CHANGELOG.md

Changelog

All notable changes to MoaV will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

1.4.5 - 2026-03-09

Fixed

• Snowflake build failing in Russia — git clone from gitlab.torproject.org times out in countries where it's blocked; replaced with go install via Go module proxy (proxy.golang.org, Google CDN) which bypasses the block. Applies to both Dockerfile.snowflake (proxy) and Dockerfile.client (snowflake-client)

Changed

• DNS documentation refreshed — New "Do I Need a Domain?" section, domain-less mode guide, split port forwarding tables (domain-less vs with domain), all protocols/ports updated, Raspberry Pi tips, CGNAT troubleshooting
• telemt updated to 3.3.14
• TrustTunnel updated to 1.0.13
• TrustTunnel Client updated to 1.0.19

1.4.4 - 2026-03-03

Added

• Auto-detect missing .env variables — moav update now compares your .env with .env.example and offers to auto-add new variables with defaults (timestamped separator for easy review)
• CDN WS path auto-generation — Bootstrap generates a random realistic API-like path (e.g., /api/v3/storage/download/update-bundle-4821.bin) instead of the obvious /ws, persisted in state for consistency across regenerations
• HTTPUpgrade as default CDN transport — Less fingerprinted by DPI than WebSocket; configurable via CDN_TRANSPORT env var (httpupgrade or ws)
• TLS fingerprint randomization — All protocols now use fp=random (rotates real browser fingerprints: Chrome, Firefox, Safari, Edge) instead of hardcoded chrome
• Domain naming strategy guide — New section in DNS docs with good/bad domain name examples and CDN subdomain advice for DPI evasion
• CDN split SNI/Address/Host — Client configs now use root domain as TLS SNI (less suspicious to DPI than cdn.domain.com), with CDN subdomain only in the encrypted Host header for Cloudflare routing. Optional CDN_ADDRESS for full domain separation (CDN_SNI, CDN_ADDRESS env vars)
• Cloudflare SSL Flexible requirement — Added clear documentation about SSL mode requirement across DNS, Setup, and Troubleshooting docs (prevents 525 errors)
• Shell autocompletion — moav install now installs bash/zsh completions for all commands, subcommands, services, profiles, and protocols; moav uninstall removes them
• Admin dashboard redesign — Services displayed as cards with auto-fill grid layout, green border for running services; favicon and logo in browser tab/header; centered footer with version and GitHub link
• moav user revoke telemt support — Revoking a user now removes their MTProxy secret from all three telemt config sections and restarts telemt

Fixed

• moav update crashing silently — check_component_versions() failed under set -euo pipefail when version variables (e.g., TELEMT_VERSION, SLIPSTREAM_VERSION) were missing from older .env files; grep returning exit code 1 killed the script before reaching check_env_additions()
• moav logs <service> showing all containers — Service names like slipstream were resolved as profile aliases (→ dnstunnel), causing --profile dnstunnel to show all DNS tunnel services; now checks exact profile names first, then falls back to service resolution
• Domainless mode unbound variable crash — TROJAN_LINK, HY2_LINK, and their IPv6 variants were referenced unconditionally but only set when a domain is configured; all references now guarded with [[ -n "${VAR:-}" ]]
• moav uninstall aborting on root-owned files — Docker-created files under configs/, state/, outputs/ are owned by root; set -euo pipefail + rm = permission denied = script abort; now uses _wrm() helper with sudo fallback
• Permission denied on state/users/ and configs/ — Docker containers create directories as root; non-root users couldn't write when adding/revoking users; added sudo mkdir/chmod fallback in user-add and user-revoke scripts
• mv interactive prompt on Debian/Ubuntu — Default mv -i alias caused scripts to hang waiting for confirmation; all mv calls now use mv -f across all scripts
• xxd: command not found on minimal systems — Replaced all xxd -p usage with POSIX-portable od -An -tx1 | tr -d ' \n' (xxd requires vim package, not installed on minimal Raspberry Pi OS)
• Docker Compose service status checks always returning true — docker compose ps --status running returns exit code 0 with only a header row even when no containers match; all service-running checks now use tail -n +2 | grep -q . to skip the header and verify actual container output exists
• User add failing when WireGuard not running — Config file existing was enough to trigger WireGuard peer add attempt; now checks if the Docker service is actually running first, skips gracefully with info message if not
• Snowflake dashboard false positive — check_service_status("snowflake") was hardcoded to return "running"; changed to "unknown" with distinct ? indicator and hover tooltip explaining host networking limitation
• AmneziaWG awg binary missing from Docker image — Built in multi-stage builder but never copied to final image; added COPY --from=builder /usr/bin/awg /usr/bin/awg
• Grafana dashboard starring silently failing — star_dashboards() used GNU wget flags (--user, --password, --auth-no-challenge) unsupported by BusyBox wget in the official Grafana Alpine image; replaced with --header "Authorization: Basic ..." which works everywhere. Also added missing moav-amneziawg to star list
• Dashboard user protocol tags incomplete — telemt detection checked wrong filename (telegram-mtproxy.txt instead of telegram-proxy-link.txt); added missing dnstt and Slipstream protocol detection

Changed

• CDN bundle files renamed — cdn-vless-ws-singbox.json → cdn-vless-singbox.json, cdn-vless-ws.txt → cdn-vless.txt (reflects transport-agnostic naming)

1.4.1 - 2026-03-02

Added

• Telegram MTProxy (telemt) — Rust-based MTProxy with Fake-TLS V2 for direct Telegram access in censored regions
  • New telemt service on port 993/tcp (IMAPS port — blends with expected TLS traffic)
  • Fake-TLS V2: real certificate emulation, timing simulation, ALPN enforcement (mimics dl.google.com)
  • Per-user 32-hex secrets with configurable connection limits (TELEMT_MAX_TCP_CONNS, TELEMT_MAX_UNIQUE_IPS)
  • tg://proxy and https://t.me/proxy links auto-generated in user bundles with QR codes
  • No domain required — works with IP address only (fake-TLS domain is for DPI evasion, not DNS)
  • No client binary needed — users connect via official Telegram app
  • Profile: telegram (aliases: tg, mtproxy, telemt)
  • ENABLE_TELEMT=true by default
• Telegram MTProxy Grafana Dashboard — Per-user connection monitoring
  • Active Users, Total/Bad Connections, Handshake Timeouts, Uptime stat panels
  • Connection Rate, Active Connections & Users, Bandwidth Rate time series
  • Per-user breakdown: Active Connections by User, Unique IPs by User
  • Per-User Details table and ME Health (Messaging Engine) charts
• moav user add telemt integration — New users automatically get MTProxy secrets and tg://proxy links

Fixed

• Grafana proxy 502 errors — Race condition where grafana-proxy started before Grafana was ready; added readiness wait loop
• Grafana dashboard starring fails on HTTPS — star_dashboards() was using http:// but Grafana runs HTTPS when certs are found; now uses matching protocol with --no-check-certificate
• dnstt/Slipstream "cannot resolve sing-box" warning — Race condition where DNS tunnels started before sing-box was registered in Docker DNS; added depends_on: sing-box: condition: service_healthy
• telemt metrics not scraped by Prometheus — telemt's metrics_whitelist defaults to localhost-only; added metrics_whitelist = ["0.0.0.0/0"] to generated config
• moav restart grafana restarting entire monitoring stack — Service names like grafana, prometheus were being resolved as profile aliases to monitoring; restart/stop now only match exact profile names
• Slipstream build arguments — Fixed build failures from incorrect argument passing

Changed

• Fake-TLS default domain — Changed from www.google.com to dl.google.com (whitelisted during Iran's Jan-Feb 2026 shutdowns, less commonly used as proxy SNI fingerprint)
• telemt per-user limits configurable — TELEMT_MAX_TCP_CONNS (default: 100) and TELEMT_MAX_UNIQUE_IPS (default: 10) via .env

1.4.0 - 2026-03-01

Added

• Slipstream DNS Tunnel — QUIC-over-DNS protocol (1.5-5x faster than dnstt)
  • New slipstream service using pre-built Rust binaries from slipstream-rust
  • Resolver mode (default, ~63 KB/s, stealthier) and authoritative mode (~3.9 MB/s, exposes server IP)
  • ECDSA P-256 self-signed certificate generated during bootstrap
  • Full client support: cert distribution, client instructions, client-test, client-connect
  • Client guide (EN/FA) with protocol description and setup instructions
• DNS Router — Lightweight Go UDP forwarder for running multiple DNS tunnels on port 53
  • Routes DNS queries by domain suffix to dnstt or Slipstream backends
  • Supports single-backend mode (routes all traffic when only one tunnel is enabled)
• dnstunnel Profile — Unified profile for all DNS tunnel services (dns-router + dnstt + Slipstream)
  • Profile aliases: dnstt, dns, slip, slipstream all resolve to dnstunnel
  • Individual toggles: ENABLE_DNSTT and ENABLE_SLIPSTREAM control which backends are active
• moav logs Profile Support — moav logs dnstunnel now shows logs for all services in a profile (was silently failing for profile names)

Fixed

• Decoy Container Profile Mismatch — certbot depends on decoy, but decoy was missing profiles (wireguard, dnstunnel, trusttunnel) causing invalid compose project errors when starting non-proxy profiles
• Slipstream Binary on Alpine — Pre-built Rust binaries are glibc-linked; Slipstream server switched to debian:bookworm-slim, client container uses gcompat + libgcc + libc6-compat

Changed

• dnstt Profile Renamed — dnstt profile renamed to dnstunnel (backwards-compatible via alias)
• dnstt Port Mapping — dnstt no longer binds host port 53 directly; dns-router handles port 53 and routes to backends

1.3.8 - 2026-02-27

Added

• Decoy Website — Interactive backgammon game replaces "Under Construction" page
  • Anti-fingerprinting: randomized titles, headings, footers, and color themes on each container start
  • 8 distinct color palettes, random hex comment to change file hash per deployment
  • Uses nginx docker-entrypoint.d mechanism with tmpfs for ephemeral randomized content
• Connection Optimization Tips in User Bundle — Inline per-protocol optimization guidance in README.html
  • Reality: TLS Fragment tip with Hiddify/v2rayNG settings, MUX warning (incompatible with Vision)
  • Trojan: TLS Fragment + MUX tips with app-specific values
  • CDN VLESS+WS: MUX tip, note that Fragment doesn't help (TLS at Cloudflare)
  • Hysteria2: no tips (QUIC, nothing to tweak)
• Multi-user Revoke — moav user revoke now accepts multiple usernames in one command
• AmneziaWG Revoke — User revoke now properly removes AmneziaWG peers

Fixed

• CDN Domain Empty in User Bundle — {{CDN_DOMAIN}} in README.html was replaced with empty string
  • Root cause: user-add.sh and generate-user.sh didn't construct CDN_DOMAIN from CDN_SUBDOMAIN + DOMAIN
  • singbox-user-add.sh had the construction logic but it didn't propagate to the README generation
• Certbot Port 80 Conflict — Certbot standalone mode conflicted with decoy website on port 80
  • Switched certbot from --standalone to --webroot mode with shared ACME challenge volume
• Decoy Container Not Picking Up Config — docker compose restart doesn't apply compose file changes; documented need for --force-recreate

Changed

• sing-box — Updated to v1.12.23
• Decoy Website — Now accessible on HTTP port 80 (was only internal)
• Client Guide Docs — Added Connection Optimization section to docs/CLIENTS.md (Fragment & MUX per-protocol table)

1.3.7 - 2026-02-27

Added

• Conduit v2.0.0 Upgrade — Upgraded Psiphon Conduit to v2.0.0 with native Prometheus metrics
  • Native /metrics endpoint replaces custom log-parsing exporter and tcpdump-based GeoIP collector
  • Per-region client breakdown (conduit_region_connected_clients, conduit_region_bytes_downloaded/uploaded)
  • Ryve deep link displayed in container logs on startup for easy mobile import
  • Slimmed Dockerfile: removed geoip-bin, tcpdump, iproute2, procps (no longer needed)
• Conduit Grafana Dashboard — New panels for v2 native metrics
  • Live status panel (conduit_is_live), max clients panel (conduit_max_common_clients)
  • Connected clients by region timeseries chart
• Build Optimization — BuildKit cache mounts for Go compilation services
  • Go module and build caches persist across rebuilds (amneziawg, dnstt, snowflake, clash-exporter, client)
  • pip cache mount for admin image

Fixed

• Build Reliability — Fixed Go services failing during parallel moav build --no-cache
  • Root cause: 13+ parallel builds saturated network, causing TLS handshake timeouts on Go module downloads
  • Fix: two-phase build — Go services built sequentially first, then remaining services in parallel
  • Phase 2 now filters to only buildable services (skips image-only services like certbot, grafana)
• Go Version Pinning — Fixed Dockerfile.amneziawg and Dockerfile.dnstt build failures
  • Pinned amneziawg-go to tag v0.2.16 (was cloning unpinned default branch)
  • Updated dnstt builder from golang:1.21-alpine to golang:1.24-alpine to match upstream go.mod

Changed

• Conduit Environment Variables — CONDUIT_MAX_CLIENTS renamed to CONDUIT_MAX_COMMON_CLIENTS (backwards-compatible fallback in entrypoint)
• Prometheus Scrape Target — Conduit metrics now scraped directly from psiphon-conduit:9090 (was conduit-exporter:9101)
• Admin Dashboard — Conduit stats section now shows per-region data from native metrics endpoint
• Component Versions — Updated Prometheus default to 3.10.0, sing-box 1.12.22, AmneziaWG tools 1.0.20260223

Removed

• conduit-exporter service — Replaced by Conduit v2 native Prometheus endpoint
• exporters/conduit/main.py and exporters/conduit/Dockerfile — Custom log parser no longer needed
• scripts/conduit-stats-collector.sh — tcpdump-based GeoIP collector replaced by native per-region metrics
• scripts/conduit-stats.sh — Live CLI viewer replaced by Grafana dashboard

1.3.6 - 2026-02-19

Added

• Admin Dashboard User Creation - Create users directly from the web dashboard
  • "Create User" button in User Bundles section with collapsible form
  • Single user creation by username
  • Batch mode with checkbox: enter username + count to create name_01, name_02, etc.
  • Real-time script output log with dismiss button
  • Auto-refresh paused during user creation to prevent timeouts on batch operations
  • Scalable timeout: 60s per user in batch mode
• Admin Dashboard Docker Enhancements - Admin container can now run user management scripts
  • Full project mount (/project) for running user-add.sh via API
  • Docker socket mount for docker compose exec commands within scripts
  • qrencode installed for QR code generation in user bundles
• AmneziaWG Grafana Dashboard - Monitoring panel for AmneziaWG connections

Fixed

• Bootstrap Key Preservation - Bootstrap no longer regenerates existing keys on re-run
  • Reality, WireGuard, and AmneziaWG keys preserved across re-bootstrap
  • Prevents breaking existing user configs when re-bootstrapping
• WireGuard/AmneziaWG User Addition - Fixed multiple bugs in user-add flow
  • AWG peers now hot-reloaded into running container (previously required restart)
  • AWG IP allocation uses actual IPs from config + running interface (prevents collisions)
  • WG IP allocation checks both config file and running interface
  • Fixed stale peers with allowed ips: (none) after re-bootstrap
• Reality Public Key Derivation - Fixed empty pbk= in Reality client configs
  • Bootstrap no longer clobbers public key when sing-box generate reality-keypair --private-key is unavailable
  • Falls back to wg pubkey for x25519 key derivation (same curve as WireGuard)
  • singbox-user-add.sh auto-derives and saves public key if missing from state
• dnstt Public Key in README.html - Fixed empty dnstt pubkey in generated README.html
  • generate-user.sh was reading from dnstt-server.pub instead of dnstt-server.pub.hex
• User Regeneration - Fixed WG/AWG config regeneration after re-bootstrap

Changed

• Admin Dashboard UI - Create User form moved from separate card to inline toggle in User Bundles header
• Documentation - Added admin dashboard user creation to SETUP.md and CLI.md

1.3.5 - 2026-02-18

Added

• AmneziaWG protocol - DPI-resistant WireGuard fork with packet-level obfuscation (#48)
  • New amneziawg Docker service and profile (port 51821/udp)
  • Userspace Go implementation (amneziawg-go) for Docker compatibility
  • Random obfuscation parameters (Jc/Jmin/Jmax junk packets, S1/S2 padding, H1-H4 headers)
  • Separate subnet (10.67.67.0/24) from WireGuard (10.66.66.0/24)
  • Full client support: config generation, QR codes, client guide (EN/FA)
  • awg alias for moav start amneziawg
  • Client container includes awg-tools for AmneziaWG connections
• Protocol Integration Checklist - Developer documentation for adding new protocols to MoaV
• Version Bump Checklist - Developer documentation for release process

Fixed

• WireGuard MTU - Added MTU = 1280 to all WireGuard configs (server + client)
  • Fixes poor upload speeds on mobile networks behind CGNAT (e.g., Iranian carriers)
  • Applied to: direct, IPv6, and wstunnel-wrapped configs
• Grafana local build edge case fix
• DNS check before dnstt startup
• First start profile selection fix
• Bugfix #38
• Bugfix #44
• Local building bugfix

Changed

• Default Snowflake/Conduit bandwidth lowered (due to high usage)
• awg-tools updated to v1.0.20250903
• Developer checklists moved to docs/devdocs/

1.3.4 - 2026-02-14

Added

• Local Image Building - Build container images locally for regions with blocked registries
  • moav build --local - builds commonly blocked images (cAdvisor, clash-exporter)
  • moav build --local SERVICE - builds specific image (prometheus, grafana, etc.)
  • moav build --local all - builds ALL images locally (docker-compose + external)
  • Automatically updates .env to use local images
  • Available images: cadvisor, clash-exporter, prometheus, grafana, node-exporter, nginx, certbot
  • Uses pre-built binaries from GitHub releases (avoids compilation, works on 1GB servers)
  • Version control via .env variables (PROMETHEUS_VERSION, GRAFANA_VERSION, etc.)
• Configurable Container Images - All external images now configurable via .env
  • IMAGE_PROMETHEUS, IMAGE_GRAFANA, IMAGE_NODE_EXPORTER, IMAGE_CADVISOR, etc.
  • Allows use of mirror registries when default registries are blocked
• Registry Troubleshooting Guide - New section in TROUBLESHOOTING.md for blocked registries

Changed

• Dockerfile Organization - All Dockerfiles moved to dockerfiles/ directory
  • Cleaner root directory structure
  • All docker compose commands work unchanged
• Alpine Base Image - Updated all Dockerfiles to Alpine 3.21 (from 3.19/3.20)
• Profile Support for Build - moav build monitoring now works (builds all monitoring services)

Fixed

• Uninstall --wipe - Now properly removes all Docker images
  • Fixed: images with non-default tags (e.g., moav-nginx:local) were not being removed
  • Now removes external images (prometheus, grafana, cadvisor, etc.)
  • Shows both built and pulled images before removal
• Build Counter Bug - Fixed moav build --local stopping after first image due to set -e with arithmetic

1.3.3 - 2026-02-13

Added

• Grafana CDN Proxy - Access Grafana through Cloudflare CDN for faster loading
  • New grafana-proxy nginx service on port 2083 (Cloudflare-supported HTTPS port)
  • Configure with GRAFANA_SUBDOMAIN in .env (e.g., grafana.yourdomain.com:2083)
  • Dynamic SSL certificate detection (Let's Encrypt or self-signed fallback)
• Grafana MoaV Branding - Custom logo, favicon, and app title
  • Replaces default Grafana branding with MoaV logo/favicon
  • Dynamic app title: "MoaV - {DOMAIN}" or "MoaV - {SERVER_IP}" for PWA home screen
  • Note: Uses file replacement since GF_BRANDING_* is Grafana Enterprise-only
• Dashboard Auto-Starring - All MoaV dashboards automatically starred on Grafana startup
• Conduit Peak Clients - New stat panel showing maximum concurrent clients in time range

Changed

• Subdomain Configuration - Cleaner .env format for CDN settings
  • GRAFANA_ROOT_URL → GRAFANA_SUBDOMAIN (just subdomain, URL constructed automatically)
  • CDN_DOMAIN → CDN_SUBDOMAIN (just subdomain, URL constructed automatically)
• Monitoring Default - ENABLE_MONITORING no longer set in .env.example
  • Users are now prompted when selecting "all" services
  • Prevents accidental monitoring on low-RAM servers
• Service URLs in output - moav start now shows Grafana CDN URL and VLESS+WS CDN URL when configured

Fixed

• Domainless Mode - Fixed bootstrap failing when running without a domain
  • Now properly disables all TLS protocols including TrustTunnel
  • Handles missing ENABLE_* vars in .env (adds them if not present)
• CLASH_API_SECRET Flow - Fixed monitoring setup during bootstrap
  • Secret is now properly copied from state volume to .env
  • ensure_clash_api_secret() runs before starting services after bootstrap
• Entrypoint Permissions - Added missing executable bit to entrypoint scripts
  • Fixes "modified files" warning during moav update
• sing-box User Connections Table - Fixed column display
  • Shows: User, Connections, Active (in correct order)
  • Hides metadata fields: name, instance, job
• Snowflake Bandwidth Clarification - Added tooltips explaining why container metrics (cAdvisor) show higher values than Snowflake dashboard (WebSocket/TLS overhead, broker connections)

1.3.1 - 2026-02-11

Added

• Conduit Exporter - Custom Prometheus exporter for Psiphon Conduit metrics
  • Parses [STATS] lines from conduit logs
  • Exposes: connected/connecting clients, upload/download totals, uptime
  • New Grafana dashboard: MoaV - Conduit
• Sing-box User Exporter - Custom Prometheus exporter for user tracking
  • Parses sing-box logs for [username] connection patterns
  • Tracks active users (5-minute window), total users, per-user connections
  • Protocol breakdown (Reality, Trojan, Hysteria2, etc.)
  • Updated sing-box dashboard with user metrics table and protocol pie chart

Changed

• Monitoring intervals reduced - Less CPU overhead
  • cAdvisor housekeeping: 10s → 30s
  • Prometheus scrape interval: 15s → 30s
• Snowflake dashboard fixed - Deduplicated metrics using max() aggregation
• Container dashboard improved - Network traffic now excludes monitoring containers
  • Filters out: prometheus, grafana, cadvisor, node-exporter, all exporters
  • Shows only actual proxy/service traffic
• Snowflake/WireGuard exporters now only run with monitoring profile (not standalone)
• Removed docker compose ps output after start commands (cleaner output)

Fixed

• Conduit exporter no longer has cross-profile depends_on issue
• Fixed duplicate metrics in Snowflake Grafana dashboard (3x values shown)
• Snowflake exporter replaced - Custom optimized version instead of third-party
  • Fixes high CPU usage (20-90%) from inefficient log parsing
  • Uses file position tracking instead of constant re-reading
  • Adaptive sleep intervals (1s when active, 5s when idle)
• Snowflake dashboard labels fixed - Now shows user perspective:
  • "Users Downloaded" = bandwidth users received (was confusingly labeled "Upload")
  • "Users Uploaded" = bandwidth users sent (was confusingly labeled "Download")

1.3.0 - 2026-02-10

Added

• Monitoring Stack - Optional Grafana + Prometheus observability (monitoring profile)
  • Grafana dashboards on port 9444 (configurable via PORT_GRAFANA)
  • Prometheus with 15-day retention (internal only, port 9091)
  • Node Exporter for system metrics (CPU, RAM, disk, network)
  • cAdvisor for container metrics (per-container CPU, memory, network)
  • Clash Exporter for sing-box proxy metrics (connections, traffic)
  • WireGuard Exporter for VPN peer statistics (peers, handshakes, traffic)
  • Snowflake Exporter for Tor donation metrics (people served, bandwidth donated)
  • Pre-built dashboards: System, Containers, sing-box, WireGuard, Snowflake
  • Uses existing ADMIN_PASSWORD for Grafana authentication
  • moav start monitoring or combine with other profiles
• PORT_GRAFANA environment variable (default: 9444)
• ENABLE_MONITORING toggle in .env
• Batch user creation - Create multiple users at once:
  • moav user add alice bob charlie - Add multiple named users
  • moav user add --batch 5 - Create user01, user02, ..., user05
  • moav user add --batch 10 --prefix team - Create team01..team10
  • Smart numbering: skips existing users (if user01-03 exist, creates user04, user05)
  • Services reload once at the end (not after each user) for efficiency
  • --package flag works with batch mode

Changed

• Admin dashboard simplified (connection/memory metrics moved to Grafana):
  • Removed Active Connections card
  • Removed Memory Usage card
  • Removed Active Connections table
  • Added Grafana link button in header
  • Kept: Conduit stats, User bundles, Service status, Total upload/download

Fixed

• moav user revoke menu crash - User list script was crashing when listing WireGuard peers after a user was revoked
  • Fixed grep pattern to only extract usernames from [Peer] blocks
  • Added proper error handling for missing peer IPs

Documentation

• Added docs/MONITORING.md with complete monitoring stack guide
• Documented: TrustTunnel and dnstt do not have metrics APIs (container metrics still available via cAdvisor)
• Added "Apply .env changes" section to TROUBLESHOOTING.md explaining that containers must be recreated (not just restarted) to pick up .env changes

Added

• Batch user creation - Create multiple users at once:
  • moav user add alice bob charlie - Add multiple named users
  • moav user add --batch 5 - Create user01, user02, ..., user05
  • moav user add --batch 10 --prefix team - Create team01..team10
  • Smart numbering: skips existing users (if user01-03 exist, creates user04, user05)
  • Services reload once at the end (not after each user) for efficiency
  • --package flag works with batch mode

Fixed

• moav user revoke menu crash - User list script was crashing when listing WireGuard peers after a user was revoked
  • Fixed grep pattern to only extract usernames from [Peer] blocks
  • Added proper error handling for missing peer IPs

Documentation

• Added "Apply .env changes" section to TROUBLESHOOTING.md explaining that containers must be recreated (not just restarted) to pick up .env changes

1.2.5 - 2026-02-07

Added

• moav uninstall command - Clean uninstallation with two modes:
  • moav uninstall - Remove containers, keep data (.env, keys, bundles)
  • moav uninstall --wipe - Complete removal including all configs, keys, and user data
  • Optional Docker images cleanup prompt during --wipe
  • Verbose output showing each file/directory being removed
• Component version update checking - moav update now compares versions:
  • Compares .env with .env.example after git pull
  • Shows available updates for sing-box, wstunnel, conduit, snowflake, trusttunnel
  • Prompts to update versions in .env
  • Shows rebuild command: moav build <services> --no-cache
• Unified service selection menu - Beautiful table-based menu for start/stop/restart
  • Consistent UI across all service operations
  • "ALL" option highlighted as "(Recommended)" in green
  • Shows v2ray app compatibility for proxy protocols
• moav build --no-cache flag for forcing container rebuilds
• Logs menu "Last 100 lines + follow" option (shows tail then continues following)
• Cloudflare Origin Rule documentation for CDN mode (required for port 2082 routing)

Changed

• Service selection menu improvements:
  • Proxy description: "Reality, Trojan, Hysteria2 (v2ray apps)"
  • TrustTunnel description: "TrustTunnel VPN (HTTP/2 + QUIC)"
  • Donation services: "Donate bandwidth via Psiphon/Tor"
  • Cancel option dimmed to de-emphasize
• Start/stop/restart now use unified menu instead of separate implementations
• dnstt auto-dependency (adding proxy) only applies to start, not stop/restart operations

Fixed

• WireGuard key generation permissions warning - Now uses umask 077 to create private keys with secure permissions (owner-only read)
• Bootstrap missing python3 - Added python3 to Dockerfile.bootstrap for placeholder replacement
• Stop/restart stopping extra services - Auto-adding proxy for dnstt now only happens during start

Documentation

• Complete CLI.md reference with all moav commands and options
• SETUP.md: Added "Uninstalling MoaV" section, expanded "Breaking Changes" guidance
• TROUBLESHOOTING.md: Added "Breaking changes after update" section with solutions
• DNS.md: Added Cloudflare Origin Rule setup for CDN mode (fixes 521 errors)
• Updated uninstall documentation across all relevant docs

1.2.4 - 2026-02-06

Added

• TrustTunnel VPN protocol integration - Modern VPN protocol from AdGuard using HTTP/2 and HTTP/3 (QUIC)
  • New trusttunnel Docker service and profile
  • TrustTunnel endpoint on port 4443 (TCP+UDP)
  • Full TOML config generation for CLI client
  • TrustTunnel section in client guide (HTML) with all app fields
  • Admin dashboard: TrustTunnel service status and "TT" protocol tag for users
• TrustTunnel CLI client (trusttunnel_client) in client container for testing
• moav start trusttunnel and service menu option
• User bundles now include trusttunnel.toml, trusttunnel.txt, and trusttunnel.json

Changed

• Client test gracefully falls back to endpoint reachability check when TUN device unavailable
• TrustTunnel app store links updated to correct URLs

Fixed

• README.html placeholder replacement broken - Multiple issues fixed:
  • local variable used outside function causing script exit with set -e
  • sed & character interpreted as "matched pattern" in replacement strings
  • awk escape sequence warnings (\& treated as plain &)
  • Multiline WireGuard configs breaking sed commands
  • Now uses Python-based replacement for reliable handling of special characters and multiline content
• TrustTunnel CLI client requires --config flag (was missing)
• TrustTunnel credentials format: [[client]] not [[credentials]], [[main_hosts]] not [[hosts]]

1.2.3 - 2026-02-06

Added

• CDN-fronted VLESS+WebSocket inbound - New protocol for Cloudflare CDN-proxied connections
  • sing-box vless-ws-in inbound on port 2082 (plain HTTP, Cloudflare terminates TLS)
  • Uses same user UUIDs as Reality (no extra credentials)
  • Client links generated when CDN_DOMAIN is set in .env
• CDN_DOMAIN config option - Set to your Cloudflare-proxied subdomain (e.g., cdn.yourdomain.com)
• CDN_WS_PATH config option - WebSocket path (default: /ws)
• PORT_CDN config option - CDN inbound port (default: 2082, a Cloudflare-allowed HTTP port)
• User bundles now include cdn-vless-ws.txt, cdn-vless-ws-singbox.json, and QR code when CDN is configured
• Documentation: "Adding a Domain After Domainless Setup" guide in SETUP.md
• Documentation: Full CDN setup guide with Cloudflare configuration steps

Changed

• moav status now displays CDN domain when configured
• User add message now mentions CDN VLESS+WS
• DNS.md Cloudflare section now includes optional cdn A record (Proxied)

Fixed

• moav client connect failing while moav test works - Connect mode was missing IPv6 URI parsing, causing "invalid address" errors when IPv6 configs were present
  • extract_host() and extract_port() now handle IPv6 URIs (@[addr]:port format)
  • Config file discovery now prefers IPv4 configs (reality.txt) before falling back to globs (reality*.txt)
  • WireGuard endpoint parsing now handles IPv6 addresses
  • Added field validation with debug logging for all protocols
  • Added port numeric validation for Reality and Trojan (was only in test mode)

1.2.2 - 2026-02-04

Breaking Changes

• Fresh setup required: This version includes protocol changes (Hysteria2 obfuscation, Reality target) that require regenerating both server configuration and all user configs. Existing users must receive new config files.

Added

• Hysteria2 Salamander obfuscation - Disguises QUIC traffic as random UDP to bypass Iranian/Chinese censorship
• HYSTERIA2_OBFS_PASSWORD config option (auto-generated if empty)
• moav config rebuild - Regenerates server config and all users with new credentials
• Update available notification in CLI header and admin dashboard
• Admin dashboard: User bundles table now shows creation date, sorted newest first
• Internet accessibility check (exit IP verification) for all protocol tests
• Component version management via .env file

Changed

• Default Reality target changed from www.microsoft.com to dl.google.com (less fingerprinted in censored regions)
• DNS fallback servers: removed Cloudflare DoH (failing), added Google UDP and Quad9 UDP
• moav config rebuild simplified - cleanly regenerates everything instead of complex state preservation
• Admin dashboard UI improvements

Fixed

• Critical: dnstt traffic not routing - sing-box mixed inbound was localhost-only
• Critical: Client container architecture mismatch - Fixed arm64/amd64 binary downloads
• Admin dashboard crash on load (connection_stats undefined)
• moav logs Ctrl+C now returns to menu instead of exiting
• moav logs proxy and moav logs reality aliases for sing-box
• moav regenerate-users now passes Hysteria2 obfuscation password
• moav test various fixes for dnstt and validation
• moav update conflicts from generated files

Security

• Hysteria2 obfuscation helps bypass QUIC fingerprinting and blocking in Iran/China

1.2.0 - 2026-02-03

Added

• moav update -b BRANCH - switch git branches during update (e.g., moav update -b dev)
• Profile aliases for moav start: sing-box, singbox, reality, trojan, hysteria → proxy
• Service aliases for restart/stop/logs: proxy, reality → sing-box
• Branch display in header and status when not on main branch
• moav test verbose flag (-v or --verbose) for debugging connection issues
• Multiple fallback DNS servers in sing-box config (Google, Cloudflare, Quad9 UDP)

Changed

• moav update now shows help with --help flag
• moav test now prefers IPv4 configs over IPv6 (tests reality.txt before reality-ipv6.txt)
• moav test treats IPv6 network failures as warnings instead of errors (IPv6 may not be available in container)
• Improved gitignore for generated WireGuard and dnstt files

Fixed

• moav update -b BRANCH arguments not being passed correctly
• Double header display when running moav interactive menu
• Script permissions (755) for all shell scripts in repository
• Generated files (server.pub, wg_confs/, coredns/) no longer trigger update conflicts
• WireGuard-wstunnel not forwarding traffic - wstunnel was trying to forward to localhost instead of wireguard container (changed 127.0.0.1:51820 to moav-wireguard:51820)
• moav test now correctly parses IPv6 addresses in URIs (e.g., [2400:6180::1]:443)
• moav test now validates parsed URI fields before generating config
• moav test now shows actual sing-box error messages instead of generic "failed to start"
• moav test now validates generated JSON config before running sing-box

1.1.2 - 2026-02-02

Added

• One-click VPS deployment buttons for Hetzner, Linode, Vultr, DigitalOcean
• Cloud-init script for automated VPS provisioning
• First-login welcome prompt for cloud-deployed servers
• Home VPN server documentation (Raspberry Pi, ARM64 support)
• Dynamic DNS (DDNS) guide for home servers (DuckDNS, Cloudflare)
• VPS deployment guide (docs/DEPLOY.md)
• Bootstrap confirmation prompt before running
• Domain-less mode support (WireGuard, Conduit, Snowflake without TLS)
• First-run loading indicator ("First run - checking prerequisites...")
• Disabled service indicators in status display (* suffix with legend)
• Disabled service indicators in service selection menu ((disabled) text)
• Install script -b BRANCH flag for testing feature branches
• Admin dashboard: User Bundles section with download functionality
• moav update now shows current branch and warns if not on main/master
• Admin dashboard URL shown in menu, status, and after starting services
• Admin dashboard now works in domain-less mode using self-signed certificates
• Certbot status explanation in moav status (clarifies "Exited (0)" is expected)
• Admin URL now shows server public IP instead of localhost
• Bootstrap now auto-detects and saves SERVER_IP to .env if not set

Changed

• Improved sing-box performance: disabled sniff_override_destination, disabled multiplex padding, enabled TCP Fast Open, use local DNS by default
• WireGuard entrypoint bypasses wg-quick to avoid Docker 29 compatibility issues
• WireGuard peer IP assignment now based on peer count (fixes demouser getting server IP)
• Service selection "ALL" now respects ENABLE_* settings (only starts enabled services)
• moav stop now uses docker compose stop instead of down (preserves container state)
• Certbot exits gracefully when no domain configured (domain-less mode)

Fixed

• Admin dashboard using self-signed cert instead of Let's Encrypt (now waits for certbot)
• Admin dashboard "sing-box API timeout" error (memory endpoint is streaming, now reads first line only)
• WireGuard traffic not flowing (missing iptables FORWARD rule for return traffic)
• WireGuard "Permission denied" error on Docker 29 with Alpine
• WireGuard config parsing stripping trailing "=" from base64 keys
• WireGuard QR code showing "Invalid QR Code" in app due to non-hex IPv6 address (fd00:moav:wg:: → fd00:cafe:beef::)
• WireGuard-wstunnel QR code not being generated in wg-user-add.sh (missing in README.html)
• Conduit status showing "never" even when running (#7)
• Reality URL & characters replaced with placeholder in README.html (#8)
• Architecture mismatch in Dockerfile.client - now uses TARGETARCH for multi-arch support (#4)
• Bootstrap failing in domain-less mode (missing ENABLE_* exports, conditional config generation)
• generate-user.sh unconditionally sourcing reality.env (now conditional on ENABLE_REALITY)
• generate-user.sh peer count calculation failing when grep returns no matches

1.1.1 - 2025-01-31

Added

• Website link badge in README
• GitHub issue templates (bug reports, feature requests)
• "Your Protocol?" CTA card in Multi-Protocol Arsenal section
• Server Management demo on website

Changed

• Status table column widths to accommodate longer service names

1.0.2 - 2025-01-31

Added

• Ctrl+C handler with friendly goodbye message
• README.html generation in user bundles using client-guide-template
• Demo user notice (bilingual EN/FA) for bootstrap demouser
• Server Management demo on website
• Support for comma separator in multi-option selection (e.g., 1,2,4)

Changed

• Bootstrap now creates "demouser" when INITIAL_USERS=1 (instead of user01)
• User management menu now loops back after listing users
• Package command now places zip files in outputs/bundles/ consistently
• Status table widened to accommodate longer service names (psiphon-conduit)
• Removed README.md from user bundles (HTML-only now)

Fixed

• Export and regenerate-users now correctly find users from bundles directory
• Demo notice placeholders properly removed from non-demo user HTML
• Awk escape sequence warnings in HTML generation
• Package user menu option creating zip in wrong directory

1.0.1 - 2025-01-30

Fixed

• Minor bug fixes and improvements

1.0.0 - 2025-01-28

Added

• Initial release of MoaV multi-protocol circumvention stack
• Protocols:
  • Reality (VLESS) - Primary protocol with TLS camouflage
  • Trojan - TLS-based fallback on port 8443
  • Hysteria2 - QUIC/UDP-based for fast connections
  • WireGuard - Full VPN mode (direct and wstunnel-wrapped)
  • DNS Tunnel (dnstt) - Last resort for restrictive networks
  • Tor/Snowflake - Standalone fallback via Tor network
• Server features:
  • Docker Compose-based deployment
  • Multi-user management with per-user credentials
  • Automatic TLS certificate management via Caddy
  • Decoy website for traffic camouflage
  • Admin dashboard for monitoring
  • Psiphon Conduit for bandwidth donation
  • Snowflake proxy for Tor network contribution
• Client features:
  • Built-in client container for Linux/Docker
  • Test mode for connectivity verification
  • Connect mode with local SOCKS5/HTTP proxy
  • Auto protocol fallback
• CLI tool (moav.sh):
  • Interactive menu and command-line interface
  • User management (add/list/revoke)
  • Service management (start/stop/restart/logs)
  • Global installation support
• Documentation:
  • Setup guide with prerequisites
  • Client configuration guides for all platforms
  • Troubleshooting guide
  • Farsi (Persian) README

Security

• Per-user UUID and password generation
• Reality protocol with XTLS Vision flow
• uTLS fingerprint spoofing (Chrome)
• Automatic short ID generation for Reality