Bypass Firewall for great Internet access: Use the X-UI panel to quickly build multi-protocol, multi-user proxy services, support CDN protect

X-UI is suitable for beginners to quickly build shadowsocks/Vmess/Trojan proxies etc.
Views: 507
15 0
Read Time:2 Minute, 48 Second

2022.06.22更新

当前版本已经增加了Telegram机 器人的命令,目前支持的命令包括:

  • Delete a node, it will be matched according to the port number
  • Enable a proxy, it will be matched according to the port number
  • Disable a proxy, it will be matched according to the port number
  • Keep update with system status, including Vps status and xray service status
  • Restart the xray service, this command will not restart the X-UI panel itself
  • Change xray version

In the telegram bot, you can click /help button to get help information, as shown in the figure:

For example, close the proxy whose corresponding port is 59212:

新版本已经支持Shadowsocks2022的协议,但是目前生成的链接仅在Sagernet上可以使用,v2rayNG与v2rayN的支持还需要看 看最终的分享链接标准。如果想要使用的童鞋可以通过手动添加的形式进行添加。

The current version supports proxy search and one-click reset traffic functions.

2022.04.09 Update:

Since the development progress of the original author has slowed down, I am also learning the go language myself, so I forked the original author's warehouse and updated the functions. The current expanded functions include

  • Panel settings query (implemented)
  • Traffic usage daily reminder (implemented)
  • Panel login reminder (to be implemented)
  • Node expiration reminder (to be implemented)
  • More certificate application methods (to be implemented)
  • Panel login whitelist setting (to be implemented)

At the same time, the issue area has also been opened. I hope you can use it and give me feedback. I will make PR to the original warehouse from time to time to improve X-UI together.,project rgithub address pleaseclick here

To use the proxy service for scientific Internet access, the important thing is the construction of the proxy server. In our construction process, we often need to choose the construction method that suits us according to our own situation. For example, the official recommended script is used for installation, but the officially recommended scripts are generally not friendly to novices, and they often need to be expanded by themselves before the installation can be successful. There are also all-in-one one-click installation scripts implemented by various gods. These scripts reduce the difficulty of building a server for novices to a certain extent. In addition, there is a kind of construction method, that is, build proxies by web Pannel

The advantages of using panels to build are:Due to the UI interface, the information display is quite intuitive, which is more convenient for us newbies to operate (no command line required). So today we will introduce the use of X-UI to build our proxy service.

Using X-UI to build a proxy service has the following advantages:

  • Support system status monitoring: such as the status of CPU, memory, hard disk, etc.
  • Support multi-user andmulti-protocol(Shadowsocks,Vmess,Trojan,Vless), web page visualization operation
  • Support traffic statistics
  • Support for custom Xray configuration templates
  • Support access panel via HTTPS
  • Support panel custom port, account and password
  • Quickly generate share link or QR code
  • Support CDN application
  • Support Fallback shunt setting

Preliminary preparation

  • VPS
  • domain
  • Cloudfare Account
  • Acme

It should be noted here that the registered domain name must first add an A record in Cloudfare, so that we can apply for an SSL certificate.

If you don't know how to add an A record, please Google it by yourself.

Start

Copy the officially recommended script:

bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
  • Copy the above code to your VPS for execution,If you are prompted that the curl tool is not installed, please install the curl tool first

After execution, we should see the following output:

Installation complete

After installation, we can get the configuration content of the panel in /usr/local/x-ui.

  • Go to the official Cloudflare website, add an A record (subdomain), and point to the IP address of the VPS
添加A记录

Please note, do not open the proxy after adding, only DNS resolution. How to judge whether to enable CDN proxy? Very simple, there is a cloud under the proxy status, the orange cloud means CDN is enabled, and the gray cloud means DNS resolution only.

After the addition is complete, we open a new web page and enter yourdomain:54321(the initial port of the panel), press Enter to enter our login interface.

The login interface looks like this:

X-UI login

We use the default user name and password to log in to enter the X-UI settings interface:

设置界面

It is strongly recommended to reset the panel port and user name, login password in the panel settings immediately after logging in, and then restart the panel. Otherwise, someone will try to log in with the default account password.

  • New Proxy

Click“入站列表”to add new proxy

Add new proxy

Setup Proxy

Proxies setup

If you do not have a CDN or other requirements, you can leave other settings and click "添加" to finish adding the node.

  • Get url link or QR code

After adding the node, we click查看, click Copy Connection at the bottom right to get the connection. It can be added in the V2rayN App

Get link

To get the QR code, click the QR code icon,and now you can use V2rayNG or Shadowrocket etc to scan

Get OR code

At this point, the process of using X-UI to build proxy is complete.

It should be noted that CDN application is not supported after the above steps are completed.如果想支持CDN套用,则继续参考以下步骤

CDN Service

If you need to support CDN application, you also need to apply for a set of SSL certificates. This set of certificates is actually used for the authentication of your subdomain, please do not confuse it with the certificate of the main domain!

Here we use ACME to apply for the certificate. The application mode used in this tutorial is the DNS API mode. In short, it uses the API provided by the nameserver provider of your domain name to complete the certificate issuance. Using this mode does not depend on port opening, etc., and the success rate is currently the highest.

In order to help you simplify the entire operation process, I wrote a script to facilitate you to quickly apply for a certificate. If you don't want to read so much, just use the entire script directly. The specific usage is as follows:

bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/BashScripts/main/SSLAutoInstall/SSLAutoInstall.sh)

If you want to know more details, please follow the steps below to take a closer look~

  • Install acme
curl https://get.acme.sh | sh	

After installation, a folder such as .acme.sh will be generated in the root directory, which can be viewed using the ls -la command.

  • Setup Cloudflare API:

Log in to Cloudflare's official website, and in the API area in the lower left corner, click“获取您的API令牌”

API令牌

Click to enter the secondary page, click API Token, find the Global API Key under the API key, and view it

查看API令牌

Please copy this API Key to your local. Enter the following command to import environment variables (When copying and pasting, please remove // ​​and the following content by yourself. This tutorial is only for comments, and // and the following content are not needed in actual use.):

export CF_Key=”***********************” //Global API key

export CF_Email=***************.com  //Cloudfare register Email

  • Switch CA to Let's Encrypt

Since the default certificate CA of the Acme script is ZeroSSL, it is not very convenient to use. Therefore, it is recommended that you change the CA to Let's Encrypt. The switching command is as follows:

~/.acme.sh/acme.sh --set-default-ca  --server  letsencrypt
  • Issue a certificate

Use the following command for certificate signing:

#创建文件夹
mkdir /root/cert
#签发证书
~/.acme.sh/acme.sh --issue --dns dns_cf -d YourDomain -d *.YourDomain
mkdir /root/cert
#更改权限
chmod -R 755 /root/cert
  • Install
~/.acme.sh/acme.sh --installcert  -d  YourDomain -d *.YourDomain --ca-file /root/cert/ca.cer --cert-file /root/cert/YourDomain.cer --key-file   /root/cert/YourDomain.key --fullchain-file /root/cert/fullchain.cer
  • Set up automatic updates
~/.acme.sh/acme.sh --upgrade --auto-upgrade

The installation is successful as shown below:

Installation

After installing the certificate, we can set up TLS and apply CDN.

Attentions:

1.YourDomain represents your own domain name, please replace it with your own domain name when using the command

2.The domain name applied for in this tutorial is a generic domain name certificate, which can be used for an unlimited number of second-level domain names

3.When using the certificate public key, use fullchain.cer first, which will avoid many strange problems

  • Setup TLS

Enter the panel interface, add an inbound node, and set as follows:

Points to note during setup:

1. The port needs to be a port supported by Cloudflare for distribution, such as 443, etc.

2. The application of CDN needs to be matched with WebSocket, please select ws in the transmission setting item

3The Websocket path can be arbitrary, but it is best not to be the root path

4.Please fill in the public key file path and key file path according to the actual location of your certificate installation

5.When using certificates and keys, in addition to setting the path, you can also fill in the content of the certificate file content to achieve the purpose of use

After adding the node, we go back to Cloudflare and make the gray cloud orange. Then we go back to the VPS side and use ping + domain name to check whether the IP has changed. If it is no longer the IP of our VPS, it means that the CDN has been successfully applied.

Apply CDN for X-UI pannel

In addition to the nodes we build can apply CDN, our X-UI panel also supports applying CDN. If the X-UI panel needs to also apply CDN, we need to modify the port that the panel listens on in the panel to the port supported by Cloudflare, and set the SSL certificate key path at the same time.Pay attention here意,面板的监听端口一定不要与你的节点共用同一端口。

更改面板设置

After setting, remember to restart the panel, re-enter: https://domain name+port, and enter the panel interface normally. At the same time, we will find that our web page is already encrypted.

At this point, the panel also supports applying CDN.

The above is the entire tutorial for using X-UI. You can test and use it according to the tutorial. If you have any questions, you can communicate with me in the comment area. If you still have questions, I also uploaded a video tutorial for your reference:

I used it for a day after the completion of the construction, and it is very convenient and quick to use in general, which is very suitable for novice use. I would also like to thank the developers of X-UI. Their selfless efforts brought us such a useful tool, Respect!

Attention:

The content of this blog is only for personal knowledge sharing, please do not reprint or disseminate the content of this blog at will. Please do not use the knowledge in the blog for illegal activities. If you need to share the blog content in a small area, please indicate the source.

Happy
Happy
79 %
Sad
Sad
0 %
Excited
Excited
14 %
Sleepy
Sleepy
0 %
Angry
Angry
7 %
Surprise
Surprise
0 %
Default image
FranzKafka95
极客,文学爱好者。如果你也喜欢我,那你大可不必害羞。
Articles: 47

20 Comments

  1. 试了几次都是提示:由于是小白,看log文件也不懂。,不知道大佬有什么建议
    [Sat Sep 10 14:07:52 UTC 2022] Add txt record error.
    [Sat Sep 10 14:07:52 UTC 2022] Error add txt for domain:_acme-challenge.XXX.ml
    [Sat Sep 10 14:07:52 UTC 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log
    [ERR] issue cert failed,please check your input

    • 域名供应商不行或者是域名后缀不行 要不然就是DNS问题 尤其的免费的域名 ??? 换个其他的供应商 或者其他后缀的域名 应该就可以了

    • CF不再支持freenom申请的如tk、ml等免费顶级域名的API操作,包括申请证书等,网上找了好久才发现原因

  2. 全部弄完生成二维码后 用小火箭扫描无法访问外网 不知道问题出在哪里 是防火墙还是

    • 首先确认一下端口是否开放,然后尝试一下Windows端v2rayN、Android端v2rayNG是否正常,如果其他客户端没有问题但是IOS无法使用,基本都是客户端自己的问题,如果所有客户端无法使用,就需要根据日志来排查了。

Leave a Reply

en_USEN