diff --git a/podkop/files/etc/init.d/podkop b/podkop/files/etc/init.d/podkop
index fdf7fb9..94715a8 100755
--- a/podkop/files/etc/init.d/podkop
+++ b/podkop/files/etc/init.d/podkop
@@ -970,128 +970,96 @@ sing_box_config_vless() {
     server=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f1 | tr -d '\n' | tr -d '\r' | sed 's/False//g')
     port=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f2 | cut -d'?' -f1 | cut -d'/' -f1 | cut -d'#' -f1 | tr -d '\n' | tr -d '\r' | sed 's/False//g')
 
-    type=$(get_param "type")
-    security=$(get_param "security")
-    sni=$(get_param "sni")
-    fp=$(get_param "fp")
-    flow=$(get_param "flow")
-    pbk=$(get_param "pbk")
-    sid=$(get_param "sid")
-    path=$(get_param "path")
-    host=$(get_param "host")
-    spx=$(get_param "spx")
-    alpn=$(get_param "alpn")
-
-    cat > /tmp/vless_temp.json << EOF
-{
-  "log": {
-    "level": "warn"
-  },
-  "inbounds": [
-    {
-      "type": "tproxy",
-      "listen": "::",
-      "listen_port": $listen_port,
-      "sniff": false
-    }
-  ],
-  "outbounds": [
-    {
-      "type": "vless",
-      "server": "$server",
-      "server_port": $port,
-      "uuid": "$uuid",
-      "packet_encoding": "",
-      "domain_strategy": ""
-EOF
-
-    if [ -n "$flow" ]; then
-        echo "      ,\"flow\": \"$flow\"" >> /tmp/vless_temp.json
-    fi
-
-    if [ "$type" = "ws" ]; then
-        cat >> /tmp/vless_temp.json << EOF
-,
-      "transport": {
-        "type": "ws",
-        "path": "$path"
-EOF
-        if [ -n "$host" ]; then
-            cat >> /tmp/vless_temp.json << EOF
-,
-        "headers": {
-          "Host": "$host"
-        }
-EOF
-        fi
-        echo "      }" >> /tmp/vless_temp.json
-    elif [ "$type" = "grpc" ]; then
-        cat >> /tmp/vless_temp.json << EOF
-,
-      "transport": {
-        "type": "grpc"
-      }
-EOF
-    elif [ "$type" = "tcp" ]; then
-        : # tcp doesn't need additional transport configuration
-    fi
-
-    if [ "$security" = "reality" ]; then
-        cat >> /tmp/vless_temp.json << EOF
-,
-      "tls": {
-        "enabled": true,
-        "server_name": "$sni",
-        "utls": {
-          "enabled": true,
-          "fingerprint": "$fp"
+    jq -n \
+    --arg listen_port "$listen_port" \
+    --arg server      "$server" \
+    --argjson port    "$port" \
+    --arg uuid        "$uuid" \
+    --arg type        "$(get_param "type")" \
+    --arg flow        "$(get_param "flow")" \
+    --arg sni         "$(get_param "sni")" \
+    --arg fp          "$(get_param "fp")" \
+    --arg security    "$(get_param "security")" \
+    --arg pbk         "$(get_param "pbk")" \
+    --arg sid         "$(get_param "sid")" \
+    --arg alpn        "$(get_param "alpn")" \
+    --arg path        "$(get_param "path")" \
+    --arg host        "$(get_param "host")" \
+    --arg spx         "$(get_param "spx")" \
+    --arg insecure    "$(get_param "allowInsecure")" \
+    '{
+        "log": {
+            "level": "warn"
         },
-        "reality": {
-          "enabled": true,
-          "public_key": "$pbk",
-          "short_id": "$sid"
+        "inbounds": [
+            {
+                "type": "tproxy",
+                "listen": "::",
+                "listen_port": ($listen_port|tonumber),
+                "sniff": false
+            }
+        ],
+        "outbounds": [
+            {
+                "type": "vless",
+                "server": $server,
+                "server_port": ($port|tonumber),
+                "uuid": $uuid,
+                "packet_encoding": "",
+                "domain_strategy": ""
+            }
+        ],
+        "route": {
+            "auto_detect_interface": true
         }
-      }
-EOF
-    elif [ "$security" = "tls" ]; then
-        cat >> /tmp/vless_temp.json << EOF
-,
-      "tls": {
-        "enabled": true,
-        "server_name": "$sni",
-        "insecure": $([ "$(get_param 'allowInsecure')" = "1" ] && echo "true" || echo "false"),
-        "utls": {
-          "enabled": true,
-          "fingerprint": "$fp"
+    } |
+
+    if $flow != "" then .outbounds[0].flow = $flow else . end |
+
+    if $type == "ws" then
+        .outbounds[0].transport = {
+            "type": "ws",
+            "path": $path
+        } |
+        if $host != "" then
+            .outbounds[0].transport.headers = {
+                "Host": $host
+            }
+        else . end
+    elif $type == "grpc" then
+        .outbounds[0].transport = {
+            "type": "grpc"
         }
-EOF
-        if [ -n "$alpn" ]; then
-            local alpn_json=$(echo "$alpn" | tr ',' '\n' | jq -R . | jq -s .)
-            echo "        ,\"alpn\": $alpn_json" >> /tmp/vless_temp.json
-        fi
-        echo "      }" >> /tmp/vless_temp.json
-    fi
+    else . end |
 
-    cat >> /tmp/vless_temp.json << EOF
-    }
-  ],
-  "route": {
-    "auto_detect_interface": true
-  }
-}
-EOF
+    if $security == "reality" or $security == "tls" then
+        .outbounds[0].tls = {
+            "enabled": true,
+            "server_name": $sni,
+            "utls": {
+                "enabled": true,
+                "fingerprint": $fp
+            },
+            "insecure": ($insecure == "1")
+        } |
+        if $alpn != "" then
+            .outbounds[0].tls.alpn = ($alpn | split(","))
+        else . end |
+        if $security == "reality" then
+            .outbounds[0].tls.reality = {
+                "enabled": true,
+                "public_key": $pbk,
+                "short_id": $sid
+            }
+        else . end
+    else . end' > /etc/sing-box/config.json
 
-    if jq . /tmp/vless_temp.json >/tmp/vless_config.json 2>/dev/null; then
-        mv /tmp/vless_config.json /etc/sing-box/config.json
+    if [ $? -eq 0 ]; then
         echo "Config created successfully"
     else
         echo "Error: Invalid JSON config generated"
-        cat /tmp/vless_temp.json
-        rm -f /tmp/vless_temp.json
         return 1
     fi
-
-    rm -f /tmp/vless_temp.json
 }
 
 sing_box_config_check() {