `Tab` - Navigate between panels +- `Shift+Tab` - Navigate backwards +- `Escape` - Cancel current action + +#### Admin Section + +- `c` - Create new admin +- `m` - Modify admin +- `r` - Reset admin usage statistics +- `d` - Delete admin +- `i` - Import admins from environment variables + +### Admin Management + +The TUI provides a visual interface for all admin operations: + +- **Create** - Interactive forms for new admin accounts +- **Modify** - Edit admin passwords and permissions +- **Delete** - Safe deletion with confirmation prompts +- **Reset Usage** - Clear usage statistics for admins +- **Import** - Bulk import admins from environment variables +- **View Details** - Detailed admin information and status + +### Navigation Tips + +1. Use **arrow keys** or **mouse** to navigate +2. Press **Enter** to select items or confirm actions +3. Use **Tab** to move between input fields +4. Press **Escape** to cancel dialogs +5. Press **?** anytime to see available shortcuts diff --git a/content/docs/zh/cli-tui/index.mdx b/content/docs/zh/cli-tui/index.mdx deleted file mode 100644 index 35293cf..0000000 --- a/content/docs/zh/cli-tui/index.mdx +++ /dev/null @@ -1,155 +0,0 @@ ---- -title: CLI 和 TUI -navigation: CLI 和 TUI -icon: Terminal ---- - -# PasarGuard CLI 和 TUI - -现代化的命令行和文本用户界面工具,高效且优雅地管理 PasarGuard。 - -## 概述 - -PasarGuard 提供两个强大的命令行工具用于系统管理: - -- **CLI (命令行界面)** - 类型安全、功能丰富的命令,用于自动化和脚本编写 -- **TUI (文本用户界面)** - 交互式、可视化的终端界面,用于实际管理 - -这两个工具都使用现代 Python 框架构建,提供安全、高效的访问所有 PasarGuard 管理功能。 - ---- - -## CLI - 命令行界面 - -一个现代化、类型安全的命令行界面,用于管理 PasarGuard,基于 Typer 构建。 - -### 功能特性 - -- 🎯 **类型安全的 CLI**,具有丰富的输出格式 -- 📊 **精美的表格和面板**,用于数据可视化 -- 🔒 **安全的管理员管理**,具有交互式提示 -- 📈 **系统状态监控**和诊断 -- ⌨️ **交互式提示**,带有确认以确保安全 - -### 安装 - -CLI 包含在 PasarGuard 中,可以直接使用: - -```bash -pasarguard cli --help - -# 或从项目根目录 -uv run pasarguard-cli.py --help -``` - -### 使用方法 - -#### 通用命令 - -```bash -# 显示版本 -pasarguard cli version - -# 显示帮助 -pasarguard cli --help -``` - -#### 管理员管理 - -```bash -# 列出所有管理员 -pasarguard cli admins --list - -# 创建新管理员 -pasarguard cli admins --create username - -# 删除管理员 -pasarguard cli admins --delete username - -# 修改管理员(密码和 sudo 状态) -pasarguard cli admins --modify username - -# 重置管理员使用统计 -pasarguard cli admins --reset-usage username -``` - -#### 系统信息 - -```bash -# 显示系统状态 -pasarguard cli system -``` - -### 示例 - -**创建新管理员:** -```bash -pasarguard cli admins --create john_admin -# 系统会提示您输入密码和 sudo 权限 -``` - -**以格式化输出列出所有管理员:** -```bash -pasarguard cli admins --list -# 显示一个包含管理员详细信息的精美表格 -``` - ---- - -## TUI - 文本用户界面 - -一个现代化的交互式命令行界面,用于管理 PasarGuard,基于 Textual 构建。 - -### 功能特性 - -- 🎯 **交互式 TUI**,支持鼠标和键盘 -- 📱 **响应式设计**,支持深色模式 -- ⌨️ **键盘快捷键**,快速导航 -- 🔄 **实时更新**和实时数据刷新 -- 📊 **丰富的数据可视化**,带有颜色和格式 -- 🔒 **安全的管理员管理**,带有可视化反馈 - -### 启动 TUI - -```bash -pasarguard tui -``` - -启动后,您将看到一个精美的交互式界面,包含导航面板、数据表格和操作按钮。 - -### 键盘快捷键 - -#### 全局命令 - -- `q` - 退出应用程序 -- `?` - 显示帮助和键盘快捷键 -- `Tab` - 在面板之间导航 -- `Shift+Tab` - 向后导航 -- `Escape` - 取消当前操作 - -#### 管理员部分 - -- `c` - 创建新管理员 -- `m` - 修改管理员 -- `r` - 重置管理员使用统计 -- `d` - 删除管理员 -- `i` - 从环境变量导入管理员 - -### 管理员管理 - -TUI 为所有管理员操作提供可视化界面: - -- **创建** - 用于新管理员账户的交互式表单 -- **修改** - 编辑管理员密码和权限 -- **删除** - 带有确认提示的安全删除 -- **重置统计** - 清除管理员的使用统计 -- **导入** - 从环境变量批量导入管理员 -- **查看详情** - 详细的管理员信息和状态 - -### 导航提示 - -1. 使用**方向键**或**鼠标**进行导航 -2. 按**回车键**选择项目或确认操作 -3. 使用 **Tab** 在输入字段之间移动 -4. 按 **Escape** 取消对话框 -5. 随时按 **?** 查看可用的快捷键 diff --git a/content/docs/zh/cli-tui/meta.json b/content/docs/zh/cli-tui/meta.json index a328d5e..cf98650 100644 --- a/content/docs/zh/cli-tui/meta.json +++ b/content/docs/zh/cli-tui/meta.json @@ -1,8 +1,8 @@ -{ - "title": "CLI 和 TUI", - "description": "命令行和文本用户界面工具", - "pages": [ - "index" - ], - "icon": "Terminal" -} +{ + "title": "CLI & TUI", + "description": "Command-line and Text User Interface tools", + "pages": [ + "index" + ], + "icon": "Terminal" +} diff --git a/content/docs/zh/learn/meta.json b/content/docs/zh/learn/meta.json new file mode 100644 index 0000000..b11b9af --- /dev/null +++ b/content/docs/zh/learn/meta.json @@ -0,0 +1,10 @@ +{ + "title": "Learn", + "description": "Step-by-step guides for advanced configurations", + "pages": [ + "ssl-certificate", + "ssl-activation", + "warp" + ], + "icon": "BookOpen" +} diff --git a/content/docs/zh/learn/ssl-activation-cli.mdx b/content/docs/zh/learn/ssl-activation-cli.mdx new file mode 100644 index 0000000..3cff3e0 --- /dev/null +++ b/content/docs/zh/learn/ssl-activation-cli.mdx @@ -0,0 +1,197 @@ +--- +title: SSL Activation +navigation: SSL Activation +icon: Lock +--- + +# SSL Activation in PasarGuard + +By enabling SSL in PasarGuard, the dashboard and subscription link will be accessible via https. +There are different approaches to enabling SSL in PasarGuard, which we'll cover below in order from simple to complex. + + +In all examples below, the `docker-compose.yml` and `.env` files can be found at `/opt/PasarGuard`, and `xray_config.json` at `/var/lib/PasarGuard`. + +If you installed PasarGuard manually, you'll need to make the necessary changes yourself. + + +## SSL Activation with Caddy + +In this method, you don't need to create an SSL certificate - Caddy does all the work for you! + +### Modifying docker-compose.yml + +Modify the `docker-compose.yml` file as follows: + +```yml {9-10,12-22,24-25} +services: + PasarGuard: + image: PasarGuard/panel:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - caddy + + caddy: + image: caddy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy_volume:/data + - caddy_volume:/config + +volumes: + caddy_volume: +``` + +### Creating Caddyfile + +Create a new file named `Caddyfile` at `/opt/pasarguard` and replace `YOUR_DOMAIN` with your desired domain or subdomain. + + +The first letter in the `Caddyfile` filename must be uppercase `C`. + + +```caddy +YOUR_DOMAIN { + reverse_proxy unix//var/lib/pasarguard/pasarguard.socket +} +``` + + +If you want the subscription domain or subdomain to be different from the panel, duplicate the above content in your Caddyfile and replace both domains or subdomains in place of `YOUR_DOMAIN`. + + +### Setting Environment Variables + +Set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### Restarting PasarGuard + +Restart PasarGuard: + +```bash +PasarGuard restart +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. + +## SSL Activation with Uvicorn + +PasarGuard runs with `Uvicorn` by default. `Uvicorn` also allows you to define SSL certificate files. + +### Obtaining SSL Certificate + +First, you need to obtain certificate files for your domain or subdomain. For this, see the [SSL Certificate Issuance](ssl-certificate-cli) tutorial. + +### Setting Environment Variables + +After creating the SSL certificate files, set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_PORT = 443 +UVICORN_SSL_CERTFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer" +UVICORN_SSL_KEYFILE = "/var/lib/PasarGuard/certs/YOUR_DOMAIN.cer.key" +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. + +## SSL Activation with HAProxy + +`HAProxy` is one of the best tools for this task. In this method, we run PasarGuard on https with the help of `HAProxy`. + +### Obtaining SSL Certificate + +First, you need to obtain certificate files for your domain or subdomain. For this, see the [SSL Certificate Issuance](ssl-certificate-cli) tutorial. + +### Modifying docker-compose.yml + +Modify the `docker-compose.yml` file as follows: + +```yml {9-10,12-20} +services: + PasarGuard: + image: gozargah/PasarGuard:latest + restart: always + env_file: .env + network_mode: host + volumes: + - /var/lib/PasarGuard:/var/lib/PasarGuard + depends_on: + - haproxy + + haproxy: + image: haproxy:latest + restart: always + volumes: + - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg + - /var/lib/PasarGuard:/var/lib/PasarGuard + ports: + - 80:80 + - 443:443 +``` + +### Creating haproxy.cfg + +Create a new file named `haproxy.cfg` at `/opt/PasarGuard` and replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```cfg +defaults + mode tcp + timeout client 30s + timeout connect 4s + timeout server 30s + +global + maxconn 10000000 + +frontend http_frontend + bind *:80 + mode http + redirect scheme https code 301 if !{ ssl_fc } + +frontend https_frontend + bind *:443 ssl crt /var/lib/PasarGuard/certs/YOUR_DOMAIN.cer + default_backend PasarGuard_backend + +backend PasarGuard_backend + server PasarGuard /var/lib/pasarguard/pasarguard.socket +``` + +### Setting Environment Variables + +Set the following variables in the `.env` file. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```env +UVICORN_UDS = /var/lib/pasarguard/pasarguard.socket +XRAY_SUBSCRIPTION_URL_PREFIX = https://YOUR_DOMAIN +``` + +### Restarting PasarGuard + +Restart PasarGuard: + +```bash +PasarGuard restart +``` + +Now the PasarGuard dashboard will be accessible at your domain or subdomain address via https. diff --git a/content/docs/zh/learn/ssl-certificate-cli.mdx b/content/docs/zh/learn/ssl-certificate-cli.mdx new file mode 100644 index 0000000..fd22c9b --- /dev/null +++ b/content/docs/zh/learn/ssl-certificate-cli.mdx @@ -0,0 +1,118 @@ +--- +title: SSL Certificate Issuance +navigation: SSL Certificate +icon: Shield +--- + +# SSL Certificate Issuance + +The following tutorials are for obtaining SSL certificates for use with pasarguard using the command line (CLI). + + +Certificate files must be accessible at `/var/lib/pasarguard/certs` for pasarguard to access them. + +In all examples below, files will be installed at this location. + + + +You must register DNS records for your domain before obtaining an SSL certificate. + + +## Obtaining Certificate with acme.sh + +### Installing Prerequisites + +Install socat using the following command for standalone mode: + +```bash +apt install curl socat -y +``` + + +If you have already installed socat, you don't need to perform this step. + + +### Installing acme.sh + +Install [acme.sh](https://github.com/acmesh-official/acme.sh) with the following command. + +Replace `YOUR_EMAIL` with your email address. + + +If you have already installed acme.sh, you don't need to perform this step. + + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Obtaining Certificate + +To obtain a certificate, execute the following commands in order. + +Replace `YOUR_DOMAIN` with your desired domain or subdomain. + +```bash +export DOMAIN=YOUR_DOMAIN + +mkdir -p /var/lib/pasarguard/certs + +~/.acme.sh/acme.sh \ + --issue --force --standalone -d "$DOMAIN" \ + --fullchain-file "/var/lib/pasarguard/certs/$DOMAIN.cer" \ + --key-file "/var/lib/pasarguard/certs/$DOMAIN.cer.key" +``` + +## Obtaining Certificate for Cloudflare Domain + +If your domain is registered on Cloudflare and the above methods don't work, use manual mode. + +Replace `example.com` with your domain. + +### Installing acme.sh + +After installing acme, execute the following steps: + +```bash +curl https://get.acme.sh | sh -s email=YOUR_EMAIL +``` + +### Step 1: Request Certificate + +```bash +~/.acme.sh/acme.sh --issue -d example.com --dns \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +After execution, you will receive two values as shown in the image below: + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/538c8341-fa77-4b06-96a4-73c29f3e0ded) + +### Step 2: Configure DNS Record + +Go to Cloudflare and create a TXT record, entering the values as shown in the image below: + +![image](https://github.com/Gozargah/gozargah.github.io/assets/67644313/dad9c59a-da1f-440b-aa6e-ad524aff212a) + +### Step 3: Obtain Certificate + +Obtain the certificate with the following command: + +```bash +~/.acme.sh/acme.sh --renew -d example.com \ + --yes-I-know-dns-manual-mode-enough-go-ahead-please +``` + +### File Paths + +Finally, your domain certificate file will be at: + +``` +/root/.acme.sh/example.com_ecc/fullchain.cer +``` + +And the private key file will be saved at: + +``` +/root/.acme.sh/example.com_ecc/example.com.key +``` diff --git a/content/docs/zh/learn/warp.mdx b/content/docs/zh/learn/warp.mdx new file mode 100644 index 0000000..f613af6 --- /dev/null +++ b/content/docs/zh/learn/warp.mdx @@ -0,0 +1,245 @@ +--- +title: CloudFlare Warp Activation +navigation: CloudFlare Warp +icon: Cloud +--- + +# CloudFlare Warp Activation + +Using this tutorial, you can bypass certain restrictions imposed by large companies like Google and Spotify on your IP and use their services without issues. + + +Note that Warp configs have a maximum connection limit of 5 simultaneous devices. To solve this issue, you can use multiple configs. + + +## Step 1: Creating Wireguard Config + +### Method 1: Using Windows + +1. First, download the required `Asset` from the [releases](https://github.com/ViRb3/wgcf/releases) section. This file varies depending on your processor. +2. Rename the `Asset` file to `wgcf`. +3. Now enter `cmd.exe` in the File Explorer address bar. + +![image](https://github.com/Gozargah/gozargah.github.io/assets/50927468/fb9f3eae-8390-45a5-a7b3-c50db4aa82a1) + +4. In the opened terminal, enter `wgcf.exe`. +5. Execute `wgcf.exe register` once, then `wgcf.exe generate`. +6. A new file named `wgcf-profile.conf` will be created - this is the `Wireguard` config we need. +7. Your config is ready and you can use it. + +### Method 2: Using Linux + +First, download the required `Asset` from the [releases](https://github.com/ViRb3/wgcf/releases) section. This file varies depending on your processor. + +You can do this using the `wget` command. + +#### For AMD64 architecture processors: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_amd64 +``` + +#### For ARM64 architecture processors: + +```bash +wget https://github.com/ViRb3/wgcf/releases/download/v2.2.22/wgcf_2.2.22_linux_arm64 +``` + +Move the file to `/usr/bin/` and rename it to `wgcf`. + +#### For AMD64 architecture processors: + +```bash +mv wgcf_2.2.22_linux_amd64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +#### For ARM64 architecture processors: + +```bash +mv wgcf_2.2.22_linux_arm64 /usr/bin/wgcf +chmod +x /usr/bin/wgcf +``` + +Then create the config using these 2 commands: + +```bash +wgcf register +wgcf generate +``` + +A file named `wgcf-profile.conf` will be created - this is the config we need. + +## Step 2: Using Warp+ (Optional) + +To obtain a license and use Warp+, you can get a `license_key` through [this](https://t.me/generatewarpplusbot) Telegram bot. + +After obtaining the `license_key`, you need to replace it in the `wgcf-account.toml` file. + + +You can make this change in Linux with `nano` and in Windows with `Notepad` or any other software. + + + +To use commands on Windows, you need to use `wgcf.exe` instead of `wgcf`. + + +Then update the config information: + +```bash +wgcf update +``` + +Then create a new config file: + +```bash +wgcf generate +``` + +## Step 3: Activating Warp on PasarGuard + +### Method 1: Using Xray Core + + +- This method is only recommended for Xray version 1.8.3 or higher. In older versions, you may encounter Memory Leak issues. +- If your `Xray` version is lower than this, you can upgrade your `Xray` version using the Xray-core version change tutorial. + + +Go to Core Setting in the PasarGuard panel. + +First, add an outbound like the example and place the `wgcf-profile.conf` file information in it. + +```json +{ + "tag": "warp", + "protocol": "wireguard", + "settings": { + "secretKey": "Your_Secret_Key", + "DNS": "1.1.1.1", + "address": ["172.16.0.2/32", "2606:4700:110:8756:9135:af04:3778:40d9/128"], + "peers": [ + { + "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", + "endpoint": "engage.cloudflareclient.com:2408" + } + ], + "kernelMode": false + } +} +``` + + +If you want all traffic to pass through Warp by default, place this Outbound first and you don't need to perform the next step. + + +### Method 2: Using Wireguard Core + +First, install the Wireguard prerequisites on the server: + +```bash +sudo apt install wireguard-dkms wireguard-tools resolvconf +``` + +If you're using Ubuntu 24, use the following command to install Wireguard: + +```bash +sudo apt install wireguard +``` + +Then add `Table = off` to the Wireguard file as shown in the example: + +```conf +[Interface] +PrivateKey = Your_Private_Key +Address = 172.16.0.2/32 +Address = 2606:4700:110:8a1a:85ef:da37:b891:8d01/128 +DNS = 1.1.1.1 +MTU = 1280 +Table = off +[Peer] +PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= +AllowedIPs = 0.0.0.0/0 +AllowedIPs = ::/0 +Endpoint = engage.cloudflareclient.com:2408 +``` + + +If you don't add `Table = off`, your server access will be cut off and you won't be able to connect to the server. You'll need to access the server through your datacenter's website and disconnect from `Warp` to be able to establish a normal connection again. + + +Then rename the file from `wgcf-profile.conf` to `warp.conf`. + +Place the file in the `/etc/wireguard` folder on the server: + +```bash +sudo mv wgcf-profile.conf /etc/wireguard/warp.conf +``` + +Enable Wireguard with the following command: + +```bash +sudo systemctl enable --now wg-quick@warp +``` + +You can also disable `Warp` with this command: + +```bash +sudo systemctl disable --now wg-quick@warp +``` + +Go to Core Setting in the PasarGuard panel. + +First, add an outbound like the example: + +```json +{ + "tag": "warp", + "protocol": "freedom", + "streamSettings": { + "sockopt": { + "tcpFastOpen": true, + "interface": "warp" + } + } +} +``` + + +If you want all traffic to pass through Warp by default, place this Outbound first and you don't need to perform the next step. + + +## Step 4: Routing Configuration + +First, add a `rule` in the `routing` section like the example: + +```json +{ + "outboundTag": "warp", + "domain": [], + "type": "field" +} +``` + +Now add your desired websites like the example: + +```json +{ + "outboundTag": "warp", + "domain": [ + "geosite:google", + "openai.com", + "ai.com", + "ipinfo.io", + "iplocation.net", + "spotify.com" + ], + "type": "field" +} +``` + +Save the changes - you can now use `Warp`. + +### PasarGuard Node + +- If you're using `Warp` with the xray core, you don't need to make changes to the node - it will be applied automatically. +- If you're using the `Wireguard` core, you need to perform step three, method two on the node as well. diff --git a/content/docs/zh/meta.json b/content/docs/zh/meta.json index 6c07322..66c3c4e 100644 --- a/content/docs/zh/meta.json +++ b/content/docs/zh/meta.json @@ -6,6 +6,7 @@ "panel", "node", "cli-tui", + "learn", "migration" ] }