d3vilh/x-ui
X-UI is a Shadowsocks and XTLS-Reality server with Web UI.
449
---
version: "3.9"
services:
xui:
image: d3vilh/x-ui:latest
container_name: x-ui
hostname: x-ui-xray
volumes:
- ./db/:/etc/x-ui/
- ./cert/:/root/cert/
environment:
XRAY_VMESS_AEAD_FORCED: "false"
tty: true
network_mode: host
restart: unless-stopped
!Beaware!: Some protocols described here are prohibited in PRC. Don't use this if you are in PRC. This is for your educational purposes only.
http://localhost:54321
, (change localhost
to your server host ip/name)admin/admin
, which must be changed via web interface on first login (Pannel Settings
> User Settings
).443:tcp
, 80:tcp
, 54321:tcp
(by default), Inbound ports you'll configure.db
and cert
directories into container, there it will store SQLite DB with configuration and there you'll put https certificate.Pannel Settings
> User Settings
> Password
to something strong and secure.Pannel Settings
> Pannel Configurations
> Pannel Port
from 54321
to some random port (the best in the upper end of the range, up to 65535
)Pannel Settings
> Pannel Configurations
> Panel URL Root Path
to something random, like /mysecretpannel/
or /superxray/
.Now when default security configuration is done. It is time to configure Xray to work with your Server. There is few steps below you should follow.
More Xray configuration examples can be found here.
To create Shadowsocks Inbound you need to:
Pannel Service
> Subscriptions
> Enable Service
> ON
Save
> Restart Pannel
to apply Subscriptions.
Inbounds
> Add Inbound
:
Remark
: Anything humanreadable to identify this inbound (ShadowSocks
, for example)Protocol
: shadowsocks
Listen IP
: IP where server will listen for connections. You can leave it empty in this case it will listen on all interfaces.Listen Port
: Port where server will listen for connections. It is random by default - leave it.Total Flow GB
and Expire date
is limit parameters you could sent for this inbound. Leave it empty for unlimited.Client
>
Email
: Anything humanreadable, to identify this client (ShadowUser1
, for example)Password
: Password for desired encryption. It is random by default - leave it.Subscription
: User1
Anything humanreadable to identify this Subscription.Encryption
: for Shadowsocks use any encryption you like which starts with 2022. For example 2022-blake3-aes-256-gcm
Network
: tcp,udp
or tcp
for ShadowsocksTransmission
: tcp
You can use Shadowsocks now, but it is better to continue with VLESS & XTLS-Reality configuration below to bypass Active probing.
Here how Shadowsocs Configuration looks like:
To create VLESS Inbound you need to:
Pannel Service
> Subscriptions
> Enable Service
> ON
Save
> Restart Pannel
to apply Subscriptions.Inbounds
> Add Inbound
:
Remark
: Anything humanreadable to identify this inbound (Reality
, for example)Protocol
: vless
Listen IP
: IP where server will listen for connections. You can leave it empty in this case it will listen on all interfaces.Listen Port
: 443
Port where server will listen for connections.Total Flow GB
and Expire date
is limit parameters you could set for this inbound. Leave it empty for unlimited.Client
>
Email
: Anything humanreadable, to identify this client (RealUser1
, for example)ID
: Random UUID by default - leave it.Subscription
: User1
Keep it same as you set for Shadowsocks.Accept Proxy Protocol
: Reality
This is important to enable before setting next options.Flow
: xtls-rprx-vision
This option will appear above the Subscription
option after enabling Accept Proxy Protocol
.Domain name
: yourdomain.com
Your domain name. You can leave it empty if you don't have one, so X-UI will automatically insert your IP.Xver
: 0
Leave it default. IDK what is it for.uTLS
: Firefox
Leave it default, Firefox
or Chrome
are desirable and most reliable to clients options.Dest
, Server Names
: microsoft.com:443
and microsoft.com,www.microsoft.com
This is domains under which you will "disguise yourself". This should be some popular external domain, which is not blocked by your SP, Organisation or Goverment (I hope you know consequences and have strong reason for).Shorts
: Random by default - leave it.Private Key
and Public Key
: Click Get New Cert
button below.Here how Realty Configuration looks like:
This is what you'll have as a result of our configuration:
Under Pannel Settings
> Xray Configuration
you can find some additional options. Such as block BitTorrent traffic for your Clients or enable Ads Blocking or Family-Friendly for them.
You can block connections to specific countries from the list like China, Russia, etc.
In addition you can setup XRAY Telegram Bot which will help you to manage your XRAY Server via Telegram.
Here is the list of Clients you can use with XRAY Server. If you glad to use something different, plesae, let me know, I'll add it to the list.
FoXray. On Appstore for iPhone and iPad. Free. Based on XRay-Core, supports all the available protocols: Shadowsocks, VLESS, Socks, VMess, XTLS, Reality, Trojan. With TLS, TCP, HTTP/2, WebSocket, mKCP, gRPC, QUIC.
ShadowRocket. On Appstore for iPhone and iPad. Costs 3,99$. Supports Shadowsocks-2022, VMess, VLESS, Trojan, TUIC, Hysteria, WireGuard, XTLS-Vision, uTLS.
docker pull d3vilh/x-ui