Guides

Guide library

Step-by-step across the whole stack — from panel setup to sales.

114 guides · for both panels, Remnawave and 3x-ui
One catalog: shared theory plus practice split for Remnawave and 3x-ui. Filter by panel with the chips below.
Basics Theory

What a commercial VPN really is in 2026, and why run your own

Not about "anonymity online" but about infrastructure you own and run yourself. How your own service differs from a subscription to someone else's, and why you'd get into this at all.

Start · 6 min Read
Basics Theory

How a VPN tunnel works under the hood

What physically happens when a client "connects to the VPN." Encapsulation, encryption, exit point — plainly, but without lying.

Start · 6 min Read
Basics Theory

Protocols overview: who, what, and when to pick

A map of transports without the fanaticism. How VLESS-Reality differs from XHTTP and Hysteria2, what survives inspection in 2026, and which combo to run by default.

Basic · 6 min Read
Basics Theory

How internet censorship works: DPI, TSPU, blocking

Not a "list of banned sites" but how inspection actually catches traffic in 2026. Signatures, JA3, active probing, and behavioral analysis — the mechanics of the adversary.

Basic · 6 min Read
Basics Theory

How to choose a server and location

Where to get a VPS for nodes and the panel, why the exit is only abroad, how not to buy a dirty IP, and why to spread nodes across different ASNs.

Basic · 7 min Read
Basics Practice

Start checklist: what you need before your first server

Practical checks before you install the panel. DNS, IP whiteness, basic host hardening, firewall — commands that catch problems at the start rather than in production.

Start · 5 min Read
Basics Theory

The economics of a VPN service: where the margin comes from

Per-client cost, where the profit lives, and what kills it. Not "how to get rich" but how to do the unit math and not run at a loss on autopilot.

Basic · 6 min Read
Basics Theory

Glossary: VLESS, Reality, SNI, DPI, node, inbound in plain words

The terms that show up in every article, explained like a human. Come back here whenever you hit an unfamiliar word in a config.

Start · 7 min Read
Basics Theory

Remnawave or 3x-ui: which panel to choose

Two panels for your own VPN — heavy node orchestration versus a light single server. How they differ in architecture, entry barrier, scale, and convenience, and which to take for which job.

Start · 7 min Read
Panel Practice

The panel in 15 minutes: Remnawave and your first subscription

Install the panel on a clean server, hook up a domain, issue your first client. No magic, no extra fuss.

Start · 5 min Read
Panel Theory

What Remnawave is and why you need a panel at all

Why without a panel you're not a service but a pile of hand-written configs. What Remnawave does, which containers it's made of, and how the profile→inbound→host→squad chain is wired.

Basic · 6 min Read
Panel Theory

Nodes and subscriptions: how the panel hands out access

How the panel pushes config to a node, what a subscription really is, and why one URL serves both a page and a config. The mechanics of handing out access, no commands.

Basic · 7 min Read
Panel Practice

Connecting a node and issuing your first subscription

Step by step: register a node in the panel, install the agent on the server, assemble the profile→inbound→host→squad chain, and issue a live subscription. With a hands-on check.

Basic · 6 min Read
Panel Practice

Branding the subscription page for your service

How to make the subscription page the face of your service: your own domain and path, logo, colors, "add to app" buttons, QR, and a privacy flag that hides the raw key.

Basic · 5 min Read
Panel Theory PRO

Hosts and inbounds: how the panel assembles the client's link

What a host really is, how it differs from an inbound, and why the fingerprint lives on the host and not in the node's config. The mechanics of building the client link.

Pro · 7 min Read
Panel Practice PRO

Configuring hosts: assembling a working link

Step by step: generate Reality keys, drop the inbound into the profile, create a host with the right fingerprint, and hand it to the client. Plus one node serving three transports at once.

Pro · 7 min Read
Panel Practice

Backing up and updating the panel without downtime

A dump of the Remnawave database, an auto-backup on cron with off-server export, a tested restore, and monitoring that catches a node going down before clients do.

Basic · 6 min Read
Panel Practice PRO

Panel admin: roles, access, password reset

Extending Remnawave management: a Telegram bot and a web panel with roles, 2FA, and anti-abuse. API token, access rights, and login recovery via CLI straight into the database.

Pro · 6 min Read
Panel Practice PRO

Limits, terms, and traffic reset for users

How to count the GB limit only on expensive nodes via the usage coefficient, make circumvention routes unlimited, and paint "pretty numbers" in the offer with the ×10 trick.

Pro · 6 min Read
Panel Practice

Installing 3x-ui in 10 minutes

Install 3x-ui in one command on a clean server, grab the random login-password-port-path, and log into the panel. What the installer does and where it puts everything.

Start · 5 min Read
Panel Practice PRO

3x-ui: panel settings and hardening

Out of the box the panel is open on bare HTTP to the whole internet. We close it: secret path, TLS on the panel, port change, IP access restriction, fail2ban, and Telegram login alerts.

Pro · 6 min Read
Panel Practice

3x-ui: clients and the subscription link

Create a client the right way — only through the UI (otherwise the panel wipes it from the config), set limits and expiry, turn on the subscription service, and hand a person one link for all their servers.

Basic · 6 min Read
Protocols Theory

What Reality is and why it keeps a node alive

A marketing-free breakdown of how Reality hides a VPN inside someone else's TLS handshake, and why it's the one that survived Russian DPI where everything else dies.

Basic · 7 min Read
Protocols Practice

VLESS + Reality: a config that doesn't get spotted

We break Reality down bone by bone and assemble a masquerade of someone else's TLS. Every parameter comes with an explanation of why it's there.

Basic · 4 min Read
Protocols Theory

Vision (xtls-rprx-vision): why you need flow

Why Reality alone isn't enough and what flow Vision actually does — how it removes double encryption and breaks the packet-length analysis that DPI uses to finish off obfuscated traffic.

Pro · 6 min Read
Protocols Practice

VLESS + TLS: a basic working config

Honest TLS on your own domain and certificate — a simple config that plays nice with CDNs and can fall back to a real site. A working profile plus issuing the cert.

Basic · 6 min Read
Protocols Theory

XHTTP transport: when and why

What the XHTTP transport is (formerly SplitHTTP), how it's better than WebSocket, why it in particular passes behind a CDN, and when to pull it from reserve instead of TCP-Reality.

Pro · 7 min Read
Protocols Practice PRO

Setting up XHTTP over Reality

A working XHTTP inbound in two wrappings — direct with donor Reality, and behind a CDN with honest TLS. Keys, path, mode settings, and what to enter on the host.

Pro · 5 min Read
Protocols Practice PRO

VLESS gRPC: config and when to fall back to it

gRPC over Reality — HTTP/2 multiplexing, good as a hidden fallback in auto-select. A working profile, a selfsteal variant, and an honest word about its deprecated status in xray 26.

Pro · 5 min Read
Protocols Theory

Hysteria2 and QUIC: upsides and gotchas

Why Hysteria2 flies where TCP dies, what aggressive BBR over QUIC/UDP buys you, and where the catch is — from providers that cut UDP to the subtlety of traffic accounting in the panel.

Pro · 6 min Read
Protocols Practice PRO

Hysteria2: standing it up and wiring it to the panel

The full Hysteria2 path in Remnawave — a cert via Certbot in Docker, mounting it into the node container, the config profile, cert auto-renewal, and the mandatory core swap for traffic accounting.

Pro · 5 min Read
Protocols Theory

Choosing an SNI and a donor: how not to blow your cover

A donor is someone else's site your node hides behind. I break down which donor works, which one kills stealth, why you can't use one SNI on all nodes, and what the "SNI ≠ IP owner" mismatch is.

Pro · 7 min Read
Protocols Practice PRO

Inbounds: assembling protocol configs by hand

Every connection method is a combination of protocol, transport, and security. We break down the config-profile skeleton, how to change only the lines you need, and how to wire profile → node → Host → squad.

Pro · 7 min Read
Protocols Theory

Selfsteal: how a node pretends to be an ordinary website

Reality's maximum stealth — the node masquerades as its own real site on the same IP. I break down how selfsteal removes the SNI ≠ IP mismatch and why an active probe lands on a real page.

Pro · 7 min Read
Protocols Practice PRO

Selfsteal + nginx: step by step

Building maximum stealth by hand — a decoy site on nginx via a unix socket with PROXY protocol, a cert for your own domain, an inbound per the official Remnawave template, and a stealth check.

Pro · 6 min Read
Protocols Practice

MTProto proxy: a cheap bonus to the service

A Telegram-native proxy on a cheap VPS — a backup entry into the messenger and a funnel entry point. Two variants: the official one with a sponsor tag and mtg v2 with FakeTLS. Honest about the fact that MTProto is no longer a silver bullet.

Basic · 5 min Read
Protocols Practice

Naive and AmneziaWG: alternative protocols

Two strong non-Xray fallbacks — NaiveProxy camouflaged as ordinary Chrome browsing via Caddy, and AmneziaWG, obfuscated WireGuard. When to reach for them and how to stand them up.

Basic · 5 min Read
Protocols Practice

3x-ui: VLESS + Reality step by step

Building VLESS+Reality in the 3x-ui interface — the Security tab, auto-generated keys, choosing a live donor, and the Vision flow. With an important warning about the donor that breaks Reality on Xray 26.

Basic · 7 min Read
Protocols Practice PRO

3x-ui: XHTTP over Reality

Building an XHTTP inbound in 3x-ui — the Transmission tab with network=xhttp, path and the mode setting, on top of Reality stealth. Plus the XHTTP+TLS variant for fronting behind a CDN and the pitfalls with path and mode.

Pro · 5 min Read
Protocols Practice PRO

3x-ui: gRPC transport

gRPC over Reality in 3x-ui — HTTP/2 multiplexing as a hidden fallback for when TCP-Reality starts getting fingerprinted. The connection-creation form, serviceName, and an honest word about its deprecated status in Xray 26.

Pro · 4 min Read
Protocols Practice PRO

3x-ui: Hysteria2

Standing up Hysteria2 in 3x-ui — cert via Certbot, an inbound with protocol=hysteria2 and ALPN h3, open UDP/443, salamander obfuscation. Plus the gotchas: UDP gets throttled, ALPN must be h3, the cert lives 90 days.

Pro · 6 min Read
Protocols Deprecated

Trojan: the config (and why it's going obsolete)

Trojan disguises itself as an ordinary HTTPS site with a fallback to a real page. Two working profiles — TLS with your own cert and Reality without one — plus an honest talk about why this is a backup, not a foundation.

Basic · 5 min Read
Protocols Deprecated

Shadowsocks: why it's no longer an option

An old, simple proxy with no TLS masking. Dead under 2026 DPI, and a weak link in a cascade. I keep this article for reference; I don't advise building on it.

Basic · 3 min Read
Bypass Theory PRO

How TSPU thinks: fingerprint, statistics, probing

The mechanics of inspection without a single command. What exactly TSPU looks at, why statistics are more dangerous than signatures, and how to think about disguise instead of memorizing configs.

Pro · 8 min Read
Bypass Practice PRO

Beating TSPU and DPI in 2026: what actually works

Not a list of protocols, but a strategy. How TSPU behaves right now, what it throttles first, and how to make your node boring to inspect.

Pro · 4 min Read
Bypass Theory

Active probing: how they check you

Why the censor knocks on your server itself and what it looks for in the response. A breakdown of active probing mechanics and the idea of self-steal, without a single command.

Pro · 7 min Read
Bypass Practice PRO

Resistance to active probing: setup

Setting up self-steal by hand — a decoy site on an nginx unix socket, Reality via PROXY protocol, the Host fields, and a stealth check. Real commands.

Pro · 6 min Read
Bypass Practice

Diagnosing blocks: logs, metrics, tools

The client writes "it doesn't work." We walk the chain client → subscription → node → port → protocol → routing and find the layer where it breaks. Real commands.

Basic · 6 min Read
Bypass Theory

WARP on the exit: why and what it gives

Why services cut your node as a data center and how a WARP exit fixes it. What WARP gives and what it doesn't solve — without a single command.

Basic · 5 min Read
Bypass Practice

WARP on the exit: connecting it

We set up WARP as an Xray outbound — credentials via wgcf, a wireguard outbound, the critical reserved and noKernelTun on a node in Docker. Real commands.

Basic · 5 min Read
Bypass Practice PRO

Zapret and unblocking YouTube

YouTube is throttled at the packet level, and sending it abroad means a foreign region and ads. The solution: a cheap Russian host with zapret as a separate YouTube exit. Commands.

Pro · 7 min Read
Bypass Practice PRO

Operating under whitelists

During rolling shutdowns, mobile internet only allows the "whitelist." How to bring up an entry inside a whitelisted subnet, what SNI to set, and where to get the lists. Commands.

Pro · 5 min Read
Bypass Practice PRO

Hardening Reality for Russia: 443, fp, vision

Three things that make Reality "work for a couple of minutes → stop": a non-standard port, the chrome fingerprint, and the wrong transport. How to make the entry hold up from Russia. Commands.

Pro · 7 min Read
Bypass Theory

Blocking Roundup: Summer 2026

A fresh snapshot of what tightened in RF filtering this summer, what gets hit first, and how operators are responding. No panic, no manuals from two years ago.

Basic · 6 min Read
Cascades Theory PRO

Why cascades and node chains are needed

Not "just more nodes," but survivability, a white exit, and hybrid routing from a single architecture. The "entry-consumable, exit-asset" principle without a single command.

Pro · 7 min Read
Cascades Practice PRO

A two-node cascade + WARP on the exit

A cheap Russian relay as the entry, a white foreign exit, and WARP on the exit for problem services. socat/iptables commands and a wireguard outbound.

Pro · 6 min Read
Cascades Practice PRO

A triple cascade: entry → relay → exit

A whitelisted Russian entry doesn't reach out at all, traffic exits from the second IP via sendThrough. The host and TSPU see a clean site. A ready profile and the vision-in-vision trap.

Pro · 9 min Read
Cascades Theory

Cascade transport: MTU, sockopt, why it breaks

The cascade is assembled correctly, but "some sites load, others don't." A breakdown of MTU collapse, nested vision, and the whims of sendThrough — mechanics without commands.

Pro · 7 min Read
Cascades Theory

Geo-splitting traffic: why routing

Why "everything through the node" is a bad VPN, while split routing makes it "invisible." The logic of RU-direct, anti-fraud on foreign domains, rule order — no commands.

Pro · 7 min Read
Cascades Practice PRO

Routing rules: setup

A ready split-routing config — Russia via direct, blocked via proxy, ads into block. A list of critical domains and delivery to the client. Real JSON.

Pro · 5 min Read
Cascades Theory

Balancers and auto-select: how it works

Four levels of balancing from the client to the transport front, four Xray strategies, and why leastPing "works → stalls." Mechanics without commands.

Pro · 7 min Read
Cascades Practice PRO

leastPing auto-select: building it

A production auto-select in the subscription template — leastLoad over the pool, geo-dat-free routing, the pool defined by host tags. Plus the main delivery traps. Real JSON.

Pro · 8 min Read
Cascades Practice PRO

Node health: healthcheck and fault tolerance

The node is alive to the world but cut off for Russia — the observatory doesn't see this. How to check health from Russia, mechanically drain a dead node, and keep a hot reserve. Commands.

Pro · 7 min Read
Cascades Practice

Google/YouTube geo without ads via a Russian exit

Why YouTube via a Russian IP runs almost ad-free and how to build it: a Google route to a Russian exit, DNS block without ECS, muffled IPv6, QUIC into the tunnel. Config.

Basic · 6 min Read
Cascades Practice PRO

A Backup Entry in an Hour

The main RF entry got blocked, clients are dropping. How to stand up a backup entry into the cascade in an hour without touching the exit or keys, so nobody re-installs anything. Commands.

Pro · 7 min Read
White IP Theory PRO

What a Dirty IP Is and Why It Breaks Everything

We unpack where an address's reputation comes from, why the same config works from one node and goes red from another, and what exactly services see.

Pro · 6 min Read
White IP Practice PRO

Where to Get White Subnets and How to Check

Practice: specific reputation checkers, a live test of an address, and how to keep a ready reserve of white IPs to replace burned ones.

Pro · 7 min Read
White IP Practice PRO

Checking IP Reputation and Warm-Up

Practice: routine monitoring of an address's reputation, what to do with a \"warm\" vs. a \"cold\" IP, and how to carefully bring a new address into service.

Pro · 6 min Read
White IP Theory

How IPs End Up on Blacklists and How to Stay Off

The mechanics of blacklists — who maintains them, why addresses land there, why the whole subnet suffers, and how to behave so your nodes don't burn themselves down.

Pro · 7 min Read
White IP Theory

Where to Get White IPs in 2026

The market for white subnets got noticeably pricier and thinner over the year. Where to look for addresses with a decent reputation in 2026, what's actually worth paying for, and where the markup is thin air.

Basic · 6 min Read
Clients Theory

Client Apps Overview: Happ, v2rayTun, Hiddify, and Who Gets What

Which app to give a client for which platform, how "extended" clients differ from plain ones, and why the right choice cuts half your support tickets.

Basic · 4 min Read
Clients Practice

Happ: Install and Subscription Import

Step by step, we install Happ on iOS/Android, import the subscription, enable bypass for Russia and the kill-switch. An instruction you can hand to a client.

Basic · 5 min Read
Clients Practice

v2rayTun: Setup on the Phone

We install v2rayTun on Android/iOS, import the subscription, and fix the main pain point — when a Russian site still goes through the node. On gVisor and sniffing.

Basic · 4 min Read
Clients Practice

Hiddify: The Cross-Platform Client

One client on Windows, macOS, Linux, Android, and iOS. We install it, import the subscription, enable bypass for Russia, and unpack why Hiddify is convenient on the desktop.

Basic · 4 min Read
Clients Practice

Streisand on iOS: Setup

A light native client for iPhone and iPad. We install it, import the subscription, enable bypass for Russia, and unpack when Streisand beats Happ.

Basic · 4 min Read
Clients Practice

NekoBox / sing-box: For Desktop and Advanced Users

The client with maximum control. Subscription import, manual routing, TUN mode, and when it's worth reaching for sing-box instead of the friendly clients.

Basic · 4 min Read
Clients Practice

Subscription Import: Link, QR, Updating

Three ways to load a subscription into any client and how auto-update works. Universal mechanics, the same for Happ, Hiddify, v2rayTun, and the rest.

Basic · 5 min Read
Clients Practice

Server Description: Hints to the Client in Happ/INCY

How to replace the scary "VLESS | TCP | REALITY" with human-readable tile labels, where it's configured, and why only "extended" clients see it.

Basic · 5 min Read
Clients Practice PRO

Client-Side Routing Rules

Ready-made split routing in the client's xray config: RF sites direct, blocked traffic through the node. The full routing block, how to read the rules, and how to distribute it via the subscription.

Pro · 6 min Read
Security Theory

The Operator's Anonymity: Threat Model

Not "how to become invisible," but how not to tie the service to your identity. Where operators actually get burned and why deanonymization doesn't go through the server.

Basic · 6 min Read
Security Practice PRO

Opsec in Practice: Spreading the Trail

The organizational underside of an operator's anonymity. Separate identities, phone numbers, paying with crypto, breaking the KYC chain — layer by layer and with the pitfalls.

Pro · 7 min Read
Security Practice PRO

Panel Hardening: Locking Down Access

The panel is the prime target: take it and you take the whole service. We hide it behind a reverse proxy with basic auth and an IP allowlist, close ports, ssh by key, fail2ban.

Pro · 6 min Read
Security Practice

Basic Server Protection: ssh, Firewall, fail2ban

The minimum you put on every server before anything else. We close ports, switch ssh to a key, hang fail2ban — three fronts of basic defense.

Basic · 4 min Read
Security Theory PRO

Detecting Key Sharing: How Distribution Gets Caught

Why an HWID limit doesn't stop key sharing, where sharing is actually visible, and by what signals it's caught. The mechanics of detection without a single command.

Pro · 6 min Read
Security Practice PRO

Anti-Sharing: HWID, Limits, IP-Based Detection

We set an HWID limit, collect online IPs across nodes, flag sharing by a threshold, and shut it down with a key reset. With a whitelist and no auto-ban.

Pro · 6 min Read
Security Practice PRO

The Subscription-Page Vulnerability: How to Close It

A critical hole was found in the separate subscription-page component. Exploit details are under embargo, but the attack window is already open. We check whether we're vulnerable and close it two ways.

Pro · 5 min Read
Security Practice

Monitoring and Backup: So You Don't Sleep Through a Failure

A service dies quietly: a node went down overnight, a cert expired, the host ran out of balance. We set up Uptime Kuma with Telegram alerts and configure a DB backup with off-site upload.

Basic · 5 min Read
Security Theory

Cloudflare ECH and the Russian Block: Why the Site Won't Load

A site behind Cloudflare opens from Russia only with a VPN, and without one — nothing, even though the domain isn't blocked. We break down why ECH is to blame and how this block works.

Start · 6 min Read
Security Practice

The Operator's Anonymity Checklist

A tight run-through list for opsec: identities, phone numbers, payments, receiving money, behavior. Go through it before launch and once a quarter — so you never leave a bridge back to your real name.

Basic · 5 min Read
Security Practice

A Node Liveness Quick Check

A client writes "it's not working." In 5 minutes, work down a checklist to tell whether the exit is alive, the port answers, traffic flows, and it isn't throttled under RF. Commands.

Basic · 5 min Read
Sales Theory

How the Billing Loop Works: Bot, Panel, API

What the machine that sells subscriptions without you is made of. The roles of the bot, panel, and API, and why granting access is one chain, not a set of buttons.

Basic · 7 min Read
Sales Practice PRO

Telegram Bot and Taking Payments: Sales on Autopilot

How to close the money → subscription chain without manual labor. Payment, key delivery, auto-renewal, referral system.

Pro · 3 min Read
Sales Practice PRO

Taking Payments: Stars, Crypto, Processing

Which payment methods you can actually connect to the bot, what requires a legal entity and what doesn't, and how to enable each. With a focus on money flowing rather than getting lost on double grants.

Pro · 6 min Read
Sales Practice PRO

Plans and Promo Codes: Setup

How to create a plan in Remnawave (it's a squad, not a line in a price list), tie it to the bot, and enable promo codes without holes for abuse.

Pro · 7 min Read
Sales Practice PRO

Subscription Auto-Renewal

How to make the term renew without the customer — from simple reminders in the bot to full autopay with a saved card. And where the gotchas are.

Pro · 6 min Read
Sales Practice PRO

A Grace Scheme for Non-Payers

A lifeline for those who forgot to renew: a small emergency access to reach the checkout. How to assemble it in the bot, where the gotchas are with two dates and the panel status.

Pro · 8 min Read
Sales Practice PRO

Anti-Fraud: Chargebacks and Multi-Accounts

The three holes through which money leaks from a service — double grants, sharing, and trial/promo abuse plus chargebacks. How to close each procedurally.

Pro · 6 min Read
Sales Practice PRO

The Referral System: Growth Without an Ad Budget

How to set up a referral program that brings customers for free — bonus days for both, payout for a payment, protection against self-referral.

Pro · 6 min Read
Sales Practice PRO

Service Automation Scripts

Interactive scripts that take the routine off the operator — a Reality inbound generator, node installation, self-steal, cron backups, node auto-restart on cert renewal.

Pro · 8 min Read
Sales Practice

Support on Autopilot: FAQ Bot and Templates

How to build multi-tier support that puts out most tickets on its own and brings only complex cases to a live person. FAQ, templates, escalation.

Basic · 7 min Read
Business Theory PRO

The Unit Economics of a VPN Service in Detail

How to calculate per-customer cost, set the margin, and understand where profit is actually lost. It's not the block that kills a service, but bad economics.

Pro · 7 min Read
Business Theory PRO

Pricing: How Not to Undersell or Scare Off

How to price a VPN subscription — why dumping kills, where the anchor comes from, why an annual plan, and how a premium plan pulls the margin. Theory without numbers pulled from thin air.

Pro · 7 min Read
Business Theory PRO

The Funnel: From Click to Payment

Why a bot that "just sells a subscription" loses money. The four funnel stages — capture, conversion, retention, trust — and the logic of each.

Pro · 6 min Read
Business Practice PRO

Setting Up the Funnel in the Bot

How to assemble a funnel in the bot step by step — a free MTProto hook, a clean menu with transport auto-swap, a miniapp with a days ring, payment on your own site, a referral system, and a wheel.

Pro · 8 min Read
Business Theory PRO

VPN Marketing: Channels That Work

Where to actually get VPN customers — why the audience decides everything, why barter with bloggers, a Reels farm for adults, and how not to waste traffic at the purchase step.

Pro · 6 min Read
Business Theory

Retention: Why It's Cheaper Than Acquisition

Why keeping a customer is many times cheaper than bringing a new one, and what actually holds a customer in the VPN niche — support, habit, anti-churn tactics.

Basic · 6 min Read
Business Practice

Subscription Freeze and Vacation Mode

How to assemble a subscription "freeze" in the bot — a bank of days instead of churn when the customer travels. Fields, two operations, mandatory limits. With real mechanics.

Basic · 6 min Read
Business Theory

Why CDN Fronting: Working Under Whitelists

Why an IP ban becomes useless behind a CDN, what you can and can't hide behind one, and why a CDN front saves you even during rolling shutdowns.

Basic · 7 min Read
Business Practice PRO

Yandex CDN in Front of a Node: Step by Step

A working recipe from a real deployment — Yandex Cloud CDN as a front for a node. yc CLI, certificate, resource, POST-block workaround via GET-only XHTTP, nginx. With a gotcha checklist.

Pro · 8 min Read
Business Practice

Cloudflare in Front of the Service

Cloudflare as a front for a node — the most predictable benchmark, set up in four steps. But from Russia it has its own quirks, so it's for overseas use and backup.

Basic · 5 min Read
Business Practice PRO

CDN Fronting: An Advanced Case

A free Russian CDN as a front for a VLESS-XHTTP node — the full scheme with a packet-up inbound, a front on Caddy or nginx, CDN resource setup, and a Remnawave host. An advanced case.

Pro · 9 min Read
Business Theory

How Whitelists Work and Why CDNs Save You

During rolling shutdowns, mobile internet works only against a whitelist — that's not a block, it's an allow-list. Why an ordinary VPS is dead during it and how to survive.

Basic · 6 min Read
Business Theory

IP Rolling: Rotating Addresses Under Pressure

Why a blocked IP is a dead asset and churn, and how to keep a reserve of white addresses so clients don't notice blocks. The logic of mass IP selection.

Basic · 6 min Read
Business Theory

Auto-Deploy: How to Roll Out a Turnkey Service

Why launching a VPN service is dozens of SSH commands that also break, and how auto-deploy removes that pain — panel, nodes, masking, and sales in a couple of clicks.

Basic · 6 min Read