d3vilh/x-ui

By d3vilh

Updated over 1 year ago

X-UI is a Shadowsocks and XTLS-Reality server with Web UI.

Image
1

449

Docker-compose

---
version: "3.9"

services:
  xui:
    image: d3vilh/x-ui:latest
    container_name: x-ui
    hostname: x-ui-xray
    volumes:
      - ./db/:/etc/x-ui/
      - ./cert/:/root/cert/
    environment:
      XRAY_VMESS_AEAD_FORCED: "false"
    tty: true
    network_mode: host
    restart: unless-stopped

Basic Xray Server Configuration

!Beaware!: Some protocols described here are prohibited in PRC. Don't use this if you are in PRC. This is for your educational purposes only.

Xray facts:

  • UI access porthttp://localhost:54321, (change localhost to your server host ip/name)
  • Default password is admin/admin, which must be changed via web interface on first login (Pannel Settings > User Settings).
  • External ports used by container: 443:tcp, 80:tcp, 54321:tcp(by default), Inbound ports you'll configure.
  • Configuration files you should mount db and cert directories into container, there it will store SQLite DB with configuration and there you'll put https certificate.
  • It is Important to change following settings for better security:
    • default password in Pannel Settings > User Settings > Password to something strong and secure.
    • default pannel port in Pannel Settings > Pannel Configurations > Pannel Port from 54321 to some random port (the best in the upper end of the range, up to 65535)
    • default configuration pannel URL in Pannel Settings > Pannel Configurations > Panel URL Root Path to something random, like /mysecretpannel/ or /superxray/.

Inbounds configuration

Now when default security configuration is done. It is time to configure Xray to work with your Server. There is few steps below you should follow.
More Xray configuration examples can be found here.

1. SHADOWSOCKS Configuration

To create Shadowsocks Inbound you need to:

  • Enable Subscriptions: Pannel Service > Subscriptions > Enable Service > ON

Save > Restart Pannel to apply Subscriptions.

  • Add new Inbound: Inbounds > Add Inbound:
    • Remark: Anything humanreadable to identify this inbound (ShadowSocks, for example)
    • Protocol: shadowsocks
    • Listen IP: IP where server will listen for connections. You can leave it empty in this case it will listen on all interfaces.
    • Listen Port: Port where server will listen for connections. It is random by default - leave it.
    • Total Flow GB and Expire date is limit parameters you could sent for this inbound. Leave it empty for unlimited.
    • Client >
      • Email: Anything humanreadable, to identify this client (ShadowUser1, for example)
      • Password: Password for desired encryption. It is random by default - leave it.
      • Subscription: User1 Anything humanreadable to identify this Subscription.
      • Encryption: for Shadowsocks use any encryption you like which starts with 2022. For example 2022-blake3-aes-256-gcm
      • Network: tcp,udp or tcp for Shadowsocks
      • Transmission: tcp

You can use Shadowsocks now, but it is better to continue with VLESS & XTLS-Reality configuration below to bypass Active probing.

Here how Shadowsocs Configuration looks like:

Raspberry ShadowSocks Configuration 1
2. VLESS & XTLS-Reality Configuration

To create VLESS Inbound you need to:

  • Enable Subscriptions: Pannel Service > Subscriptions > Enable Service > ONSave > Restart Pannel to apply Subscriptions.
  • Add new Inbound: Inbounds > Add Inbound:
    • Remark: Anything humanreadable to identify this inbound (Reality, for example)
    • Protocol: vless
    • Listen IP: IP where server will listen for connections. You can leave it empty in this case it will listen on all interfaces.
    • Listen Port: 443 Port where server will listen for connections.
    • Total Flow GB and Expire date is limit parameters you could set for this inbound. Leave it empty for unlimited.
    • Client >
      • Email: Anything humanreadable, to identify this client (RealUser1, for example)
      • ID: Random UUID by default - leave it.
      • Subscription: User1 Keep it same as you set for Shadowsocks.
      • Accept Proxy Protocol: Reality This is important to enable before setting next options.
      • Flow: xtls-rprx-vision This option will appear above the Subscription option after enabling Accept Proxy Protocol.
      • Domain name: yourdomain.com Your domain name. You can leave it empty if you don't have one, so X-UI will automatically insert your IP.
      • Xver: 0 Leave it default. IDK what is it for.
      • uTLS: Firefox Leave it default, Firefox or Chrome are desirable and most reliable to clients options.
      • Dest, Server Names: microsoft.com:443 and microsoft.com,www.microsoft.com This is domains under which you will "disguise yourself". This should be some popular external domain, which is not blocked by your SP, Organisation or Goverment (I hope you know consequences and have strong reason for).
      • Shorts: Random by default - leave it.
      • Private Key and Public Key: Click Get New Cert button below.
  • Save it, and you are done.

Here how Realty Configuration looks like:

Raspberry Realty Configuration 1
Raspberry Realty Configuration 2

This is what you'll have as a result of our configuration:

Raspberry Configured XRAY Inbounds

Additional Options.

Under Pannel Settings > Xray Configuration you can find some additional options. Such as block BitTorrent traffic for your Clients or enable Ads Blocking or Family-Friendly for them. You can block connections to specific countries from the list like China, Russia, etc. In addition you can setup XRAY Telegram Bot which will help you to manage your XRAY Server via Telegram.

Xray Clients

Here is the list of Clients you can use with XRAY Server. If you glad to use something different, plesae, let me know, I'll add it to the list.

Universal Clients
  • Nekoray/Nekobox it supports Shadowsocks-2022, VLESS and XTLS-Reality protocols. Easy to use, have nice GUI and available for Windows, Linux, Android and unofficially for MacOS. Special build for MacOS is available here.
Android Clients
MacOS Clients
iOS Clients
  • FoXray. On Appstore for iPhone and iPad. Free. Based on XRay-Core, supports all the available protocols: Shadowsocks, VLESS, Socks, VMess, XTLS, Reality, Trojan. With TLS, TCP, HTTP/2, WebSocket, mKCP, gRPC, QUIC.

  • V2BOX. On Appstore for iPhone. Free.

  • ShadowRocket. On Appstore for iPhone and iPad. Costs 3,99$. Supports Shadowsocks-2022, VMess, VLESS, Trojan, TUIC, Hysteria, WireGuard, XTLS-Vision, uTLS.

Docker Pull Command

docker pull d3vilh/x-ui