One-Click Hysteria 2 Deployment Tool for Windows
A Windows CLI tool that bootstraps your Debian/Ubuntu VPS and deploys Hysteria 2 in minutes. Everything runs locally — your passwords and keys never leave your machine.
🇬🇧 English (current) · 🇨🇳 简体中文
ClashVerge-MultiScript - 🎓 Override script for CN campus network, academic databases, AI services & game accelerator coexistence
- 🖥️ 100% Local Execution — Credentials and keys stay on your computer
- 🧙 Interactive Wizard — No manual YAML editing required
- 🔐 SSH Hardening — Auto ed25519 key generation, port change, optional password-login disable
- 🚄 Network Tuning — One-click BBR congestion control + sysctl tweaks
- 🎯 Hysteria 2 Out-of-the-Box — Server install + client config auto-generated
- 📦 Zero Dependencies — Single
.exe, no Python/Node needed - 🛡️ Dry-Run Mode — Preview before touching your VPS
- 🔄 Idempotent — Safe to re-run
PS> .\\VPS-Builder.exe deploy -c config.yaml --ask-password
Enter current VPS SSH/root password: \*\*\*\*\*\*\*\*
Ready to deploy 1.2.3.4: SSH TCP 2222, Hysteria UDP 8443. Type yes to continue: yes
\[1/8] Connecting to VPS... ✓
\[2/8] Generating SSH keys... ✓
\[3/8] Uploading public key... ✓
\[4/8] Hardening SSH (port 2222)... ✓
\[5/8] Updating system packages... ✓
\[6/8] Enabling BBR... ✓
\[7/8] Installing Hysteria 2... ✓
\[8/8] Generating client config... ✓
Deployment completed!
SSH private key: C:\\Users\\you\\AppData\\Roaming\\VPS-Builder\\keys\\1.2.3.4\_VPS-Builder-Key
Hysteria client: C:\\Users\\you\\AppData\\Roaming\\VPS-Builder\\clients\\1.2.3.4\_hysteria.yaml
- Windows 10 or Windows 11
- PowerShell
- Go 1.21+ (only if building from source)
- ✅ Supported: KVM / Xen / VMware (full virtualization)
- ❌ NOT supported: OpenVZ (cannot enable BBR, poor UDP performance)
- 💡 Not sure? Check the provider's product page, or run on the VPS:
systemd-detect-virt
# Output `kvm` or `xen` → supported; `openvz` or `lxc` → not supported- ✅ Supported: Debian 10+ / Ubuntu 20.04+
- ❌ NOT supported: CentOS / AlmaLinux / Rocky Linux / Arch / Windows Server
- 💡 Not sure about your OS? Run on the VPS:
cat /etc/os-release- 💡 If it's another OS, go to your VPS console and "Reinstall OS" → pick Debian 12 or Ubuntu 22.04 LTS
-
Root SSH password login enabled (only for the first deployment)
-
Firewall/Security Group open:
TCP 22(current SSH port)TCP 2222(new SSH port, customizable)UDP 8443(Hysteria 2 port, customizable)
🤔 **Is "KVM VPS" the same as "Debian/Ubuntu VPS"?**
No! They are two different layers:
- **KVM** is a virtualization technology (the VPS "hardware architecture")
- **Debian/Ubuntu** is an operating system (what runs inside)
A KVM VPS can run Debian, Ubuntu, CentOS, or any Linux distro. This tool requires the combo of **"KVM virtualization + Debian/Ubuntu OS"**.
Go to the Releases page and download the latest VPS-Builder-windows-amd64.exe.
git clone https://github.com/SehAie/VPS-Builder.git
cd VPS-Builder
go mod tidy
go build -o VPS-Builder.exe ./cmd/VPS-Builder.\\VPS-Builder.exe init -o config.yamlAnswer a few wizard questions: VPS IP, new SSH port, Hysteria port, domain, etc.
By default: TCP 2222 and UDP 8443 (or whatever you set in config.yaml).
.\\VPS-Builder.exe deploy -c config.yaml --dry-run --ask-password.\\VPS-Builder.exe deploy -c config.yaml --ask-passwordEnter your current root password, type yes to confirm.
explorer $env:APPDATA\\VPS-BuilderStructure:
%APPDATA%\\VPS-Builder\\
├── keys\\
│ ├── <IP>\_VPS-Builder-Key # SSH private key
│ └── <IP>\_VPS-Builder-Key.pub # SSH public key
├── clients\\
│ └── <IP>\_hysteria.yaml # Hysteria client config
└── last-deploy-summary.txt
ssh -i "$env:APPDATA\\VPS-Builder\\keys\\1.2.3.4\_VPS-Builder-Key" -p 2222 root@1.2.3.4| Command | Description |
|---|---|
init -o config.yaml |
Interactive config generation |
deploy -c config.yaml --ask-password |
Run full deployment |
deploy -c config.yaml --dry-run --ask-password |
Preview without changes |
deploy -c config.yaml --yes |
Non-interactive mode |
gen-client -c config.yaml -p <PASSWORD> |
Regenerate client config |
version |
Print version |
VPS\_BUILDER\_ROOT\_PASSWORD— Preset SSH password (use--ask-passwordfor better security)
Key factors: virtualization type (must be KVM), region, bandwidth cap, UDP support, streaming unblock.
| Provider | Virtualization | Highlights | Price | Website |
|---|---|---|---|---|
| Vultr | KVM | Many regions, hourly billing | from $2.5/mo | vultr.com |
| DigitalOcean | KVM | Stable, well-documented | from $4/mo | digitalocean.com |
| Hetzner | KVM | Best value in Europe | from €3.79/mo | hetzner.com |
| RackNerd | KVM | Budget-friendly | $10-20/yr | racknerd.com |
| Linode (Akamai) | KVM | Enterprise-grade | from $5/mo | linode.com |
| Oracle Cloud | Xen/KVM | Free tier (ARM) | Free | oracle.com/cloud |
| AWS Lightsail | KVM (Nitro) | Amazon entry-level | from $3.5/mo | aws.amazon.com/lightsail |
| BandwagonHost | KVM | Popular with CN users | from $49.99/yr | bandwagonhost.com |
⚠️ **Avoid OpenVZ providers**: Some ultra-cheap VPSes use OpenVZ virtualization, which **can't enable BBR and has poor UDP performance**, making them unsuitable for Hysteria 2. Always confirm "KVM" on the product page before buying.
In the control panel's "Reinstall OS":
- ✅ Debian 12 (Bookworm) — recommended, lean & stable
- ✅ Ubuntu 22.04 LTS — more packages
- ❌ Don't pick CentOS / AlmaLinux / Rocky / Windows
- Note the IP from your console
- Root password is usually in the welcome email, or reset it in the console
Vultr - Firewall
-
Products → Firewall → Add Firewall Group
-
Add rules:
TCP 2222from AnywhereUDP 8443from Anywhere
-
Attach the group to your VPS instance
AWS Lightsail - Networking
-
Instance → Networking → IPv4 Firewall
-
Add rules:
- Custom / TCP / Port 2222
- Custom / UDP / Port 8443
Oracle Cloud - Security List
-
Networking → VCN → Security Lists
-
Add Ingress Rules:
- Source
0.0.0.0/0, TCP, Port 2222 - Source
0.0.0.0/0, UDP, Port 8443
- Source
-
⚠️ Oracle also has host-level iptables. Run on VPS:
iptables -I INPUT -p tcp --dport 2222 -j ACCEPT
iptables -I INPUT -p udp --dport 8443 -j ACCEPT
netfilter-persistent saveHetzner - Firewalls
- Cloud Console → Firewalls → Create Firewall
- Add Inbound rules and attach to your VPS
DigitalOcean - Cloud Firewalls
-
Networking → Firewalls → Create Firewall
-
Inbound Rules:
- Custom / TCP / 2222 / All IPv4, All IPv6
- Custom / UDP / 8443 / All IPv4, All IPv6
-
Apply to your Droplet
BandwagonHost
- No provider-level firewall; VPS-Builder configures iptables inside the VPS automatically
After deployment you'll get a Hysteria 2 client config at %APPDATA%\\VPS-Builder\\clients\\.
| Platform | Clients |
|---|---|
| Windows | NekoBox, Clash Verge |
| macOS | ClashX Meta, FlClash |
| iOS | Stash, Shadowrocket |
| Android | NekoBox for Android, Clash Meta for Android |
| CLI | Official Hysteria Client |
- ✅ Test on a fresh VPS first — never on production
- ✅ Disable SSH password login after verifying key login works
- ❌ Never commit
config.yaml, private keys, or client configs to public repos - ❌ Avoid default ports (defaults already moved to 2222 / 8443)
- ✅ Back up your
%APPDATA%\\VPS-Builder\\folder
Q: Is "KVM VPS" the same as "Debian/Ubuntu VPS"?
No. KVM is a virtualization technology (the VPS "hardware"), while Debian/Ubuntu is an operating system. A KVM VPS can run Debian, Ubuntu, CentOS, or any distro. This tool requires KVM (or Xen) virtualization + Debian/Ubuntu OS.
Q: How do I check which virtualization my VPS uses?
SSH into your VPS and run systemd-detect-virt. Output kvm/xen → supported; openvz/lxc → not supported.
Q: Connection timeout during deployment, what to do?
- Make sure port TCP 22 is open in the provider's firewall
- Make sure the SSH service is running on the VPS
- Verify the root password is correct
- Check you can ping the VPS IP from your local machine
Q: Does it support IPv6?
SSH connections support IPv6; Hysteria 2 listens on all addresses by default, so both IPv4 and IPv6 clients can connect.
Q: Can I reuse the same config for multiple VPSes?
Not recommended. Run init separately for each VPS to avoid key/IP confusion.
PRs, issues, and suggestions welcome!
git clone https://github.com/SehAie/VPS-Builder.git
cd VPS-Builder
go mod tidy
go test ./...MIT License — see LICENSE.
If this project helps you, please give it a star ⭐!
🌍 Prefer Chinese? → 切换到简体中文版
This tool is for educational and lawful use only. Users are responsible for complying with local laws. The author is not liable for misuse.