🌐 English | 中文 | 한국어

The Settings page groups everything about the node that isn't mesh, users, rules, or certificates. Three top-level tabs: System, Web, Upgrade.

Node name, exit-node flag, and Hysteria 2 user-auth switch live on the Nodes page in the Edit Self modal; the Allow User Auth toggle also appears on the Proxies → Hysteria 2 tab.

Below the DNS field is a Change Password card that rotates the admin username and/or password. Passwords are SHA-256-hashed on the client before transmission.

Warning — there is no password recovery. If you forget the password you must edit /data/config.yaml manually (stop container, replace web_password with echo -n 'newpassword' | sha256sum, start container).

Four sections:

Upload a pre-compiled hy2scale-<platform>-<arch>.tar.gz release artefact. The binary inside the archive must match the current platform / arch (shown at the top of the card). After upload the node swaps in the new binary and calls os.Exit(0) so docker --restart unless-stopped restarts into the new version.

The same card also exposes a Check for Updates button: it polls the GitHub releases/latest endpoint, compares against the running version, and reports either up to date or surfaces an inline Update Now button that downloads and applies the matching tarball. Progress is broadcast over SSE so concurrent admin sessions track the same job.

All modal dialogs in HY2 SCALE close via Cancel, an overlay click, or Escape. There is no top-right ✕ corner button — every modal carries a footer Cancel / Close / Save, so the corner control would only duplicate it.

The build bundles strongSwan (GPLv2+), iptables (GPLv2+) and xl2tpd (GPLv2+); distributing the Docker image therefore pulls the umbrella licence up to GPL-3.

Expandable list of native dependencies actually bundled in the image, with their versions and individual licences.

Collapsible list of Go modules compiled into the binary, taken from debug.ReadBuildInfo() — every direct and indirect import is shown.

Below the Upgrade card on the same page:

• Download Backup — a full archive of /data/config.yaml, TLS certificates, and the node identity.
• Restore from File — replaces the current configuration and restarts the panel. Intended for migration to a new host or disaster recovery.

A small badge next to the version in the sidebar reports what the node auto-detected at startup:

Runtime mode is detected at startup and cannot be switched at runtime without restarting the container with different Docker flags.

Three languages ship: English, 中文 (zh), 한국어 (ko). Switch via the language dropdown in the top-right of every page. All strings are JSON-driven and straightforward to extend.

When a new build is deployed, every logged-in browser tab polls /api/build-id (every 60 s and on window focus). If the served build hash no longer matches the tab's cached hash, the tab hard-reloads to pick up the new JS bundle — no stale UI against a newer server.

Set DEBUG=true on the container environment to enable verbose logging: iptables detection, capability checks, per-packet flow tracing in compat mode, strongSwan debug output, and a startup banner.

docker run -d --name hy2scale \
  -e DEBUG=true \
  --network host --cap-add NET_ADMIN \
  -v hy2scale-data:/data \
  frankoong/hy2scale:latest

Only use DEBUG when troubleshooting — output volume is significant.

Everything persists to /data/config.yaml, written atomically (temp file + rename) to prevent corruption. You generally should not edit it by hand — use the web UI or the REST API — but the escape hatch is always available for recovery scenarios.