d3vilh/x-ui
X-UI is a Shadowsocks and XTLS-Reality server with Web UI.
449
Docker-compose
---
version: "3.9"
services:
xui:
image: d3vilh/x-ui:latest
container_name: x-ui
hostname: x-ui-xray
volumes:
- ./db/:/etc/x-ui/
- ./cert/:/root/cert/
environment:
XRAY_VMESS_AEAD_FORCED: "false"
tty: true
network_mode: host
restart: unless-stopped
Basic Xray Server Configuration
!Beaware!: Some protocols described here are prohibited in PRC. Don't use this if you are in PRC. This is for your educational purposes only.
Xray facts:
- UI access port
http://localhost:54321, (changelocalhostto your server host ip/name) - Default password is
admin/admin, which must be changed via web interface on first login (Pannel Settings>User Settings). - External ports used by container:
443:tcp,80:tcp,54321:tcp(by default), Inbound ports you'll configure. - Configuration files you should mount
dbandcertdirectories into container, there it will store SQLite DB with configuration and there you'll put https certificate. - It is Important to change following settings for better security:
- default password in
Pannel Settings>User Settings>Passwordto something strong and secure. - default pannel port in
Pannel Settings>Pannel Configurations>Pannel Portfrom54321to some random port (the best in the upper end of the range, up to65535) - default configuration pannel URL in
Pannel Settings>Pannel Configurations>Panel URL Root Pathto something random, like/mysecretpannel/or/superxray/.
- default password in
Inbounds configuration
Now when default security configuration is done. It is time to configure Xray to work with your Server. There is few steps below you should follow.
More Xray configuration examples can be found here.
1. SHADOWSOCKS Configuration
To create Shadowsocks Inbound you need to:
- Enable Subscriptions:
Pannel Service>Subscriptions>Enable Service>ON
Save > Restart Pannel to apply Subscriptions.
- Add new Inbound:
Inbounds>Add Inbound:Remark: Anything humanreadable to identify this inbound (ShadowSocks, for example)Protocol:shadowsocksListen IP: IP where server will listen for connections. You can leave it empty in this case it will listen on all interfaces.Listen Port: Port where server will listen for connections. It is random by default - leave it.Total Flow GBandExpire dateis limit parameters you could sent for this inbound. Leave it empty for unlimited.Client>Email: Anything humanreadable, to identify this client (ShadowUser1, for example)Password: Password for desired encryption. It is random by default - leave it.Subscription:User1Anything humanreadable to identify this Subscription.Encryption: for Shadowsocks use any encryption you like which starts with 2022. For example2022-blake3-aes-256-gcmNetwork:tcp,udportcpfor ShadowsocksTransmission:tcp
You can use Shadowsocks now, but it is better to continue with VLESS & XTLS-Reality configuration below to bypass Active probing.
Here how Shadowsocs Configuration looks like:
2. VLESS & XTLS-Reality Configuration
To create VLESS Inbound you need to:
- Enable Subscriptions:
Pannel Service>Subscriptions>Enable Service>ONSave>Restart Pannelto apply Subscriptions. - Add new Inbound:
Inbounds>Add Inbound:Remark: Anything humanreadable to identify this inbound (Reality, for example)Protocol:vlessListen IP: IP where server will listen for connections. You can leave it empty in this case it will listen on all interfaces.Listen Port:443Port where server will listen for connections.Total Flow GBandExpire dateis limit parameters you could set for this inbound. Leave it empty for unlimited.Client>Email: Anything humanreadable, to identify this client (RealUser1, for example)ID: Random UUID by default - leave it.Subscription:User1Keep it same as you set for Shadowsocks.Accept Proxy Protocol:RealityThis is important to enable before setting next options.Flow:xtls-rprx-visionThis option will appear above theSubscriptionoption after enablingAccept Proxy Protocol.Domain name:yourdomain.comYour domain name. You can leave it empty if you don't have one, so X-UI will automatically insert your IP.Xver:0Leave it default. IDK what is it for.uTLS:FirefoxLeave it default,FirefoxorChromeare desirable and most reliable to clients options.Dest,Server Names:microsoft.com:443andmicrosoft.com,www.microsoft.comThis is domains under which you will "disguise yourself". This should be some popular external domain, which is not blocked by your SP, Organisation or Goverment (I hope you know consequences and have strong reason for).Shorts: Random by default - leave it.Private KeyandPublic Key: ClickGet New Certbutton below.
- Save it, and you are done.
Here how Realty Configuration looks like:
This is what you'll have as a result of our configuration:
Additional Options.
Under Pannel Settings > Xray Configuration you can find some additional options. Such as block BitTorrent traffic for your Clients or enable Ads Blocking or Family-Friendly for them.
You can block connections to specific countries from the list like China, Russia, etc.
In addition you can setup XRAY Telegram Bot which will help you to manage your XRAY Server via Telegram.
Xray Clients
Here is the list of Clients you can use with XRAY Server. If you glad to use something different, plesae, let me know, I'll add it to the list.
Universal Clients
- Nekoray/Nekobox it supports Shadowsocks-2022, VLESS and XTLS-Reality protocols. Easy to use, have nice GUI and available for Windows, Linux, Android and unofficially for MacOS. Special build for MacOS is available here.
Android Clients
MacOS Clients
iOS Clients
FoXray. On Appstore for iPhone and iPad. Free. Based on XRay-Core, supports all the available protocols: Shadowsocks, VLESS, Socks, VMess, XTLS, Reality, Trojan. With TLS, TCP, HTTP/2, WebSocket, mKCP, gRPC, QUIC.
ShadowRocket. On Appstore for iPhone and iPad. Costs 3,99$. Supports Shadowsocks-2022, VMess, VLESS, Trojan, TUIC, Hysteria, WireGuard, XTLS-Vision, uTLS.
Docker Pull Command
docker pull d3vilh/x-ui