explaingit

vzzoxo/xiaoyizi

Analysis updated 2026-06-24

42JavaScriptAudience · ops devopsComplexity · 4/5LicenseSetup · moderate

TLDR

Self-hosted Node.js web panel for running a multi-protocol proxy service (VLESS Reality, Shadowsocks, Hysteria 2) with users, AWS node automation and Telegram bot.

Mindmap

mindmap
  root((xiaoyizi))
    Inputs
      VPS over SSH
      AWS accounts
      Telegram bot
    Outputs
      Signed subscription links
      Traffic accounting
      Rotating IPs
    Use Cases
      Run a small proxy service
      Rotate AWS exit IPs
      Reward users via Telegram
    Tech Stack
      Node
      Express
      SQLite
      PM2
      Tailwind
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Self-host a multi-protocol proxy panel for a small group

USE CASE 2

One-click deploy proxy nodes onto VPSes over SSH

USE CASE 3

Rotate AWS EC2 and Lightsail exit IPs when nodes get blocked

USE CASE 4

Run a Telegram bot that grants traffic via daily check-ins and mini-games

What is it built with?

NodeExpressSQLitePM2TailwindAWS

How does it compare?

vzzoxo/xiaoyizixuanlinai/overmindshootthesound/comfyui-angelo
Stars424339
LanguageJavaScriptJavaScriptJavaScript
Setup difficultymoderatemoderatemoderate
Complexity4/54/53/5
Audienceops devopsdeveloperdesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

One-liner installer pulls Node 22, PM2, Nginx and Let's Encrypt, but you still need a domain and AWS keys before automation works.

MIT license, free to use, modify, and redistribute with attribution.

In plain English

xiaoyizi, with a README written in Chinese, is a self-hosted management panel for running a multi-protocol proxy service for one person or a small group. It is built on Node.js 22, Express 5, and SQLite via the better-sqlite3 driver, and runs under PM2. The README says it brings users, nodes, subscriptions, traffic accounting, and day-to-day operations into a single web panel, with support for the VLESS Reality, Shadowsocks, and Hysteria 2 protocols. On the user side the panel handles email signup and login, password recovery, invite codes, user groups, traffic quotas, and expiry freezing. The subscription endpoint auto-detects the client by User-Agent for Clash, Sing-box, v2ray, Shadowrocket, and similar tools, signs links to deter copy-paste theft, applies IP and token rate limits, and runs abuse detection. Nodes are deployed one-click onto any VPS over SSH password or key, with optional SOCKS5 chaining. Health is tracked through a long-lived WebSocket between the panel and a node-side agent, plus liveness checks on xray and Hysteria processes. The automation features are oriented around AWS. The panel manages multiple EC2 and Lightsail accounts, can create instances and rotate IPs (including the Wavelength edge zones), and uses a detection-rotate-sync loop when a node looks blocked from the user's network. UUIDs and subscription tokens rotate on a per-user-group schedule. A Telegram bot ties into all of this: daily check-ins grant traffic, consecutive days bump the user into family, SVIP, or SSVIP tiers at 7, 15, and 30-day thresholds, and three mini-games (a weekly wheel, daily card flip, and daily rock-paper-scissors) hand out small rewards. Bot commands include /me, /sub, and /adminstats. Deployment is a single bash one-liner that fetches install.sh from the repo and runs through system dependencies, Node 22, PM2, code checkout, a generated .env, Nginx with Let's Encrypt SSL, PM2 startup, and a health check, on Debian 11 or Ubuntu 20.04 and up. The first registered user becomes admin. Two required env vars are PANEL_DOMAIN and SESSION_SECRET. The stack also includes EJS templates, Tailwind CSS, AWS SDK v3, and the ws WebSocket library. The security section lists Helmet with a strict Content Security Policy and per-request nonce, CSRF double protection by Origin header and token, login rate limiting and captcha attempt caps, scrypt password hashing with bounded parameters, AES-256-GCM at rest for AWS credentials, optional HMAC-signed subscription links, multi-layer rate limiting by IP, token, and behaviour, and timing-safe comparisons. The project is MIT-licensed.

Copy-paste prompts

Prompt 1
Walk me through running the xiaoyizi install.sh one-liner on a fresh Debian 11 VPS.
Prompt 2
Set PANEL_DOMAIN and SESSION_SECRET for xiaoyizi and bring up the panel under PM2 and Nginx.
Prompt 3
Explain how xiaoyizi auto-detects Clash, Sing-box and Shadowrocket via User-Agent on the subscription endpoint.
Prompt 4
Configure xiaoyizi to manage two AWS accounts and rotate IPs when the detection loop flags a block.
Prompt 5
Wire the xiaoyizi Telegram bot's /me, /sub and /adminstats commands and the family/SVIP/SSVIP tier thresholds.

Frequently asked questions

What is xiaoyizi?

Self-hosted Node.js web panel for running a multi-protocol proxy service (VLESS Reality, Shadowsocks, Hysteria 2) with users, AWS node automation and Telegram bot.

What language is xiaoyizi written in?

Mainly JavaScript. The stack also includes Node, Express, SQLite.

What license does xiaoyizi use?

MIT license, free to use, modify, and redistribute with attribution.

How hard is xiaoyizi to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is xiaoyizi for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.