Marzban

Unified GUI Censorship Resistant Solution Powered by Xray

English / فارسی / 简体中文 / Русский

## Table of Contents - [Overview](#overview) - [Why using Marzban?](#why-using-marzban) - [Features](#features) - [Installation guide](#installation-guide) - [Configuration](#configuration) - [API](#api) - [Backup](#backup) - [Telegram Bot](#telegram-bot) - [Marzban CLI](#marzban-cli) - [Marzban Node](#marzban-node) - [Webhook notifications](#webhook-notifications) - [Donation](#donation) - [License](#license) - [Contributors](#contributors) # Overview Marzban (the Persian word for "border guard" - pronounced /mærz'ban/) is a proxy management tool that provides a simple and easy-to-use user interface for managing hundreds of proxy accounts powered by [Xray-core](https://github.com/XTLS/Xray-core) and built using Python and Reactjs. ## Why using Marzban? Marzban is user-friendly, feature-rich and reliable. It lets you to create different proxies for your users without any complicated configuration. Using its built-in web UI, you are able to monitor, modify and limit users. ### Features - Built-in **Web UI** - Fully **REST API** backend - [**Multiple Nodes**](#marzban-node) support (for infrastructure distribution & scalability) - Supports protocols **Vmess**, **VLESS**, **Trojan** and **Shadowsocks** - **Multi-protocol** for a single user - **Multi-user** on a single inbound - **Multi-inbound** on a **single port** (fallbacks support) - **Traffic** and **expiry date** limitations - **Periodic** traffic limit (e.g. daily, weekly, etc.) - **Subscription link** compatible with **V2ray** _(such as V2RayNG, OneClick, Nekoray, etc.)_, **Clash** and **ClashMeta** - Automated **Share link** and **QRcode** generator - System monitoring and **traffic statistics** - Customizable xray configuration - **TLS** and **REALITY** support - Integrated **Telegram Bot** - Integrated **Command Line Interface (CLI)** - **Multi-language** - **Multi-admin** support (WIP) # Installation guide Run the following command ```bash sudo bash -c "$(curl -sL https://github.com/Gozargah/Marzban-scripts/raw/master/marzban.sh)" @ install ``` Once the installation is complete: - You will see the logs that you can stop watching them by closing the terminal or pressing `Ctrl+C` - The Marzban files will be located at `/opt/marzban` - The configuration file can be found at `/opt/marzban/.env` (refer to [configurations](#configuration) section to see variables) - The data files will be placed at `/var/lib/marzban` - You can access the Marzban dashboard by opening a web browser and navigating to `http://YOUR_SERVER_IP:8000/dashboard/` (replace YOUR_SERVER_IP with the actual IP address of your server) Next, you need to create a sudo admin for logging into the Marzban dashboard by the following command ```bash marzban cli admin create --sudo ``` That's it! You can login to your dashboard using these credentials To see the help message of the Marzban script, run the following command ```bash marzban --help ``` If you are eager to run the project using the source code, check the section below

Manual install (advanced)

Install xray on your machine You can install it using [Xray-install](https://github.com/XTLS/Xray-install) ```bash bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install ``` Clone this project and install the dependencies (you need Python >= 3.8) ```bash git clone https://github.com/Gozargah/Marzban.git cd Marzban wget -qO- https://bootstrap.pypa.io/get-pip.py | python3 - python3 -m pip install -r requirements.txt ``` Alternatively, to have an isolated environment you can use [Python Virtualenv](https://pypi.org/project/virtualenv/) Then run the following command to run the database migration scripts ```bash alembic upgrade head ``` If you want to use `marzban-cli`, you should link it to a file in your `$PATH`, make it executable, and install the auto-completion: ```bash sudo ln -s $(pwd)/marzban-cli.py /usr/bin/marzban-cli sudo chmod +x /usr/bin/marzban-cli marzban-cli completion install ``` Now it's time to configuration Make a copy of `.env.example` file, take a look and edit it using a text editor like `nano`. You probably like to modify the admin credentials. ```bash cp .env.example .env nano .env ``` > Check [configurations](#configuration) section for more information Eventually, launch the application using command below ```bash python3 main.py ``` To launch with linux systemctl (copy marzban.service file to `/var/lib/marzban/marzban.service`) ``` systemctl enable /var/lib/marzban/marzban.service systemctl start marzban ``` To use with nginx ``` server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; location ~* /(dashboard|api|docs|redoc|openapi.json) { proxy_pass http://0.0.0.0:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # xray-core ws-path: / # client ws-path: /marzban/me/2087 # # All traffic is proxed through port 443, and send to the xray port(2087, 2088 etc.). # The '/marzban' in location regex path can changed any characters by yourself. # # /${path}/${username}/${xray-port} location ~* /marzban/.+/(.+)$ { proxy_redirect off; proxy_pass http://127.0.0.1:$1/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` or ``` server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name marzban.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; location / { proxy_pass http://0.0.0.0:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` By default the app will be run on `http://localhost:8000/dashboard`. You can configure it using changing the `UVICORN_HOST` and `UVICORN_PORT` environment variables.

# Configuration > You can set settings below using environment variables or placing them in `.env` file. | Variable | Description | | --------------------------------- | ----------------------------------------------------------------------------------------------------- | | SUDO_USERNAME | Superuser's username | | SUDO_PASSWORD | Superuser's password | | SQLALCHEMY_DATABASE_URL | Database URL ([SQLAlchemy's docs](https://docs.sqlalchemy.org/en/20/core/engines.html#database-urls)) | | UVICORN_HOST | Bind application to this host (default: `0.0.0.0`) | | UVICORN_PORT | Bind application to this port (default: `8000`) | | UVICORN_UDS | Bind application to a UNIX domain socket | | UVICORN_SSL_CERTFILE | SSL certificate file to have application on https | | UVICORN_SSL_KEYFILE | SSL key file to have application on https | | XRAY_JSON | Path of Xray's json config file (default: `xray_config.json`) | | XRAY_EXECUTABLE_PATH | Path of Xray binary (default: `/usr/local/bin/xray`) | | XRAY_ASSETS_PATH | Path of Xray assets (default: `/usr/local/share/xray`) | | XRAY_SUBSCRIPTION_URL_PREFIX | Prefix of subscription URLs | | XRAY_FALLBACKS_INBOUND_TAG | Tag of the inbound that includes fallbacks, needed in the case you're using fallbacks | | XRAY_EXCLUDE_INBOUND_TAGS | Tags of the inbounds that shouldn't be managed and included in links by application | | CUSTOM_TEMPLATES_DIRECTORY | Customized templates directory (default: `app/templates`) | | CLASH_SUBSCRIPTION_TEMPLATE | The template that will be used for generating clash configs (default: `clash/default.yml`) | | SUBSCRIPTION_PAGE_TEMPLATE | The template used for generating subscription info page (default: `subscription/index.html`) | | HOME_PAGE_TEMPLATE | Decoy page template (default: `home/index.html`) | | TELEGRAM_API_TOKEN | Telegram bot API token (get token from [@botfather](https://t.me/botfather)) | | TELEGRAM_ADMIN_ID | Numeric Telegram ID of admin (use [@userinfobot](https://t.me/userinfobot) to found your ID) | | TELEGRAM_PROXY_URL | Run Telegram Bot over proxy | | JWT_ACCESS_TOKEN_EXPIRE_MINUTES | Expire time for the Access Tokens in minutes, `0` considered as infinite (default: `1440`) | | DOCS | Whether API documents should be available on `/docs` and `/redoc` or not (default: `False`) | | DEBUG | Debug mode for development (default: `False`) | | WEBHOOK_ADDRESS | Webhook address to send notifications to. Webhook notifications will be sent if this value was set. | | WEBHOOK_SECRET | Webhook secret will be sent with each request as `x-webhook-secret` in the header (default: `None`) | | NUMBER_OF_RECURRENT_NOTIFICATIONS | How many times to retry if an error detected in sending a notification (default: `3`) | | RECURRENT_NOTIFICATIONS_TIMEOUT | Timeout between each retry if an error detected in sending a notification in seconds (default: `180`) | | NOTIFY_REACHED_USAGE_PERCENT | At which percentage of usage to send the warning notification (default: `80`) | | NOTIFY_DAYS_LEFT | When to send warning notifaction about expiration (default: `3`) | # API Marzban provides a REST API that enables developers to interact with Marzban services programmatically. To view the API documentation in Swagger UI or ReDoc, set the configuration variable `DOCS=True` and navigate to the `/docs` and `/redoc`. # Backup It's always a good idea to backup your Marzban files regularly to prevent data loss in case of system failures or accidental deletion. Here are the steps to backup Marzban: 1. By default, all Marzban important files are saved in `/var/lib/marzban` (Docker versions). Copy the entire `/var/lib/marzban` directory to a backup location of your choice, such as an external hard drive or cloud storage. 2. Additionally, make sure to backup your env file, which contains your configuration variables, and also, your Xray config file. If you installed Marzban using marzban-scripts (recommended installation approach), the env and other configurations should be inside `/opt/marzban/` directory. By following these steps, you can ensure that you have a backup of all your Marzban files and data, as well as your configuration variables and Xray configuration, in case you need to restore them in the future. Remember to update your backups regularly to keep them up-to-date. # Telegram Bot Marzban comes with an integrated Telegram bot that can handle server management, user creation and removal, and send notifications. This bot can be easily enabled by following a few simple steps, and it provides a convenient way to interact with Marzban without having to log in to the server every time. To enable Telegram Bot: 1. set `TELEGRAM_API_TOKEN` to your bot's API Token 2. set `TELEGRAM_ADMIN_ID` to your Telegram account's numeric ID, you can get your ID from [@userinfobot](https://t.me/userinfobot) # Marzban CLI Marzban comes with an integrated CLI named `marzban-cli` which allows administrators to have direct interaction with it. If you've installed Marzban using easy install script, you can access the cli commands by running ```bash marzban cli [OPTIONS] COMMAND [ARGS]... ``` For more information, You can read [Marzban CLI's documentation](./cli/README.md). # Marzban Node The Marzban project introduces the [Marzban-node](https://github.com/gozargah/marzban-node), which revolutionizes infrastructure distribution. With Marzban-node, you can distribute your infrastructure across multiple locations, unlocking benefits such as redundancy, high availability, scalability, flexibility. Marzban-node empowers users to connect to different servers, offering them the flexibility to choose and connect to multiple servers instead of being limited to only one server. For more detailed information and installation instructions, please refer to the [Marzban-node official documentation](https://github.com/gozargah/marzban-node) # Webhook notifications You can set a webhook address and Marzban will send the notifications to that address. the requests will be sent as a post request to the adress provided by `WEBHOOK_ADDRESS` with `WEBHOOK_SECRET` as `x-webhook-secret` in the headers. Example request sent from Marzban: ``` Headers: Host: 0.0.0.0:9000 User-Agent: python-requests/2.28.1 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive x-webhook-secret: something-very-very-secret Content-Length: 107 Content-Type: application/json Body: {"username": "marzban_test_user", "action": "user_updated", "enqueued_at": 1680506457.636369, "tries": 0} ``` Different action typs are: `user_created`, `user_updated`, `user_deleted`, `user_limited`, `user_expired`, `user_disabled`, `user_enabled` # Donation If you found Marzban useful and would like to support its development, you can make a donation in one of the following crypto networks: - TRON network (TRC20): `TX8kJoDcowQPBFTYHAJR36GyoUKP1Xwzkb` - ETH, BNB, MATIC network (ERC20, BEP20): `0xFdc9ad32454FA4fc4733270FCc12ddBFb68b83F7` - Bitcoin network: `bc1qpys2nefgsjjgae3g3gqy9crsv3h3rm96tlkz0v` - Dogecoin network: `DJAocBAu8y6LwhDKUktLAyzV8xyoFeHH6R` - TON network: `EQAVf-7hAXHlF-jmrKE44oBwN7HGQFVBLAtrOsev5K4qR4P8` Thank you for your support! # License Made in [Unknown!] and Published under [AGPL-3.0](./LICENSE). # Contributors We ❤️‍🔥 contributors! If you'd like to contribute, please check out our [Contributing Guidelines](CONTRIBUTING.md) and feel free to submit a pull request or open an issue. We also welcome you to join our [Telegram](https://t.me/gozargah_marzban) group for either support or contributing guidance. Check [open issues](https://github.com/gozargah/marzban/issues) to help the progress of this project.

Thanks to the all contributors who have helped improve Marzban:

Made with contrib.rocks