v2.1.0

Highlights

• Protocols: VLESS / VMess / Trojan (all supported simultaneously — no protocol env var required).
• Uniform WebSocket subprotocol handling across all transports to prevent protocol-token stripping.
• Default backend URL redaction: /health hides backend addresses by default with HIDE_BACKEND_URLS=true.
• Documentation overhaul: README streamlined, Mermaid architecture diagram added, and docs split into a professional docs/ set.

Configuration

New environment variable (optional, default shown):

• HIDE_BACKEND_URLS — true
  • true / unset: /health returns aggregated counts only (no backend addresses).
  • false: /health includes backend URLs as before.

Notes

• Transports remain unchanged: ws / xhttp / httpupgrade.
• Subscription proxy remains optional and disabled by default (SUBSCRIPTION_ENABLED=false).
• Backward compatible with existing v2.0.0 configurations.

v2.0.0

Highlights

• Multi-backend support with weighted random and sticky session load balancing.
• Connection-based rate limiting with NAT-aware tracking (VPN-optimized, message-unlimited).
• Per-UUID connection controls to limit concurrent sessions per credential.
• Optional subscription proxy for tunneling filtered subscription services with domain preservation.
• Automatic health checking and failover with exponential backoff retry.
• O(1) algorithm complexity for backend selection, rate limiting, and UUID tracking.
• Zero external dependencies; all state managed in-memory within the Worker.
• All new features are opt-in via environment variables with safe defaults.
• Strict backward compatibility; existing v1.0.0 configurations continue to work unchanged.
• Landing page behavior unchanged when subscription proxy is disabled.

Configuration

New environment variables (all optional, defaults shown):

• BACKEND_LIST - Comma-separated backend URLs with optional weights (e.g., http://be1:10000|2,http://be2:10000|1).
• BACKEND_STICKY_SESSION - false (random) or true (sticky session with failover).
• RATE_LIMIT_ENABLED - false; set to true to enable connection rate limiting.
• RATE_LIMIT_MAX_CONN_PER_IP - 5; max concurrent connections per IP.
• RATE_LIMIT_MAX_CONN_PER_MIN - 10; max new connections per minute per IP.
• UUID_MAX_CONNECTIONS - 0 (disabled); max concurrent connections per UUID.
• SUBSCRIPTION_ENABLED - false; set to true to enable subscription proxy.
• SUBSCRIPTION_TARGETS - JSON or comma-separated subscription service definitions.
• SUBSCRIPTION_PRESERVE_DOMAIN - false; set to true to prevent domain rewriting in responses.

Notes

• Recommended for high-scale deployments requiring multi-backend redundancy and fine-grained connection control.
• When SUBSCRIPTION_ENABLED=false, the landing page and all v1.0.0 behavior remains identical.
• Debug logging available with DEBUG=true.
• Backend health status available at /health endpoint when multiple backends configured.

v1.0.0

Highlights

• Cloudflare Worker reverse-proxy frontend for VLESS/VMess backends.
• Supports ws, xhttp, and httpupgrade transports.
• Transport selection priority: query (transport) -> header (x-transport-type) -> path prefix -> TRANSPORT default.
• Strict path and query passthrough to backend.
• Worker-side routing selectors are stripped before backend forwarding.
• Worker does not validate UUID/port/path; backend handles authentication and policy.
• Upgrade and passthrough fetches use bounded timeouts with clear 502 responses on backend timeout/failure.
• Landing page remains available at / and /index.html with cache headers.

Notes

• Recommended for deployments where TLS terminates at Cloudflare edge and backend origin may be plain HTTP.
• Debug logging is available with DEBUG=true.