{"id":26824286,"url":"https://github.com/ed-asriyan/rkn-server-deploy","last_synced_at":"2026-02-14T05:35:24.100Z","repository":{"id":265632574,"uuid":"896375776","full_name":"ed-asriyan/rkn-server-deploy","owner":"ed-asriyan","description":"Server with vless+reality on board for my friends to bypass internet censorship ","archived":false,"fork":false,"pushed_at":"2025-11-24T02:27:31.000Z","size":484,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-11T17:35:03.054Z","etag":null,"topics":["ansible","censorship","reality","rkn","rkn-sasatb","roskomnadzor","vless","xray","xtls"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ed-asriyan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-30T07:32:42.000Z","updated_at":"2025-11-01T17:50:46.000Z","dependencies_parsed_at":"2024-11-30T08:32:15.660Z","dependency_job_id":"6e721606-ec5e-4cf8-b418-fb5ceacb44f5","html_url":"https://github.com/ed-asriyan/rkn-server-deploy","commit_stats":null,"previous_names":["ed-asriyan/xray-server","ed-asriyan/rkn-server-deploy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ed-asriyan/rkn-server-deploy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ed-asriyan%2Frkn-server-deploy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ed-asriyan%2Frkn-server-deploy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ed-asriyan%2Frkn-server-deploy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ed-asriyan%2Frkn-server-deploy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ed-asriyan","download_url":"https://codeload.github.com/ed-asriyan/rkn-server-deploy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ed-asriyan%2Frkn-server-deploy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29438609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T05:24:35.651Z","status":"ssl_error","status_checked_at":"2026-02-14T05:24:34.830Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","censorship","reality","rkn","rkn-sasatb","roskomnadzor","vless","xray","xtls"],"created_at":"2025-03-30T09:42:55.351Z","updated_at":"2026-02-14T05:35:24.095Z","avatar_url":"https://github.com/ed-asriyan.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Proxy [![CI | pre-commit](https://github.com/ed-asriyan/xray-server/actions/workflows/CI-pre-commit.yml/badge.svg)](https://github.com/ed-asriyan/xray-server/actions/workflows/CI-pre-commit.yml) [![CD | Production](https://github.com/ed-asriyan/xray-server/actions/workflows/CD-production.yml/badge.svg)](https://github.com/ed-asriyan/xray-server/actions/workflows/CD-production.yml)\nThis is deployment for my personal server with [xray](https://xtls.github.io/en/) on board for me and my friends to bypass internet censorship.\n\n## Vless clients that work with this setup\nhttps://hiddify.com#app\n\n# Architecture\n![digram](./diagram.svg)\n\nThere are 4 componets: **GitHub Pages**, **[Supabase](https://supabase.com) instance**, **metrics** and **proxy**. GH Actions that must be configured for this repository.\nMetrics should be deployed as a single instance (sharding is not allowed). Proxies could be deployed as many instances as needed,\neach instance should have dedicated IP address and DNS record (if exists). All hosts should be Debian hosts with public IPs.\n\n# [Supabase](https://supabase.com)\nStores list of user configs. Users may generate new user configs (my means of HTML website). Deploymemnt fetch records from there\nto render configs for xrays and other components. _The repository with Supabas is not open-source at the moment. It will becore\nopen-source later_.\n\n## GitHub Pages\nServes static content:\n* static html pages with installation instructions which is being developed in a separate repository:\n[xray-server-frontend](https://github.com/ed-asriyan/xray-server-frontend). The user is provided with a private instruction link\nwith a personal ShadowSocks configuration, which the user uses once to install the ShadowSocks configuration* personal dynamic\nShadowSocks configuration json files ([SIP008](https://shadowsocks.org/doc/sip008.html)) for each client, which is used by\nShadowSocks client each time before connecting to a ShadowSocks server\n* personal vless [subscription files](https://hiddify.com/app/URL-Scheme) for each client, which is used by Hiddify to refresh\nlist of available servers\n\nPlaybook: [frontman.yml](./frontman.yml). It just renders files locally, then pushes them to a GitHub repository for GitHub Pages deployment.\n\n## Metrics\nIt is a single linux host with the prometheus installed. Users do not access this host. Host may have no domain name.\n* [prometheus](https://prometheus.io) (role: `prometheus`): monitoring to detect traffic abuse\n\nPlaybook: [metrics.yml](./metrics.yml)\n\n## Proxy\nAs many proxy hosts as needed could be deployed but each one should have its own IP address and/or DNS record.\nProxy(ies) is/are linux host(s) with installed\n* [xray-core](https://github.com/xtls/xray-core) (role: `xray`) that proxies traffic:\n  * if it's valid vless connection, to the destination\n  * otherwise, to `server.fallback_proxy_target`\n* [node-exporter](https://github.com/prometheus/node_exporter) (role: `node-exporter`): Prometheus exporter for hardware and OS\nmetrics. Exports metrics to TCP port available from localhost only\n* xray-exporter (role: `node-exporter`): custom script that exports xray metrics. Exports metrics to TCP port available from\nlocalhost only\n* [nginx](https://nginx.org) (role: `metrics-exporter`) that proxies https requests on\n`config_servers[uuid].prometheus_metrics.port` TCP port to *node-exporter* and *xray-exporter*:\n\nPlaybook: [proxies.yml](./proxies.yml)\n\n# Development\nThis part requires [Ansible](https://www.ansible.com) knowledge. The deployment is tested on and implemented for Debian\nonly.\n\n## At the very beginning\n1. Initialize pre-commit hook to prevent secrets from being leaked:\n   1. Install [pre-commit](https://pre-commit.com/#install)\n   2. Initialize pre-commit hook:\n      ```commandline\n      pre-commit install\n      ```\n3. If servers are not configured yet, skip this step and go to \"New server setup\" section. Otherwise if server is already configured, add SSH private key to `id_rsa` file in the root of the local repository. **Make sure that only you have\npermissions to read/write it: `chmod 600 id_rsa`!**\n\n## Initial setup\n1. Go to [config](./config) and setup config files or GitHub Secrets.\n2. Add yout public key (pair of one you created in root of the local repo) to all servers' root user\n3. Run Deploy\n\n## How to update list of SS users\n1. Update config in [config](./config) or update GitHub Secrets.\n2. Run Deploy\n\n## How to add anew\n1. Update config in [config](./config) or update GitHub Secrets.\n2. Add yout public key (pair of one you created in root of the local repo) to the new server's root user\n3. Run Deploy\n\n## How to do smth else\nRead code and find out\n\n## How to apply changes to production\n* If you changed deploy code: just push to master branch. GitHub Actions will automatically apply updates to the servers.\n* If you changed list of users: manually trigger [CD | Production](https://github.com/ed-asriyan/xray-server/actions/workflows/CD-production.yml)\n\n# Development\n## CD\nThe following GitHub secrets are required for CD:\n* `KNOWN_HOSTS`: list of known hosts as in `.ssh/known_hosts`\n* `SSH_PRIVATE_KEY`: SSH private key to access servers\n* secrets described in [config](./config)\n\n## Local\n### Deploy proxies \u0026 metrics on production\n```commandline\nmake deploy_proxies deploy_metrics\n```\n\n### Generate UUID for a new user\n```commandline\nmake generate_uuid\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fed-asriyan%2Frkn-server-deploy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fed-asriyan%2Frkn-server-deploy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fed-asriyan%2Frkn-server-deploy/lists"}