byJoey/cfnew

Source: https://github.com/byJoey/cfnew

CFnew - Terminal v2.9.8

⚠️ Important: After deployment, set the compatibility date to 2026-01-20

Pages Deployment:

1. Log in to Cloudflare Dashboard (https://dash.cloudflare.com/)
2. Go to Workers & Pages → Select your Pages project
3. Click Settings → Runtime
4. Find Compatibility date, select 2026-01-20, click Save
5. Go back to Deployments → Create deployment → Upload files

Worker Deployment:

1. Log in to Cloudflare Dashboard (https://dash.cloudflare.com/)
2. Go to Workers & Pages → Select your Worker
3. Click Settings → Runtime
4. Find Compatibility date, select 2026-01-20, click Save

Languages: English | فارسی

Telegram Group (https://t.me/+ft-zI76oovgwNmRh)

Key Features

• Multi-protocol support: VLESS, Trojan, xhttp, can enable multiple simultaneously
• Custom path: No longer forced to use UUID as path; you can set your own, supports multi-level paths
• Latency testing: Built-in test tool to measure IP latency, automatically fetch airport codes
• Subscription conversion: Customizable conversion service URL
• Graphical management: Configuration stored in KV, changes take effect immediately without redeployment
• API management: Support for dynamically adding/removing optimized IPs via API
• Multi-client: Supports CLASH, SURGE, SING-BOX, LOON, QUANTUMULT X, V2RAY, Shadowrocket, STASH, NEKORAY, V2RAYNG
• App wake-up: Click a button to automatically open the corresponding client
• Auto-detection: Automatically returns the correct format based on User-Agent
• Multi-language: Supports Chinese and Persian, automatically switches based on browser language

v2.9.8 Update

• Internal subscription conversion: Clash / Stash / Sing-box / Surge / Loon / Quantumult X configurations are now all generated directly by the Worker, no longer relying on any external sub-converter
  • Complete rule sets: Clash uses Loyalsoldier rule-providers; Sing-box uses MetaCubeX SRS; Surge / Loon / QuanX use ACL4SSR / blackmatrix7 remote rules
  • Each policy group includes “Policy Group + All Nodes”, allowing direct node switching (removed “Auto Select” url-test to avoid periodic speed test waste)
  • Fixed Clash IPv6 node server being parsed as an array, and circular references between proxy groups 🎯 Global Direct ↔ 🚀 Node Select
• Transport optimization: Optimized WebSocket/TCP forwarding inspired by GrainTCP — merge small uplink packets, aggregate small downlink packets, send large packets directly, and optimize VLESS parsing hot path
• Graphical ALPN: Added alpn dropdown option; leave empty to omit alpn, or choose h3, h2, http/1.1, or combined values
• Node alias simplification: Domains unified as PreferredDomain-XX, IPv6 as IPv6Preferred-XX, IPv4 uses isp-colo-XX
• KV configuration cache: 30s short window + cross-isolate version key c_ver, no need to refresh twice after saving
• SOCKS5 degraded timeout: 3.5s without data on direct connection, automatically goes to fallback
• Label: “Enable GitHub Default Preferred” changed to “Enable Custom Preferred”
• Page effects toggle: FX: ON / OFF, persisted via localStorage
• Obfuscated version 少年你相信光吗 (Young man, do you believe in light?) provided, logic identical to 明文源吗 (Plaintext source?)

v2.9.7 Update

• Floating save button: Persistent “Save All” button at bottom right, supports Ctrl+S / Cmd+S keyboard shortcut
  • After editing any field, the button automatically enters “Unsaved” state
  • Progress feedback during save/refresh
• Notification UX optimization: All blocking dialogs replaced with floating messages at top right, auto-dismiss, can be paused on hover, supports manual close
  • 4 semantic types: success / info / warn / error
• Action button consolidation: Merged 4 separate save buttons from different sections into a unified floating action group
• Obfuscated version 少年你相信光吗 provided, logic identical to 明文源吗

v2.9.6 Update

• Compatible with Xray-core v26.3.27
• Added Hong Kong (HK) region ProxyIP and region selection
• KV read performance optimization: 5-hour memory cache, reducing KV reads by over 99%
• Invalid request blocking: Non-matching paths return 404 directly, no longer trigger KV reads
• Fixed SOCKS5 config key error when saving preferred list

v2.9.5 Update

• GitHub default preferred addresses are now disabled by default; must configure your own preferred IP source URL
• Added “Enable Original Address” toggle, allowing control over whether original address nodes are generated in the management panel (disabled by default)
• Compatibility date set to 2026-01-20

v2.9.4 Update

• Clients can now override connection-level variables (p, wk, rm, s) via WebSocket path parameters
  • No need to deploy a separate Worker for each node; just write parameters in the path of the share link
  • Priority: path parameter > KV/environment variable global config > auto-detection
  • See “Client path parameters” below for details

v2.9.3 Update

• Added graphical custom DNS and ECH domain features
  • Custom DNS server addresses (DoH format) can be set in the UI
  • Custom ECH domain can be set in the UI
  • Supports dynamic changes; takes effect immediately after saving
  • Added query-server-name parameter to ech-opts in Clash config, aligning with v2ray

v2.9.2 Update

• Fixed Clash configuration generation issue

v2.9.1 Update

• ECH support: Added Encrypted Client Hello (ECH) functionality
  • Automatically fetches the latest ECH config on each subscription refresh
  • When ECH is enabled, “TLS Only” mode is automatically enabled to avoid port 80 interference
  • One-click enable/disable for ECH in the graphical interface

v2.9 Update

• Region filter: Filter preferred results by region, supports multiple selection
• Latency filter: Added “Show only fastest 10” option
• Append/Replace mode: When adding preferred results, you can either append or replace the entire list
• Result display optimization: Shows region tags and sorts by latency
• Other detail improvements

Related Tools

• Preferred IP tool: https://github.com/byJoey/yx-tools/releases
• Text tutorial: https://joeyblog.net/yuanchuang/1146.html
• Workers video tutorial: https://www.youtube.com/watch?v=aYzTr8FafN4
• Pages video tutorial: https://www.youtube.com/watch?v=JhVxJChDL-E
• Snippets video tutorial: https://www.youtube.com/watch?v=xeFeH3Akcu8

Deployment

Subscriptions auto-optimize every 15 minutes.

Basic Configuration

Protocol Configuration

Graphical Configuration (Recommended)

1. Create a KV namespace in Workers, bind environment variable C
2. After deployment, visit /{YourUUID} to use the graphical configuration
3. Changes take effect immediately without redeployment

Advanced Control

KV Storage Setup (Recommended)

1. Create a KV namespace in Cloudflare Workers
2. Bind the KV namespace in Worker settings, variable name set to C
3. Redeploy
4. Visit /{YourUUID} to use the graphical configuration

API Usage

1. Download the preferred IP tool: https://github.com/byJoey/yx-tools/releases
2. Enable API: Visit /{UUID} or /{CustomPath}, find “Allow API Management”, enable and save
3. Add a single IP:

# Using UUID path
curl -X POST "https://your-worker.workers.dev/{UUID}/api/preferred-ips" \
  -H "Content-Type: application/json" \
  -d '{"ip": "1.2.3.4", "port": 443, "name": "Hongkong Node"}'

# Using custom path (if d variable is set)
curl -X POST "https://your-worker.workers.dev/{CustomPath}/api/preferred-ips" \
  -H "Content-Type: application/json" \
  -d '{"ip": "1.2.3.4", "port": 443, "name": "Hongkong Node"}'

4. Add multiple IPs:

curl -X POST "https://your-worker.workers.dev/{UUID or CustomPath}/api/preferred-ips" \
  -H "Content-Type: application/json" \
  -d '[
    {"ip": "1.2.3.4", "port": 443, "name": "Node1"},
    {"ip": "5.6.7.8", "port": 8443, "name": "Node2"}
  ]'

5. Clear all IPs:

curl -X DELETE "https://your-worker.workers.dev/{UUID or CustomPath}/api/preferred-ips" \
  -H "Content-Type: application/json" \
  -d '{"all": true}'

Features

Latency Test

Available since v2.7, enhanced filtering in v2.9

• Built-in test tool, no additional software needed; test IP latency directly on the config page
• IP sources:
  • Manual input: enter IP or domain directly, supports batch (comma-separated)
  • CF random IP: randomly generated from Cloudflare IP ranges
  • URL fetch: get IP list from a remote URL
• Supports 1-50 concurrent threads, default 5
• Automatically fetch airport codes (e.g., SJC, LAX)
• Automatically map to Chinese airport names (e.g., SJC → San Jose)
• Automatically subtract DNS + TLS handshake time to show true latency
• Settings automatically saved to browser
• Supports filtering by region
• Supports showing only the fastest 10
• Supports append or replace mode

Multi-Protocol Support

• VLESS: enabled by default
• Trojan: supports Trojan-WS-TLS, can set custom password, uses UUID if empty
• xhttp: HTTP POST-based camouflage protocol
• Multiple protocols can be enabled simultaneously, client auto-detects
• One-click toggle in graphical interface
• Independent save buttons for protocol config

ECH (Encrypted Client Hello)

• Supports Encrypted Client Hello (ECH) for encrypted client handshake
• Auto-fetch: gets latest ECH configuration from DoH on each subscription refresh
• Prefers Google DNS, falls back to Cloudflare DNS on failure
• Smart mode: automatically enables “TLS Only” mode when ECH is enabled to avoid port 80 interference
• Graphical interface: one-click enable/disable in protocol config area
• Debug info: detailed ECH fetch process visible in browser developer tools response headers
• Response headers:
  • X-ECH-Status: SUCCESS or FAILED
  • X-ECH-Debug: detailed debug info
  • X-ECH-Config-Length: ECH configuration length (on success)

Custom Path (d variable)

• No longer forced to use UUID as path; set your own
• Supports multi-level paths, e.g., /path/to/sub
• Missing leading / is automatically added
• Once a custom path is set, the UUID path is disabled
• Path can be changed anytime via graphical interface

Graphical Configuration

• Store configuration in Cloudflare KV
• Access at /{YourUUID} or /{CustomPath}
• Changes take effect immediately, no redeployment needed
• Priority: KV config > environment variables > defaults

Multi-Language Support

• Automatically selects Chinese or Persian based on browser language
• Manual switch available in top-right corner
• Language preference saved to browser
• Persian automatically enables RTL layout

Subscription Conversion Control

• Customize conversion service URL
• Independently control preferred domains, preferred IPs, and GitHub preferred
• All enabled by default
• Changes take effect immediately

API Management

• Manage preferred IPs via RESTful API, no code changes needed
• Supports batch addition
• Supports clearing all IPs
• Disabled by default, must be enabled in graphical interface
• API-added IPs and manually configured yx variable are automatically merged
• API endpoints:
  • GET /{UUID or Path}/api/preferred-ips - Query list
  • POST /{UUID or Path}/api/preferred-ips - Add (single/batch)
  • DELETE /{UUID or Path}/api/preferred-ips - Delete (single/all)

Client Path Parameters

New in v2.9.4. Append query parameters to the path field of a VLESS/Trojan share link to specify per-node connection-level config without deploying an additional Worker.

Priority: path parameter > KV/environment variable > auto-detection

⚠️ p and wk are mutually exclusive: Setting p directly uses the specified ProxyIP, bypassing wk region matching entirely. If both are written, only p takes effect.

Path example:

# Specify ProxyIP (do not write wk simultaneously)
/?ed=2048&p=1.1.1.1
/?ed=2048&p=proxy.example.com:443
/?ed=2048&p=[2001:db8::1]:443

# Specify region (let Worker auto-select ProxyIP for that region)
/?ed=2048&wk=jp
/?ed=2048&wk=sg&rm=no

# Specify SOCKS5 (can be combined with wk)
/?ed=2048&s=user:[email protected]:1080&wk=us

Variables not listed above (e.g., ev, et, yx) are subscription-generation level configs and are already past the route at WebSocket handshake; writing them in the path has no effect. They still need to be set in environment variables or KV.

Manual Region Selection

• Manually specify Worker region, overriding auto-detection
• Set via wk=SG or graphical interface selection, or add wk=SG in node path
• Supported: US, SG, JP, HK, KR, DE, SE, NL, FI, GB

Preferred Node Naming

• Subscription aliases use short names by default, no longer appending port, protocol, TLS/WS info
• Domain nodes: PreferredDomain-01, PreferredDomain-02
• IPv6 nodes: IPv6Preferred-01, IPv6Preferred-02
• IPv4 nodes: priority uses isp-colo-XX, falls back to IPv4Preferred-XX when ISP info is missing

System Status

• Displays Worker region, detection method, ProxyIP status
• Selection logic: same region → neighboring region → other regions

Advanced Control

• rm=no disables region smart matching
• qj=no enables degraded mode (CF direct → SOCKS5 → fallback)
• dkby=yes generates only TLS nodes
• ech=yes enables ECH (automatically enables TLS-only mode)
• alpn=h3,h2 specifies TLS node ALPN; leave empty to omit
• yxby=yes disables all preferred functionality

Multi-Client Support

Supports 10 clients: CLASH, SURGE, SING-BOX, LOON, QUANTUMULT X, V2RAY, Shadowrocket, STASH, NEKORAY, V2RAYNG

• Automatically generates configuration based on client type
• One-click subscription link generation in graphical interface
• Button to automatically open the corresponding client
• Auto-detects client via User-Agent and returns the correct format
• Automatically adapts optimal protocol combination for different clients
• TLS links omit alpn by default; can be set via graphical interface or alpn config

Performance Optimization

• Auto-optimization every 15 minutes
• Multiple fallback options
• Smart caching reduces repeated computation

Acknowledgements

• Based on zizifn/edgetunnel (https://github.com/zizifn/edgetunnel) modifications
• ProxyIP part from cmliu (https://github.com/cmliu)
• Reverse proxy IPs from qwer-search (https://github.com/qwer-search)
• Online preferred IP interface from 白嫖哥 (https://t.me/bestcfipas)

Star History

Star History Chart (https://www.star-history.com/#byJoey/cfnew&Timeline&LogScale)