- Replace cron jobs with a systemd service for better reliability
- Add file locking mechanism to prevent conflicts on users.json
- Schedule traffic status updates every minute with proper error handling
- Maintain 6-hour backup schedule with independent lock management
- Add comprehensive logging for easier troubleshooting
This change resolves issues where system updates or other programs
would cause conflicts with the traffic monitoring process accessing
the users.json file simultaneously.
Modifies the Telegram bot's 'Add User' functionality.
After adding a user, the bot now attempts to retrieve and display
the Normal-SUB subscription link and its QR code if available.
If Normal-SUB is not found, it falls back to showing the direct
Hysteria2 IPv4 URI and QR code. The direct URI is also provided as a
fallback if Normal-SUB is shown.
Usernames are quoted in CLI calls
for robustness. Improved input validation for username, traffic,
and expiration days.
- Display total user count in the card header.
- Add a new '#' column to the user table showing the row number.
- Sort the user list alphabetically by username (case-insensitive) using Jinja filter before rendering.
- Update JavaScript column index references (`td:eq(n)`) to reflect the added '#' column.
Previously, when the IP4 variable contained a domain name instead of an actual IP address, the SNI validation would fail and force the use of self-signed certificates. This update adds detection and resolution of domain names in the IP4 variable, ensuring proper DNS comparison when checking if the SNI domain points to the server.
- Add POST `/api/v1/config/hysteria/webpanel/decoy/setup` endpoint to configure the decoy site.
- Add POST `/api/v1/config/hysteria/webpanel/decoy/stop` endpoint to remove the decoy site configuration.
- Implement `BackgroundTasks` for both endpoints to prevent Caddy service restarts from interrupting the API response.
- Add `SetupDecoyRequest` Pydantic schema for the setup endpoint payload.
- Add ability to configure a decoy site on port 443 while hiding the web panel
- Support both same-port and separate-port configurations
- Add commands to manage decoy sites: 'decoy' to add/configure and 'stopdecoy' to remove
- Ensure clean reversion of Caddy configuration when stopping decoy sites
- Make decoy path optional during panel startup
This enhancement improves obfuscation capabilities by serving legitimate-looking
content on standard HTTPS port while keeping the actual panel hidden behind a
secret path.
feat: Add SNI checker and certificate manager
Key features:
- Domain-to-IP resolution verification
- Automatic Let's Encrypt certificate acquisition
- Self-signed fallback for domains not pointed to the server
- Updates insecure flag in config.json based on certificate type
- Updates SNI in environment config
- Generates and updates SHA-256 fingerprint
fix(urls): Update URI generator to respect TLS insecure flag
Changes:
- Added insecure parameter to generate_uri() function
- Read TLS insecure flag from config.json
- Set insecure=0 for valid certificates and insecure=1 for self-signed ones
- Updated all URI generation calls to include the insecure parameter
