Conversation
- New role: raven_subscribe — standalone subscription server deployment, decoupled from xray/sing-box playbooks. Supports per-inbound host/port overrides (inbound_hosts, inbound_ports) for unified media.zirgate.com routing. - New role: nginx_frontend — TLS proxy on EU server (media.zirgate.com), listens on 8443 (not 443, reserved by Xray Reality). Adds nginx stream TCP relay on port 8445 → 127.0.0.1:443 for VLESS Reality passthrough. - New role: relay — nginx reverse proxy on RU VPS (zirgate.com/my.zirgate.com), TCP stream relay on 8444 → EU:8445 for VLESS Reality via RU server. - xray role: remove raven_subscribe vars/tasks (moved to raven_subscribe role), fix DNS query strategy UseIP → UseIPv4 to avoid IPv6 unreachable errors. - sing-box: update hysteria2 default port 8443 → 8444 (8443 now used by nginx_frontend). - raven-subscribe config.j2: add balancer_strategy/probe_url/probe_interval fields. - .gitignore: add **/*_secrets.yml pattern for raven_subscribe secrets files.
findias
force-pushed
the
feature/singbox-role-refactor
branch
from
3d4a484 to
f9e0710
Compare
findias
added a commit
that referenced
this pull request
Apr 4, 2026
feat: extract raven_subscribe, nginx_frontend, relay into separate Ansible roles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
raven_subscribe— standalone deployment of the subscription server, fully decoupled from xray/sing-box playbooks. Supports per-inboundinbound_hosts/inbound_portsoverrides so all VLESS protocols route throughmedia.zirgate.com.nginx_frontend— TLS reverse proxy on EU server (media.zirgate.com). Listens on port8443(port443is reserved by Xray VLESS Reality). Adds nginx stream TCP passthrough on port8445 → 127.0.0.1:443for Reality clients.relay— nginx reverse proxy on RU VPS (zirgate.com/my.zirgate.com). TCP stream relay on8444 → EU:8445routes VLESS Reality through the RU server.xrayrole: removed raven_subscribe vars and tasks (moved to dedicated role); fixed DNS query strategyUseIP → UseIPv4to prevent IPv6network is unreachableerrors.sing-box: updated hysteria2 default port8443 → 8444(8443 now used by nginx_frontend).raven-subscribe config.j2: addedbalancer_strategy,balancer_probe_url,balancer_probe_intervalfields..gitignore: added**/*_secrets.ymlpattern.Architecture after this PR
Test plan
role_nginx_frontend.ymlto EU server — nginx listens on 8443, stream proxy on 8445role_relay.ymlto RU server — TCP relay 8444 → EU:8445role_raven_subscribe.yml— subscription returnsmedia.zirgate.comaddressescurl https://my.zirgate.com/sub/<token>showsaddress: media.zirgate.com, ports8445(Reality) and2053(XHTTP)./tests/run.shto validate Ansible render + xray config