feat: remove .local URL

docs/developer/develop/package/manifest.md

@@ -311,10 +311,10 @@ ports:
 ```
 :::
 
-Olares automatically assigns a random port (33333-36789) for your app. These ports can be accessed via the app entrance domain from local network. For example: `84864c1f.local.your_olares_id.olares.com:33805`.
+Olares automatically assigns a random port (33333-36789) for your app. These ports can be accessed via the app entrance domain. For example: `84864c1f.your_olares_id.olares.com:33805`.
 
 :::info NOTE
-The exposed ports can only be accessed on the local network or through a VPN.
+The exposed ports can only be accessed through LarePass VPN.
 :::
 
 ## Permission

docs/manual/concepts/network.md

@@ -23,11 +23,15 @@ Each Olares application can have one or more entrances that serve as access poin
 
 - **Internal entrance**
   - Functions similarly to private entrance
-  - No authentication required when accessing applications through local network or VPN
+  - No authentication required when accessing applications through LarePass VPN
 
-## Local access
+## Acccess to private entrances via VPN
 
-When accessing applications on Olares within a LAN or after starting a [private network](/manual/larepass/private-network.md), you can add the `.local` field to the application URL for faster access speeds. For example, `https://vault.local.alice123.olares.com`.
+Simply enable [LarePass VPN](/manual/larepass/private-network.md) on your device to securely and quickly access your private applications via their dedicated URLs (e.g., https://vault.alice123.olares.com).
+
+::: tip Note
+If LarePass VPN is not enabled, requests to your private entrances will be routed through your reverse proxy tunnel to Olares, which may cause network latency and incur charges.
+:::
 
 ## Endpoints
 

docs/manual/larepass/private-network.md

@@ -1,14 +1,31 @@
 ---
 outline: [2, 3]
-description: Access Olares applications securely from anywhere using LarePass VPN. Learn VPN setup, troubleshooting, and how to enforce VPN-only access for maximum security.
+description: Access Olares applications securely from anywhere using LarePass VPN. Learn about VPN setup and troubleshooting in LarePass.
 ---
 
 # Access Olares anywhere via LarePass VPN
 
-By enabling Virtual Private Network (VPN) in LarePass, all traffic from the device to Olares is routed through a secure private network, providing the same experience as local access.
+Enabling the LarePass VPN creates a secure, private connection to your Olares. It's the simplest and most reliable way to access your private applications and services from anywhere, guaranteeing both security and speed.
 
-This document walks you through how to set up LarePass VPN to access Olares anywhere.
+This document walks you through how to enable LarePass VPN.
 
+## How access works in Olares
+
+In Olares, you access applications & services via their dedicated URLs (e.g., `app.local.yourname.olares.com`). Depending on the intended accessibility, there are two types of entrances:
+
+- **Public entrance**: Accessible to anyone with no authentication. For example, a blog page that you host on WordPress. Traffic is routed through Cloudflare Tunnel or FRP before reaching Olares.
+- **Private entrance**: Intended only for you, such as Desktop, Vault, the management console of WordPress. There are two scenarios when accessing private entrances:
+
+  - LarePass VPN enabled: Traffic is routed through VPN (TailScale) wherever you are.
+  - LarePass VPN not enabled: Traffic routing is the same way as public entrances.   
+
+::: warning Always enable VPN for private access
+For the best experience with private entrances, we strongly recommend enabling the LarePass VPN. It ensures your connection is always encrypted, direct, and fast. 
+:::
+
+::: tip Note
+Starting with Olares 1.12, you no longer need a separate `.local` address (e.g., `app.local.yourname.olares.cn`) for local access to private applications. The single address (e.g., `app.yourname.olares.cn`) now automatically provides a fast, direct connection when the LarePass VPN is active.
+:::
 
 ## Enable VPN on LarePass
 

docs/manual/olares/settings/custom-app-domain.md

@@ -23,11 +23,7 @@ Olares provides two methods to optimize application access addresses:
 ### Custom route ID
 Route ID is a crucial component in accessing your Olares applications. It forms part of the URL you use to reach your applications through a web browser:
 
-`https://{routeID}.local.{OlaresDomainName}`
-
-::: info
- `local` in a URL signifies a private access point, typically used by apps offering services for individual users, families, or teams. Public-facing apps hosting external services do not include `local` in their URLs. For more details, see [entrance](../../concepts/network.md#entrance).
-:::
+`https://{routeID}.{OlaresDomainName}`
 
 For convenience, Olares uses easy-to-remember route IDs for pre-installed system applications.
 For community applications, you can quickly obtain a simple and memorable URL by changing the route ID. To use Jellyfin as an example:
@@ -41,7 +37,7 @@ For community applications, you can quickly obtain a simple and memorable URL by
    ![Custom route ID](/images/manual/olares/custom-route-id.png#bordered)
 6. Click **Confirm**.
 
-Now, you will be able to access Jellyfin from your new URL: `https://jellyfin.local.bob.olares.com`.
+Now, you will be able to access Jellyfin from your new URL: `https://jellyfin.bob.olares.com`.
 
 ### Custom domain name
 Instead of using the default Olares domain, you can use your own domain name to access your applications, making them more professional and easier to remember. To use Affine as an example:

docs/use-cases/comfyui-for-krita.md

@@ -43,9 +43,7 @@ Before starting, ensure you have:
 4. Launch ComfyUI from your desktop, and verify the installation by generating a sample image.
 5. Copy the address of ComfyUI for next steps.
 :::tip
-For security, you should always run AI applications within your local network. When properly configured, your ComfyUI URL should contain `.local`.
-
-If `.local` is missing, check your local network environment and make sure no external network proxy service is enabled.
+For security, you should always run AI applications with [LarePass VPN enabled](../manual/larepass/private-network.md).
 :::
 
 ## Set up Krita
@@ -77,6 +75,7 @@ Establish a secure connection between Krita and ComfyUI:
    If connection fails:
    - Verify network connectivity between your computer and Olares.
    - Confirm ComfyUI's authentication level is set to "Internal".
+   - Confirm LarePass VPN is enabled.
    - Check for and disable any interfering proxy services.
    - Ensure ComfyUI is running correctly on your Olares.
    :::

docs/use-cases/dify.md

@@ -8,6 +8,7 @@ Dify is an AI application development platform. It's one of the key open-source
 ## Before you begin
 To use local AI models on Dify, ensure you have:
 - [Ollama installed](ollama.md) and running in your Olares environment.
+- LassPass installed and [VPN enabled](../manual/larepass/private-network.md#enable-vpn-on-larepass) on your device.
 - [Open WebUI installed](openwebui.md) with your preferred language models downloaded.
   :::tip
   For optimal performance, consider using lightweight yet powerful models like `gemma2` or `qwen`, which offer a good balance between speed and capability.
@@ -38,7 +39,7 @@ Starting from Olares 1.11.6, if "Dify For Cluster" or "Dify" was previously inst
 2. In Dify, navigate to **Settings** > **Model Provider**.
 3. Select Ollama as the model provider, with the following configurations:
     - **Model Name**: Enter the model name. For example: `gemma2`.
-    - **Base URL**: Enter Ollama's local address: `https://39975b9a1.local.{username}.olares.com`. Replace `{username}` with the Olares Admin's local name. For example, `https://39975b9a1.local.marvin123.olares.com`.
+    - **Base URL**: Enter Ollama's local address: `https://39975b9a1.{username}.olares.com`. Replace `{username}` with the Olares Admin's local name. For example, `https://39975b9a1.marvin123.olares.com`.
 
      ![Add gemma2](/images/manual/use-cases/dify-add-gemma2.png#bordered){width=70%}
 

docs/use-cases/host-cloud-android.md

@@ -26,11 +26,7 @@ Make sure the following requirements are met:
     - redroid is resource-intensive. For best performance, we recommend using a machine with at least an 8-core CPU and 16GB of RAM.
     :::
 
-- Your device and Olares are on the same local network.
-
-    :::tip Remote access
-    If your device is on a different network, use [LarePass](https://olares.com/larepass) to enable a private network connection to Olares.
-    :::
+- Enable [LarePass VPN](../manual/larepass/private-network.md) on your device.
 
 ## Install dependent kernel modules
 
@@ -59,7 +55,7 @@ redroid runs as a headless backend on Olares. To install redroid:
 
     c. Append the exported port of redroid (`46878`) to the base domain.
 
-    As redroid only allows local access, the domain should also include `.local`. Here is an example of our final URL to access the redroid service: `beb583c3.local.olares01.olares.com:46878`.
+    Here is an example of our final URL to access the redroid service: `beb583c3.olares01.olares.com:46878`.
 
 ## Connect to the redroid service
 
@@ -86,20 +82,20 @@ To access the Android instance on Olares, you'll need to connect to the redroid
 3. Use `adb` to connect to the redroid service via the URL obtained earlier:
 
     ```powershell
-    .\adb.exe connect beb583c3.local.<olares_id>.olares.cn:46878
+    .\adb.exe connect beb583c3.<olares_id>.olares.cn:46878
     ```
 
     The connection is successful if you see the example output:
 
     ```powershell
     # Example output
-    already connected to beb583c3.local.<olares_id>.olares.cn:46878
+    already connected to beb583c3.<olares_id>.olares.cn:46878
     ```
 
 4. Render UI and audio using `scrcpy`:
 
     ```powershell
-    .\scrcpy.exe -s beb583c3.local.<olares_id>.olares.cn:46878 --audio-codec=aac --audio-encoder=OMX.google.aac.encoder
+    .\scrcpy.exe -s beb583c3.<olares_id>.olares.cn:46878 --audio-codec=aac --audio-encoder=OMX.google.aac.encoder
     ````
 
     Upon successful execution, the command line outputs the device and rendering info. And the Android screen pops up.
@@ -137,20 +133,20 @@ On macOS, `scrcpy` does not include `adb` by default, so you'll need to install
 4. Connect to the redroid service URL obtained earlier via `adb`:
 
     ```bash
-    adb connect beb583c3.local.<olares_id>.olares.cn:46878
+    adb connect beb583c3.<olares_id>.olares.cn:46878
     ```
 
     The connection is successful if you see the example output.
 
     ```bash
     # Example output
-    already connected to beb583c3.local.<olares_id>.olares.cn:46878
+    already connected to beb583c3.<olares_id>.olares.cn:46878
     ```
 
 5. Render UI and audio using `scrcpy`:
 
     ```bash
-    scrcpy -s beb583c3.local.<olares_id>.olares.cn:46878 --audio-codec=aac --audio-encoder=OMX.google.aac.encoder
+    scrcpy -s beb583c3.<olares_id>.olares.cn:46878 --audio-codec=aac --audio-encoder=OMX.google.aac.encoder
     ```
     Upon success, the command line outputs the device information. The Android screen pops up.
 
@@ -178,7 +174,7 @@ Once connected, you can use `adb` to install third-party APK apps on the Android
     ```powershell 
     # Example output
     List of devices attached
-    beb583c3.local.<olares_id>.olares.com:46878 device 
+    beb583c3.<olares_id>.olares.com:46878 device 
     product:ziyi model:23031PN0DC device:ziyi 
     transport_id:4
     ```
@@ -211,7 +207,7 @@ Once connected, you can use `adb` to install third-party APK apps on the Android
     ```bash 
     # Example output
     List of devices attached
-    beb583c3.local.<olares_id>.olares.com:46878 device 
+    beb583c3.<olares_id>.olares.com:46878 device 
     product:ziyi model:23031PN0DC device:ziyi 
     transport_id:4
     ```

docs/use-cases/ollama.md

@@ -11,6 +11,7 @@ This guide will show you how to set up and use Ollama CLI on Olares.
 ## Before you begin
 Before you start, ensure that:
 - You have Olares admin privileges.
+- Install LarePass and [enable LarePass VPN](../manual/larepass/private-network.md#enable-vpn-on-larepass) on your device.
 
 ## Install Ollama
 

docs/use-cases/openwebui.md

@@ -11,6 +11,10 @@ Open WebUI provides an intuitive interface for managing Large Language Models (L
 * Voice interactions (speech-to-text and text-to-speech)
 * Image generation capabilities
 
+:::tip Enable LarePass VPN
+Make sure your device has LassPass installed and [VPN enabled](../manual/larepass/private-network.md#enable-vpn-on-larepass) to ensure a fast and stable access. 
+:::
+
 ## Installation
 Ollama is required prior to launching Open WebUI:
 * **For admin**: Install both "Ollama" and "Open WebUI".

docs/use-cases/perplexica.md

@@ -16,6 +16,7 @@ This integration enables Perplexica to function as a complete search solution wh
 ## Before you begin
 Before getting started, ensure you have:
 - Ollama installed and running in your Olares environment
+- [Enable LarePass VPN](../manual/larepass/private-network.md#enable-vpn-on-larepass) on your device.
 - Open WebUI installed with your preferred language models downloaded
   :::tip
   For optimal performance, consider using lightweight yet powerful models like `gemma2`, which offer a good balance between speed and capability.

docs/use-cases/stream-game.md

@@ -24,10 +24,7 @@ Before you begin, ensure the following:
 
 - Olares is up and running on a machine equipped with an NVIDIA GPU.
 - Your streaming device has Moonlight installed. Visit the [Moonlight website](https://moonlight-stream.org/) to download and install the appropriate version.
-- Your streaming device is connected to the same LAN as your Olares.
-   :::tip Remote streaming
-   For remote streaming, install LarePass on your streaming device. You can download the appropriate version from the [LarePass site](https://olares.com/larepass).
-   :::
+- [Enable LarePass VPN](../manual/larepass/private-network.md#enable-vpn-on-larepass) on your streaming device.
 - You have a valid Steam account to access your games.
 
 ## Install Steam Headless
@@ -60,7 +57,7 @@ Steam Headless also integrates Sunshine, the streaming server. To stream games u
 
 ### Prepare for paring
 
-1. From your Steam client in the browser, get the URL and append `:47990`, for example, `https://139ebc4f0.local.<your Olares ID>.olares.com:47990`. Open this URL to access the Sunshine console page.
+1. From your Steam client in the browser, get the URL and append `:47990`, for example, `https://139ebc4f0.<your Olares ID>.olares.com:47990`. Open this URL to access the Sunshine console page.
 
    ![Sunshine console page](/images/manual/tutorials/access-sunshine.png#bordered)
 
@@ -77,10 +74,10 @@ Steam Headless also integrates Sunshine, the streaming server. To stream games u
 
 1. Open the Moonlight client on your streaming device and click the <i class="material-symbols-outlined">add_to_queue</i> button in the top-right corner.
 
-2. When promoted to enter the IP address of your host PC, enter the local URL of Steam, for example, `139ebc4f0.local.<your Olares ID>.olares.com`.
+2. When promoted to enter the IP address of your host PC, enter the URL of Steam, for example, `139ebc4f0.<your Olares ID>.olares.com`.
 
    ::: tip Note
-   Do not include `https://` and make sure to include the `.local` part in the hostname.
+   Do not include `https://`.
    ::: 
 
 3. Click **OK**, and a host icon appears in locked status.

docs/use-cases/stream-media.md

@@ -13,17 +13,13 @@ In this tutorial, you will learn how to:
 - Install and set up Jellyfin for media streaming.
 
 ## Enable Olares VPN connection
-To achieve smooth streaming over external networks, enable the Olares VPN connection in LarePass. This ensures all traffic from devices with LarePass installed routes through the dedicated network, providing LAN-like speed and performance.
+To achieve smooth streaming across networks, [enable VPN connection](../manual/larepass/private-network.md) in LarePass for your streaming device. Devices with activated VPN will use the VPN connection to access Olares, whether through the LarePass client or a browser.
 :::tip
 For different LarePass download options, visit [the official page](https://olares.com/larepass).
 :::
 
 <!--@include: ./remote.reusables.md{4,22}-->
 
-Once enabled, you can also access your applications using the format: `https://[RouteID].local.[OlaresDomainName]`.
-
-Devices with activated VPN will use the VPN connection to access Olares, whether through the LarePass client or a browser.
-
 ## Access media files in LarePass
 After enabling VPN, you can browse media files stored on Olares.
 
@@ -32,7 +28,7 @@ After enabling VPN, you can browse media files stored on Olares.
 2. Click on any file to start playback on your computer or mobile device.
 
 ### Access from browser
-1. Open files from your Olares desktop, or directly using the local address: `https://files.local.[OlaresDomainName]`.
+1. Open files from your Olares desktop, or directly using the app's URL: `https://files.[OlaresDomainName]`.
 2. Locate your media directory, and click on video files to begin playback.
 
 ## Access media files using Jellyfin

docs/zh/developer/develop/advanced/cookie.md

@@ -14,8 +14,6 @@ Olares 系统中采用 SSO 的模式来为整个系统（包括所有安装的
 
 为避免 cookie 冲突，任何应用（包括系统的内建应用，三方应用）都不可以设置 cookie 到用户的域，只可设置到应用自己的域下面。
 
-由于系统的每个 APP 都存在两个域名 `<app id>.<username>.olares.com` 和 `<app id>.local.<username>.olares.com`。所以 Olares 在 Olares 应用运行时中整合了 cookie 设置 `rewrite`机制，确保应用自动为 HTTP Response 中 Set-Cookie 字段中的两个域分配 cookie。
-
 要使用这个功能只需要在应用 chart 的 [OlaresManifest.yaml](../package/manifest.md#resetcookie) 中申明：
 
 ```yaml

docs/zh/developer/develop/package/manifest.md

@@ -311,10 +311,10 @@ ports:
 ```
 :::
 
-Olares 会自动为你的应用分配一个 33333-36789 之间的随机端口。这些端口可通过应用域名在本地网络下访问。例如：`84864c1f.local.your_olares_id.olares.com:33805`。
+Olares 会自动为你的应用分配一个 33333-36789 之间的随机端口。这些端口可通过应用域名访问。例如：`84864c1f.your_olares_id.olares.com:33805`。
 
 :::info 提示
-暴露的端口只能通过本地网络或 Olares 专用网络访问。
+暴露的端口只能通过 LarePass 专用网络访问。
 :::
 
 ## Permission

docs/zh/manual/concepts/network.md

@@ -23,11 +23,16 @@ Olares 为用户提供无障碍且安全灵活的网络解决方案。本文档
 
 - **内部入口**
   - 和私有入口类似
-  - 设备通过本地网络或者 Olares 专用网络访问应用时无需鉴权
+  - 设备 LarePass 专用网络访问应用时无需鉴权
 
-## 通过 local 访问
+## 通过 LarePass 专用网络访问私有入口
 
-在局域网内或使用[专用网络](../larepass/private-network.md)访问 Olares 上的应用时，可以在应用 URL 中加上 `.local` 字段，以获取更快的访问速度。例如，`https://vault.local.alice123.olares.cn`。
+只需在设备上安装 LarePass，并启用专用网络 (/manual/larepass/private-network.md)，即可通过专属网址（如
+https://vault.alice123.olares.com）安全、快速地访问您的私有应用。
+
+::: tip 注意
+如不启用 LarePass 专用网络，私有入口的请求会通过你的反向代理通道到达 Olares，可能会有网络延迟并产生费用。
+:::
 
 ## 端点
 

docs/zh/manual/get-started/next-steps.md

@@ -44,7 +44,7 @@ description: Olares 新手上路指南，包括系统初始配置、基础功能
     description="使用 LarePass 客户端管理你的帐户、VPN、设备等。"
     :links="[
       { text: '管理帐户', href: '../larepass/create-account' },
-      { text: '启用 VPN',  href: '../larepass/private-network' },
+      { text: '启用专用网络',  href: '../larepass/private-network' },
       { text: '管理设备',   href: '../larepass/manage-device' },
       { text: '同步文件',   href: '../larepass/sync-share' },
       { text: '收集内容',    href: '../larepass/manage-knowledge'},