https://github.com/usipipo-team/usipipo-agent
π€ Go-based VPN agent for multi-country server management | Outline + WireGuard | Auto-reporting metrics | Production-ready for 200+ countries | v0.1.0
https://github.com/usipipo-team/usipipo-agent
agent go golang infrastructure monitoring multi-cloud outline usipipo vpn vpn-management vpn-server wireguard
Last synced: about 2 months ago
JSON representation
π€ Go-based VPN agent for multi-country server management | Outline + WireGuard | Auto-reporting metrics | Production-ready for 200+ countries | v0.1.0
- Host: GitHub
- URL: https://github.com/usipipo-team/usipipo-agent
- Owner: uSipipo-Team
- License: mit
- Created: 2026-03-29T06:45:46.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2026-04-03T01:10:42.000Z (about 2 months ago)
- Last Synced: 2026-04-03T11:11:20.840Z (about 2 months ago)
- Topics: agent, go, golang, infrastructure, monitoring, multi-cloud, outline, usipipo, vpn, vpn-management, vpn-server, wireguard
- Language: Go
- Size: 197 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 13
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# uSipipo VPN Agent
[](https://github.com/uSipipo-Team/usipipo-agent/actions/workflows/ci.yml)
[](https://github.com/uSipipo-Team/usipipo-agent/releases)
[](https://opensource.org/licenses/MIT)
**Lightweight Go agent for managing VPN servers across 200+ countries.**
Part of the **uSipipo VPN Ecosystem** - Centralized orchestration for multi-country VPN infrastructure.
---
## π― Overview
The VPN Agent runs on each VPS server worldwide, providing:
- **Remote VPN Management** - Create/delete Outline keys and WireGuard peers via HTTPS API
- **Auto-Reporting Metrics** - Push system metrics to backend every 1 minute
- **Secure Communication** - API Key authentication + HTTPS encryption
- **Multi-Platform Support** - Linux, macOS, Windows (amd64, arm64)
---
## ποΈ Architecture
```
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β BACKEND CENTRAL (Orchestrator) β
β - Server registry & load balancing β
β - User authentication & billing β
β - Metrics storage & dashboards β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTPS + API Key
β (every 1 minute)
ββββββββββββββΌβββββββββββββ¬βββββββββββββ
β β β β
ββββββΌβββββ βββββΌβββββ βββββΌβββββ βββββΌβββββ
β USA VPS β β DE VPS β β BE VPS β β XX VPS β
β βββββββ β β ββββββ β β ββββββ β β ββββββ β
β βAgentβ β β βAgentβ β β βAgentβ β β βAgentβ β
β ββββ¬βββ β β βββ¬βββ β β βββ¬βββ β β βββ¬βββ β
β β β β β β β β β β β β
β ββββΌββββββ β βββΌβββββ β βββΌβββββ β βββΌβββββ
β βOutlineββ β βOutlineββ β βOutlineββ β βOutlineββ
β βWireGuardββ β βWireGuardββ β βWireGuardββ β βWireGuardββ
β ββββββββββ β βββββββ β βββββββ β βββββββ
βββββββββββ βββββββββ βββββββββ βββββββββ
```
---
## π Features
### VPN Management
- β
**Outline Manager Integration** - Create/delete Shadowsocks keys via Outline API
- β
**WireGuard Integration** - Create/delete peers via `wg` commands
- β
**Trust Tunnel Support** - AdGuard VPN integration (planned)
### Metrics & Monitoring
- β
**System Metrics** - CPU, memory, disk, network usage
- β
**VPN Metrics** - Active keys/peers, bytes transferred
- β
**Latency Tracking** - Average, p95, p99 latency
- β
**Auto-Reporting** - Push metrics to backend every 1 minute
### Security
- β
**API Key Authentication** - X-API-Key header validation
- β
**HTTPS Encryption** - Caddy + DuckDNS with Let's Encrypt
- β
**Encrypted API Keys at Rest** - Fernet encryption in database
- β
**No Hardcoded Secrets** - All secrets via environment variables
### Infrastructure
- β
**Multi-Platform Builds** - Linux, macOS, Windows (amd64, arm64)
- β
**GitHub Actions CI/CD** - Auto-build on release
- β
**systemd Service** - Production-ready deployment
- β
**Docker Support** - Containerized deployment (planned)
---
## π¦ Installation
### Download Pre-built Binary
```bash
# Linux AMD64 (most VPS)
wget https://github.com/uSipipo-Team/usipipo-agent/releases/latest/download/usipipo-agent-linux-amd64.zip
unzip usipipo-agent-linux-amd64.zip
chmod +x usipipo-agent-linux-amd64
# Linux ARM64 (Raspberry Pi, ARM VPS)
wget https://github.com/uSipipo-Team/usipipo-agent/releases/latest/download/usipipo-agent-linux-arm64.zip
unzip usipipo-agent-linux-arm64.zip
chmod +x usipipo-agent-linux-arm64
```
### Build from Source
```bash
git clone https://github.com/uSipipo-Team/usipipo-agent.git
cd usipipo-agent
go build -o agent ./cmd/agent
```
---
## βοΈ Configuration
### Environment Variables
| Variable | Description | Default | Required |
|----------|-------------|---------|----------|
| `AGENT_PORT` | Port to listen on | `8080` | No |
| `AGENT_API_KEY` | API key for authentication | - | **Yes** |
| `BACKEND_URL` | Backend URL for metrics | - | **Yes** |
| `SERVER_ID` | Server identifier (UUID) | - | **Yes** |
| `OUTLINE_API_URL` | Outline Manager API URL | `http://localhost:8081` | No |
| `WG_INTERFACE` | WireGuard interface name | `wg0` | No |
### Example `.env` File
```bash
# Agent configuration
AGENT_PORT=8080
AGENT_API_KEY=your-unique-api-key-here
BACKEND_URL=https://api.usipipo.duckdns.org
SERVER_ID=us-east-1
# VPN configuration
OUTLINE_API_URL=http://localhost:8081
WG_INTERFACE=wg0
```
---
## ποΈ API Endpoints
### Public Endpoints
| Method | Endpoint | Description |
|--------|----------|-------------|
| `GET` | `/health` | Health check |
### Protected Endpoints (require `X-API-Key` header)
| Method | Endpoint | Description |
|--------|----------|-------------|
| `GET` | `/status` | Server status |
| `GET` | `/metrics` | Detailed system + VPN metrics |
| `POST` | `/outline/keys` | Create Outline key |
| `DELETE` | `/outline/keys/:id` | Delete Outline key |
| `POST` | `/wireguard/peers` | Create WireGuard peer |
| `DELETE` | `/wireguard/peers/:name` | Delete WireGuard peer |
| `GET` | `/wireguard/peers/:name/usage` | Get peer usage stats |
### Example Usage
```bash
# Create Outline key
curl -X POST -H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"name":"user-123"}' \
https://usipipousa.duckdns.org/outline/keys
# Create WireGuard peer
curl -X POST -H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"name":"user-456"}' \
https://usipipousa.duckdns.org/wireguard/peers
# Get metrics
curl -H "X-API-Key: your-api-key" \
https://usipipousa.duckdns.org/metrics
```
---
## π Deployment
### Production Deployment (systemd)
```bash
# 1. Create directory
sudo mkdir -p /opt/usipipo-agent
sudo cp usipipo-agent-linux-amd64 /opt/usipipo-agent/agent
sudo cp .env.example /opt/usipipo-agent/.env
# 2. Configure environment
sudo nano /opt/usipipo-agent/.env
# 3. Install systemd service
sudo cp systemd/usipipo-agent.service /etc/systemd/system/
# 4. Create system user
sudo useradd -r -s /bin/false usipipo
sudo chown -R usipipo:usipipo /opt/usipipo-agent
# 5. Enable and start
sudo systemctl daemon-reload
sudo systemctl enable usipipo-agent
sudo systemctl start usipipo-agent
# 6. Check status
sudo systemctl status usipipo-agent
sudo journalctl -u usipipo-agent -f
```
### Caddy + DuckDNS Configuration
```caddyfile
# /etc/caddy/Caddyfile
usipipousa.duckdns.org {
reverse_proxy localhost:8080
tls {
dns duckdns YOUR_DUCKDNS_TOKEN
}
}
usipipode.duckdns.org {
reverse_proxy localhost:8080
tls {
dns duckdns YOUR_DUCKDNS_TOKEN
}
}
```
---
## π Metrics Payload
Agents push metrics to backend every 1 minute:
```json
{
"server_id": "us-east-1",
"timestamp": "2026-03-28T10:00:00Z",
"system": {
"cpu_percent": 45.2,
"memory_percent": 62.1,
"disk_percent": 38.5,
"network_rx_bytes": 1234567890,
"network_tx_bytes": 9876543210
},
"vpn": {
"outline": {
"active_keys": 42,
"total_bytes_transferred": 5000000000
},
"wireguard": {
"active_peers": 38,
"total_bytes_transferred": 4500000000
}
},
"latency_ms": {
"avg": 12.5,
"p95": 25.3,
"p99": 45.8
}
}
```
---
## π§ͺ Testing
```bash
# Run all tests
go test -v ./...
# Run specific package tests
go test -v ./internal/api/...
# Run with coverage
go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out
```
---
## π Project Structure
```
usipipo-agent/
βββ cmd/
β βββ agent/
β βββ main.go # Entry point
βββ internal/
β βββ api/
β β βββ handlers.go # HTTP handlers
β β βββ middleware.go # API Key auth
β β βββ server.go # HTTP server setup
β βββ vpn/
β β βββ outline.go # Outline API client
β β βββ wireguard.go # WireGuard wrapper
β βββ metrics/
β β βββ types.go # Metrics types
β β βββ collector.go # Metrics collector
β βββ reporter/
β β βββ reporter.go # Push metrics to backend
β βββ config/
β βββ config.go # Configuration loader
βββ systemd/
β βββ usipipo-agent.service # systemd service file
βββ .github/workflows/
β βββ ci.yml # CI workflow
β βββ release.yml # Release workflow
βββ go.mod
βββ go.sum
βββ DEPLOYMENT.md # Deployment guide
βββ README.md # This file
```
---
## π Security
### API Key Encryption
Agent API keys are **encrypted at rest** in the backend database using Fernet symmetric encryption.
**Generate encryption key:**
```bash
python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())'
```
**Set in backend `.env`:**
```bash
ENCRYPTION_KEY=your-generated-key-here
```
### Best Practices
- β
Never commit `.env` files
- β
Rotate API keys every 90 days
- β
Use HTTPS for all communication
- β
Enable firewall rules (allow only backend IP)
- β
Monitor logs for suspicious activity
---
## π Monitoring
### Health Check
```bash
# Check agent health
curl https://usipipousa.duckdns.org/health
# Expected: {"status":"healthy"}
```
### Logs
```bash
# View logs
sudo journalctl -u usipipo-agent -f
# View last 100 lines
sudo journalctl -u usipipo-agent -n 100
```
### Metrics Dashboard
Backend provides dashboards for:
- Server status (online/offline/maintenance)
- CPU, memory, disk usage per server
- Active connections per country
- Total bandwidth (GB) per server
- Latency comparison across countries
---
## π§ Roadmap
### Q2 2026
- [ ] Trust Tunnel (AdGuard) integration
- [ ] Docker container support
- [ ] Automatic failover between servers
- [ ] Real-time latency monitoring
### Q3 2026
- [ ] WebSocket support for real-time metrics
- [ ] Automatic certificate renewal
- [ ] Multi-WAN support
- [ ] GeoDNS integration
---
## π€ Contributing
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'feat: add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
---
## π License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
---
## π Related Projects
- **[usipipo-backend](https://github.com/uSipipo-Team/usipipo-backend)** - Central orchestrator (FastAPI)
- **[usipipo-commons](https://github.com/uSipipo-Team/usipipo-commons)** - Shared library (PyPI)
- **[usipipo-telegram-bot](https://github.com/uSipipo-Team/usipipo-telegram-bot)** - Telegram bot for user interaction
- **[usipipo-docs](https://github.com/uSipipo-Team/usipipo-docs)** - Documentation portal
---
## π Support
- **Documentation:** https://github.com/uSipipo-Team/usipipo-docs
- **Issues:** https://github.com/uSipipo-Team/usipipo-agent/issues
- **Email:** dev@usipipo.com
---
**Built with β€οΈ by uSipipo Team**