v15
This commit is contained in:
@@ -9,7 +9,8 @@ This page is public operator documentation. It describes setup, behavior, enviro
|
||||
- One-time registration with Core.
|
||||
- Persistent auth key storage.
|
||||
- Config sync by revision.
|
||||
- Xray install, restart, validation, GeoIP update, and key generation.
|
||||
- Xray install, restart, validation, GeoIP update, key generation, and outbound probing.
|
||||
- TLS-ECH, X25519, ML-DSA-65, and VLESS encryption key generation.
|
||||
- MTProto install and restart.
|
||||
- Nginx masking site management.
|
||||
- System status reporting with CPU, RAM, disk, network, and process state.
|
||||
@@ -27,7 +28,9 @@ This page is public operator documentation. It describes setup, behavior, enviro
|
||||
| --- | --- | --- | --- |
|
||||
| `PORT` | No | `3001` | Local node agent HTTP port. |
|
||||
| `NODE_ENV` | No | `development` | Runtime mode. |
|
||||
| `CORE_URL` | Yes | `http://localhost:3000` | Core API URL reachable from the node server. |
|
||||
| `CORE_URL` | Yes | `http://localhost:3000` | Core HTTP API URL reachable from the node server. Used for registration. |
|
||||
| `CORE_GRPC_URL` | Yes | `localhost:3002` | Core gRPC address (`host:port`). Used for heartbeat, usage reporting, and config sync. |
|
||||
| `CORE_INSECURE` | No | `false` | Set to `true` to use plaintext gRPC instead of TLS (for internal/private networks). |
|
||||
| `REGISTRATION_CODE` | First start only | empty | One-time node registration code generated in the panel. |
|
||||
| `NODE_AUTH_KEY` | No | empty | Optional fallback auth key when no key file exists. |
|
||||
| `HEARTBEAT_INTERVAL_SEC` | No | `30` | Heartbeat interval in seconds. |
|
||||
@@ -51,6 +54,8 @@ services:
|
||||
environment:
|
||||
PORT: 3001
|
||||
CORE_URL: https://core.example.com
|
||||
CORE_GRPC_URL: core.example.com:3002
|
||||
CORE_INSECURE: "false"
|
||||
REGISTRATION_CODE: paste-one-time-code-here
|
||||
HEARTBEAT_INTERVAL_SEC: 30
|
||||
volumes:
|
||||
@@ -114,14 +119,18 @@ All other routes require `x-node-auth-key`.
|
||||
| `POST` | `/node/xray/restart` | Restart Xray. |
|
||||
| `POST` | `/node/xray/install` | Install an Xray version. |
|
||||
| `POST` | `/node/geoip/update` | Update GeoIP/geosite files. |
|
||||
| `POST` | `/node/xray/probe-outbound` | Test an outbound connection and return latency. |
|
||||
| `POST` | `/node/crypto/x25519` | Generate X25519 keys. |
|
||||
| `POST` | `/node/crypto/mldsa65` | Generate an ML-DSA-65 seed. |
|
||||
| `POST` | `/node/crypto/tls-ech` | Generate TLS-ECH keys. |
|
||||
| `POST` | `/node/crypto/vlessenc` | Generate VLESS encryption material. |
|
||||
| `POST` | `/node/mtproto/restart` | Restart MTProto processes. |
|
||||
| `POST` | `/node/mtproto/install` | Install an MTProto version. |
|
||||
| `GET` | `/node/nginx/sites` | List masking sites. |
|
||||
| `GET` | `/node/nginx/sites/:domain` | Get one masking site. |
|
||||
| `PUT` | `/node/nginx/sites` | Replace masking sites. |
|
||||
| `PUT` | `/node/nginx/site` | Upsert one masking site. |
|
||||
| `GET` | `/node/nginx/sites/:domain/certificate` | Get certificate and domain validity info. |
|
||||
| `PUT` | `/node/nginx/sites` | Upsert one domain masking site (TLS upload or auto-issuance). |
|
||||
| `PUT` | `/node/nginx/site` | Upsert legacy default masking site. |
|
||||
| `GET` | `/node/nginx/site` | Get current masking site status. |
|
||||
| `DELETE` | `/node/nginx/sites/:domain` | Delete one masking site. |
|
||||
| `DELETE` | `/node/nginx/site` | Delete current masking site. |
|
||||
@@ -133,11 +142,9 @@ These endpoints are intended to be called by Core. Protect the agent port with f
|
||||
## Config Sync
|
||||
|
||||
- The node keeps the latest applied revision locally.
|
||||
- Core can ask the node to apply config immediately.
|
||||
- Heartbeat responses can also request sync.
|
||||
- The node pulls the latest config from Core.
|
||||
- If config apply succeeds, the node confirms the applied revision.
|
||||
- If config apply fails, the node reports an error and keeps the previous valid config where possible.
|
||||
- The node sends heartbeats to Core over gRPC (`CORE_GRPC_URL`). If Core's revision is ahead, the heartbeat response sets `needSync: true` and the node pulls the latest config immediately via gRPC.
|
||||
- Core can also push a sync trigger to the node over HTTP (`POST /node/apply-config`).
|
||||
- The node fetches the config from Core and applies it. On success it confirms the applied revision; on failure it reports an error and keeps the previous valid config where possible.
|
||||
|
||||
## Traffic and Events
|
||||
|
||||
|
||||
Reference in New Issue
Block a user