update reverse proxy

docs/tutorials/reverse-proxy-tunnel.md

@@ -55,7 +55,7 @@ comments: true
 === "命令行"
 
     ```bash
-    gost -L rtcp://:0/192.168.1.1:80 -F tunnel://:8443?tunnel.id=4d21094e-b74c-4916-86c1-d9fa36ea677b
+    gost -L rtcp://:0/192.168.1.1:80 -F "tunnel://:8443?tunnel.id=4d21094e-b74c-4916-86c1-d9fa36ea677b&tunnel.weight=1"
     ```
 
 === "配置文件"
@@ -84,18 +84,23 @@ comments: true
             type: tunnel
             metadata:
               tunnel.id: 4d21094e-b74c-4916-86c1-d9fa36ea677b
+              tunnel.weight: 1
           dialer:
             type: tcp
     ```
 
-通过`tunnel.id`指定隧道ID，此时rtcp服务中指定的`addr`参数无效。
+`tunnel.id` (string)
+:    隧道ID，此时rtcp服务中指定的`addr`参数无效。
+
+`tunnel.weight` (uint8, default=1)
+:    客户端连接权重，取值范围[1, 255]。当权重值为`255`时，其他权重值小于255的客户端连接将被忽略。
 
 本例中当流量进入公共入口点(服务端的80端口)后会嗅探流量信息获取所要访问的主机名，再通过主机名在Ingress中找到匹配的规则，获取对应的服务端点(endpoint即隧道ID)，最后在隧道的连接池中获取一个有效连接将流量通过此连接发送到客户端。
 
 当主机名为`example.com`时，根据Ingress中的规则匹配到ID为4d21094e-b74c-4916-86c1-d9fa36ea677b的隧道。当流量到达客户端后再由rtcp服务转发给192.168.1.1:80服务。
 
 !!! tip "高可用性"
-    为了提高单个隧道的可用性，可以运行多个客户端，这些客户端使用相同的隧道ID。当需要从隧道获取连接时，将采用轮询机制，最多3次失败重试。
+    为了提高单个隧道的可用性，可以运行多个客户端，这些客户端使用相同的隧道ID。当需要从隧道获取连接时，将采用加权随机方式选择一个客户端连接，最多3次失败重试。
 
 ## 外部公共入口点
 

docs/tutorials/reverse-proxy.md

@@ -172,7 +172,7 @@ services:
 
 ## HTTP请求头设置
 
-当嗅探到HTTP流量时，可以在目标节点上通过`forwarder.nodes.http`选项对HTTP的请求头部信息进行设置，包括Host头重写和自定义头部信息，对本地和远程端口转发均适用。
+当嗅探到HTTP流量时，可以在目标节点上通过`forwarder.nodes.http`选项对HTTP的请求头部信息进行设置，包括Host头重写，自定义头部信息和开启Basic Auth，对本地和远程端口转发均适用。
 
 ### 重写Host头
 
@@ -246,6 +246,31 @@ services:
 
 当请求http://example.com时，最终发送给example.com:80的HTTP请求头中将会添加`User-Agent`，`Foo`和`Bar`三个字段。
 
+### HTTP Basic Authentication
+
+可以通过设置`http.auth`选项为目标节点启用[HTTP基本认证](https://zh.wikipedia.org/zh-cn/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81)功能。
+
+```yaml hl_lines="15 16 17"
+services:
+- name: http
+  addr: :80
+  handler:
+    type: tcp
+    metadata:
+      sniffing: true
+  listener:
+    type: tcp
+  forwarder:
+    nodes:
+    - name: example-com
+      addr: example.com:443
+      host: example.com
+      http:
+        auth:
+          username: user
+          password: pass
+```
+
 ## TLS请求设置
 
 如果转发的目标节点启用了TLS，可以通过设置`forwarder.nodes.tls`来建立TLS连接。
@@ -290,30 +315,6 @@ services:
 `tls.options.cipherSuites` (list)
 :    加密套件，可选值参考[Cipher Suites](https://pkg.go.dev/crypto/tls#pkg-constants)。
 
-## HTTP Basic Authentication
-
-可以通过设置`forwarder.nodes.auth`选项为目标节点启用[HTTP基本认证](https://zh.wikipedia.org/zh-cn/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81)功能。
-
-```yaml hl_lines="15 16 17"
-services:
-- name: http
-  addr: :80
-  handler:
-    type: tcp
-    metadata:
-      sniffing: true
-  listener:
-    type: tcp
-  forwarder:
-    nodes:
-    - name: example-com
-      addr: example.com:443
-      host: example.com
-      auth:
-        username: user
-        password: pass
-```
-
 ## 特定应用转发
 
 本地和远程端口转发服务也支持对特定的应用流量嗅探。目前支持的应用协议有：

en/docs/tutorials/reverse-proxy-tunnel.md

@@ -55,7 +55,7 @@ The `entrypoint` option specifies the public entry point for traffic, the `ingre
 === "CLI"
 
     ```bash
-    gost -L rtcp://:0/192.168.1.1:80 -F tunnel://:8443?tunnel.id=4d21094e-b74c-4916-86c1-d9fa36ea677b
+    gost -L rtcp://:0/192.168.1.1:80 -F "tunnel://:8443?tunnel.id=4d21094e-b74c-4916-86c1-d9fa36ea677b&tunnel.weight=1"
     ```
 
 === "File (YAML)"
@@ -84,18 +84,23 @@ The `entrypoint` option specifies the public entry point for traffic, the `ingre
             type: tunnel
             metadata:
               tunnel.id: 4d21094e-b74c-4916-86c1-d9fa36ea677b
+              tunnel.weight: 1
           dialer:
             type: tcp
     ```
 
-Specify tunnel ID via `tunnel.id` option, and the `addr` parameter specified in the rtcp service is invalid at this time.
+`tunnel.id` (string)
+:    tunnel ID, the `addr` parameter specified in the rtcp service is invalid at this time.
+
+`tunnel.weight` (uint8, default=1)
+:    Client connection weight, the range of value [1, 255]. When the weight value is 255, other client connections with a weight value less than 255 are ignored.
 
 In this example, when the traffic enters the entry point (port 80 of the server), it will sniff the traffic to obtain the hostname, and then find the matching rule in the Ingress through the hostname to obtain the corresponding service endpoint (tunnel) , and finally obtain a valid connection in the connection pool of the tunnel and send the traffic to the client through this connection.
 
 When the hostname is `example.com`, the tunnel with the ID 4d21094e-b74c-4916-86c1-d9fa36ea677b is matched according to the rules in the Ingress. When the traffic reaches the client, it is forwarded by the rtcp service to the 192.168.1.1:80 service.
 
 !!! tip "High Availability"
-    In order to improve the availability of a single tunnel, multiple clients can be run, and these clients use the same tunnel ID. When obtaining a connection from the tunnel, a round-robin mechanism will be used, with up to 3 failed retries.
+    In order to improve the availability of a single tunnel, multiple clients can be run, and these clients use the same tunnel ID. When obtaining a connection from the tunnel, a weighted random mechanism will be used, with up to 3 failed retries.
 
 ## External Public Entry Point
 

en/docs/tutorials/reverse-proxy.md

@@ -170,7 +170,7 @@ services:
 
 ## HTTP Request Header Settings
 
-When sniffing HTTP traffic, you can set the HTTP request header information on the target node through the `forwarder.nodes.http` option, including Host header rewriting and custom header information.
+When sniffing HTTP traffic, you can set the HTTP request header information on the target node through the `forwarder.nodes.http` option, including Host header rewriting, custom header information and basic auth.
 
 ### Rewrite Host Header
 
@@ -244,6 +244,31 @@ services:
 
 When requesting http://example.com, three fields `User-Agent`, `Foo` and `Bar` will be added to the HTTP request header sent to example.com:80.
 
+### HTTP Basic Authentication
+
+You can enable [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) for target node by setting the `http.auth` option.
+
+```yaml hl_lines="15 16 17"
+services:
+- name: http
+  addr: :80
+  handler:
+    type: tcp
+    metadata:
+      sniffing: true
+  listener:
+    type: tcp
+  forwarder:
+    nodes:
+    - name: example-com
+      addr: example.com:443
+      host: example.com
+      http:
+        auth:
+          username: user
+          password: pass
+```
+
 ## TLS Settings
 
 If the forwarding target node has TLS enabled, you can establish a TLS connection by setting `forwarder.nodes.tls`.
@@ -288,30 +313,6 @@ services:
 `tls.options.cipherSuites` (list)
 :    Cipher Suites, See [Cipher Suites](https://pkg.go.dev/crypto/tls#pkg-constants) for more information.
 
-## HTTP Basic Authentication
-
-You can enable [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) for target node by setting the `forwarder.nodes.auth` option.
-
-```yaml hl_lines="15 16 17"
-services:
-- name: http
-  addr: :80
-  handler:
-    type: tcp
-    metadata:
-      sniffing: true
-  listener:
-    type: tcp
-  forwarder:
-    nodes:
-    - name: example-com
-      addr: example.com:443
-      host: example.com
-      auth:
-        username: user
-        password: pass
-```
-
 ## Application-Specific Forwarding
 
 Local and remote port forwarding services also support sniffing of specific application traffic. Currently supported application protocols are: 
@@ -324,7 +325,7 @@ In forwarder.nodes, specify the node protocol type through the `protocol` option
 
 === "Local Port Forwarding"
 
-    ```yaml hl_lines="14"
+    ```yaml hl_lines="15 19 22"
     services:
     - name: https
       addr: :443
@@ -351,7 +352,7 @@ In forwarder.nodes, specify the node protocol type through the `protocol` option
 
 === "Remote Port Forwarding"
 
-    ```yaml hl_lines="15"
+    ```yaml hl_lines="15 18 21"
     services:
     - name: https
       addr: :443