Merge pull request #7721 from HJianBo/make-spell-check-happy

Make spellcheck happy
2022-04-26 13:42:55 +08:00 · 2022-04-26 13:42:55 +08:00 · c921207b82
parent 81e9000c72 81b5d7959b
commit c921207b82
8 changed files with 237 additions and 190 deletions
--- a/apps/emqx/i18n/emqx_limiter_i18n.conf
+++ b/apps/emqx/i18n/emqx_limiter_i18n.conf
@ -128,7 +128,7 @@ the check/consume will succeed, but it will be forced to wait for a short period
    desc {
      en: """The batch limiter.
 This is used for EMQX internal batch operation
-e.g. limite the retainer's deliver rate"""
+e.g. limit the retainer's deliver rate"""
      zh: """批量操作速率控制器。
 这是给 EMQX 内部的批量操作使用的，比如用来控制保留消息的派发速率"""
    }
@ -141,8 +141,8 @@ e.g. limite the retainer's deliver rate"""
  message_routing {
    desc {
      en: """The message routing limiter.
-This is used to limite the deliver rate for this EMQX node.
+This is used to limit the forwarding rate for this EMQX node.
-If the this limiter limit is reached, new publish will be refused"""
+Once the limit is reached, new publish will be refused"""
      zh: """消息派发速率控制器。
 这个用来控制当前节点内的消息派发速率，当达到最大速率后，新的推送将会被拒绝"""
    }
@ -156,7 +156,7 @@ If the this limiter limit is reached, new publish will be refused"""
    desc {
      en: """The connection limiter.
 This is used to limit the connection rate for this EMQX node.
-If the this limiter limit is reached, new connections will be refused"""
+Once the limit is reached, new connections will be refused"""
      zh: """连接速率控制器。
 这个用来控制当前节点上的连接速率，当达到最大速率后，新的连接将会被拒绝"""
    }
@ -170,7 +170,7 @@ If the this limiter limit is reached, new connections will be refused"""
    desc {
      en: """The message in limiter.
 This is used to limit the inbound message numbers for this EMQX node
-If the this limiter limit is reached, the restricted client will be slow down even be hung for a while."""
+Once the limit is reached, the restricted client will be slow down even be hung for a while."""
      zh: """流入速率控制器。
 这个用来控制当前节点上的消息流入速率，当达到最大速率后，会话将会被限速甚至被强制挂起一小段时间"""
    }
@ -184,7 +184,7 @@ If the this limiter limit is reached, the restricted client will be slow down ev
    desc {
      en: """The bytes_in limiter.
 This is used to limit the inbound bytes rate for this EMQX node.
-If the this limiter limit is reached, the restricted client will be slow down even be hung for a while."""
+Once the limit is reached, the restricted client will be slow down even be hung for a while."""
      zh: """流入字节率控制器.
 这个是用来控制当前节点上的数据流入的字节率，每条消息将会消耗和其二进制大小等量的令牌，当达到最大速率后，会话将会被限速甚至被强制挂起一小段时间"""
    }
--- a/apps/emqx/i18n/emqx_schema_i18n.conf
+++ b/apps/emqx/i18n/emqx_schema_i18n.conf
@ -17,8 +17,8 @@ emqx_schema {
      zh: "消息队列的最大长度"
    }
    label {
-      en: "Maximum message queue length."
+      en: "Maximum mailbox queue length of process."
-      zh: "消息队列的最大长度"
+      zh: "进程邮箱消息队列的最大长度"
    }
  }
@ -802,7 +802,7 @@ To configure <code>\"topic/1\" > \"topic/2\"</code>:
    mqtt_use_username_as_clientid {
        desc {
            en: """Replace client ID with the username."""
-            zh: """是否使用 Client ID 替换 Username。"""
+            zh: """是否使用 Username 替换 Client ID。"""
        }
    }
@ -1323,9 +1323,8 @@ In case PSK cipher suites are intended, make sure to configured
 """
        zh: """
 支持所有TLS/DTLS版本</br>
-注：PSK密码被“tlsv1”抑制。3'版本配置</br>
+
-如果打算使用PSK密码套件，请确保这里已配置
+注：PSK 的 Ciphers 无法在 <code>tlsv1.3</code> 中使用，如果打算使用 PSK 密码套件，请确保这里配置为 <code>["tlsv1.2","tlsv1.1"]</code>。
 <code>['tlsv1.2'，'tlsv1.1']</code>。
 """
    }
    label: {
@ -1334,7 +1333,7 @@ In case PSK cipher suites are intended, make sure to configured
    }
 }
-ciphers_schema_0 {
+ciphers_schema_common {
    desc {
        en: """
 This config holds TLS cipher suite names separated by comma,
@ -1367,8 +1366,8 @@ RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA"</code></br>
 """
        zh: """
 此配置保存由逗号分隔的 TLS 密码套件名称，或作为字符串数组。例如
-<code>“TLS_AES_256_GCM_SHA384，TLS_AES_128_GCM_SHA256”</code>或
+<code>"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256"</code>或
-<code>[“TLS_AES_256_GCM_SHA384”、“TLS_AES_128_GCM_SHA256”]</code>。
+<code>["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]</code>。
 </br>
 密码（及其顺序）定义了客户端和服务器通过网络连接加密信息的方式。
 选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。
@ -1378,14 +1377,14 @@ EMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式</br>
 注意：某些密码套件仅与特定的 TLS <code>版本</code>兼容（'tlsv1.1'、'tlsv1.2'或'tlsv1.3'）。
 不兼容的密码套件将被自动删除。
-例如，如果只有“tlsv1.3”。在<code>版本</code>中给出，为其他版本配置密码套件将无效。
+例如，如果只有 <code>versions</code> 仅配置为 <code>tlsv1.3</code>。为其他版本配置密码套件将无效。
 </br>
-注：PSK密码被“tlsv1.3”抑制。版本配置</br>
+注：PSK 的 Ciphers 不支持 tlsv1.3</br>
-如果打算使用PSK密码套件，“tlsv1.3”。应在<code>版本</code>中禁用。
+如果打算使用PSK密码套件 <code>tlsv1.3</code>。应在<code>ssl.versions</code>中禁用。
 </br>
-PSK密码套件：
+PSK 密码套件：
 <code>"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,
 RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,
 RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,
@ -1398,6 +1397,74 @@ RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA"</code></br>
    }
 }
 ciphers_schema_quic {
    desc {
        en: """
 This config holds TLS cipher suite names separated by comma,
 or as an array of strings. e.g.
 <code>"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256"</code> or
 <code>["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]</code>.
 </br>
 Ciphers (and their ordering) define the way in which the
 client and server encrypts information over the network connection.
 Selecting a good cipher suite is critical for the
 application's data security, confidentiality and performance.
 The names should be in OpenSSL string format (not RFC format).
 All default values and examples provided by EMQX config
 documentation are all in OpenSSL format.</br>
 NOTE: Certain cipher suites are only compatible with
 specific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')
 incompatible cipher suites will be silently dropped.
 For instance, if only 'tlsv1.3' is given in the <code>versions</code>,
 configuring cipher suites for other versions will have no effect.
 </br>
 NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config</br>
 If PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.</br>
 PSK cipher suites: <code>"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,
 RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,
 RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,
 RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA"</code></br>
 NOTE: QUIC listener supports only 'tlsv1.3' ciphers</br>
 """
        zh: """
 此配置保存由逗号分隔的 TLS 密码套件名称，或作为字符串数组。例如
 <code>"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256"</code>或
 <code>["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]</code>。
 </br>
 密码（及其顺序）定义了客户端和服务器通过网络连接加密信息的方式。
 选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。
 名称应为 OpenSSL 字符串格式（而不是 RFC 格式）。
 EMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式</br>
 注意：某些密码套件仅与特定的 TLS <code>版本</code>兼容（'tlsv1.1'、'tlsv1.2'或'tlsv1.3'）。
 不兼容的密码套件将被自动删除。
 例如，如果只有 <code>versions</code> 仅配置为 <code>tlsv1.3</code>。为其他版本配置密码套件将无效。
 </br>
 注：PSK 的 Ciphers 不支持 tlsv1.3</br>
 如果打算使用PSK密码套件，<code>tlsv1.3</code>。应在<code>ssl.versions</code>中禁用。
 </br>
 PSK 密码套件：
 <code>"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,
 RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,
 RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,
 RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA"</code></br>
 注：QUIC 监听器不支持 tlsv1.3 的 ciphers
 """
    }
    label: {
        en: ""
        zh: ""
    }
 }
 common_ssl_opts_schema_user_lookup_fun {
    desc {
        en: """
@ -1699,30 +1766,30 @@ base_listener_mountpoint {
    desc {
        en: """
 When publishing or subscribing, prefix all topics with a mountpoint string.
- The prefixed string will be removed from the topic name when the message
+The prefixed string will be removed from the topic name when the message
- is delivered to the subscriber. The mountpoint is a way that users can use
+is delivered to the subscriber. The mountpoint is a way that users can use
- to implement isolation of message routing between different listeners.
+to implement isolation of message routing between different listeners.
- For example if a client A subscribes to `t` with `listeners.tcp.<name>.mountpoint`
+For example if a client A subscribes to `t` with `listeners.tcp.<name>.mountpoint`
- set to `some_tenant`, then the client actually subscribes to the topic
+set to `some_tenant`, then the client actually subscribes to the topic
- `some_tenant/t`. Similarly, if another client B (connected to the same listener
+`some_tenant/t`. Similarly, if another client B (connected to the same listener
- as the client A) sends a message to topic `t`, the message is routed
+as the client A) sends a message to topic `t`, the message is routed
- to all the clients subscribed `some_tenant/t`, so client A will receive the
+to all the clients subscribed `some_tenant/t`, so client A will receive the
- message, with topic name `t`.</br>
+message, with topic name `t`.</br>
- Set to `""` to disable the feature.</br>
+Set to `""` to disable the feature.</br>
- Variables in mountpoint string:
+Variables in mountpoint string:
- - <code>${clientid}</code>: clientid
+  - <code>${clientid}</code>: clientid
- - <code>${username}</code>: username
+  - <code>${username}</code>: username
 """
        zh: """
 发布或订阅时，请在所有主题前面加上 mountpoint 字符串。
 将消息传递给订阅者时，将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。
-例如，如果客户机a使用`侦听器订阅` t'。tcp<名称>。mountpoint`设置为'some_tenant'，那么客户端实际上订阅了主题'some_tenant/t'。</br>
+例如，如果客户机 A 使用 <code>listeners.tcp.<name>.mountpoint</code> 设置为'some_tenant'，那么客户端实际上订阅了主题'some_tenant/t'。</br>
-类似地，如果另一个客户端B（与客户端A连接到同一个侦听器）向主题“t”发送消息，该消息将路由到所有订阅了“some_租户/t”的客户端，因此客户端A将接收主题名为“t”的消息</br>
+类似地，如果另一个客户端B（与客户端A连接到同一个侦听器）向主题 't' 发送消息，该消息将路由到所有订阅了'some_租户/t'的客户端，因此客户端 A 将接收主题名为't'的消息</br>
-设置为“”“”以禁用该功能</br>
+设置为<code>""</code> 以禁用该功能</br>
 mountpoint 字符串中的变量：
 - <code>${clientid}</code>: clientid
@ -1810,7 +1877,40 @@ Timeout for proxy protocol. EMQX will close the TCP connection if proxy protocol
    }
 }
-authentication_0 {
+global_authentication {
    desc {
        en: """Default authentication configs for all MQTT listeners.
 For per-listener overrides see <code>authentication</code> in listener configs
 This option can be configured with:
 <ul>
  <li><code>[]</code>: The default value, it allows *ALL* logins</li>
  <li>one: For example <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}</code></li>
  <li>chain: An array of structs.</li>
 </ul>
 When a chain is configured, the login credentials are checked against the backends per the configured order, until an 'allow' or 'deny' decision can be made.
 If there is no decision after a full chain exhaustion, the login is rejected.
 """
        zh: """全局 MQTT 监听器的默认认证配置。 为每个监听器配置认证参考监听器器配置中的<code>authentication</code> 配置。
 该配置可以被配置为：
 <ul>
  <li><code>[]</code>: 默认值，允许所以登录请求
  <li>配置为单认证器，例如 <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}</code></li>
  <li>配置为认证器数组</li>
 </ul>
 当配置为认证链后，登录凭证会按照配置的顺序进行检查，直到做出<code>allow</code> 或 <code>deny</code>的结果。
 如果在所有的认证器都执行完后，还是没有结果，登录将被拒绝。
 """
    }
 }
 listener_authentication {
    desc {
        en: """
 Per-listener authentication override.
@ -1819,9 +1919,10 @@ When authenticating a login (username, client ID, etc.) the authenticators are c
 """
        zh: """
-每侦听器身份验证覆盖。
+监听器认证重载。
-身份验证可以是单个身份验证程序实例，也可以是一个数组形式的身份验证程序链。
+
-验证登录名（用户名、客户端ID等）时，将按配置的顺序检查验证器</br>
+认证配置可以是单个认证器实例，也可以是一个认证器数组组成的认证链。
 执行登录验证时（用户名、客户端 ID 等），将按配置的顺序执行</br>
 """
    }
    label: {
@ -1894,12 +1995,12 @@ verification check.
 """
        zh: """
 指定要在 TLS 服务器名称指示扩展中使用的主机名</br>
-例如，当连接到“server.example.net”时，接受连接并执行TLS握手的真正服务器可能与TLS客户端最初连接到的主机不同，
+例如，当连接到 "server.example.net" 时，接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同，
-例如，当连接到IP地址时，或者当主机具有多个可解析的DNS记录时</br>
+例如，当连接到 IP 地址时，或者当主机具有多个可解析的 DNS 记录时</br>
 如果未指定，它将默认为使用的主机名字符串
-建立连接，除非使用IP地址</br>
+建立连接，除非使用 IP 地址</br>
 然后，主机名也用于对等机的主机名验证
-证书</br>特殊值“disable”阻止发送服务器名称指示扩展，并禁用主机名验证检查。
+证书</br>特殊值'disable'阻止发送服务器名称指示扩展，并禁用主机名验证检查。
 """
    }
    label: {
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -125,28 +125,7 @@ roots(high) ->
                ref("mqtt"),
                #{desc => ?DESC(mqtt)}
            )},
-        {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME,
+        {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, authentication(global)},
            authentication(
                "Default authentication configs for all MQTT listeners.\n"
                "</br>\n"
                "For per-listener overrides see <code>authentication</code>\n"
                "in listener configs\n"
                "</br>\n"
                "</br>\n"
                "EMQX can be configured with:\n"
                "</br>\n"
                "<ul>\n"
                "<li><code>[]</code>: The default value, it allows *ALL* logins</li>\n"
                "<li>one: For example <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}\n"
                "</code></li>\n"
                "<li>chain: An array of structs.</li>\n"
                "</ul>\n"
                "</br>\n"
                "When a chain is configured, the login credentials are checked against the backends\n"
                "per the configured order, until an 'allow' or 'deny' decision can be made.\n"
                "</br>\n"
                "If there is no decision after a full chain exhaustion, the login is rejected.\n"
            )},
        %% NOTE: authorization schema here is only to keep emqx app prue
        %% the full schema for EMQX node is injected in emqx_conf_schema.
        {?EMQX_AUTHORIZATION_CONFIG_ROOT_NAME,
@ -1521,8 +1500,7 @@ mqtt_listener() ->
                        default => "3s"
                    }
                )},
-            {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME,
+            {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, authentication(listener)}
                authentication("Per-listener authentication override")}
        ].
 base_listener() ->
@ -1933,6 +1911,11 @@ default_tls_vsns(tls_all_available) ->
 -spec ciphers_schema(quic | dtls_all_available | tls_all_available | undefined) ->
    hocon_schema:field_schema().
 ciphers_schema(Default) ->
    Desc =
        case Default of
            quic -> ?DESC(ciphers_schema_quic);
            _ -> ?DESC(ciphers_schema_common)
        end,
    sc(
        hoconsc:array(string()),
        #{
@ -1949,43 +1932,7 @@ ciphers_schema(Default) ->
                    true -> undefined;
                    false -> fun validate_ciphers/1
                end,
-            desc_id => "ciphers_schema_" ++
+            desc => Desc
                case Default of
                    quic -> "quic";
                    _ -> "0"
                end,
            desc_en =>
                "This config holds TLS cipher suite names separated by comma,\n"
                "or as an array of strings. e.g.\n"
                "<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n"
                "<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n"
                "</br>\n"
                "Ciphers (and their ordering) define the way in which the\n"
                "client and server encrypts information over the network connection.\n"
                "Selecting a good cipher suite is critical for the\n"
                "application's data security, confidentiality and performance.\n"
                "\n"
                "The names should be in OpenSSL string format (not RFC format).\n"
                "All default values and examples provided by EMQX config\n"
                "documentation are all in OpenSSL format.</br>\n"
                "\n"
                "NOTE: Certain cipher suites are only compatible with\n"
                "specific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\n"
                "incompatible cipher suites will be silently dropped.\n"
                "For instance, if only 'tlsv1.3' is given in the <code>versions</code>,\n"
                "configuring cipher suites for other versions will have no effect.\n"
                "</br>\n"
                "\n"
                "NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config</br>\n"
                "If PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.</br>\n"
                "PSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\n"
                "RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\n"
                "RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\n"
                "RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code></br>\n" ++
                case Default of
                    quic -> "NOTE: QUIC listener supports only 'tlsv1.3' ciphers</br>";
                    _ -> ""
                end
        }
    ).
@ -2201,7 +2148,12 @@ str(B) when is_binary(B) ->
 str(S) when is_list(S) ->
    S.
-authentication(Desc) ->
+authentication(Type) ->
    Desc =
        case Type of
            global -> ?DESC(global_authentication);
            listener -> ?DESC(listener_authentication)
        end,
    %% authentication schema is lazy to make it more 'plugable'
    %% the type checks are done in emqx_auth application when it boots.
    %% and in emqx_authentication_config module for runtime changes.
@ -2219,14 +2171,7 @@ authentication(Desc) ->
                undefined -> Default;
                Module -> hoconsc:lazy(Module:root_type())
            end,
-        desc_id => "authentication_0",
+        desc => Desc
        desc => iolist_to_binary([
            Desc,
            "\nAuthentication can be one single authenticator instance or a chain of "
            "authenticators as an array.\n"
            "When authenticating a login (username, client ID, etc.) "
            "the authenticators are checked in the configured order.</br>\n"
        ])
    }.
 -spec qos() -> typerefl:type().
--- a/apps/emqx_authn/i18n/emqx_authn_jwt_i18n.conf
+++ b/apps/emqx_authn/i18n/emqx_authn_jwt_i18n.conf
@ -1,7 +1,7 @@
 emqx_authn_jwt {
  use_jwks {
    desc {
-      en: """jwks flag"""
+      en: """JWKs flag"""
      zh: """jwks 状态"""
    }
    label {
@ -16,7 +16,7 @@ emqx_authn_jwt {
      zh: """签名算法"""
    }
    label {
-      en: """algorithm"""
+      en: """Algorithm"""
      zh: """算法"""
    }
  }
@ -27,7 +27,7 @@ emqx_authn_jwt {
      zh: """用于签名token的证书"""
    }
    label {
-      en: """certificate"""
+      en: """Certificate"""
      zh: """证书"""
    }
  }
@ -35,10 +35,10 @@ emqx_authn_jwt {
  secret_base64_encoded {
    desc {
      en: """Enable/disable base64 encoding of the secret."""
-      zh: """启用/关闭私匙 base64 编码"""
+      zh: """启用/关闭私私钥 base64 编码"""
    }
    label {
-      en: """secret_base64_encoded"""
+      en: """Secret with base64 encoded"""
      zh: """密钥 base64 编码"""
    }
  }
@ -49,8 +49,8 @@ emqx_authn_jwt {
      zh: """使用对称加密的算法"""
    }
    label {
-      en: """secret"""
+      en: """Secret"""
-      zh: """secret"""
+      zh: """密钥"""
    }
  }
@ -60,8 +60,8 @@ emqx_authn_jwt {
      zh: """JWKs endpoint"""
    }
    label {
-      en: """endpoint"""
+      en: """Endpoint"""
-      zh: """endpoint"""
+      zh: """Endpoint"""
    }
  }
@ -71,7 +71,7 @@ emqx_authn_jwt {
      zh: """JWKs 更新间隔"""
    }
    label {
-      en: """refresh_interval"""
+      en: """Refresh Interval"""
      zh: """更新间隔"""
    }
  }
@ -82,7 +82,7 @@ emqx_authn_jwt {
      zh: """SSL CA 证书公钥文件路径"""
    }
    label {
-      en: """cacertfile"""
+      en: """CA Certificate File"""
      zh: """CA 证书文件"""
    }
  }
@ -93,7 +93,7 @@ emqx_authn_jwt {
      zh: """证书文件路径"""
    }
    label {
-      en: """certfile"""
+      en: """Certificate File"""
      zh: """证书文件"""
    }
  }
@ -104,7 +104,7 @@ emqx_authn_jwt {
      zh: """SSL 私钥文件路径"""
    }
    label {
-      en: """keyfile"""
+      en: """Key File"""
      zh: """私钥文件"""
    }
  }
@ -115,8 +115,8 @@ emqx_authn_jwt {
      zh: """指定握手过程中是否校验客户端"""
    }
    label {
-      en: """verify"""
+      en: """Verify"""
-      zh: """verify"""
+      zh: """Verify"""
    }
  }
@ -126,7 +126,7 @@ emqx_authn_jwt {
      zh: """SSL SNI (服务器名称指示)"""
    }
    label {
-      en: """server_name_indication"""
+      en: """Server Name Indication"""
      zh: """服务器名称指示"""
    }
  }
@ -137,8 +137,8 @@ emqx_authn_jwt {
      zh: """The list of claims to verify."""
    }
    label {
-      en: """verify_claims"""
+      en: """Verify Claims"""
-      zh: """verify_claims"""
+      zh: """Verify Claims"""
    }
  }
@ -148,8 +148,8 @@ emqx_authn_jwt {
      zh: """JWKs 连接数量"""
    }
    label {
-      en: """pool_size"""
+      en: """Pool Size"""
-      zh: """pool_size"""
+      zh: """连接池大小"""
    }
  }
@ -159,8 +159,8 @@ emqx_authn_jwt {
      zh: """SSL 选项"""
    }
    label {
-      en: """ssl"""
+      en: """SSL Options"""
-      zh: """ssl"""
+      zh: """SSL 选项"""
    }
  }
@ -170,8 +170,8 @@ emqx_authn_jwt {
      zh: """启用/禁用 SSL"""
    }
    label {
-      en: """enable"""
+      en: """Enable/disable SSL."""
-      zh: """启用"""
+      zh: """启用/禁用 SSL"""
    }
  }
--- a/apps/emqx_authn/i18n/emqx_authn_mysql_i18n.conf
+++ b/apps/emqx_authn/i18n/emqx_authn_mysql_i18n.conf
@ -5,7 +5,7 @@ emqx_authn_mysql {
      zh: """MySQL 认证配置"""
    }
    label: {
-      en: """authentication"""
+      en: """Authentication Options"""
      zh: """认证配置"""
    }
  }
@ -16,18 +16,18 @@ emqx_authn_mysql {
      zh: """客户端数据查询 SQL 语句"""
    }
    label: {
-      en: """query"""
+      en: """SQL Query"""
-      zh: """请求"""
+      zh: """SQL 查询语句"""
    }
  }
  query_timeout {
-    dsec {
+    desc {
      en: """Timeout for the SQL query."""
      zh: """SQL 查询超时时长"""
    }
    label: {
-      en: """query_timeout"""
+      en: """Query Timeout"""
      zh: """请求超时"""
    }
  }
--- a/apps/emqx_dashboard/i18n/emqx_dashboard_i18n.conf
+++ b/apps/emqx_dashboard/i18n/emqx_dashboard_i18n.conf
@ -1,11 +1,11 @@
 emqx_dashboard_schema {
  listeners {
    desc {
-      en: """HTTP(s) listeners are identified by their protocol type and are </br>
+      en: """HTTP(s) listeners are identified by their protocol type and are
-used to serve dashboard UI and restful HTTP API.</br>
+used to serve dashboard UI and restful HTTP API.
-Listeners must have a unique combination of port number and IP address.</br>
+Listeners must have a unique combination of port number and IP address.
 For example, an HTTP listener can listen on all configured IP addresses
-on a given port for a machine by specifying the IP address 0.0.0.0.</br>
+on a given port for a machine by specifying the IP address 0.0.0.0.
 Alternatively, the HTTP listener can specify a unique IP address for each listener,
 but use the same port."""
      zh: """仪表盘监听器设置。"""
@ -17,7 +17,7 @@ but use the same port."""
  }
  sample_interval {
    desc {
-      en: """How often to update metrics displayed in the dashboard.</br>
+      en: """How often to update metrics displayed in the dashboard.
 Note: `sample_interval` should be a divisor of 60."""
      zh: """更新仪表板中显示的指标的时间间隔。必须小于60，且被60的整除。"""
    }
@ -154,9 +154,9 @@ Note: `sample_interval` should be a divisor of 60."""
  }
  default_password {
    desc {
-      en: """The initial default password for dashboard 'admin' user.</br>
+      en: """The initial default password for dashboard 'admin' user.
 For safety, it should be changed as soon as possible."""
-      zh: """默认的仪表板用户密码</br>
+      zh: """默认的仪表板用户密码
 为了安全，应该尽快修改密码。"""
    }
    label {
@ -166,10 +166,10 @@ For safety, it should be changed as soon as possible."""
  }
  cors {
    desc {
-      en: """Support Cross-Origin Resource Sharing (CORS).</br>
+      en: """Support Cross-Origin Resource Sharing (CORS).
-Allows a server to indicate any origins (domain, scheme, or port) other than <br
+Allows a server to indicate any origins (domain, scheme, or port) other than
 its own from which a browser should permit loading resources."""
-      zh: """支持跨域资源共享(CORS)</br>
+      zh: """支持跨域资源共享(CORS)
 允许服务器指示任何来源(域名、协议或端口)，除了本服务器之外的任何浏览器应允许加载资源。"""
    }
    label {
--- a/apps/emqx_psk/i18n/emqx_psk_i18n.conf
+++ b/apps/emqx_psk/i18n/emqx_psk_i18n.conf
@ -5,12 +5,12 @@ emqx_psk_schema {
      en: """PSK stands for 'Pre-Shared Keys'.
 This config to enable TLS-PSK authentication.
-Important! Make sure the SSL listener with only `tlsv1.2` enabled, and also PSK cipher suites
+Important! Make sure the SSL listener with only <code>tlsv1.2</code> enabled, and also PSK cipher suites
-configured, such as `RSA-PSK-AES256-GCM-SHA384`.
+configured, such as <code>RSA-PSK-AES256-GCM-SHA384</code>.
 See listener SSL options config for more details.
-The IDs and secrets can be provided from a file which is configurable by the `init_file` field.
+The IDs and secrets can be provided from a file which is configurable by the <code>init_file</code> field.
 """
      zh: """此配置用于启用 TLS-PSK 身份验证。
@ -34,18 +34,19 @@ PSK 是 “Pre-Shared-Keys” 的缩写。
  init_file {
    desc {
      en: """If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime.
-The file has to be structured line-by-line, each line must be in the format of `PSKIdentity:SharedSecret`.
+The file has to be structured line-by-line, each line must be in the format of <code>PSKIdentity:SharedSecret</code>.
-For example: `mydevice1:c2VjcmV0`"""
+For example: <code>mydevice1:c2VjcmV0</code>"""
      zh: """如果设置了初始化文件，EMQX 将在启动时从初始化文件中导入 PSK 信息到内建数据库中。
-这个文件需要按行进行组织，每一行必须遵守如下格式: `PSKIdentity:SharedSecret`
+这个文件需要按行进行组织，每一行必须遵守如下格式: <code>PSKIdentity:SharedSecret</code>
-例如: `mydevice1:c2VjcmV0`"""
+例如: <code>mydevice1:c2VjcmV0</code>"""
      }
    }
  separator {
    desc {
-      en: "The separator between 'PSKIdentity' and 'SharedSecret' in the PSK file"
+      en: "The separator between <code>PSKIdentity</code> and <code>SharedSecret</code> in the PSK file"
-      zh: "PSK 文件中 'PSKIdentity' 和 'SharedSecret' 之间的分隔符"
+
      zh: "PSK 文件中 <code>PSKIdentity</code> 和 <code>SharedSecret</code> 之间的分隔符"
      }
    }
--- a/apps/emqx_rule_engine/i18n/emqx_rule_engine_schema.conf
+++ b/apps/emqx_rule_engine/i18n/emqx_rule_engine_schema.conf
@ -14,12 +14,12 @@ emqx_rule_engine_schema {
    rules_sql {
                   desc {
                         en: """
-SQL query to transform the messages.</br>
+SQL query to transform the messages.
-Example: <code>SELECT * FROM "test/topic" WHERE payload.x = 1</code></br>
+Example: <code>SELECT * FROM "test/topic" WHERE payload.x = 1</code>
 """
                         zh: """
-用于处理消息的 SQL 。</br>
+用于处理消息的 SQL 。
-示例：<code>SELECT * FROM "test/topic" WHERE payload.x = 1</code></br>
+示例：<code>SELECT * FROM "test/topic" WHERE payload.x = 1</code>
 """
                        }
                   label: {
@ -31,25 +31,25 @@ Example: <code>SELECT * FROM "test/topic" WHERE payload.x = 1</code></br>
    rules_outputs {
                   desc {
                         en: """
-A list of outputs of the rule.</br>
+A list of outputs of the rule.
 An output can be a string that refers to the channel ID of an EMQX bridge, or an object
-that refers to a function.</br>
+that refers to a function.
 There a some built-in functions like "republish" and "console", and we also support user
-provided functions in the format: "{module}:{function}".</br>
+provided functions in the format: "{module}:{function}".
 The outputs in the list are executed sequentially.
 This means that if one of the output is executing slowly, all the following outputs will not
-be executed until it returns.</br>
+be executed until it returns.
 If one of the output crashed, all other outputs come after it will still be executed, in the
-original order.</br>
+original order.
 If there's any error when running an output, there will be an error message, and the 'failure'
 counter of the function output or the bridge channel will increase.
 """
                         zh: """
-规则的动作列表。</br>
+规则的动作列表。
-动作可以是指向 EMQX bridge 的引用，也可以是一个指向函数的对象。</br>
+动作可以是指向 EMQX bridge 的引用，也可以是一个指向函数的对象。
-我们支持一些内置函数，如“republish”和“console”，我们还支持用户提供的函数，它的格式为：“{module}:{function}”。</br>
+我们支持一些内置函数，如“republish”和“console”，我们还支持用户提供的函数，它的格式为：“{module}:{function}”。
-列表中的动作按顺序执行。这意味着如果其中一个动作执行缓慢，则以下所有动作都不会被执行直到它返回。</br>
+列表中的动作按顺序执行。这意味着如果其中一个动作执行缓慢，则以下所有动作都不会被执行直到它返回。
-如果其中一个动作崩溃，在它之后的所有动作仍然会被按照原始顺序执行。</br>
+如果其中一个动作崩溃，在它之后的所有动作仍然会被按照原始顺序执行。
 如果运行动作时出现任何错误，则会出现错误消息，并且相应的计数器会增加。
 """
                        }
@ -106,16 +106,16 @@ counter of the function output or the bridge channel will increase.
    user_provided_function_function {
                   desc {
                         en: """
-The user provided function. Should be in the format: '{module}:{function}'.</br>
+The user provided function. Should be in the format: '{module}:{function}'.
 Where {module} is the Erlang callback module and {function} is the Erlang function.
-</br>
+
 To write your own function, checkout the function <code>console</code> and
 <code>republish</code> in the source file:
 <code>apps/emqx_rule_engine/src/emqx_rule_outputs.erl</code> as an example.
 """
                         zh: """
-用户提供的函数。 格式应为：'{module}:{function}'。</br>
+用户提供的函数。 格式应为：'{module}:{function}'。
-其中 {module} 是 Erlang 回调模块， {function} 是 Erlang 函数。</br>
+其中 {module} 是 Erlang 回调模块， {function} 是 Erlang 函数。
 要编写自己的函数，请检查源文件：<code>apps/emqx_rule_engine/src/emqx_rule_outputs.erl</code> 中的示例函数 <code>console</code> 和<code>republish</code> 。
 """
                        }
@ -146,11 +146,11 @@ checkout the function <code>console</code> and <code>republish</code> in the sou
    republish_args_topic {
                   desc {
                         en: """
-The target topic of message to be re-published.</br>
+The target topic of message to be re-published.
 Template with variables is allowed, see description of the 'republish_args'.
 """
                         zh: """
-重新发布消息的目标主题。</br>
+重新发布消息的目标主题。
 允许使用带有变量的模板，请参阅“republish_args”的描述。
 """
                        }
@ -164,12 +164,12 @@ Template with variables is allowed, see description of the 'republish_args'.
                   desc {
                         en: """
 The qos of the message to be re-published.
-Template with variables is allowed, see description of the 'republish_args'.</br>
+Template with variables is allowed, see description of the 'republish_args'.
 Defaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,
 0 is used.
 """
                         zh: """
-要重新发布的消息的 qos。允许使用带有变量的模板，请参阅“republish_args”的描述。</br>
+要重新发布的消息的 qos。允许使用带有变量的模板，请参阅“republish_args”的描述。
 默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos}，则使用 0。
 """
                        }
@ -183,12 +183,12 @@ Defaults to ${qos}. If variable ${qos} is not found from the selected result of
                   desc {
                         en: """
 The 'retain' flag of the message to be re-published.
-Template with variables is allowed, see description of the 'republish_args'.</br>
+Template with variables is allowed, see description of the 'republish_args'.
 Defaults to ${retain}. If variable ${retain} is not found from the selected result
 of the rule, false is used.
 """
                         zh: """
-要重新发布的消息的“保留”标志。允许使用带有变量的模板，请参阅“republish_args”的描述。</br>
+要重新发布的消息的“保留”标志。允许使用带有变量的模板，请参阅“republish_args”的描述。
 默认为 ${retain}。 如果从所选结果中未找到变量 ${retain}，则使用 false。
 """
                        }
@ -202,12 +202,12 @@ of the rule, false is used.
                   desc {
                         en: """
 The payload of the message to be re-published.
-Template with variables is allowed, see description of the 'republish_args'.</br>.
+Template with variables is allowed, see description of the 'republish_args'.
 Defaults to ${payload}. If variable ${payload} is not found from the selected result
 of the rule, then the string "undefined" is used.
 """
                         zh: """
-要重新发布的消息的有效负载。允许使用带有变量的模板，请参阅“republish_args”的描述。</br>。
+要重新发布的消息的有效负载。允许使用带有变量的模板，请参阅“republish_args”的描述。。
 默认为 ${payload}。 如果从所选结果中未找到变量 ${payload}，则使用字符串 "undefined"。
 """
                        }
@ -296,7 +296,7 @@ of the rule, then the string "undefined" is used.
    desc_republish_args {
                   desc {
-                         en: """The arguments of the built-in 'republish' output.</br>One can use variables in the args.</br>
+                         en: """The arguments of the built-in 'republish' output.One can use variables in the args.
 The variables are selected by the rule. For example, if the rule SQL is defined as following:
 <code>
    SELECT clientid, qos, payload FROM "t/1"
@ -314,8 +314,8 @@ When the rule is triggered by an MQTT message with payload = `hello`, qos = 1,
 clientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,
 payload = `msg: hello`, and `qos = 1`."""
                         zh: """
-内置 'republish' 动作的参数。</br>
+内置 'republish' 动作的参数。
-可以在参数中使用变量。</br>
+可以在参数中使用变量。
 变量是规则中选择的字段。 例如规则 SQL 定义如下：
 <code>
    SELECT clientid, qos, payload FROM "t/1"