// the find
Gozargah/Marzban
Unified GUI Censorship Resistant Solution Powered by Xray
Marzban is a web-based admin panel for managing VPN proxy accounts on top of Xray-core. It targets self-hosters who want to run a multi-user proxy server (VLESS, VMess, Trojan, Shadowsocks) without hand-editing Xray JSON configs for every user. The audience is primarily people in regions with heavy censorship who need a manageable proxy infrastructure.
The multi-node architecture (via Marzban-node) is genuinely useful — you can spread traffic across servers without rebuilding your user database. Subscription link generation that outputs Clash, SingBox, and V2Ray-compatible configs means users don't have to reconfigure clients manually when you update the server. The Alembic migration history is thorough (50+ migrations) and suggests the schema has evolved carefully rather than being hand-edited. The Telegram bot integration for server management and automated backups is a practical operations feature, not a gimmick.
Multi-admin support is explicitly marked WIP, so running this for a team means one shared sudo account — that's a real gap for any non-trivial deployment. The installation script pipes curl into bash and pulls from GitHub at install time, which is the kind of supply-chain footgun that should be documented as a risk, not buried. The dashboard is a pre-built React bundle committed to the repo (app/dashboard/build/), meaning you can't audit what you're running without separately building from source — not great for a security-sensitive tool. No rate limiting or abuse controls on the subscription endpoint are visible in the codebase, so a leaked subscription URL gives an attacker indefinite access until manually revoked.