AI Use Case 2 days ago

Build Your Own AI Proxy Server: Master sub2api & Docker Deployment for Cost-Effective GPT-5.5 Access

Directory: AI Use Cases Views:83

Tutorial: How to Build a self-hosted AI Proxy Server

Are you tired of the skyrocketing monthly bills for GPT Pro, claude Team, and official API calls? If you are an AI developer, heavy content creator, or coder, the costs can easily run into thousands of dollars per month. Not to mention the hurdles of network restrictions and payment bARRiers in certain regions.
In this tutorial, I will guide you through building a "Self-Hosted API Proxy Station" (sub2api). This solution allows you to convert your existing ChatGPT web session quotas (including free tiers or low-cost Team accounts) into Standard API keys, effectively achieving "API functionality at Web prices."
💡 Core Concept: We are using an open-source engine called sub2api. It ACTs as a "translator" and "traffic dispatcher," converting the web session capability of your chatgpt accounts into OpenAI/anthropic protocol-compliant API Keys.

1. Prerequisites & Environment Setup

Before we begin, ensure you have the following:

  • Server: A Virtual Private Server (VPS) located overseas (e.g., AWS, Tencent Cloud, etc.). I recommend a 2 Core 4GB configuration running Ubuntu (e.g., Tencent Cloud at ~$199/year).

  • Location: Select nodes in Japan, USA (Silicon Valley), or Europe. Avoid Hong Kong nodes for stability.

  • Access: Root SSH access to the server.

Step 1: SSH Login
Connect to your server via SSH:


ssh root@your_server_ip

Step 2: Update System & Install Dependencies
Update the package list and install basic dependencies:

sudo apt update && sudo apt upgrade -y
sudo apt install -y ca-certificates curl gnupg


Step 3: Install Docker & docker Compose
sub2api relies heavily on Docker. Add the official Docker repository and install the engine:

# Add Docker's official GPG key
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/Linux/ubuntu/gpg | sudo gpg --deArmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Set up the repository
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linUX/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker Engine
sudo apt update
sudo apt install -y docker-ce docker-ce-CLI containerd.io docker-buildx-plugin docker-compose-plugin

# Start and enable Docker service
sudo systemctl enable --now docker


Step 4: Verify installation
Run a test container to ensure Docker is working:

sudo docker run hello-world



(If you see "Hello from Docker!", the environment is ready.)

2. Deploy sub2api Service

With Docker installed, we can now deploy the proxy service.
Step 1: Create Project Directory & Pull Script
mkdir -p sub2api
cd sub2api
curl -sSL https://raw.GitHubusercontent.com/Wei-Shaw/sub2api/main/deploy/docker-deploy.sh | bash


Step 2: Start the Container

docker compose up -d


Step 3: Access the Dashboard
Open your browser and navigate to http://your_server_ip:8080.
If the page loads, the deployment was successful.
Troubleshooting:

  • If the page is unreachable, check the Docker service status: docker compose ps.

  • Ensure your server's Firewall and Security Group rules allow traffic on port 8080.

Step 4: Retrieve Admin Credentials
The first login requires a generated password. Retrieve it via:
docker compose logs sub2api | grep "admin password"



  • Username: admin@sub2api.local

  • Password: (The one-time password shown in the logs)

Security Tip: Log in immediately and change your password. If you have a domain name, proceed to configure SSL.

3. Secure the Server with SSL (HTTPS)

Using HTTPS adds a critical layer of security. We will use acme.sh to obtain a free certificate.
Step 1: Install acme.sh
curl https://get.acme.sh | sh



Step 2: Domain Preparation
Point your domain (e.g., sub2api.yourdomain.com) to your server's IP address. Verify the DNS propagation using ping.
Step 3: Issue SSL certificate
Stop Nginx (if running) and issue the certificate using the standalone mode:
# Stop Nginx to free port 80
systemctl stop nginx

# Issue certificate (Replace with your domain)
/root/.acme.sh/acme.sh --issue -d sub2api.yourdomain.com --standalone --force


Step 4: Install Certificate to Target Directory
Copy the certificate files to your sub2api SSL folder:

# Create SSL directory
mkdir -p /root/sub2api/ssl

# Install certificate
/root/.acme.sh/acme.sh --install-cert -d sub2api.yourdomain.com \
--key-file       /root/sub2api/ssl/sub2api.key  \
--fullchain-file /root/sub2api/ssl/sub2api.pem \
--reloadcmd     "systemctl reload nginx"


Step 5: Configure Nginx reverse proxy
Create an Nginx configuration file (/etc/nginx/conf.d/sub2api.conf) with the following content:

server {
    listen 80;
    server_name sub2api.yourdomain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name sub2api.yourdomain.com;

    underscores_in_headers on;

    # SSL Certificates
    ssl_certificate /root/sub2api/ssl/sub2api.pem;
    ssl_certificate_key /root/sub2api/ssl/sub2api.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;

    # Reverse Proxy to sub2api
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $rEMOte_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
    }
}


Restart Nginx: systemctl start nginx. You can now access your dashboard via HTTPS.

4. Configure Accounts & API Keys

Step 1: Create a Group
Go to "Group Management" -> "Create Group."

  • Platform: openai

  • Name: Your preferred name.

  • Self-Usage Rate: Set to 1.

Step 2: Add Accounts (OAuth)

  1. Go to "Account Management" -> "Add Account."

  2. Select OpenAI platform and OAuth authorization method.

  3. Crucial Step: Clear the default model list. This allows the proxy to automatically recognize new models (like GPT-5.5) without manual updates.

  4. Set concurrency (e.g., 10-100 depending on your account's capability).

  5. Generate the authorization link and open it in an Incognito browser window.

  6. Log in with your ChatGPT credentials (or Team workspace).

  7. Note: After login, the page may show an error or go blank. This is normal. Copy the entire URL from the browser's address bar and paste it back into the sub2api confirmation box.

Step 3: Generate API Key
Navigate to "API Key" management and generate a new key.
Step 4: Recharge (Balance)
Go to "User Management" and recharge your account with a high value (e.g., 99999999). Without sufficient balance, you will encounter an INSUFFICIENT_BALANCE error.

5. Testing & Integration

Test the connection by sending a request using the model name (e.g., GPT-5.5 or Claude-3-Opus). A successful response indicates the proxy chain is working.
Integration Tools:
You can now use this API key in various development tools:

  • cc-switch: A powerful routing tool to manage multiple keys.

  • Codex CLI, openclaw, Hermes: Configure these tools to use your self-hosted proxy endpoint.

Conclusion:
By following this guide, you have successfully built a cost-effective AI proxy station. This setup drastically reduces your reliance on expensive official APIs while providing the flexibility to use cutting-edge models like gpt-5.5 through a simple web interface conversion.
★★★★★
★★★★★
Be the first to rate this article.
sub2api self-hosted AI OpenAI API proxy Docker deployment AI cost reduction GPT-5.5 Claude API reverse proxy acme.sh SSL certificate Ubuntu server ChatGPT alternative

Comments & Questions (0)

Captcha
Please be respectful — let's keep the conversation friendly.

No comments yet

Be the first to comment!