VLESS Monitoring
Real-time uptime monitoring for VLESS servers (Xray-core and V2Ray-core). Auto-detects vless:// URIs, supports XTLS/Vision flow and REALITY, and tests all common transports — raw, ws, grpc, xhttp, httpupgrade. Free for 5 monitors.
Why VLESS needs specialized monitoring
VLESS is a stateless Xray/V2Ray protocol designed to minimize detectable fingerprints. A typical deployment combines several layers:
- A transport (raw / TCP, WebSocket, gRPC, xhttp, httpupgrade, KCP)
- A security layer (TLS, REALITY, XTLS/Vision flow, none)
- Optional fallback to a real website on 443 to appear legitimate
Port probing tells you almost nothing. A VLESS server running REALITY on 443 is indistinguishable from a normal HTTPS web server at the TCP level — that's the entire point of REALITY. If the Xray process crashes but nginx is still running on 443 as a fallback, a naive monitor sees "up" while users see failed connections.
TunnelHQ parses the vless:// URI, performs the actual VLESS handshake over the correct transport with the correct security layer, and verifies that you get a real VLESS response — not a TLS handshake from a fallback website.
URI auto-detection
Paste any standard vless:// URI and TunnelHQ identifies the config parameters automatically:
vless://[email protected]:443?
encryption=none&
flow=xtls-rprx-vision&
security=reality&
sni=www.microsoft.com&
pbk=aH5L8_JK2M...&
sid=01ab&
fp=chrome&
type=tcp#Production-ServerFrom this, TunnelHQ extracts:
- UUID (
5b8d8f2e-...) - Endpoint (
server.example.com:443) - Security (
reality) and the public key / short ID / fingerprint - Flow (
xtls-rprx-vision) - Transport (
tcp, orws/grpc/xhttpas applicable) - SNI masquerade target
Supported VLESS configurations
Security layers
- TLS — standard, with SNI and ALPN
- REALITY — full support with public key, short ID, and fingerprint
- XTLS/Vision flow —
xtls-rprx-vision, including the udp443 variant - None — for dev/testing deployments
Transports
- raw/tcp
- WebSocket — path and Host header parsed from URI
- gRPC — service name parsed
- xhttp — Xray v1.8.8+ transport
- httpupgrade — lightweight WS alternative
REALITY-aware checks
REALITY is deliberately hard to detect — but it's also unusually sensitive to misconfigs. Common failure modes TunnelHQ catches:
- Short ID not matching any configured entry
- Public key rotation without client update
- SNI target changed / certificate on the masquerade target expired
- Fingerprint drift (browser minor version rollout changing expected behavior)
Pricing for VLESS monitoring
| Plan | VLESS Monitors | Interval | Price |
|---|---|---|---|
| Free | 5 | 10 min | $0 |
| Starter | 20 | 5 min | $12/mo or $84/yr |
| Pro | 100 | 2 min | $39/mo or $276/yr |
| Business | 500 | 1 min | $99/mo or $756/yr |
FAQ
Does TunnelHQ monitor V2Ray's VLESS and Xray's VLESS the same way?
Yes. VLESS is a protocol spec; Xray and V2Ray both implement it. The same vless:// URI works on both.
Does subscription URL monitoring work for VLESS config bundles?
Yes. Paste your subscription URL and TunnelHQ polls it, auto-detects config changes (rotations, new servers, protocol swaps), and monitors each parsed config.
Can I monitor a VLESS server fronted by Cloudflare?
Yes — Cloudflare-fronted WebSocket and xhttp VLESS works. TunnelHQ follows the WS upgrade correctly and includes the right Host header.