📌 同步自上游:#849 by @Michael-Tang-2009 (2025-10-04)
Is your feature request related to a problem? Please describe.
Currently, s-ui works well for managing single servers and common use cases. However, in larger deployments where multiple edge servers (public CDN + internal VPN) need to be coordinated, there is no native way to:
- Define and manage internal subnet ranges for VPN users.
- Centrally control multiple servers/clusters from a main management panel.
- Configure DNS resolution rules to split traffic: internal websites → internal servers, public websites → public upstream DNS.
This limits s-ui for enterprise or hybrid deployments where both public-facing services and internal private services need to coexist under the same management umbrella.
Describe the solution you'd like
-
Internal subnet feature
- Allow admin to define subnet ranges for VPN users (e.g.
10.10.0.0/24) with granular access rules.
- Support per-subnet policies for routing, firewall, and monitoring.
-
Main panel with multi-edge management
- A centralized control plane (main panel) that can connect to and manage multiple edge servers (clusters).
- Synchronize configurations, users, and statistics across multiple nodes.
- Edge clusters can serve different roles, e.g. public CDN gateway or internal VPN gateway.
-
Split DNS resolution
-
Ability to configure DNS rules within s-ui panel:
- Internal domains (e.g.
*.corp.internal) → resolve via internal DNS servers.
- Public domains → resolve via upstream DNS (e.g. DoH/DoT).
-
UI for adding/editing dns.rules and dns.servers.
-
Integration with routing so DNS results are consistently applied.
Describe alternatives you've considered
- Manually editing sing-box JSON configs or in UI for each server (not scalable, error-prone).
- Using external DNS servers for split resolution (adds complexity, not directly managed in s-ui).
- Third-party orchestration for multi-node sync (overkill for medium deployments).
Additional context
This feature set would make s-ui suitable for large-scale deployments, bridging both CDN-like public access and private internal VPN networks under unified management.
It would also align with enterprise-grade requirements: centralized control, internal/external traffic separation, and DNS flexibility.
Is your feature request related to a problem? Please describe.
Currently, s-ui works well for managing single servers and common use cases. However, in larger deployments where multiple edge servers (public CDN + internal VPN) need to be coordinated, there is no native way to:
This limits s-ui for enterprise or hybrid deployments where both public-facing services and internal private services need to coexist under the same management umbrella.
Describe the solution you'd like
Internal subnet feature
10.10.0.0/24) with granular access rules.Main panel with multi-edge management
Split DNS resolution
Ability to configure DNS rules within s-ui panel:
*.corp.internal) → resolve via internal DNS servers.UI for adding/editing
dns.rulesanddns.servers.Integration with routing so DNS results are consistently applied.
Describe alternatives you've considered
Additional context
This feature set would make s-ui suitable for large-scale deployments, bridging both CDN-like public access and private internal VPN networks under unified management.
It would also align with enterprise-grade requirements: centralized control, internal/external traffic separation, and DNS flexibility.