A Scalable and Comprehensive Proxy Engine management panel.
- Overview
- Installation guide
- Configuration
- API
- Backup
- Telegram Bot
- Marzneshin CLI
- Marznode
- Webhook notifications
- Donation
- License
- Contributors
Marzneshin is a censorship circumvention tool utilizing other censorship circumvention tools.
Dashboard enables access to nodes(configurations, status and stats, logs), hosts, users, service entities; while providing monitoring and system statistics.
On the other hand, the backend manages nodes, users, users' subscriptions, etc.
Marzneshin controls the Marznodes connected to it; monitoring/disabling/enabling users on marznode instances while marznode manages and interacts with vpn backends (such as xray).
- Web UI Dashboard
- Multi Nodes support for traffic distribution, scalability, and fault tolerance
- Supports protocols Vmess, VLESS, Trojan and Shadowsocks as provided by xray
- Multi-protocol for a single user
- Manage users' access to inbounds separately using services
- Multi-user on a single inbound
- Limit users' data and set exire dates
- Reset traffic periodically (daily, weekly,...)
- Subscription link compatible with V2ray (e.g. V2RayNG, OneClick, Nekoray, etc.), Clash and ClashMeta
- Automated Share link and QRcode generator
- System, nodes, traffic statistics, users monitoring
- Integrated Command Line Interface (CLI)
- Multi-admin support (WIP)
- Marzneshin is decoupled from VPN backends
- Resilient and fault tolerant node management
Deployment and Developer Kit:
- REST-full API
- Kubernetes and multiple deployment strategy and options (WIP)
- Russian (WIP)
- English
- Kurdish (Soranî, Kurmancî)
- Persian
Run the following command
sudo bash -c "$(curl -sL https://github.com/khodedawsh/Marzneshin/raw/master/script.sh)" @ installTo install with mariadb:
sudo bash -c "$(curl -sL https://github.com/khodedawsh/Marzneshin/raw/master/script.sh)" @ install --database mariadbYou could also use mysql by writing mysql instead, however mariadb is recommended.
Also to install the latest nightly release use the --nightly option.
Once the installation is complete:
- You'd notice the logs, which you could stop watching by pressing
Ctrl+C; The process will continue running normally. - the configuration file can be found at
/etc/opt/marzneshin/.env(refer to configurations section to see variables) - Data files will be placed at
/var/lib/marzneshin; e.g. the sqlite database. - You can access the Marzneshin dashboard by opening a web browser and navigating
to
http://<SERVER_IP>:8000/dashboard/
Next, you need to create a sudo admin for logging into the Marzneshin dashboard by the following command
marzneshin cli admin create --sudoThat's it! You can login to your dashboard using these credentials
To see the help message of the Marzneshin script, run the following command
marzneshin --helpIf you are eager to run the project using the source code, check the section below
Clone this project and install the dependencies (you'd need Python >= 3.10)
git clone https://github.com/khodedawsh/Marzneshin
cd Marzneshin/
wget -qO- https://bootstrap.pypa.io/get-pip.py | python3 -
python3 -m pip install -r requirements.txtAlternatively, to have an isolated environment you can use Python Virtualenv
To install dashboard dependencies and build the dashboard:
make dashboard-deps
make dashboard-buildnote that you'll need pnpm and npm installed.
If you want to use marzneshin-cli, you should link it to a file in your $PATH, make it executable, and install the
auto-completion:
sudo ln -s $(pwd)/marzneshin-cli.py /usr/bin/marzneshin-cli
sudo chmod +x /usr/bin/marzneshin-cli
marzneshin-cli completion installNow it's time to configuration
Make a copy of .env.example file, take a look and edit it using a text editor like nano.
You probably like to modify the admin credentials.
cp .env.example .env
nano .envCheck configurations section for more information
Eventually, launch the application using command below
make startTo launch with linux systemctl (copy marzneshin.service file to /var/lib/marzneshin/marzneshin.service)
systemctl enable /var/lib/marzneshin/marzneshin.service
systemctl start marzneshin
To use with nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location ~* /(dashboard|static|locales|api|docs|redoc|openapi.json) {
proxy_pass http://0.0.0.0:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# xray-core ws-path: /
# client ws-path: /marzneshin/me/2087
#
# All traffic is proxed through port 443, and send to the xray port(2087, 2088 etc.).
# The '/marzneshin' in location regex path can changed any characters by yourself.
#
# /${path}/${username}/${xray-port}
location ~* /marzneshin/.+/(.+)$ {
proxy_redirect off;
proxy_pass http://127.0.0.1:$1/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
or
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name marzneshin.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://0.0.0.0:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
By default the app will be run on http://localhost:8000/dashboard. You can configure it using changing
the UVICORN_HOST and UVICORN_PORT environment variables.
You can set settings below using environment variables or placing them in
.envfile.
| Variable | Description |
|---|---|
| SQLALCHEMY_DATABASE_URL | Database URL (SQLAlchemy's docs) |
| UVICORN_HOST | Bind application to this host (default: 0.0.0.0) |
| UVICORN_PORT | Bind application to this port (default: 8000) |
| UVICORN_UDS | Bind application to a UNIX domain socket |
| UVICORN_SSL_CERTFILE | SSL certificate file to have application on https |
| UVICORN_SSL_KEYFILE | SSL key file to have application on https |
| SUBSCRIPTION_URL_PREFIX | Prefix of subscription URLs |
| CUSTOM_TEMPLATES_DIRECTORY | Customized templates directory (default: app/templates) |
| CLASH_SUBSCRIPTION_TEMPLATE | The template that will be used for generating clash configs (default: clash/default.yml) |
| SUBSCRIPTION_PAGE_TEMPLATE | The template used for generating subscription info page (default: subscription/index.html) |
| HOME_PAGE_TEMPLATE | Decoy page template (default: home/index.html) |
| TELEGRAM_API_TOKEN | Telegram bot API token (get token from @botfather) |
| TELEGRAM_ADMIN_ID | Numeric Telegram ID of admin (use @userinfobot to found your ID) |
| TELEGRAM_PROXY_URL | Run Telegram Bot over proxy |
| JWT_ACCESS_TOKEN_EXPIRE_MINUTES | Expire time for the Access Tokens in minutes, 0 considered as infinite (default: 1440) |
| DOCS | Whether API documents should be available on /docs and /redoc or not (default: False) |
| DEBUG | Debug mode for development (default: False) |
| WEBHOOK_ADDRESS | Webhook address to send notifications to. Webhook notifications will be sent if this value was set. |
| WEBHOOK_SECRET | Webhook secret will be sent with each request as x-webhook-secret in the header (default: None) |
| NUMBER_OF_RECURRENT_NOTIFICATIONS | How many times to retry if an error detected in sending a notification (default: 3) |
| RECURRENT_NOTIFICATIONS_TIMEOUT | Timeout between each retry if an error detected in sending a notification in seconds (default: 180) |
| NOTIFY_REACHED_USAGE_PERCENT | At which percentage of usage to send the warning notification (default: 80) |
| NOTIFY_DAYS_LEFT | When to send warning notification about expiration (default: 3) |
Marzneshin provides a REST API that enables developers to interact with Marzneshin services programmatically. To view
the API documentation in Swagger UI or ReDoc, set the configuration variable DOCS=True and navigate to the /docs
and /redoc.
It's always a good idea to backup your Marzneshin files regularly to prevent data loss in case of system failures or accidental deletion. Here are the steps to backup Marzneshin:
- By default, all Marzneshin important files are saved in
/var/lib/marzneshin(Docker versions). Copy the entire/var/lib/marzneshindirectory to a backup location of your choice, such as an external hard drive or cloud storage. - Additionally, make sure to backup your env file, which contains your configuration variables. If you installed
Marzneshin using the script (recommended installation approach), the env and other configurations should be
inside
/etc/opt/marzneshin/directory.
By following these steps, you can ensure that you have a backup of all your Marzneshin files and data, as well as your configuration variables and Xray configuration, in case you need to restore them in the future. Remember to update your backups regularly to keep them up-to-date.
Marzneshin comes with an integrated Telegram bot that can handle server management, user creation and removal, and send notifications. This bot can be easily enabled by following a few simple steps, and it provides a convenient way to interact with Marzneshin without having to log in to the server every time.
To enable Telegram Bot:
- set
TELEGRAM_API_TOKENto your bot's API Token - set
TELEGRAM_ADMIN_IDto your Telegram account's numeric ID, you can get your ID from @userinfobot
Marzneshin comes with an integrated CLI named marzneshin-cli which allows administrators to have direct interaction
with it.
If you've installed Marzneshin using the installation script, you can access the cli commands by running
marzneshin cli [OPTIONS] COMMAND [ARGS]...For more information, You can read Marzneshin CLI's documentation.
marznode is the backend needed to run proxy servers.
You can set a webhook address and Marzneshin will send the notifications to that address.
the requests will be sent as a post request to the address provided by WEBHOOK_ADDRESS with WEBHOOK_SECRET
as x-webhook-secret in the headers.
Example request sent from Marzneshin:
Headers:
Host: 0.0.0.0:9000
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
x-webhook-secret: something-very-very-secret
Content-Length: 107
Content-Type: application/json
Body:
{"username": "marzneshin_test_user", "action": "user_updated", "enqueued_at": 1680506457.636369, "tries": 0}
Different action typs
are: user_created, user_updated, user_deleted, user_limited, user_expired, user_disabled, user_enabled
If you found Marzneshin useful and would like to support its development, you can make a donation in one of the following crypto networks:
- Bitcoin network: 13ZDhE5KHGsfjM4A22eLTUgW98WpXhQTuF
- TRON network (TRC20): TYxFCiRqJ3SiV6rAQAmJUd3DgVmJvEAfz4
- TON network: EQB_VYiU73U1_wk-01I_MLg9-hx953VOf9Y36t2Z04WyUapD
Part of the donations would be tipped to contributors, the rest to collaborators.
May developers be rich.
Published under AGPL-3.0.
We ❤️🔥 contributors! If you'd like to contribute, please check out our Contributing Guidelines and feel free to submit a pull request or open an issue. We also welcome you to join our Telegram group for either support or contributing guidance.
Check open issues to help the progress of this project.
Thanks to all contributors who have helped Marzneshin:
Made with contrib.rocks