This document describes the architecture of FoxCloud, a VLESS proxy server built for Cloudflare Workers.
FoxCloud is designed as a lightweight, high-performance proxy server that runs on Cloudflare's edge network. It leverages Cloudflare Workers' serverless architecture to provide global, low-latency access to proxy services.
The main request handler that processes incoming HTTP requests and WebSocket upgrade requests:
- Routes requests to appropriate handlers based on URL path
- Handles WebSocket upgrade requests for proxy connections
- Manages subscription requests for client configuration
- Provides error handling and fallback responses
The main entry point for the Cloudflare Worker:
- Exports the main fetch handler
- Receives incoming requests from Cloudflare's edge network
- Passes requests to the core handler with environment variables
Generates VLESS configuration strings and objects:
- Creates VLESS URLs for client import
- Generates JSON configuration objects
- Supports multiple proxy server configurations
Provides HTML interfaces for:
- Main landing page with system status
- Error pages for troubleshooting
- Subscription configuration page with copy functionality
- Responsive design with dark/light mode
- Manages WebSocket connections for proxy traffic
- Handles VLESS protocol negotiation
- Processes data transfer between client and proxy server
- Helper functions for TCP connection management
- Address parsing and validation
- DNS resolution utilities for proxy targets
- Helper functions for array manipulation
- String splitting and filtering
- General utility functions used throughout the application
- Incoming Request: Client sends HTTP request to Cloudflare Worker
- Request Routing: Core handler determines request type:
- WebSocket upgrade request → WebSocket handler
/subpath → Subscription page- UUID path → VLESS configuration response
- Other paths → Main index page
- WebSocket Connection: For proxy traffic:
- Establishes WebSocket connection with client
- Connects to configured proxy server
- Transfers data bidirectionally
- Configuration Generation: For subscription requests:
- Generates VLESS configuration based on environment variables
- Returns configuration as URL or JSON
The system uses two primary environment variables:
UUID: User authentication identifiersPROXY_IP: Target proxy server addresses
These variables are injected by Cloudflare Workers at runtime and are accessible through the Env interface.
- Authentication: VLESS protocol with UUID-based authentication
- Encryption: TLS encryption for all connections
- Isolation: Each Worker instance is isolated and stateless
- Rate Limiting: Inherited from Cloudflare's infrastructure
- Global Distribution: Automatically deployed to Cloudflare's global network
- Automatic Scaling: Scales automatically with demand
- Edge Computing: Processing occurs at the edge, reducing latency
- Serverless: No dedicated servers to manage
- Stateless: No persistent storage in the Worker
- Event-Driven: Processes requests as they arrive
- Multi-Tenant: Can serve multiple users from a single deployment
- Execution Time: Limited by Cloudflare Workers' CPU time limits
- Memory: Constrained by Worker memory limits
- Storage: No persistent storage (configuration must be in environment variables)
- Protocols: Currently supports only VLESS over WebSocket
- Additional protocol support (VMess, Trojan, etc.)
- Enhanced configuration options
- Improved analytics and monitoring
- Custom domain support improvements