v3.0.0

REMNAWAVE REVERSE PROXY

🚀 Major Changes

📦 Модульная архитектура скрипта

• Скрипт полностью реорганизован в модульную структуру для удобства поддержки и расширения
• Модули разделены по категориям:
  • src/nginx/*.sh — установка с веб-сервером Nginx
  • src/caddy/*.sh — установка с веб-сервером Caddy
  • src/modules/*.sh — общие модули (add_node, warp, ipv6, manage_panel)
  • src/api/remnawave_api.sh — API функции для работы с панелью
  • src/lang/*.sh — языковые файлы (en, ru)
• Автоматическая загрузка и обновление модулей при обновлении скрипта

---

🌐 Новый веб-сервер Caddy

• Добавлена поддержка Caddy 2.11.2 в качестве альтернативы Nginx
• Работает через Unix-сокет (/dev/shm/nginx.sock) аналогично Nginx
• Автоматическое получение и продление SSL-сертификатов (встроенный ACME)
• Доступен для всех режимов установки: панель+нода, только панель, только нода

---

🔐 OAuth2 Telegram авторизация

• Добавлена поддержка Telegram OAuth для входа в панель

Nginx конфигурация (добавляется в блок server панели):

# OAuth2 Telegram login
location ^~ /oauth2/ {
    if ($http_referer !~ "^https://oauth\.telegram\.org/") {
        return 444;
    }

    proxy_http_version 1.1;
    proxy_pass http://remnawave;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_send_timeout 60s;
    proxy_read_timeout 60s;
}

Caddy конфигурация (автоматически добавляется в Caddyfile):

@oauth2 {
    path /oauth2/*
    header Referer https://oauth.telegram.org/*
}

handle @oauth2 {
    reverse_proxy {BACKEND_URL} {
        header_up Host {host}
    }
}

@oauth2_bad {
    path /oauth2/*
    not header Referer https://oauth.telegram.org/*
}

handle @oauth2_bad {
    abort
}

⚠️ Для существующих установок: Добавьте конфигурацию вручную в nginx.conf или Caddyfile

---

🔧 Оптимизация Docker Compose

• Внедрены YAML anchors для уменьшения дублирования конфигурации:

x-common: &common
  ulimits:
    nofile:
      soft: 1048576
      hard: 1048576
  restart: always

x-networks: &networks
  networks:
    - remnawave-network

x-logging: &logging
  logging:
    driver: json-file
    options:
      max-size: 100m
      max-file: 5

x-env: &env
  env_file: .env

• Сервисы используют комбинации anchors: <<: [*common, *logging, *env, *networks]
• Убрано дублирование ulimits, restart, logging для каждого сервиса
• Увеличен лимит логов с 30m до 100m на файл
• Обновлены версии образов:
  • postgres: 18.1 → 18.3
  • valkey: 9.0.0-alpine → 9.0.3-alpine
• Добавлен volume valkey-socket для Unix-сокета Redis
• Redis настроен на работу через Unix-сокет (--unixsocket /var/run/valkey/valkey.sock)
• Убрано жёсткое задание подсети для remnawave-network

---

🔌 NET_ADMIN для ноды

• Добавлен cap_add: NET_ADMIN для контейнера remnanode
• Необходимо для работы плагинов

---

📝 Обновления .env файла

Новые переменные:

Переменная	Описание
REDIS_SOCKET	Путь к Unix-сокету для подключения к Redis (Valkey): /var/run/valkey/valkey.sock
TELEGRAM_BOT_PROXY	Опциональный прокси для Telegram бота (формат: socks5://user:password@host:port)
TELEGRAM_NOTIFY_SERVICE	Chat_id для сервисных уведомлений
TELEGRAM_NOTIFY_TBLOCKER	Chat_id для уведомлений трафик-блокера
NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED	Включение уведомлений о неподключённых пользователях (true/false)
NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS	Интервалы в часах для уведомлений (например: [6, 24, 48])

Удалены переменные:

• TELEGRAM_NOTIFY_USERS_THREAD_ID
• TELEGRAM_NOTIFY_NODES_THREAD_ID
• TELEGRAM_NOTIFY_CRM_THREAD_ID

Теперь thread_id указывается в основной переменной через двоеточие: "-100123:80"

---

🌍 Обновлены переводы

• Улучшены и актуализированы все тексты сообщений в русском и английском языках

v2.3.0

REMNAWAVE REVERSE PROXY

🚀 Major Changes

🛡 Gcore Certificate Generation

• Added new method to generate domain certificates via Gcore

🌐 Real IP for Subscription Page

• Added proper proxy headers in nginx.conf for the subscription page server block (panel + node setup):

proxy_set_header X-Real-IP        $proxy_protocol_addr;
proxy_set_header X-Forwarded-For  $proxy_protocol_addr;

• Subscription page now correctly shows the real client IP when updating subscriptions via your connection client

🔧 Nginx Hash Table Optimization

• Added server_names_hash_bucket_size 64; to nginx.conf
• Fixes the error “could not build the server_names_hash” for long or complex domain names
• Increases hash bucket size for reliable server_name handling

🔒 Subscription Page Error Handling

• Changed @redirect from return 404; to return 444; in nginx.conf
• Improves security and prevents unnecessary 404 logs

🔑 API Token for Subscription Page

• Subscription Page now requires an API token
• On fresh installation (panel only or panel + node), the API token is automatically generated and already added to the configuration
• On existing (old) installations, you need to manually create an API token in your panel and add the environment variable REMNAWAVE_API_TOKEN=your_token_here in docker-compose.yml under the subscription-page service

⚙️ Subscription Page Configuration

• New environment variable SUBSCRIPTION_UI_DISPLAY_RAW_KEYS=true
• When enabled, shows raw vless:// links in the subscription UI
• By default hidden when HWID binding is active

🌍 Updated Translations

• Improved and updated translations across the entire project

v2.2.0

REMNAWAVE REVERSE PROXY

🚀 Major Changes

🔐OAuth Provider Detection via API

• Replaced .env file checking with API-based OAuth provider detection
• Now uses GET /api/auth/status endpoint to dynamically verify enabled authentication providers:
• GitHub OAuth2
• Yandex OAuth2
• PocketID OAuth2
• Telegram authentication

📦Node Configuration Simplification

• Removed .env-node file from node configurations
• Migrated all node environment variables to docker-compose.yml for easier management. Only two parameters required now:
  NODE_PORT - Port for node communication (default: 2222)
  SECRET_KEY - Contains node certificates
• Previous parameters APP_PORT and SSL_CERT from .env-node are no longer needed

🎨Panel Management Improvements

• Removed Legiz rule templates
• Panel rule management is now simplified - all configurations are done directly in Remnawave panel interface

v2.1.9

REMNAWAVE REVERSE PROXY

🚀 Major Changes

• Debian 13 Support 🐧

• Replaced dynamic IP fetching with a static IP 172.30.0.1 for panel and node configurations.

• Updated .env and docker-compose.yml for seamless operation.

Domain Uniqueness Check 🔍

• Introduced the check_node_domain function to verify domain availability using the /api/nodes endpoint.
• Integrated into add_node_to_panel with a loop to prompt for a unique domain if the provided one is already in use.

New Editing Features ✍️

• Added an app-config.json editor for streamlined application configuration.
• Introduced a branding editor for customizing the visual identity.
• Implemented app deletion functionality for better management.

IPv4 Configuration Update 🌐

• Replaced ForceIPv4 with UseIPv4 for more flexible network handling.

SNI Templates Fix 🛠️

• Resolved issues with SNI templates to ensure stability and proper request handling.

v2.1.4

REMNAWAVE REVERSE PROXY

🚀 Main Changes

• add script backup and restore from distillium
• refactor generate_xray_keys function to use new API endpoint /api/system/tools/x25519/generate

v2.1.0

REMNAWAVE REVERSE PROXY

🚀 Main Changes

🆕Features

• Custom Branding for Subscription Page: Added support for configuring custom branding (name, support URL, logo URL) for the subscription page during setup via Legiz extensions. Refer to the configuration reference for details.

• Updated .env Configuration: Enhanced the .env file structure to support new customization options, improving flexibility for deployment.

🔧Fixes

• Certificate Domain Assignment: Resolved an issue in the installation_panel and installation_node functions for the Cloudflare method (CERT_METHOD=1). Now correctly sets PANEL_CERT_DOMAIN, SUB_CERT_DOMAIN, and NODE_CERT_DOMAIN to their respective base domains, ensuring proper SSL certificate paths in Nginx configurations.

Token Validation in get_panel_token: Fixed token validation issues by:

• Adding robust validation for API responses, handling 401 Unauthorized errors and invalid JSON.
• Implementing a final token verification step to ensure only valid tokens are used.
• Preventing script continuation with invalid tokens, resolving errors like jq: error: Cannot iterate over null.

🗂Improvements

• Xray Configuration: Removed QUIC protocol

v2.0.7

REMNAWAVE REVERSE PROXY

🚀 Main Changes

🔧 Update Check Addition:

• Introduced a new function to check for available software updates. This ensures users can stay up-to-date with the latest features and security patches seamlessly.

🔧 Notification Updates:

• Added update notifications in the main menu, enabling users to easily identify and install new software versions for improved usability.

🔧 ACME Certificate Renewal - Port 80 Handling:

• Implemented the update_current_certificates function to automatically open and close port 80 for ACME-based (HTTP-01 challenge) certificate renewals. This enhances reliability and security by automating certificate updates with minimal manual intervention.
• Added cron job integration to correctly handle port 80 opening and closing during certificate renewals, ensuring consistent and secure operation.

v2.0.5

REMNAWAVE REVERSE PROXY

🚀 Main Changes

🔧Subpage and Application Features:

• Introduced Orion subpage for enhanced user navigation
• Added HWID-only application list for improved security and access control
• Implemented jsDelivr fallback for reliable subpage downloads
• Refactored subpage menu for better usability and maintainability

🔧Squad Update Fixes:

• Updated get_default_squad to return all squad UUIDs instead of a single default squad
• Modified main script to iterate over all squad UUIDs and call update_squad for each
• Added robust error handling and logging for squad updates

🗂Updated get_panel_token function:

• Added support for new OAuth providers: GitHub, PocketID, and Yandex

🔧Fix:

• manage_warp and view_logs function

Remove:

• Deletion of existing UFW ports to prevent unintended configuration loss

v2.0.0

REMNAWAVE REVERSE PROXY

🚀 Main Changes

🆕 New Features and Capabilities

🔧 WARP Native Integration (by distillium)

• Added a complete WARP Native management module
• Ability to install and remove WARP Native
• Integration of WARP configuration into panel nodes

🗂 Improved Panel/Node Management

• New unified "Panel/Node Management" menu
• Real-time container log viewing
• Centralized management for starting/stopping/updating

🗑 Script Removal System

• Safe removal of only the script and local files
• Full removal including panel/node data
• Confirmations to prevent accidental deletion

🌐 API Endpoints

New:

• /api/config-profiles - configuration profile management
• /api/internal-squads - internal squads management

Removed:

• /api/xray - replaced with config-profiles
• /api/inbounds - replaced with new architecture

🎨 Interface Reorganization

• Unified panel/node management functions
• Added WARP Native module
• Added script removal system
• Optimized navigation

v1.7.5

REMNAWAVE REVERSE PROXY

🔧 Docker Images Fixes
Pinned Docker image versions to improve stability:

remnawave/backend: from latest to 1.6.16
remnawave/node: from latest to 1.6.4

🛡️ Security and Stability Improvements
Added container existence checks before performing template operations:

Check for remnawave container in the function manage_template_upload
Check for remnawave-subscription-page container in the function manage_sub_page_upload

If container is missing, an appropriate error message is shown