Physical Address:
ChongQing,China.
WebSite:
2022.06.22更新:
当前版本已经增加了Telegram机 器人的命令,目前支持的命令包括:
In the telegram bot, you can click /help button to get help information, as shown in the figure:
For example, close the proxy whose corresponding port is 59212:
新版本已经支持Shadowsocks2022的协议,但是目前生成的链接仅在Sagernet上可以使用,v2rayNG与v2rayN的支持还需要看 看最终的分享链接标准。如果想要使用的童鞋可以通过手动添加的形式进行添加。
The current version supports proxy search and one-click reset traffic functions.
2022.04.09 Update:
Since the development progress of the original author has slowed down, I am also learning the go language myself, so I forked the original author's warehouse and updated the functions. The current expanded functions include
At the same time, the issue area has also been opened. I hope you can use it and give me feedback. I will make PR to the original warehouse from time to time to improve X-UI together.,project rgithub address pleaseclick here
To use the proxy service for scientific Internet access, the important thing is the construction of the proxy server. In our construction process, we often need to choose the construction method that suits us according to our own situation. For example, the official recommended script is used for installation, but the officially recommended scripts are generally not friendly to novices, and they often need to be expanded by themselves before the installation can be successful. There are also all-in-one one-click installation scripts implemented by various gods. These scripts reduce the difficulty of building a server for novices to a certain extent. In addition, there is a kind of construction method, that is, build proxies by web Pannel
The advantages of using panels to build are:Due to the UI interface, the information display is quite intuitive, which is more convenient for us newbies to operate (no command line required). So today we will introduce the use of X-UI to build our proxy service.
Using X-UI to build a proxy service has the following advantages:
It should be noted here that the registered domain name must first add an A record in Cloudfare, so that we can apply for an SSL certificate.
If you don't know how to add an A record, please Google it by yourself.
Copy the officially recommended script:
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
After execution, we should see the following output:
After installation, we can get the configuration content of the panel in /usr/local/x-ui.
Please note, do not open the proxy after adding, only DNS resolution. How to judge whether to enable CDN proxy? Very simple, there is a cloud under the proxy status, the orange cloud means CDN is enabled, and the gray cloud means DNS resolution only.
After the addition is complete, we open a new web page and enter yourdomain:54321(the initial port of the panel), press Enter to enter our login interface.
The login interface looks like this:
We use the default user name and password to log in to enter the X-UI settings interface:
It is strongly recommended to reset the panel port and user name, login password in the panel settings immediately after logging in, and then restart the panel. Otherwise, someone will try to log in with the default account password.
Click“入站列表”to add new proxy
Setup Proxy
If you do not have a CDN or other requirements, you can leave other settings and click "添加" to finish adding the node.
After adding the node, we click查看, click Copy Connection at the bottom right to get the connection. It can be added in the V2rayN App
To get the QR code, click the QR code icon,and now you can use V2rayNG or Shadowrocket etc to scan
At this point, the process of using X-UI to build proxy is complete.
It should be noted that CDN application is not supported after the above steps are completed.如果想支持CDN套用,则继续参考以下步骤
If you need to support CDN application, you also need to apply for a set of SSL certificates. This set of certificates is actually used for the authentication of your subdomain, please do not confuse it with the certificate of the main domain!
Here we use ACME to apply for the certificate. The application mode used in this tutorial is the DNS API mode. In short, it uses the API provided by the nameserver provider of your domain name to complete the certificate issuance. Using this mode does not depend on port opening, etc., and the success rate is currently the highest.
In order to help you simplify the entire operation process, I wrote a script to facilitate you to quickly apply for a certificate. If you don't want to read so much, just use the entire script directly. The specific usage is as follows:
bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/BashScripts/main/SSLAutoInstall/SSLAutoInstall.sh)
If you want to know more details, please follow the steps below to take a closer look~
curl https://get.acme.sh | sh
After installation, a folder such as .acme.sh will be generated in the root directory, which can be viewed using the ls -la command.
Log in to Cloudflare's official website, and in the API area in the lower left corner, click“获取您的API令牌”
Click to enter the secondary page, click API Token, find the Global API Key under the API key, and view it
Please copy this API Key to your local. Enter the following command to import environment variables (When copying and pasting, please remove // and the following content by yourself. This tutorial is only for comments, and // and the following content are not needed in actual use.):
export CF_Key=”***********************” //Global API key
export CF_Email=***************.com //Cloudfare register Email
Since the default certificate CA of the Acme script is ZeroSSL, it is not very convenient to use. Therefore, it is recommended that you change the CA to Let's Encrypt. The switching command is as follows:
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
Use the following command for certificate signing:
#创建文件夹
mkdir /root/cert
#签发证书
~/.acme.sh/acme.sh --issue --dns dns_cf -d YourDomain -d *.YourDomain
mkdir /root/cert
#更改权限
chmod -R 755 /root/cert
~/.acme.sh/acme.sh --installcert -d YourDomain -d *.YourDomain --ca-file /root/cert/ca.cer --cert-file /root/cert/YourDomain.cer --key-file /root/cert/YourDomain.key --fullchain-file /root/cert/fullchain.cer
~/.acme.sh/acme.sh --upgrade --auto-upgrade
The installation is successful as shown below:
After installing the certificate, we can set up TLS and apply CDN.
Attentions:
1.YourDomain represents your own domain name, please replace it with your own domain name when using the command
2.The domain name applied for in this tutorial is a generic domain name certificate, which can be used for an unlimited number of second-level domain names
3.When using the certificate public key, use fullchain.cer first, which will avoid many strange problems
Enter the panel interface, add an inbound node, and set as follows:
Points to note during setup:
1. The port needs to be a port supported by Cloudflare for distribution, such as 443, etc.
2. The application of CDN needs to be matched with WebSocket, please select ws in the transmission setting item
3The Websocket path can be arbitrary, but it is best not to be the root path
4.Please fill in the public key file path and key file path according to the actual location of your certificate installation
5.When using certificates and keys, in addition to setting the path, you can also fill in the content of the certificate file content to achieve the purpose of use
After adding the node, we go back to Cloudflare and make the gray cloud orange. Then we go back to the VPS side and use ping + domain name to check whether the IP has changed. If it is no longer the IP of our VPS, it means that the CDN has been successfully applied.
In addition to the nodes we build can apply CDN, our X-UI panel also supports applying CDN. If the X-UI panel needs to also apply CDN, we need to modify the port that the panel listens on in the panel to the port supported by Cloudflare, and set the SSL certificate key path at the same time.Pay attention here意,面板的监听端口一定不要与你的节点共用同一端口。
After setting, remember to restart the panel, re-enter: https://domain name+port, and enter the panel interface normally. At the same time, we will find that our web page is already encrypted.
At this point, the panel also supports applying CDN.
The above is the entire tutorial for using X-UI. You can test and use it according to the tutorial. If you have any questions, you can communicate with me in the comment area. If you still have questions, I also uploaded a video tutorial for your reference:
I used it for a day after the completion of the construction, and it is very convenient and quick to use in general, which is very suitable for novice use. I would also like to thank the developers of X-UI. Their selfless efforts brought us such a useful tool, Respect!
试了几次都是提示:由于是小白,看log文件也不懂。,不知道大佬有什么建议
[Sat Sep 10 14:07:52 UTC 2022] Add txt record error.
[Sat Sep 10 14:07:52 UTC 2022] Error add txt for domain:_acme-challenge.XXX.ml
[Sat Sep 10 14:07:52 UTC 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log
[ERR] issue cert failed,please check your input
针对证书申请,可以查看Github项目中的WIKI文档,如果还存在问题,可以通过Issue或者Telegram 群组进行反馈~
域名供应商不行或者是域名后缀不行 要不然就是DNS问题 尤其的免费的域名 ??? 换个其他的供应商 或者其他后缀的域名 应该就可以了
CF不再支持freenom申请的如tk、ml等免费顶级域名的API操作,包括申请证书等,网上找了好久才发现原因
有Docker 镜像吗?我想在docker里安装
目前暂未提供docker镜像,短期内也没有这个计划。
添加http能不设置密码使用吗,现在使用需要添加密码才能连接上
hello dear
how can i update to new vesion without losing our data ?
Just excute the same shell script,or enter x-ui control menu,type number 2 to update.
how can i enable telegram bot for account create ?
is there any documention?
hello. any guide to enable telegram bot for account create and enable or disable account ?
WIKI document will help you.
全部弄完生成二维码后 用小火箭扫描无法访问外网 不知道问题出在哪里 是防火墙还是
首先确认一下端口是否开放,然后尝试一下Windows端v2rayN、Android端v2rayNG是否正常,如果其他客户端没有问题但是IOS无法使用,基本都是客户端自己的问题,如果所有客户端无法使用,就需要根据日志来排查了。
请问面板直接带的证书申请脚本可以用吗?和自己安装的有啥区别和隐患?
可以直接使用,和自己安装的没有任何区别,具体请自行了解acme申请证书.
为什么我添加了x-iu面板,加了域名DNS进不去面板
我估计是因为cloudflare不支持非443端口的cdn
cloudflare支持非443的https端口,具体支持的端口请自行Google.
登陆密码忘记了怎么重置啊
登陆密码忘记了怎么重置啊
进入服务器,输入x-ui进入控制面板,通过选项7查看密码配置信息
感谢!昨天下午折腾到现在,看到你的文章一下子就用得了了!!
跟着教程做了很多次,其他教程也是过了,cf只要不开启云cdn,都可以正常使用,一但开启cdn,就连不上了;唯一区别就是我域名是cname接入的,难道是以为这个导致不行的?
请仔细检查证书、端口设置
我也遇到了这个问题,请问你解决了吗
我也遇到了一样的情况,关了小云朵能用,开了小云朵就不行,v2rayNG提示 io read/write on close pipe,google上查不到,请问你解决了么?
我解决了,是cloudfare的设置SSL/TLS没设置成完全(严格),希望对你有帮助😅
单端口多用户!如果用官方原版的就不支持单端口多用户吗?如果单端口多用户会出现什么影响?
我现在用官方版本,单端口多用户也能使用,好像没有什么影响吗?所以这个你单独拿出来讲,是因为什么?我用的是Vless协议
官方版本不支持单端口多用户,你确认你可以使用?单端口多用户是指可以在某个端口的协议内添加不同的用户,每个用户是独立可区分的。
哦。我明白你的意思了。就是可以区分不同的用户,但是使用相同的端口号。不过我有个疑问哦,我同样的1个配置,给不同的用户,也都可以链接使用。那区分独立的用户意义是什么?
同样的一个配置,你当然可以分享给A或者B,但假如有一天你不想让A使用了,但是也不想影响B使用那怎么办呢,最好的办法还是每个人单独的配置。
哈哈哈!原来如此!有道理!谢谢大神指教。还有个问题,用了你的脚本,设备ip变更提示不是很准。同个服务器,不用的用户用不同的端口,会提示IP地址一样的。
站长,你X-UI脚本的设备IP接入通知,能做的再准确一些吗?
关于IP接入通知,目前值得注意的两个点:1.关于数据准确性,IP地址肯定是准确的,但是其他地理位置与运营商信息来自于第三方IP库,这部分数据无法保证一定准确;2.当设备断开时,可能无法及时收到通知,这是因为即使你切换网络环境,底层TCP连接仍旧会存在一段时间,所以这部分可能会滞后。但总体而言,不影响使用。
嗯嗯,我现在遇到的问题是,设置了几个用户,不同端口号、不同人使用,但是显示的IP地址是一样的。但是相同端口号下的多个ip倒是显示正确的
您好,我希望xui可以直接查看有多少连接的ip和使用流量统计
请问X-UI有API可以调用吗,比如创建入站配置
这个只有一个TgBot,能不能再开放一个接口,是直接给WebSockets ,这样可以直接连接其他三方接口了
大佬我的xui安装成功之后,但在浏览器中打不开面板,报错502,一直登不上面板
您好,我看了几遍你的教材,有个疑问,现在面板是启用了CDN,其实这个重要性我觉得不是很大。我想知道的是在这个域名下添加的随机端口的节点有没有开启CDN加速?我看了网上说用workers什么的,对于随机端口的怎么加速,我试了很多次都不能成功。我是小白,我不知道是不是只要随机端口,就不能加速?如果可以,该怎么配置?谢谢
CDN针对科学场景而言并非加速器,请自行了解CDN工作原理。
[Sun Mar 19 04:44:41 PM UTC 2023] Installing cert to: /root/cert/sgp.nothingnessvoid.tech.cer
/root/.acme.sh/acme.sh: line 5858: /root/cert/sgp.nothingnessvoid.tech.cer: No such file or directory
[ERR] 证书安装失败,脚本退出
再运行脚本说已经有证书了 但是实际上并没有安装上
请使用rm -rf ~/.acme.sh移除后再执行脚本进行安装
大神你好,跟着你的教程做,到登陆Xui控制台那一步发现输入了ip冒号端口号,以及二级域名冒号端口号都进不去后台,然后看到了你说的可能是随机产生了根路径,这个不是需要在端口号后再加上路径嘛才能登陆嘛。但是我在Finalshell里xui面板管理页面,输入数字7显示了这一串代码
flag provided but not defined: -show
Usage of setting:
-password string
set login password
-port int
set panel port
-reset
reset all setting
-username string
set login username
[ERR] get current settings error,please check logs
管理页面的数字键都可以用,就这个7“查看当前面板设置”打不开,按照你说的这个可以看到根路径但我无法得知根路径在哪个文件里,是什么符号,所以现在我登陆不上去这个控制台,很无解,希望作者解答!
1.你的x-ui版本并非是最新的版本
2.自动生成新的根路径只会在你首次登录面板,进入设置页面之后才会生成
3.你可尝试重置面板后再进行登录
你好大神,你的意思是第一次是应该可以进入的是吧,退出后才会随机根路径。
但我就是一直进不去,显示“该网页无法正常运作34.102.69.240 目前无法处理此请求,HTTP ERROR 502”
1.我在管理面板上按2更新xui到最新版本,上面显示0.3.2版本
2.无论我重启xui,或者重置面板设置多少次,输入ip英文冒号加端口,还是无法进入
3.在fs里按7显示的这个代码怎么解决啊,我更新到最新版,哪怕卸载了重装按7也是这样
你所安装的并非我的版本,当前最新release版本为:面板版本[version]: 0.3.4.1:20230305
大神你好,安装了您最新版的xui后,按7没有问题了,根据提示一步一步操作,证书也颁发好了,后台也进去了!
现在的问题:
从root/cert/里复制的路径,我确定cert是公钥路径,key是密钥路径应该没错,输入xui后台面板设置后,保存重启,就弹出来“您的连接不是私密连接“。点高级显示”该服务器提供了一个未通过证书透明度政策公开披露的证书。某些证书必须通过证书透明度政策进行公开披露,以确保它们值得信任且能保护用户免遭攻击。”这个是什么问题呢?
ps:颁发证书时我选择的2,因为我是买的域名,之前的操作和输入的信息保证无误的,感谢大神耐心解答!
我用微软浏览器发现可以正常登陆,chrome浏览器就不行,这个又是怎么回事啊- –
您是否知道xui安装的根路径在哪个文件里,以便于我可以不通过这个面板上按7,直接就能找到呢
Hi, is there any why to remove limitation of 10 user per inbound policy?
I couldn’t find any things till now
you can contact me via email:loveme@duck.com
I’ll send, thanks.
按照步骤,第一个vps-IP-CF那边已经有子域名解析,然后创建了第一个入站列表的用户,如果要创建第二个的话,还是按照同样步骤吗?重新在CF那边解析同样子域名(不同IP)还是有其他操作呢
新建用户不需要重新在CF进行解析,该行为只需执行一次,后续需要注意的是节点的端口需要支持CDN回源。
这个证书与我域名的证书有冲突吗? 我域名证书都一切OK了,https很完美,然后安装x-ui,结果生成的节点链接不能科学上网。然后我不知道咋弄的,节点可以科学上网了,但网站域名的https无法使用了,是这个证书与域名证书有冲突吗? 还是两个可以使用同一个证书的?一直没搞清楚之间的关系。
没有冲突,面板使用的证书与节点使用的证书可以保持相同设置。
不是这个意思,我是网站使用的证书SSL,与节点及面板使用得证书SSL有冲突,我先安装得域名证书,一切正常 http与能转成https,当我安装x-ui面板后,再安装好面板与节点证书后,发现节点不通,然后我不知道动啥了,节点通了,然后域名就不能https了。会不会端口冲突? 因为申请域名证书时的端口是443 然后节点端口也是443
感谢分享!我尝试在仅ipv6的服务器上搭建,用warp开了双栈,在不开cdn的时候一切正常,打开cdn之后google.com能正常访问,但是其他地址都没反应了。大佬知道是什么原因吗?
程是这样的,我学着网上的教程使用finalshell搭建vps。其中使用x-ui面板申请了证书,第一次申请是成功的。然后在使用x-ui面板过程中,学着那位博主讲进入x-ui面板的路径改成了我自己申请域名的路径,然后x-ui面板就进不去了,没有办法,我只能卸载重新安装。安装后续的流程进行操作,可能由于我自己操作的失物,证书显示错误,我就把在root文件下的cert文件删除了。随后我信息填写正确,提示我已经有了一个证书,但是我证书文件下没有内容了,请问我的证书能否强制更新?或者如何找回这个证书的信息?能否帮助我,感谢博主!
finalshell 安装XUI面板的时候弄的账号,卡了多打了几个字母上去,发现删不掉,生成的账号有几个符号,xui面板登不上去了说账号密码错误,怎么办呀
进入服务器,进入控制菜单,选择重置面板设置,后续可再行设置。
站长你好
我根据您的教程成功部署了代理服务,现在我有一点有疑问,我理解套了CF的cdn会更加的安全,但是套了cdn后代理延迟会变得很大,不套cdn的话延迟在25ms左右,套了cdn后代理的延迟就到了300多ms。当然,套不套cdn代理服务都可以正常允许,只是延迟会有区别,我想问有什么解决方法可以在套了cdn的情况下让延迟降下来,谢谢。
你好,大神。我按照操作步骤操作,为什么输入IP或者域名+端口号,还是一直打不开X-ui的面板,一直报“HTTP ERROR 502”的错,是我那块操作有问题吗?求帮助,非常感谢!!
请检查x-ui自身的日志
大佬,想请问IPV6如何启用,直接替换客户端IP为VPS的IPV6地址无效,多谢
大佬你好,套用CDN一定要开TLS吗
我的IP被墙了,开TLS可以使用
但是建立一个WS节点,不开TLS,就使用不了
站长你好,我因为用warp方式解锁了奈飞(同时更改了XUI面板配置代码),当前不能用原设置端口登陆XUI面板,通过FinalShell登陆XUI后台查看,登陆端口也没有被改变;
是不是warp解锁配置XUI面板代码导致,用IP+端口不可用,返回代码为“404 page not found”;
能否给点处理意见,谢谢!