From 5ce5ed6743821ff300d5964defe36730e62be15c Mon Sep 17 00:00:00 2001
From: arraykeys <arraykeys@gmail.com>
Date: Thu, 11 Apr 2024 09:48:37 +0800
Subject: [PATCH] update

---
 README.md                | 105 +++++++++++++++++++++++++++++++++++----
 README_ZH.md             |  64 ++++++++++++++++++++++--
 docs/manual/manual.md    |  93 ++++++++++++++++++++++++++++++----
 docs/manual/zh/manual.md |  52 +++++++++++++++++--
 docs/sitemap.xml         |  10 ++--
 docs/tags/cdn/index.html |   4 +-
 docs/tags/cdn/index.xml  |   4 +-
 docs/tags/index.xml      |   2 +-
 8 files changed, 296 insertions(+), 38 deletions(-)

diff --git a/README.md b/README.md
index 4ad6083..4abe27c 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,18 @@ The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss prox
 
 ---
 
+## 赞助者/Sponsors
+
+<a target="_blank" href="https://www.capsolver.com/zh?utm_source=github&utm_medium=banner_github&utm_campaign=goproxy">
+<img src="/doc/images/zanzhu_capsolver.jpg" height="200">
+</a>
+
+[Capsolver.com](https://www.capsolver.com/?utm_source=github&utm_medium=banner_github&utm_campaign=goproxy_github)是一家基于人工智能，提供自动验证码解决功能的服务商。支持的验证码类型包括reCAPTCHA、hCaptcha和FunCaptcha、
+hCaptcha Enterprise, FunCaptcha Enterprise, Cloudflare Challenge 5s / Turnstile Captcha, DataDome Captcha / Interstinial , 
+AWS captcha、Geetest、Akamai Web、BMP、Imperva/Incapsula、captcha图像识别等。
+
+---
+
 ## 中文用户请看 *中文说明*，中文与英文内容的安装等资源链接是不一样的，谢谢合作！
 
 ### [点击我观看视频教程](https://space.bilibili.com/472844633)
@@ -621,6 +633,9 @@ For example:
 
 `--dns-address` supports multiple dns addresses, load balancing, separated by comma. For example: `--dns-address "1.1.1.1:53,8.8.8.8:53"`
 
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
+
 ### 1.12 Custom encryption
 The proxy's http(s) proxy can encrypt tcp data via tls standard encryption and kcp protocol on top of tcp, in addition to support customization after tls and kcp.  
 Encryption, that is to say, custom encryption and tls|kcp can be used in combination. The internal use of AES256 encryption, you only need to define a password when you use it.  
@@ -1282,6 +1297,9 @@ And the analysis result cache time (--dns-ttl) seconds, to avoid system dns inte
 For example:  
 `proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
 
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
+
 ### 5.10 Custom Encryption
 The proxy's socks proxy can encrypt tcp data through tls standard encryption and kcp protocol on top of tcp. In addition, it supports custom encryption after tls and kcp, which means that custom encryption and tls|kcp can be used together. The internal use of AES256 encryption, you only need to define a password when you use it.  
 Encryption is divided into two parts, one is whether the local (-z) encryption and decryption, and the other is whether the transmission with the upstream (-Z) is encrypted or decrypted.
@@ -1417,25 +1435,48 @@ The default is: parent.
 The meaning of each value is as follows:  
 `--intelligent=direct`, the targets in the blocked are not directly connected.  
 `--intelligent=parent`, the target that is not in the direct is going to the higher level.  
-`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream access target.
+`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream
+access target.
 
 ### 5.18 Fixed UDP PORT
 
-By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which is randomly specified during the protocol handshake process and does not need to be specified in advance.
+By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which
+is randomly specified during the protocol handshake process and does not need to be specified in advance.
 
-However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix the port number of the UDP function. For example:
+However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix
+the port number of the UDP function. For example:
 
 `proxy socks -t tcp -p "0.0.0.0:38080" --udp-port 38080`
 
-### 5.19 Help
+### 5.19 UDP Compatibility Mode
+
+By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
+specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
+compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
+UDP functionality.
+
+Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
+exceeded, UDP connections will be released.
+
+### 5.20 Help
+
 `proxy help socks`
 
 ## 6.SPS Protocol Convert
 
 ### 6.1 Function introduction
-The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5 proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node levels can be supported. The connection builds an encrypted channel.
 
-The encryption methods supported by the `ss` function are: aes-128-cfb, aes-128-ctr, aes-128-gcm, aes-192-cfb, aes-192-ctr, aes-192-gcm, aes-256- Cfb , aes-256-ctr , aes-256-gcm , bf-cfb , cast5-cfb , chacha20 , chacha20-ietf , chacha20-ietf-poly1305 , des-cfb , rc4-md5 , rc4-md5-6 , salsa20 , Xchacha20
+The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only
+accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the
+sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and
+socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP
+function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5
+proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node
+levels can be supported. The connection builds an encrypted channel.
+
+The encryption methods supported by the `ss` function are: aes-128-cfb, aes-128-ctr, aes-128-gcm, aes-192-cfb,
+aes-192-ctr, aes-192-gcm, aes-256- Cfb , aes-256-ctr , aes-256-gcm , bf-cfb , cast5-cfb , chacha20 , chacha20-ietf ,
+chacha20-ietf-poly1305 , des-cfb , rc4-md5 , rc4-md5-6 , salsa20 , Xchacha20
 
 Listen port argument `-p` can be:
 
@@ -1715,7 +1756,7 @@ It should be noted that the ss function of sps also has UDP function, and the UD
 
 To specify a port that is different from the tcp port.
 
-### 6.17 iptables 透明代理
+### 6.17 Iptables Transparent Proxy
 The sps mode supports the iptables transparent forwarding support of the Linux system, which is commonly referred to as the iptables transparent proxy. If a iptables transparent proxy is performed on the gateway device, the device that is connected through the gateway can realize a non-aware proxy.
 
 Example start command:
@@ -1762,16 +1803,40 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 
 - Clear the entire chain iptables -F chain name such as iptables -t nat -F PROXY
 - Delete the specified user-defined chain iptables -X chain name e.g. iptables -t nat -X PROXY
-- Delete rule from selected chain iptables -D chain name rule details e.g. iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
+- Delete rule from selected chain iptables -D chain name rule details e.g. iptables -t nat -D PROXY -d
+  223.223.192.0/255.255.240.0 -j RETURN
+
+### 6.19 UDP Compatibility Mode
+
+By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
+specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
+compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
+UDP functionality.
+
+Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
+exceeded, UDP connections will be released.
 
-### 6.18 Help
+### 6.20 Custom DNS
+
+The `--dns-address` and `--dns-ttl` parameters are used to specify the dns used by the proxy to access the domain name (`--dns-address`)
+As well as the number of seconds for caching the parsing results (--dns-ttl) to avoid the interference of the system dns on the proxy. 
+The additional caching function can also reduce the dns parsing time and improve the access speed.
+Translation:
+`Agent sps -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
+
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution, 
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
+
+### 6.21 Help
 
 `proxy help sps`
 
 ## 7.KCP Configuration
 
 ### 7.1 Configuration Introduction
-Many functions of the proxy support the kcp protocol. Any function that uses the kcp protocol supports the configuration parameters described here.  
+
+Many functions of the proxy support the kcp protocol. Any function that uses the kcp protocol supports the configuration
+parameters described here.  
 Therefore, the KCP configuration parameters are introduced here.
 
 ### 7.2 Detailed configuration
@@ -2061,6 +2126,26 @@ Explanation: `http://`,`socks5://` is fixed, `127.0.0.1:3100` is the address of
    8. key : The base64 encoded string of the higher-level tls transport type certificate key file.
    9. luminati:if upstram is luminati proxies，value can be: true or false。
 
+4.Upstream supports multiple instances, regardless of whether SPS is 1 or 0, and they are separated by semicolons ;.
+When connecting to an upstream, by default, one upstream is randomly chosen. However, it supports setting the weight
+parameter for each upstream.
+If the weight is set for any upstream, all upstreams must have the weight parameter set. The weight must be greater than
+0;
+otherwise, the weight is considered invalid, and random selection is applied.
+This selection logic is also working after the authentication cache is enabled.
+
+Examples of multiple upstreams:
+
+1. Example without weight settings: `http://127.0.0.1:3100?argk=argv;http://127.0.0.2:3100?argk=argv`
+2. Example with weight settings: `http://127.0.0.1:3100?argk=argv&weight=10;http://127.0.0.2:3100?argk=argv&weight=20`
+
+Weight selection logic:  
+When a weight is set for an upstream, it divides the total weight among the upstreams based on their order.
+For example, if there are two upstreams with weights 10 and 20 respectively, the total weight is 30.
+The first upstream's weight range is 1-10, and the second upstream's weight range is 11-30.
+This logic extends to more upstreams. Each time, a random number within the total weight range is chosen,
+and the corresponding upstream is selected based on this number's range.
+
 ### Traffic report / Traffic limit / Traffic statistics
 
 The proxy's http (s) / socks5 / sps / tcp / udp proxy function supports traffic reporting. You can set an http interface address through the parameter `--traffic-url`.
diff --git a/README_ZH.md b/README_ZH.md
index e20a456..5bb329a 100644
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -13,6 +13,18 @@ GoProxy是一款轻量级、功能强大、高性能的http代理、https代理
 
 ---
 
+## 赞助者/Sponsors
+
+<a target="_blank" href="https://www.capsolver.com/zh?utm_source=github&utm_medium=banner_github&utm_campaign=goproxy">
+<img src="/doc/images/zanzhu_capsolver.jpg" height="200">
+</a>
+
+[Capsolver.com](https://www.capsolver.com/?utm_source=github&utm_medium=banner_github&utm_campaign=goproxy_github)是一家基于人工智能，提供自动验证码解决功能的服务商。支持的验证码类型包括reCAPTCHA、hCaptcha和FunCaptcha、
+hCaptcha Enterprise, FunCaptcha Enterprise, Cloudflare Challenge 5s / Turnstile Captcha, DataDome Captcha / Interstinial ,
+AWS captcha、Geetest、Akamai Web、BMP、Imperva/Incapsula、captcha图像识别等。
+
+---
+
 ### [点击我观看视频教程](https://space.bilibili.com/472844633)
 
 - [下载地址](https://github.com/snail007/goproxy/releases)
@@ -667,6 +679,8 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 
 `--dns-address` 支持设置多个dns地址，负载均衡，英文半角逗号分割。比如：--dns-address "1.1.1.1:53,8.8.8.8:53"
 
+还可以用参数`--dns-interface`指定dns解析使用的网卡，比如：`--dns-interface eth0`，dns解析就会走eth0网卡，此参数必须设置`--dns-address`才有效。  
+
 ### 1.12 自定义加密
 
 proxy的http(s)代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据，除此之外还支持在tls和kcp之后进行自定义  
@@ -1391,6 +1405,8 @@ KCP协议需要--kcp-key参数设置一个密码用于加密解密数据
 比如：  
 `proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
 
+还可以用参数`--dns-interface`指定dns解析使用的网卡，比如：`--dns-interface eth0`，dns解析就会走eth0网卡，此参数必须设置`--dns-address`才有效。  
+
 ### 5.10 自定义加密
 
 proxy的socks代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据，除此之外还支持在tls和kcp之后进行自定义加密，也就是说自定义加密和tls|kcp是可以联合使用的，内部采用AES256加密，使用的时候只需要自己定义一个密码即可，  
@@ -1546,7 +1562,14 @@ SOCKS5支持级联认证，-A可以设置上级认证信息。
 
 `proxy socks -t tcp -p "0.0.0.0:38080" --udp-port 38080`
 
-### 5.19 查看帮助
+### 5.19 UDP兼容模式
+
+默认情况下，proxy的socks5代理的UDP功能是按着socks5 RFC 1928 规范实现的，但是存在某些不遵守规范的socks5客户端，
+为了兼容这些客户端，可以加上--udp-compat参数，用于打开socks5 udp功能的兼容模式。
+
+另外可以：使用-udp-gc参数，用来设置UDP最大空闲时间，超过这个时间，UDP会被释放。
+
+### 5.20 查看帮助
 
 `proxy help socks`
 
@@ -1554,8 +1577,10 @@ SOCKS5支持级联认证，-A可以设置上级认证信息。
 
 ### 6.1 功能介绍
 
-代理协议转换使用的是sps子命令，sps可以把已经存在的http(s)代理或者socks5代理或ss代理转换为一个端口同时支持http(s)和socks5和ss的代理，而且http(s)代理支持正向代理和反向代理(SNI)
-，当上级是SOCKS5时,转换后的SOCKS5或者SS代理仍然支持UDP功能；另外对于已经存在的http(s)代理或者socks5代理，支持tls、tcp、kcp三种模式，支持链式连接，也就是可以多个sps结点层级连接构建加密通道。
+代理协议转换使用的是sps子命令，sps可以把已经存在的http(s)代理或者socks5代理或ss代理转换为一个端口同时支持http(s)
+和socks5和ss的代理，而且http(s)代理支持正向代理和反向代理(SNI)
+，当上级是SOCKS5时,转换后的SOCKS5或者SS代理仍然支持UDP功能；另外对于已经存在的http(s)
+代理或者socks5代理，支持tls、tcp、kcp三种模式，支持链式连接，也就是可以多个sps结点层级连接构建加密通道。
 
 `ss`功能支持的加密方法为:aes-128-cfb ， aes-128-ctr ， aes-128-gcm ， aes-192-cfb ， aes-192-ctr ， aes-192-gcm ， aes-256-cfb ，
 aes-256-ctr ， aes-256-gcm ， bf-cfb ， cast5-cfb ， chacha20 ， chacha20-ietf ， chacha20-ietf-poly1305 ， des-cfb ， rc4-md5 ，
@@ -1917,7 +1942,23 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 - 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY
 - 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
 
-### 6.18 查看帮助
+### 6.19 UDP兼容模式
+
+默认情况下，proxy的socks5代理的UDP功能是按着socks5 RFC 1928 规范实现的，但是存在某些不遵守规范的socks5客户端，
+为了兼容这些客户端，可以加上--udp-compat参数，用于打开socks5 udp功能的兼容模式。
+
+另外可以：使用-udp-gc参数，用来设置UDP最大空闲时间，超过这个时间，UDP会被释放。
+
+### 6.20 自定义DNS
+
+--dns-address和--dns-ttl参数，用于自己指定proxy访问域名的时候使用的dns（--dns-address）  
+以及解析结果缓存时间（--dns-ttl）秒数，避免系统dns对proxy的干扰，另外缓存功能还能减少dns解析时间提高访问速度。  
+比如：  
+`proxy sps -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
+
+还可以用参数`--dns-interface`指定dns解析使用的网卡，比如：`--dns-interface eth0`，dns解析就会走eth0网卡，此参数必须设置`--dns-address`才有效。  
+
+### 6.21 查看帮助
 
 `proxy help sps`
 
@@ -2211,6 +2252,21 @@ upstream支持socks5、http(s)代理，支持认证，格式：`protocol://a:b@2
 8. key : 上级底层tls传输类型的证书密钥文件经过base64编码后的字符串。
 9. luminati:上级是否是luminati代理，可以是：true | false。
 
+4.upstream支持多个，无论sps是1还是0，都支持多个upstream，写法是多个用分号;分隔。
+当连接上级的时候默认是随机选择一个upstream。 但是支持通过weight参数设置每个upstream的权重，
+如果设置了权重全部的upstream都必须设置weight参数，weight必须大于0， 否则权重视为无效，做随机选择处理。
+认证缓存开启后也会保持这个选择逻辑。
+
+多个upstream示例：
+
+1. 不设置权重示例：`http://127.0.0.1:3100?argk=argv;http://127.0.0.2:3100?argk=argv`
+1. 设置权重示例：`http://127.0.0.1:3100?argk=argv&weight=10;http://127.0.0.2:3100?argk=argv&weight=20`
+
+权重选择逻辑：  
+当upstream设置了权重，会按着upstream顺序，设置每个upstream的数值范围。
+比如有两upstream，第一个权重是10，第二个权重是20，那么总数值是30，第1个upstream的数值范围是1-10，第2个upstream的数值范围是11-30，
+更多个upstream依次类推。然后每次选择的时候在1-30内随机一个数，然后选择这个数所在范围的那个upstream。
+
 ### 流量上报/流量统计/流量限制
 
 proxy的http(s)/socks5/sps/tcp/udp代理功能支持流量上报,可以通过参数`--traffic-url`设置一个http接口地址。  
diff --git a/docs/manual/manual.md b/docs/manual/manual.md
index 3e2cd16..0e7cd31 100644
--- a/docs/manual/manual.md
+++ b/docs/manual/manual.md
@@ -425,6 +425,9 @@ For example:
 
 `--dns-address` supports multiple dns addresses, load balancing, separated by comma. For example: `--dns-address "1.1.1.1:53,8.8.8.8:53"`
 
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
+
 ### 1.12 Custom encryption
 The proxy's http(s) proxy can encrypt tcp data via tls standard encryption and kcp protocol on top of tcp, in addition to support customization after tls and kcp.  
 Encryption, that is to say, custom encryption and tls|kcp can be used in combination. The internal use of AES256 encryption, you only need to define a password when you use it.  
@@ -1086,6 +1089,9 @@ And the analysis result cache time (--dns-ttl) seconds, to avoid system dns inte
 For example:  
 `proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
 
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution,
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
+
 ### 5.10 Custom Encryption
 The proxy's socks proxy can encrypt tcp data through tls standard encryption and kcp protocol on top of tcp. In addition, it supports custom encryption after tls and kcp, which means that custom encryption and tls|kcp can be used together. The internal use of AES256 encryption, you only need to define a password when you use it.  
 Encryption is divided into two parts, one is whether the local (-z) encryption and decryption, and the other is whether the transmission with the upstream (-Z) is encrypted or decrypted.
@@ -1221,25 +1227,48 @@ The default is: parent.
 The meaning of each value is as follows:  
 `--intelligent=direct`, the targets in the blocked are not directly connected.  
 `--intelligent=parent`, the target that is not in the direct is going to the higher level.  
-`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream access target.
+`--intelligent=intelligent`, blocked and direct have no targets, intelligently determine whether to use the upstream
+access target.
 
 ### 5.18 Fixed UDP PORT
 
-By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which is randomly specified during the protocol handshake process and does not need to be specified in advance.
+By default, the port number of the UDP function of socks5, the proxy is installed in the `rfc1982 draft` request, which
+is randomly specified during the protocol handshake process and does not need to be specified in advance.
 
-However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix the port number of the UDP function. For example:
+However, in some cases, you need to fix the UDP function port. You can use the parameter `--udp-port port number` to fix
+the port number of the UDP function. For example:
 
 `proxy socks -t tcp -p "0.0.0.0:38080" --udp-port 38080`
 
-### 5.19 Help
+### 5.19 UDP Compatibility Mode
+
+By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
+specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
+compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
+UDP functionality.
+
+Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
+exceeded, UDP connections will be released.
+
+### 5.20 Help
+
 `proxy help socks`
 
 ## 6.SPS Protocol Convert
 
 ### 6.1 Function introduction
-The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5 proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node levels can be supported. The connection builds an encrypted channel.
 
-The encryption methods supported by the `ss` function are: aes-128-cfb, aes-128-ctr, aes-128-gcm, aes-192-cfb, aes-192-ctr, aes-192-gcm, aes-256- Cfb , aes-256-ctr , aes-256-gcm , bf-cfb , cast5-cfb , chacha20 , chacha20-ietf , chacha20-ietf-poly1305 , des-cfb , rc4-md5 , rc4-md5-6 , salsa20 , Xchacha20
+The proxy protocol conversion uses the sps subcommand. The sps itself does not provide the proxy function. It only
+accepts the proxy request to "convert and forward" to the existing http(s) proxy or the socks5 proxy or ss proxy; the
+sps can put the existing http(s) proxy or socks5 proxy or ss proxy is converted to a port that supports both http(s) and
+socks5 and ss proxies, and the http(s) proxy supports forward proxy and reverse proxy (SNI), converted SOCKS5 proxy, UDP
+function is still supported when the upper level is SOCKS5 or SS; in addition, for the existing http(s) proxy or socks5
+proxy, three modes of tls, tcp, and kcp are supported, and chain connection is supported, that is, multiple sps node
+levels can be supported. The connection builds an encrypted channel.
+
+The encryption methods supported by the `ss` function are: aes-128-cfb, aes-128-ctr, aes-128-gcm, aes-192-cfb,
+aes-192-ctr, aes-192-gcm, aes-256- Cfb , aes-256-ctr , aes-256-gcm , bf-cfb , cast5-cfb , chacha20 , chacha20-ietf ,
+chacha20-ietf-poly1305 , des-cfb , rc4-md5 , rc4-md5-6 , salsa20 , Xchacha20
 
 Listen port argument `-p` can be:
 
@@ -1519,7 +1548,7 @@ It should be noted that the ss function of sps also has UDP function, and the UD
 
 To specify a port that is different from the tcp port.
 
-### 6.17 iptables 透明代理
+### 6.17 Iptables Transparent Proxy
 The sps mode supports the iptables transparent forwarding support of the Linux system, which is commonly referred to as the iptables transparent proxy. If a iptables transparent proxy is performed on the gateway device, the device that is connected through the gateway can realize a non-aware proxy.
 
 Example start command:
@@ -1566,16 +1595,40 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 
 - Clear the entire chain iptables -F chain name such as iptables -t nat -F PROXY
 - Delete the specified user-defined chain iptables -X chain name e.g. iptables -t nat -X PROXY
-- Delete rule from selected chain iptables -D chain name rule details e.g. iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
+- Delete rule from selected chain iptables -D chain name rule details e.g. iptables -t nat -D PROXY -d
+  223.223.192.0/255.255.240.0 -j RETURN
 
-### 6.18 Help
+### 6.19 UDP Compatibility Mode
+
+By default, the UDP functionality of the SOCKS5 proxy in the proxy operates in accordance with the SOCKS5 RFC 1928
+specification. However, there are certain SOCKS5 clients that do not adhere to the specified rules. To ensure
+compatibility with such clients, the `--udp-compat` parameter can be added to activate the compatibility mode for SOCKS5
+UDP functionality.
+
+Additionally, the `-udp-gc` parameter can be utilized to set the maximum idle time for UDP. When this time threshold is
+exceeded, UDP connections will be released.
+
+### 6.20 Custom DNS
+
+The `--dns-address` and `--dns-ttl` parameters are used to specify the dns used by the proxy to access the domain name (`--dns-address`)
+As well as the number of seconds for caching the parsing results (--dns-ttl) to avoid the interference of the system dns on the proxy. 
+The additional caching function can also reduce the dns parsing time and improve the access speed.
+Translation:
+`Agent sps -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
+
+You can also use the parameter `--dns-interface` to specify the bandwidth used for dns resolution, 
+for example: `--dns-interface eth0`, dns resolution will use the eth0 bandwidth, this parameter must be set to `--dns-address` to be effective.
+
+### 6.21 Help
 
 `proxy help sps`
 
 ## 7.KCP Configuration
 
 ### 7.1 Configuration Introduction
-Many functions of the proxy support the kcp protocol. Any function that uses the kcp protocol supports the configuration parameters described here.  
+
+Many functions of the proxy support the kcp protocol. Any function that uses the kcp protocol supports the configuration
+parameters described here.  
 Therefore, the KCP configuration parameters are introduced here.
 
 ### 7.2 Detailed configuration
@@ -1865,6 +1918,26 @@ Explanation: `http://`,`socks5://` is fixed, `127.0.0.1:3100` is the address of
    8. key : The base64 encoded string of the higher-level tls transport type certificate key file.
    9. luminati:if upstram is luminati proxies，value can be: true or false。
 
+4.Upstream supports multiple instances, regardless of whether SPS is 1 or 0, and they are separated by semicolons ;.
+When connecting to an upstream, by default, one upstream is randomly chosen. However, it supports setting the weight
+parameter for each upstream.
+If the weight is set for any upstream, all upstreams must have the weight parameter set. The weight must be greater than
+0;
+otherwise, the weight is considered invalid, and random selection is applied.
+This selection logic is also working after the authentication cache is enabled.
+
+Examples of multiple upstreams:
+
+1. Example without weight settings: `http://127.0.0.1:3100?argk=argv;http://127.0.0.2:3100?argk=argv`
+2. Example with weight settings: `http://127.0.0.1:3100?argk=argv&weight=10;http://127.0.0.2:3100?argk=argv&weight=20`
+
+Weight selection logic:  
+When a weight is set for an upstream, it divides the total weight among the upstreams based on their order.
+For example, if there are two upstreams with weights 10 and 20 respectively, the total weight is 30.
+The first upstream's weight range is 1-10, and the second upstream's weight range is 11-30.
+This logic extends to more upstreams. Each time, a random number within the total weight range is chosen,
+and the corresponding upstream is selected based on this number's range.
+
 ### Traffic report / Traffic limit / Traffic statistics
 
 The proxy's http (s) / socks5 / sps / tcp / udp proxy function supports traffic reporting. You can set an http interface address through the parameter `--traffic-url`.
diff --git a/docs/manual/zh/manual.md b/docs/manual/zh/manual.md
index 76ae56e..aaeab86 100644
--- a/docs/manual/zh/manual.md
+++ b/docs/manual/zh/manual.md
@@ -440,6 +440,8 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 
 `--dns-address` 支持设置多个dns地址，负载均衡，英文半角逗号分割。比如：--dns-address "1.1.1.1:53,8.8.8.8:53"
 
+还可以用参数`--dns-interface`指定dns解析使用的网卡，比如：`--dns-interface eth0`，dns解析就会走eth0网卡，此参数必须设置`--dns-address`才有效。  
+
 ### 1.12 自定义加密
 
 proxy的http(s)代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据，除此之外还支持在tls和kcp之后进行自定义  
@@ -1164,6 +1166,8 @@ KCP协议需要--kcp-key参数设置一个密码用于加密解密数据
 比如：  
 `proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
 
+还可以用参数`--dns-interface`指定dns解析使用的网卡，比如：`--dns-interface eth0`，dns解析就会走eth0网卡，此参数必须设置`--dns-address`才有效。  
+
 ### 5.10 自定义加密
 
 proxy的socks代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据，除此之外还支持在tls和kcp之后进行自定义加密，也就是说自定义加密和tls|kcp是可以联合使用的，内部采用AES256加密，使用的时候只需要自己定义一个密码即可，  
@@ -1319,7 +1323,14 @@ SOCKS5支持级联认证，-A可以设置上级认证信息。
 
 `proxy socks -t tcp -p "0.0.0.0:38080" --udp-port 38080`
 
-### 5.19 查看帮助
+### 5.19 UDP兼容模式
+
+默认情况下，proxy的socks5代理的UDP功能是按着socks5 RFC 1928 规范实现的，但是存在某些不遵守规范的socks5客户端，
+为了兼容这些客户端，可以加上--udp-compat参数，用于打开socks5 udp功能的兼容模式。
+
+另外可以：使用-udp-gc参数，用来设置UDP最大空闲时间，超过这个时间，UDP会被释放。
+
+### 5.20 查看帮助
 
 `proxy help socks`
 
@@ -1327,8 +1338,10 @@ SOCKS5支持级联认证，-A可以设置上级认证信息。
 
 ### 6.1 功能介绍
 
-代理协议转换使用的是sps子命令，sps可以把已经存在的http(s)代理或者socks5代理或ss代理转换为一个端口同时支持http(s)和socks5和ss的代理，而且http(s)代理支持正向代理和反向代理(SNI)
-，当上级是SOCKS5时,转换后的SOCKS5或者SS代理仍然支持UDP功能；另外对于已经存在的http(s)代理或者socks5代理，支持tls、tcp、kcp三种模式，支持链式连接，也就是可以多个sps结点层级连接构建加密通道。
+代理协议转换使用的是sps子命令，sps可以把已经存在的http(s)代理或者socks5代理或ss代理转换为一个端口同时支持http(s)
+和socks5和ss的代理，而且http(s)代理支持正向代理和反向代理(SNI)
+，当上级是SOCKS5时,转换后的SOCKS5或者SS代理仍然支持UDP功能；另外对于已经存在的http(s)
+代理或者socks5代理，支持tls、tcp、kcp三种模式，支持链式连接，也就是可以多个sps结点层级连接构建加密通道。
 
 `ss`功能支持的加密方法为:aes-128-cfb ， aes-128-ctr ， aes-128-gcm ， aes-192-cfb ， aes-192-ctr ， aes-192-gcm ， aes-256-cfb ，
 aes-256-ctr ， aes-256-gcm ， bf-cfb ， cast5-cfb ， chacha20 ， chacha20-ietf ， chacha20-ietf-poly1305 ， des-cfb ， rc4-md5 ，
@@ -1690,7 +1703,23 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 - 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY
 - 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
 
-### 6.18 查看帮助
+### 6.19 UDP兼容模式
+
+默认情况下，proxy的socks5代理的UDP功能是按着socks5 RFC 1928 规范实现的，但是存在某些不遵守规范的socks5客户端，
+为了兼容这些客户端，可以加上--udp-compat参数，用于打开socks5 udp功能的兼容模式。
+
+另外可以：使用-udp-gc参数，用来设置UDP最大空闲时间，超过这个时间，UDP会被释放。
+
+### 6.20 自定义DNS
+
+--dns-address和--dns-ttl参数，用于自己指定proxy访问域名的时候使用的dns（--dns-address）  
+以及解析结果缓存时间（--dns-ttl）秒数，避免系统dns对proxy的干扰，另外缓存功能还能减少dns解析时间提高访问速度。  
+比如：  
+`proxy sps -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
+
+还可以用参数`--dns-interface`指定dns解析使用的网卡，比如：`--dns-interface eth0`，dns解析就会走eth0网卡，此参数必须设置`--dns-address`才有效。  
+
+### 6.21 查看帮助
 
 `proxy help sps`
 
@@ -1984,6 +2013,21 @@ upstream支持socks5、http(s)代理，支持认证，格式：`protocol://a:b@2
 8. key : 上级底层tls传输类型的证书密钥文件经过base64编码后的字符串。
 9. luminati:上级是否是luminati代理，可以是：true | false。
 
+4.upstream支持多个，无论sps是1还是0，都支持多个upstream，写法是多个用分号;分隔。
+当连接上级的时候默认是随机选择一个upstream。 但是支持通过weight参数设置每个upstream的权重，
+如果设置了权重全部的upstream都必须设置weight参数，weight必须大于0， 否则权重视为无效，做随机选择处理。
+认证缓存开启后也会保持这个选择逻辑。
+
+多个upstream示例：
+
+1. 不设置权重示例：`http://127.0.0.1:3100?argk=argv;http://127.0.0.2:3100?argk=argv`
+1. 设置权重示例：`http://127.0.0.1:3100?argk=argv&weight=10;http://127.0.0.2:3100?argk=argv&weight=20`
+
+权重选择逻辑：  
+当upstream设置了权重，会按着upstream顺序，设置每个upstream的数值范围。
+比如有两upstream，第一个权重是10，第二个权重是20，那么总数值是30，第1个upstream的数值范围是1-10，第2个upstream的数值范围是11-30，
+更多个upstream依次类推。然后每次选择的时候在1-30内随机一个数，然后选择这个数所在范围的那个upstream。
+
 ### 流量上报/流量统计/流量限制
 
 proxy的http(s)/socks5/sps/tcp/udp代理功能支持流量上报,可以通过参数`--traffic-url`设置一个http接口地址。  
diff --git a/docs/sitemap.xml b/docs/sitemap.xml
index c1fad7b..26b0c0f 100644
--- a/docs/sitemap.xml
+++ b/docs/sitemap.xml
@@ -18,31 +18,31 @@
   </url>
   
   <url>
-    <loc>https://snail007.goproxyauth.com/goproxy/categories/</loc>
+    <loc>https://snail007.goproxyauth.com/goproxy/tags/cdn/</loc>
     <lastmod>2019-07-05T08:20:48+08:00</lastmod>
     <priority>0</priority>
   </url>
   
   <url>
-    <loc>https://snail007.goproxyauth.com/goproxy/</loc>
+    <loc>https://snail007.goproxyauth.com/goproxy/categories/</loc>
     <lastmod>2019-07-05T08:20:48+08:00</lastmod>
     <priority>0</priority>
   </url>
   
   <url>
-    <loc>https://snail007.goproxyauth.com/goproxy/posts/</loc>
+    <loc>https://snail007.goproxyauth.com/goproxy/</loc>
     <lastmod>2019-07-05T08:20:48+08:00</lastmod>
     <priority>0</priority>
   </url>
   
   <url>
-    <loc>https://snail007.goproxyauth.com/goproxy/tags/</loc>
+    <loc>https://snail007.goproxyauth.com/goproxy/posts/</loc>
     <lastmod>2019-07-05T08:20:48+08:00</lastmod>
     <priority>0</priority>
   </url>
   
   <url>
-    <loc>https://snail007.goproxyauth.com/goproxy/tags/cdn/</loc>
+    <loc>https://snail007.goproxyauth.com/goproxy/tags/</loc>
     <lastmod>2019-07-05T08:20:48+08:00</lastmod>
     <priority>0</priority>
   </url>
diff --git a/docs/tags/cdn/index.html b/docs/tags/cdn/index.html
index 921a8b2..2e619ce 100644
--- a/docs/tags/cdn/index.html
+++ b/docs/tags/cdn/index.html
@@ -14,7 +14,7 @@
     <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet">
     <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
     <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.4/styles/solarized_dark.min.css">
-    <title>cdn - GOPROXY IN ACTION</title>
+    <title>CDN - GOPROXY IN ACTION</title>
     
     <link href="https://snail007.goproxyauth.com/goproxy/css/styles.css" rel="stylesheet">
     
@@ -77,7 +77,7 @@
 
     
     <header class="page-header">
-      <h1>cdn</h1>
+      <h1>CDN</h1>
     </header>
     
 
diff --git a/docs/tags/cdn/index.xml b/docs/tags/cdn/index.xml
index b6365bc..277430e 100644
--- a/docs/tags/cdn/index.xml
+++ b/docs/tags/cdn/index.xml
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes" ?>
 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
   <channel>
-    <title>cdn on GOPROXY IN ACTION</title>
+    <title>CDN on GOPROXY IN ACTION</title>
     <link>https://snail007.goproxyauth.com/goproxy/tags/cdn/</link>
-    <description>Recent content in cdn on GOPROXY IN ACTION</description>
+    <description>Recent content in CDN on GOPROXY IN ACTION</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>zh-CN</language>
     <lastBuildDate>Fri, 05 Jul 2019 08:20:48 +0800</lastBuildDate>
diff --git a/docs/tags/index.xml b/docs/tags/index.xml
index e06ddc2..7d5472a 100644
--- a/docs/tags/index.xml
+++ b/docs/tags/index.xml
@@ -12,7 +12,7 @@
     
     
     <item>
-      <title>cdn</title>
+      <title>CDN</title>
       <link>https://snail007.goproxyauth.com/goproxy/tags/cdn/</link>
       <pubDate>Fri, 05 Jul 2019 08:20:48 +0800</pubDate>