ClawHub

SUIWARP

MCP Tools

Deploy S-UI + Cloudflare WARP proxy server in one command. 6 protocols (VLESS Reality, TUIC, Hysteria2, gRPC, Trojan, WebSocket), clean Cloudflare IP exit via wireproxy (~54MB RAM). Use when the user wants to set up a proxy server, VPN alternative, or network tunnel on a VPS.

Install

openclaw skills install suiwarp

SUIWARP — S-UI + Cloudflare WARP One-Liner

Deploy a multi-protocol proxy server with clean Cloudflare IP exit on any VPS.

When to Use

Activate when the user wants to:

  • Deploy a proxy / tunnel / VPN alternative on a VPS
  • Set up S-UI or sing-box with WARP
  • Configure VLESS Reality, TUIC, Hysteria2, or other protocols
  • Get a clean exit IP via Cloudflare WARP
  • Audit or fix an existing S-UI installation

Architecture

Client → S-UI (sing-box, 6 protocols) → wireproxy (SOCKS5 ~4MB) → Cloudflare WARP → Clean Exit IP
ProtocolPortBest For
VLESS Reality Vision443/tcpDaily use (most covert)
TUIC v5443/udpGaming (low latency)
Hysteria28443/udpStreaming (max speed)
VLESS Reality gRPC2053/tcpMultiplexing (stable)
Trojan Reality8880/tcpClassic fallback
VLESS Reality WS2083/tcpCDN/firewall bypass
VLESS CDN WS2052/tcpIP hidden behind Cloudflare CDN
ShadowTLS v3 + SS20229443/tcpAnti-DPI stealth (looks like real TLS)
VLESS HTTPUpgrade10443/tcpStealth HTTP transport with Reality
Hysteria2 Port Hopping20000-40000/udpAnti-QoS, port randomization

Deployment

One-Liner (Recommended)

SSH into the target server as root, then run:

bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)

This handles everything automatically:

  1. System dependencies + swap (for low-RAM VPS)
  2. S-UI installation with 6 protocol inbounds
  3. Reality keypair generation
  4. Free Cloudflare WARP registration via wgcf
  5. wireproxy setup (WireGuard → SOCKS5, ~4MB RAM)
  6. S-UI outbound routing through WARP
  7. UFW firewall configuration
  8. Client link generation

Remote Deployment via SSH

If the user provides server credentials, deploy remotely:

ssh root@SERVER_IP 'bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)'

For password-only servers:

sshpass -p 'PASSWORD' ssh -o StrictHostKeyChecking=no root@SERVER_IP \
  'bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)'

Requirements

  • OS: Ubuntu 20.04+ / Debian 11+ (x86_64 or ARM64)
  • RAM: 1GB minimum (512MB usable after OS)
  • Access: Root SSH

Post-Deploy

After setup completes:

  1. Client links are at /root/suiwarp-client-links.txt
  2. S-UI panel is at http://SERVER_IP:2095/app/ (default: admin/admin — remind user to change!)
  3. Subscription URL is at http://SERVER_IP:2096/sub/

Verify WARP

# Direct IP
curl ifconfig.me

# WARP exit IP (should be Cloudflare)
curl -x socks5h://127.0.0.1:40000 ifconfig.me

Troubleshooting

sing-box won't start

Check logs: journalctl -u s-ui -n 20

Common causes:

  • out_json type mismatch: If DB was manually edited, out_json column must be blob (bytes), not string. Fix with Python: 
    cur.execute("UPDATE inbounds SET out_json=? WHERE id=?", (json.dumps(data).encode("utf-8"), rid))
  • outbound type not found: wireguard: S-UI 1.4.0 sing-box doesn't include WireGuard. Use the wireproxy SOCKS5 approach instead.

WARP not connecting

systemctl status wireproxy-warp
journalctl -u wireproxy-warp -n 20

If endpoint is unreachable, try alternative WARP endpoints:

  • engage.cloudflareclient.com:2408
  • 162.159.193.1:2408
  • 162.159.195.1:2408

Firewall blocking ports

ufw status numbered
# Ensure 443/tcp, 443/udp, 8443/udp, 2053/tcp, 8880/tcp, 2083/tcp are ALLOW

OOM kills (low RAM servers)

# Check swap
free -h
# If no swap, create one
fallocate -l 2G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile

Uninstall

bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/uninstall.sh)

Service Management

systemctl status s-ui              # S-UI status
systemctl status wireproxy-warp    # WARP status
systemctl restart s-ui             # Restart proxy
systemctl restart wireproxy-warp   # Restart WARP tunnel
journalctl -u s-ui -f              # Live S-UI logs
journalctl -u wireproxy-warp -f    # Live WARP logs

Key Paths

PathDescription
/usr/local/s-ui/db/s-ui.dbS-UI SQLite database
/usr/local/s-ui/suiS-UI binary
/etc/wireproxy.confwireproxy WireGuard config
/etc/suiwarp/wgcf-account.tomlWARP account credentials
/root/suiwarp-client-links.txtGenerated client links

Credits

S-UI | sing-box | wireproxy | wgcf

More in MCP Tools