This guide is only applicable if you are installing Marzban for the first time.

Changes in Marzban starting from version 0.7.0

The latest updates have been anticipated for several months.

These updates also include the latest security requirements for the panel and connections formulated by the Xray team.

Detailed changes

🚀 Enhancements

telegramBot: Add onhold timeoute (3c2bbed)
Add address list support in hosts (e80e119)
subscription: Add settings template for clash (94a3f28)
subscription: Sync splithttp with 1.8.23 version (d0c16a1)
SQLALCHEMY_POOL_SIZE and SQLIALCHEMY_MAX_OVERFLOW variables (cea7f2f)
Variables to set jobs interval JOB_CORE_HEALTH_CHECK_INTERVAL JOB_RECORD_NODE_USAGES_INTERVAL JOB_RECORD_USER_USAGES_INTERVAL JOB_REVIEW_USERS_INTERVAL JOB_SEND_NOTIFICATIONS_INTERVAL (2d50bf9)
Add node selection for logs in CoreSettingsModal.tsx (b4dbba7)
Add duplicate host functionality in HostsDialog (48b91c2)
Add up and down icons for reordering hosts (1a3c0a0)
Add Whitelist of IPs/hosts to disable login notifications (b6d2658)
api: Adding the ability to calculate the consumption of admin users (c2c98b7)
Add noise to hosts (7d738cd)
Add support for splithttp new variables (2a7636a)
Add Transport RAW support (8942abe)

🩹 Fixes

Enforce SSL requirement for public access XTLS/Xray-core#3884 (e60e54f)
subscription: Sending currect sorting for different v2rayng version (5c5503d)
Tgbot user protocol edit bug (ef82864)
Tgbot user reset usage error (92fdeef)
Add doc to db crud (48a5ad2)
Tgbot links error when on_hold is null (d69fac6)
subscription: Remove user-agent for sing-box and clash (ff03e3a)
Single str port for v2ray-json (8f0c909)
Some minor fix of on_hold status in telegram-bot (cf98e95)
Catch error if settings template not found’ (582b2bb)
config: Corrupting the hosts’ data (6483e42)
Update user status doc (3fb46c1)
Some frontend bugs (2f2cbd1)
subscription: Separate http and none header settings (e4bd603)
subscription: Separate http and h2 settings (2260d28)
subscription: Multi mode for grpc (a2ba2c0)
subscription: Singbox ws ignore wsSettings (c02ef96)
subscription: Using wrong variable in settings (70dfb6d)
subscription: Prevent making noneSettings as a security setting (87dca23)
False config as external config (c63f95a)
subscription: Prevent making network_setting for reality (fb77570)
subscription: Disable shuffle temporary to prevent sending wrong data (e7d6756)
splithttp: Default value for splithttp (aa664a2)
NOTIFY_DAYS_LEFT (530649d)
Pydantic error on user.links (25c07ac)
Remove RANDOMIZE_SUBSCRIPTION_CONFIGS (cb7aa7a)
subscription: Use deepcopy to avoid conflict (f7d20b6)
Marzban-cli compatible with python3.8 (f3e6197)
Prevent error on login when request.client is None (d77eb30)
subscription: Vless flow and tcp header fix (7a0a9ca)
Subscription display in Hiddify in user_subscription (5169810)
Revoke subscription not updating xray config in telegram bot (791a7f2)
Change outbound tag to proxy in v2ray custom config (eb84a09)
Prevent duplicated names in clash (e37a3da)
subscription: Vless flow and tcp header fix (efc55ac)
subscription: Tcp no tls empty header type (241d823)
Some api bugs (a10745d)
Prevent passing unexpected variables to generate_subscription (f1395ee)
Avoid creating dict with every request and remove external check (47d8336)
Wrong spell for ALLOWED_ORIGINS (f0a7e21)
Node_user_usages problem (68dab4c)
Node_usage error (1332c7a)
Shity refactor (using wrong admin for by field) (d7281c2)
Refactor validate_dates function (avoid writing duplicate code) (aea3273)
Telegram bot not sending user limit result (0ebbff3)
db: Noise settings migration (#1352)
hosts: Check noise exist (dcc9fd9)
subscription: Remove network field for sing-box (f9c15a1)
Subscription: Correctly build list of proxy remarks for clash config (#1357)
config: Http and allyes (bc81290)
Clash-meta unexpected keyword argument ‘remark’ (9d49a11)
subscription: H3 transport (a930ed4)
Add DASHBOARD_PATH as vites’ base url in dev environment (327e79a)
Circular import (75bcdd9)

💅 Refactors

api: ⚠️ Added router to APIs (cf6d8ac)
admin-endpoints: ⚠️ Refactor admin endpoints and add new two get admin depends (e87e15b)
node-endpoints: ⚠️ Refactor node endpoints and add new two node depends (cf4472b)
system-endpoints: ⚠️ Refactor system endpoints (d631db5)
core-endpoints: ⚠️ Refactor core endpoints (ee341cb)
usertemplates-endpoints: ⚠️ Refactor user templates endpoints (6918f7f)
home-endpoints: ⚠️ Refactor home endpoints (36532a9)
sub-endpoints: ⚠️ Refactor sub endpoints (215bf32)
user: ⚠️ Refactor user api and fix validate dates (b551447)
Merge moveUpHost and moveDownHost into moveHostPosition (eb8bf54)
OnlineBadge: Clean up code and optimize badge color logic (603cf3d)

📖 Documentation

V2ray and sing-box template docs (1f0d8dd)
Add supported network for sing-box and v2ray (4209ef4)

🏡 Chore

subscription: Use usion instead of dynamic type (d19f567)
subscription: Customizeable config detail for v2ray- json and sing-box (68a7936)
subscription: Use fsring instead of if else (9b6741a)
subscription: Using deepcopy instead of copy (d5822b7)
Fix env value (a287147)
Remove MASTER_SERVER_USAGE_RATIO” (8695b8c)
Remove Box Shadow CSS class, Change “Host” to “Master” in CoreSettingsModal.tsx (eac8f06)
Change login white list name (ae5b6a6)
Move home page route to routers module (d87fee5)
subscription: Dialer outbound maker (30201ba)

⚠️ Breaking Changes

api: ⚠️ Added router to APIs (cf6d8ac)
admin-endpoints: ⚠️ Refactor admin endpoints and add new two get admin depends (e87e15b)
node-endpoints: ⚠️ Refactor node endpoints and add new two node depends (cf4472b)
system-endpoints: ⚠️ Refactor system endpoints (d631db5)
core-endpoints: ⚠️ Refactor core endpoints (ee341cb)
usertemplates-endpoints: ⚠️ Refactor user templates endpoints (6918f7f)
home-endpoints: ⚠️ Refactor home endpoints (36532a9)
sub-endpoints: ⚠️ Refactor sub endpoints (215bf32)
user: ⚠️ Refactor user api and fix validate dates (b551447)

More details here: https://github.com/Gozargah/Marzban/releases/tag/v0.7.0

My Philosophy for Choosing a Rental Server

Philosophy

If your Marzban server is already generating or planning to generate significant income, you need to ensure a sufficient level of reliability for your infrastructure.

Don’t skimp on high-quality and reliable servers.
Don’t skimp on resources for good load handling.
Don’t skimp on the cost of your nodes – connection stability and quality are essential for the growth of your “business”/“project.”
Ideally, get main servers from major providers focused on corporate clients. Examples: Selectel, Cloud.Vk.Com, Yandex Cloud, Cloud.ru, etc. You may also consider providers like AWS, Vultr, Kamatera, Hetzner, but again – choose plans with dedicated cores, not shared, and ensure 100% guarantee that your server won’t be deleted and you can always pay for it.
Situations with sites can vary widely, from DDoS attacks to client influx. But, of course, don’t forget about economics.
The better the provider and channels, the happier your clients will be. Don’t strive to offer 30 countries to choose from – your clients won’t appreciate it. Base your choice on your client’s geography. For Russia, a server in Europe is ideal. Very rarely will anyone need a location in the US… let alone somewhere like Chile or Australia.

Thus, the provider should be stable, and ideally foreign.

I have already shared my recommendations in the VPS Insider channel (though, due to lack of interest, I stopped updating it, leaving the full history there) – you can join via the link for 170 TG Stars: https://t.me/+lQBQTGym57hmOTAy

Speed should be 10Gbps – at least 2-5Gbps.
Traffic from 3-5TB (total). Of course, unlimited is better, but quality servers usually have limited traffic. The final choice will depend on your total traffic.

Having a 10Gbps server but with 1 core and 1GB of memory – you will never get maximum speed. Already with a stable load of 1Gbps, your 1 core will run at 100%, and you’ll

lose traffic, speed, and clients.

Renting a Server

Get a server here: https://procloud.ru?referral_id=274473

Location: Moscow (or any other of your choice)
OS: Ubuntu 24.04
CPU: 2 cores
Memory: 4GB
Disk: 30GB

Installation

At the time of writing, my PR for installation scripts is under review: Marzban PR

Installation script:

sudo bash -c "$(curl -sL https://github.com/DigneZzZ/Marzban-scripts-beta/raw/main/marzban.sh)" @ install --database mariadb

You will end up with Marzban installed but without a domain.

Create admin

sudo marzban cli admin create --sudo

Domain Binding in CloudFlare

Once you have chosen and purchased a domain, you need to host it somewhere and bind it to the server.

CloudFlare is the best option for this.

Certificate Issuance

For these tasks, Acme.sh is an excellent solution.

Generate it on your server for your domain:

~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --issue --standalone \
-d DOMAIN \
--key-file /var/lib/marzban/certs/key.pem \
--fullchain-file /var/lib/marzban/certs/fullchain.pem

Replace DOMAIN with your purchased and bound domain to your server.

Adjust the .env File

Open the .env file with the command:

marzban edit-env

Change the port to 443

UVICORN_PORT = 443

Add records to the obtained certificates

UVICORN_SSL_CERTFILE = "/var/lib/marzban/certs/fullchain.pem"
UVICORN_SSL_KEYFILE = "/var/lib/marzban/certs/key.pem"

That’s basically it.

Now, all that remains is to add the configuration to Xray and start using it.

Extended Guide and Detailed Descriptions

The full version of my article with all detailed instructions, settings, and installation options (including how to hide behind a Reverse Proxy) is available in the Marzban club on the forum: https://openode.xyz

To gain access, you must first purchase a subscription: https://openode.xyz/subscriptions/

You can find announcements of my articles here: https://openode.xyz/forum/90-marzban/

Our community Openode.XYZ OpeNode.xyz
Aeza VPS (+15% on payment) Aeza.net
Best EU hosting (+1 month free) Kamatera.com
VPS hosting - 4vps.su (-10% discount!) 4VPS.su
TG Channel TG-Channel Neonode.cc