Skip to content

Comprehensive Guide to Setting Up and Auto-Deploying VLESS Proxy Configurations

Step-by-step tutorial for forking, configuring security secrets, and running GitHub Actions


ZiZifn Main Page



The zizifn project is a secure proxy configuration based on the VLESS-WS-TLS/TCP protocol. It is developed in Rust and WebAssembly (Wasm) architecture and runs on Cloudflare Workers using Wrangler. To deploy this project on your personal account, follow the step-by-step instructions below.

Error 1101 and 1102

In this new structure, there is no need to add useless code or heavy obfuscation!


📚 Table of Contents


Step 1: Forking the Repository

First, you need to create a copy of this project in your own GitHub account.

  1. Go to the main repository page (Link)

  2. Click on the Fork icon (marked with a red arrow) at the top of the page.

View Screenshot

How to fork the project on GitHub


  1. On the next page, you can optionally set a custom name for your fork. Otherwise, click on Create fork to transfer the project to your account.
View Screenshot

How to fork the project on GitHub


Step 2: Retrieving Cloudflare API Token and Account ID

For automated deployment, GitHub Actions needs to connect to your Cloudflare account. To do this, we need two key parameters:

  • CloudFlare Account ID
  • CloudFlare API Token

Note

Previously, to get the Account ID, you had to navigate to the Workers & Pages section and copy it from the bottom of the page. Now, when creating a token, the Account ID is displayed right there, so you can copy it directly from that screen.


Creating a Token with Worker Editing Permissions

  1. Log in to your Cloudflare dashboard.
Click to expand details

Note

Recently, Cloudflare does not allow account creation with disposable/temporary emails. The account might get created but won't get verified, and you might get stuck in an endless email verification loop. Therefore, it is highly recommended to use reliable email providers such as G-Mail, Outlook, Hotmail, ProtonMail, etc., to register your Cloudflare account.


  1. Once logged in, open the left sidebar/menu at the top of the page, type api in the Quick search box, and select Account API Tokens from the search results.
View Screenshot

Search API token


Select Account API Tokens


  1. Click on the Create Token button.
View Screenshot

Click on Create token


  1. From the API token templates, click on Edit Cloudflare Workers.
View Screenshot

Token templates


Select Edit Cloudflare Workers template


  1. Under the Token Expiration section, set an expiration date for your token if needed, then proceed to view and create the token.
View Screenshot

Token expiration

Note

Please note that if the token expires, your deployed worker will NOT stop working. However, you will no longer be able to redeploy the project via GitHub Actions. If that happens, you must generate a new token and update the corresponding secret in your GitHub repository settings.


  1. Copy the generated API token on this page (this token is only shown once, so save it somewhere secure if needed). Also, copy your Account ID shown near the top of the page. After safely copying both values, click on the confirmation button to close the window.
View Screenshot

Copy Cloudflare ID and Token


Step 3: Setting up GitHub Secrets

Now, you need to add the retrieved credentials to your forked GitHub repository so the workflow can authenticate with your Cloudflare account.

  1. In your forked repository, go to the Settings tab.
View Screenshot

Navigate to repository settings


  1. From the sidebar menu, click on Secrets and variables and select Actions.
View Screenshot

Select Actions secrets


  1. Click on the New repository secret button and define the variables according to the table below:

Secret NameStatusDefault ValueDescription
CLOUDFLARE_API_TOKEN✔️ Required-Your Cloudflare API token with Workers editing permissions.
CLOUDFLARE_ACCOUNT_ID✔️ Required-Your Cloudflare Account ID.
UUID⚙️ Optionalbe0ff9df-1468-41a0-8865-796d1c6800dbYour custom UUID (v4).
PROXYIP⚙️ Optionaldi.nscl.irProxy IP to route traffic to backend services behind Cloudflare.

View Screenshot

Create secret step 1


Create secret step 2


Final secret creation


Important Note

The first two variables (Cloudflare Account ID and API Token) are strictly required. Without them, you cannot deploy the worker. The other two variables (UUID and PROXYIP) are optional because the code falls back to pre-defined values. However, it is highly recommended to generate a unique UUID using (this website) and use it instead of the default value.

View Screenshot

Get UUID

To find other Proxy IPs, you can refer to this Proxy Repository.


Step 4: Activating and Running GitHub Actions

By default, GitHub disables actions on forked repositories. You need to enable and run the workflow manually once.

  1. Navigate to the Actions tab at the top of your repository.

  2. Click on the green button:

"I understand my workflows, go ahead and enable them"

to authorize the actions to run.

View Screenshot

Enable actions


  1. As shown in the screenshot below, select All workflows from the left panel, then choose the Deploy Worker workflow.
View Screenshot

Select Deploy workflow


  1. On the right side of the screen, a menu bar with a Run workflow button will appear. Click on it.

  2. In the dropdown form that opens, you can optionally input custom values for Proxy IP or UUID exclusively for this specific run. (If left blank, the workflow will fallback to your repository secrets or default values; it is generally recommended to set them up as secrets instead).

View Screenshot

Run workflow


  1. Finally, click the green Run workflow button inside the form. After about 30 to 60 seconds, a green checkmark will appear next to the run, indicating that the deployment process completed successfully.
View Screenshot

Deploy success


Important Note on Temporary Variables

Values entered directly into the Run workflow prompt form are strictly temporary (one-time use) and are not stored in your repository configuration. This feature is particularly useful for quickly testing different Proxy IPs or changing the UUID on the fly.


Technical Details

After clicking Run workflow, GitHub boots up an Ubuntu runner, downloads and installs the Rust toolchain (cargo) and wasm-pack, compiles the Rust codebase to WebAssembly, and automatically deploys a new Worker named zr-wasm to your Cloudflare account.

If you wish to change the default worker name, you can edit the first line of the wrangler.toml file inside your repository.

View Screenshot

Worker name configuration


How to Use

Accessing the Management Panel

Once deployed, simply append your UUID to your Worker's URL:

https://Your-Worker-URL/Your-UUID

For example:

https://zr-wasm.workers.dev/be0ff9df-1468-41a0-8865-796d1c6800db

If you did not create a custom UUID secret and are using the default code value, the UUID will be:

reg
be0ff9df-1468-41a0-8865-796d1c6800db

Your subscription link automatically serves multiple configurations populated with clean Cloudflare IPs. You can use the buttons inside the panel to copy it automatically.

Alternatively, if you need the subscription URL manually for external clients, append xray or sb between the Worker URL and your UUID:

https://Your-Worker-URL/xray/Your-UUID

https://Your-Worker-URL/sb/Your-UUID

For example:

https://zr-wasm.workers.dev/xray/be0ff9df-1468-41a0-8865-796d1c6800db

Differences Between xray and sb

  • xray suffix:

Suitable for clients utilizing the Xray core, such as:
v2rayNG, MahsaNG, Hiddify, Nekoray, v2rayN, Streisand, Napsternet, NPVT, Happ, etc.


  • sb suffix:

Suitable for clients utilizing the Sing-Box core, such as:
Nekobox, Exclave, Singbox, Husi, Karing, etc.


  • Clean Cloudflare IPs

The clean IPs in your configurations are sourced from the NiREvil/vless repository. The IPs are updated automatically every 4 hours.


INFO

Deployment Engine

  • GitHub Actions workflow runner (Ubuntu-24.04 VM)

  • Cloudflare Wrangler Action v3

  • Many thanks to NiREvil and zizifn


Security Warning

Click to view important security tips

Never hardcode or type sensitive Cloudflare tokens in manual workflow run forms!

Values typed directly into the manual workflow execution inputs are saved in your GitHub Actions run history. If your repository is public, these credentials will be visible to everyone. Sensitive secrets must always be defined via Step 3 (Repository Secrets) so GitHub can securely encrypt them.

Made with using VitePress