explaingit

jestivald/node-accelerator

20ShellAudience · ops devopsComplexity · 3/5Setup · hard

TLDR

A set of shell scripts that optimize, harden, and diagnose Linux servers running VPN node software, tuning the kernel for high network throughput, adding firewall and intrusion prevention, and producing a pass/warning health report.

Mindmap

mindmap
  root((node-accelerator))
    Modules
      Optimizer
      Protection
      Diagnostics
    Optimizer features
      XanMod kernel
      BBRv3 congestion
      Multi-core packets
    Protection features
      nftables firewall
      CrowdSec IPS
      Per-IP rate limits
    Supported OS
      Debian 11-13
      Ubuntu 20-24
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run the optimizer script on a VPS to install the XanMod kernel with BBRv3 and spread packet processing across all CPU cores, removing the single-core network bottleneck

USE CASE 2

Apply the protection script to add per-IP connection rate limits and CrowdSec intrusion prevention without breaking existing Docker networking

USE CASE 3

Run the diagnostics script to get a pass/warning health report on kernel version, BBR status, firewall state, and open ports before going live

USE CASE 4

Roll back any script's changes with a single rollback command if something breaks after applying the optimizations

Tech stack

ShellLinuxnftablesCrowdSecXanMod

Getting it running

Difficulty · hard Time to first run · 1h+

Targets Debian 11-13 and Ubuntu 20.04-24.04 only, requires root access and a server already running Xray VPN node software, README is written in Russian.

License terms are not mentioned in the explanation.

In plain English

Node-accelerator is a collection of shell scripts for tuning, securing, and diagnosing Linux servers that run VPN node software, specifically setups using Xray with VLESS-Reality, xHTTP, Hysteria2, and TUIC protocols. The README is written in Russian, and the project targets Debian 11 through 13 and Ubuntu 20.04 through 24.04. All three modules are designed to be safe to run more than once without causing problems, and every change can be undone with a single rollback command. The optimizer script pushes a server toward higher network throughput. It installs the XanMod kernel variant with BBRv3 congestion control, adjusts dozens of kernel network settings including socket buffer sizes and connection tracking limits, and distributes incoming packet processing across all available CPU cores. On a typical cloud server, all incoming traffic handling defaults to a single CPU core, which becomes a bottleneck before the network card does. The script also raises system limits on open files and processes, disables transparent huge pages, and sets the CPU governor to performance mode. The protection script sets up a firewall using nftables and installs CrowdSec, a community-driven intrusion prevention system. It adds per-IP rate limits on new TCP connections and UDP packets, automatically bans addresses that probe closed ports, blocks common port-scan packet types, and guards against SSH brute force. Importantly it manages only its own nftables table rather than wiping the entire ruleset, so existing Docker networking and CrowdSec rules are left untouched. IPv6 is covered alongside IPv4 throughout. A built-in safety timer resets the firewall rules automatically if you lose SSH access after applying them. The diagnostics script produces a read-only report covering kernel version, BBR status, network settings, connection tracking, firewall state, and open ports, with a pass or warning marker next to each item and suggestions for what to fix. The project's README notes that it replaces an older toolkit that had incorrect rule ordering, global rate limits instead of per-IP limits, and no IPv6 coverage.

Copy-paste prompts

Prompt 1
I'm running an Xray VLESS-Reality VPN node on Debian 12. Walk me through running the node-accelerator optimizer script and explain what each kernel setting it changes actually does.
Prompt 2
My VPN node is on a 4-core cloud server but all traffic hits one CPU core. How does node-accelerator fix this, and exactly which Linux kernel settings does it change?
Prompt 3
I want to add CrowdSec and nftables rules to my VPN node without breaking my existing Docker networking. How does the node-accelerator protection script handle this safely?
Prompt 4
After running node-accelerator on my server, how do I verify that BBRv3 is actually active and that the firewall rules applied correctly?
Open on GitHub → Explain another repo

← jestivald on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.