DEV Community

AiPo
AiPo

Posted on

EdgeNest: a self-hosted proxy panel in a single Go binary (sing-box + Xray)

EdgeNest is an open-source (AGPL-3.0) self-hosted panel for running your own proxy node on a VPS. It's a single Go binary with the React UI embedded — one command brings up the panel, subscription delivery, and the proxy engines together.

Repo: https://github.com/aipo-lenshow/EdgeNest

Why I built it

I run a few nodes for myself and family across different VPS providers, and I got tired of three things: hand-editing sing-box / Xray JSON, juggling TLS certificates, and walking non-technical people through importing a config by hand.

Existing panels are good, but I wanted one that does two things differently:

  1. Runs sing-box and Xray at the same time, in one binary.
  2. Helps you choose what to deploy, instead of dumping every protocol option on you and assuming you know the tradeoffs.

What it does

  • Two engines, one binary — sing-box (default) + Xray side by side, for 11 inbound protocols total: VLESS-Reality, VLESS-WS, VMess-WS, Trojan-TLS, Hysteria2, TUIC v5, Shadowsocks-2022, AnyTLS, SOCKS5, plus VLESS-XHTTP-Reality / -TLS on Xray.
  • Setup wizard — pick your use case and your client, and it recommends a protocol mix.
  • Per-client subscriptions — generates links in each client's own format (Shadowrocket, v2rayN, V2RayNG, Hiddify, Stash, Surge, sing-box, Karing, Mihomo Party, Loon, Quantumult X…), so they connect on import with zero manual editing.
  • Multi-user — per-user credentials, traffic quotas, expiry dates, resets.
  • Outbound optimization — CDN preferred-IP, Argo tunnels, WARP outbound, one tap each.
  • One-click category routing — route AI / streaming / dev-tools / ad-block traffic to WARP / direct / block. It can also capture the domains you actually hit in real time and turn them into routing rules.
  • Ops & security — Let's Encrypt (HTTP or DNS validation), self-signed certs out of the box, IPv4/IPv6 dual stack, a Telegram management bot, encrypted backup/restore, and a firewall that only opens the ports actually in use.

Stack

Go + Gin backend, React/TS/Vite/Tailwind/shadcn-ui frontend embedded into the binary, SQLite via a pure-Go driver (no CGO), ACME via lego. Runs on Debian/Ubuntu/CentOS/Alma/Rocky/Fedora, amd64 + arm64. Panel UI in 6 languages.

The two engines run as separate processes behind one control plane, with a NodeClient interface seam so that adding multi-node management later stays purely additive rather than a rewrite.

Install

git clone https://github.com/aipo-lenshow/EdgeNest.git
cd EdgeNest
sudo bash scripts/install.sh
Enter fullscreen mode Exit fullscreen mode

There's also a prebuilt-tarball install for low-memory or offline boxes — no git, no compile.

Feedback welcome

It's a fresh first release, so I'd really appreciate feedback — especially on the protocol wizard and the per-client subscription output. Issues and PRs are open.

(Disclosure: I'm the developer. English isn't my first language, so I used an LLM to help word this post — the project and architecture are mine.)

Top comments (0)