Bypass Firewall for great Internet access: Use the X-UI panel to quickly build multi-protocol, multi-user proxy services, support CDN protect

X-UI is suitable for beginners to quickly build shadowsocks/Vmess/Trojan proxies etc.
Views: 5535
29 2
Read Time:2 Minute, 48 Second


当前版本已经增加了Telegram机 器人的命令,目前支持的命令包括:

  • Delete a node, it will be matched according to the port number
  • Enable a proxy, it will be matched according to the port number
  • Disable a proxy, it will be matched according to the port number
  • Keep update with system status, including Vps status and xray service status
  • Restart the xray service, this command will not restart the X-UI panel itself
  • Change xray version

In the telegram bot, you can click /help button to get help information, as shown in the figure:

For example, close the proxy whose corresponding port is 59212:

新版本已经支持Shadowsocks2022的协议,但是目前生成的链接仅在Sagernet上可以使用,v2rayNG与v2rayN的支持还需要看 看最终的分享链接标准。如果想要使用的童鞋可以通过手动添加的形式进行添加。

The current version supports proxy search and one-click reset traffic functions.

2022.04.09 Update:

Since the development progress of the original author has slowed down, I am also learning the go language myself, so I forked the original author's warehouse and updated the functions. The current expanded functions include

  • Panel settings query (implemented)
  • Traffic usage daily reminder (implemented)
  • Panel login reminder (to be implemented)
  • Node expiration reminder (to be implemented)
  • More certificate application methods (to be implemented)
  • Panel login whitelist setting (to be implemented)

At the same time, the issue area has also been opened. I hope you can use it and give me feedback. I will make PR to the original warehouse from time to time to improve X-UI together.,project rgithub address pleaseclick here

To use the proxy service for scientific Internet access, the important thing is the construction of the proxy server. In our construction process, we often need to choose the construction method that suits us according to our own situation. For example, the official recommended script is used for installation, but the officially recommended scripts are generally not friendly to novices, and they often need to be expanded by themselves before the installation can be successful. There are also all-in-one one-click installation scripts implemented by various gods. These scripts reduce the difficulty of building a server for novices to a certain extent. In addition, there is a kind of construction method, that is, build proxies by web Pannel

The advantages of using panels to build are:Due to the UI interface, the information display is quite intuitive, which is more convenient for us newbies to operate (no command line required). So today we will introduce the use of X-UI to build our proxy service.

Using X-UI to build a proxy service has the following advantages:

  • Support system status monitoring: such as the status of CPU, memory, hard disk, etc.
  • Support multi-user andmulti-protocol(Shadowsocks,Vmess,Trojan,Vless), web page visualization operation
  • Support traffic statistics
  • Support for custom Xray configuration templates
  • Support access panel via HTTPS
  • Support panel custom port, account and password
  • Quickly generate share link or QR code
  • Support CDN application
  • Support Fallback shunt setting

Preliminary preparation

  • VPS
  • domain
  • Cloudfare Account
  • Acme

It should be noted here that the registered domain name must first add an A record in Cloudfare, so that we can apply for an SSL certificate.

If you don't know how to add an A record, please Google it by yourself.


Copy the officially recommended script:

bash <(curl -Ls
  • Copy the above code to your VPS for execution,If you are prompted that the curl tool is not installed, please install the curl tool first

After execution, we should see the following output:

Installation complete

After installation, we can get the configuration content of the panel in /usr/local/x-ui.

  • Go to the official Cloudflare website, add an A record (subdomain), and point to the IP address of the VPS

Please note, do not open the proxy after adding, only DNS resolution. How to judge whether to enable CDN proxy? Very simple, there is a cloud under the proxy status, the orange cloud means CDN is enabled, and the gray cloud means DNS resolution only.

After the addition is complete, we open a new web page and enter yourdomain:54321(the initial port of the panel), press Enter to enter our login interface.

The login interface looks like this:

X-UI login

We use the default user name and password to log in to enter the X-UI settings interface:


It is strongly recommended to reset the panel port and user name, login password in the panel settings immediately after logging in, and then restart the panel. Otherwise, someone will try to log in with the default account password.

  • New Proxy

Click“入站列表”to add new proxy

Add new proxy

Setup Proxy

Proxies setup

If you do not have a CDN or other requirements, you can leave other settings and click "添加" to finish adding the node.

  • Get url link or QR code

After adding the node, we click查看, click Copy Connection at the bottom right to get the connection. It can be added in the V2rayN App

Get link

To get the QR code, click the QR code icon,and now you can use V2rayNG or Shadowrocket etc to scan

Get OR code

At this point, the process of using X-UI to build proxy is complete.

It should be noted that CDN application is not supported after the above steps are completed.如果想支持CDN套用,则继续参考以下步骤

CDN Service

If you need to support CDN application, you also need to apply for a set of SSL certificates. This set of certificates is actually used for the authentication of your subdomain, please do not confuse it with the certificate of the main domain!

Here we use ACME to apply for the certificate. The application mode used in this tutorial is the DNS API mode. In short, it uses the API provided by the nameserver provider of your domain name to complete the certificate issuance. Using this mode does not depend on port opening, etc., and the success rate is currently the highest.

In order to help you simplify the entire operation process, I wrote a script to facilitate you to quickly apply for a certificate. If you don't want to read so much, just use the entire script directly. The specific usage is as follows:

bash <(curl -Ls

If you want to know more details, please follow the steps below to take a closer look~

  • Install acme
curl | sh	

After installation, a folder such as will be generated in the root directory, which can be viewed using the ls -la command.

  • Setup Cloudflare API:

Log in to Cloudflare's official website, and in the API area in the lower left corner, click“获取您的API令牌”


Click to enter the secondary page, click API Token, find the Global API Key under the API key, and view it


Please copy this API Key to your local. Enter the following command to import environment variables (When copying and pasting, please remove // ​​and the following content by yourself. This tutorial is only for comments, and // and the following content are not needed in actual use.):

export CF_Key=”***********************” //Global API key

export CF_Email=***************.com  //Cloudfare register Email

  • Switch CA to Let's Encrypt

Since the default certificate CA of the Acme script is ZeroSSL, it is not very convenient to use. Therefore, it is recommended that you change the CA to Let's Encrypt. The switching command is as follows:

~/ --set-default-ca  --server  letsencrypt
  • Issue a certificate

Use the following command for certificate signing:

mkdir /root/cert
~/ --issue --dns dns_cf -d YourDomain -d *.YourDomain
mkdir /root/cert
chmod -R 755 /root/cert
  • Install
~/ --installcert  -d  YourDomain -d *.YourDomain --ca-file /root/cert/ca.cer --cert-file /root/cert/YourDomain.cer --key-file   /root/cert/YourDomain.key --fullchain-file /root/cert/fullchain.cer
  • Set up automatic updates
~/ --upgrade --auto-upgrade

The installation is successful as shown below:


After installing the certificate, we can set up TLS and apply CDN.


1.YourDomain represents your own domain name, please replace it with your own domain name when using the command

2.The domain name applied for in this tutorial is a generic domain name certificate, which can be used for an unlimited number of second-level domain names

3.When using the certificate public key, use fullchain.cer first, which will avoid many strange problems

  • Setup TLS

Enter the panel interface, add an inbound node, and set as follows:

Points to note during setup:

1. The port needs to be a port supported by Cloudflare for distribution, such as 443, etc.

2. The application of CDN needs to be matched with WebSocket, please select ws in the transmission setting item

3The Websocket path can be arbitrary, but it is best not to be the root path

4.Please fill in the public key file path and key file path according to the actual location of your certificate installation

5.When using certificates and keys, in addition to setting the path, you can also fill in the content of the certificate file content to achieve the purpose of use

After adding the node, we go back to Cloudflare and make the gray cloud orange. Then we go back to the VPS side and use ping + domain name to check whether the IP has changed. If it is no longer the IP of our VPS, it means that the CDN has been successfully applied.

Apply CDN for X-UI pannel

In addition to the nodes we build can apply CDN, our X-UI panel also supports applying CDN. If the X-UI panel needs to also apply CDN, we need to modify the port that the panel listens on in the panel to the port supported by Cloudflare, and set the SSL certificate key path at the same time.Pay attention here意,面板的监听端口一定不要与你的节点共用同一端口。


After setting, remember to restart the panel, re-enter: https://domain name+port, and enter the panel interface normally. At the same time, we will find that our web page is already encrypted.

At this point, the panel also supports applying CDN.

The above is the entire tutorial for using X-UI. You can test and use it according to the tutorial. If you have any questions, you can communicate with me in the comment area. If you still have questions, I also uploaded a video tutorial for your reference:

I used it for a day after the completion of the construction, and it is very convenient and quick to use in general, which is very suitable for novice use. I would also like to thank the developers of X-UI. Their selfless efforts brought us such a useful tool, Respect!


The content of this blog is only for personal knowledge sharing, please do not reprint or disseminate the content of this blog at will. Please do not use the knowledge in the blog for illegal activities. If you need to share the blog content in a small area, please indicate the source.

83 %
0 %
7 %
3 %
7 %
0 %


Articles: 85


  1. 试了几次都是提示:由于是小白,看log文件也不懂。,不知道大佬有什么建议
    [Sat Sep 10 14:07:52 UTC 2022] Add txt record error.
    [Sat Sep 10 14:07:52 UTC 2022] Error add txt for
    [Sat Sep 10 14:07:52 UTC 2022] Please check log file for more details: /root/
    [ERR] issue cert failed,please check your input

    • 首先确认一下端口是否开放,然后尝试一下Windows端v2rayN、Android端v2rayNG是否正常,如果其他客户端没有问题但是IOS无法使用,基本都是客户端自己的问题,如果所有客户端无法使用,就需要根据日志来排查了。

  2. 跟着教程做了很多次,其他教程也是过了,cf只要不开启云cdn,都可以正常使用,一但开启cdn,就连不上了;唯一区别就是我域名是cname接入的,难道是以为这个导致不行的?

  3. 我现在用官方版本,单端口多用户也能使用,好像没有什么影响吗?所以这个你单独拿出来讲,是因为什么?我用的是Vless协议

      • 哦。我明白你的意思了。就是可以区分不同的用户,但是使用相同的端口号。不过我有个疑问哦,我同样的1个配置,给不同的用户,也都可以链接使用。那区分独立的用户意义是什么?

        • 同样的一个配置,你当然可以分享给A或者B,但假如有一天你不想让A使用了,但是也不想影响B使用那怎么办呢,最好的办法还是每个人单独的配置。

          • 哈哈哈!原来如此!有道理!谢谢大神指教。还有个问题,用了你的脚本,设备ip变更提示不是很准。同个服务器,不用的用户用不同的端口,会提示IP地址一样的。

    • 关于IP接入通知,目前值得注意的两个点:1.关于数据准确性,IP地址肯定是准确的,但是其他地理位置与运营商信息来自于第三方IP库,这部分数据无法保证一定准确;2.当设备断开时,可能无法及时收到通知,这是因为即使你切换网络环境,底层TCP连接仍旧会存在一段时间,所以这部分可能会滞后。但总体而言,不影响使用。

      • 嗯嗯,我现在遇到的问题是,设置了几个用户,不同端口号、不同人使用,但是显示的IP地址是一样的。但是相同端口号下的多个ip倒是显示正确的

  4. 这个只有一个TgBot,能不能再开放一个接口,是直接给WebSockets ,这样可以直接连接其他三方接口了

  5. 您好,我看了几遍你的教材,有个疑问,现在面板是启用了CDN,其实这个重要性我觉得不是很大。我想知道的是在这个域名下添加的随机端口的节点有没有开启CDN加速?我看了网上说用workers什么的,对于随机端口的怎么加速,我试了很多次都不能成功。我是小白,我不知道是不是只要随机端口,就不能加速?如果可以,该怎么配置?谢谢

  6. [Sun Mar 19 04:44:41 PM UTC 2023] Installing cert to: /root/cert/
    /root/ line 5858: /root/cert/ No such file or directory
    [ERR] 证书安装失败,脚本退出
    再运行脚本说已经有证书了 但是实际上并没有安装上

  7. 大神你好,跟着你的教程做,到登陆Xui控制台那一步发现输入了ip冒号端口号,以及二级域名冒号端口号都进不去后台,然后看到了你说的可能是随机产生了根路径,这个不是需要在端口号后再加上路径嘛才能登陆嘛。但是我在Finalshell里xui面板管理页面,输入数字7显示了这一串代码
    flag provided but not defined: -show
    Usage of setting:
    -password string
    set login password
    -port int
    set panel port
    reset all setting
    -username string
    set login username
    [ERR] get current settings error,please check logs

    • 1.你的x-ui版本并非是最新的版本

      • 你好大神,你的意思是第一次是应该可以进入的是吧,退出后才会随机根路径。
        但我就是一直进不去,显示“该网页无法正常运作34.102.69.240 目前无法处理此请求,HTTP ERROR 502”

          • 大神你好,安装了您最新版的xui后,按7没有问题了,根据提示一步一步操作,证书也颁发好了,后台也进去了!



      • 您是否知道xui安装的根路径在哪个文件里,以便于我可以不通过这个面板上按7,直接就能找到呢

  8. 按照步骤,第一个vps-IP-CF那边已经有子域名解析,然后创建了第一个入站列表的用户,如果要创建第二个的话,还是按照同样步骤吗?重新在CF那边解析同样子域名(不同IP)还是有其他操作呢

  9. 这个证书与我域名的证书有冲突吗? 我域名证书都一切OK了,https很完美,然后安装x-ui,结果生成的节点链接不能科学上网。然后我不知道咋弄的,节点可以科学上网了,但网站域名的https无法使用了,是这个证书与域名证书有冲突吗? 还是两个可以使用同一个证书的?一直没搞清楚之间的关系。

      • 不是这个意思,我是网站使用的证书SSL,与节点及面板使用得证书SSL有冲突,我先安装得域名证书,一切正常 http与能转成https,当我安装x-ui面板后,再安装好面板与节点证书后,发现节点不通,然后我不知道动啥了,节点通了,然后域名就不能https了。会不会端口冲突? 因为申请域名证书时的端口是443 然后节点端口也是443

  10. 感谢分享!我尝试在仅ipv6的服务器上搭建,用warp开了双栈,在不开cdn的时候一切正常,打开cdn之后google.com能正常访问,但是其他地址都没反应了。大佬知道是什么原因吗?

  11. 程是这样的,我学着网上的教程使用finalshell搭建vps。其中使用x-ui面板申请了证书,第一次申请是成功的。然后在使用x-ui面板过程中,学着那位博主讲进入x-ui面板的路径改成了我自己申请域名的路径,然后x-ui面板就进不去了,没有办法,我只能卸载重新安装。安装后续的流程进行操作,可能由于我自己操作的失物,证书显示错误,我就把在root文件下的cert文件删除了。随后我信息填写正确,提示我已经有了一个证书,但是我证书文件下没有内容了,请问我的证书能否强制更新?或者如何找回这个证书的信息?能否帮助我,感谢博主!

  12. 站长你好

  13. 你好,大神。我按照操作步骤操作,为什么输入IP或者域名+端口号,还是一直打不开X-ui的面板,一直报“HTTP ERROR 502”的错,是我那块操作有问题吗?求帮助,非常感谢!!

  14. 站长你好,我因为用warp方式解锁了奈飞(同时更改了XUI面板配置代码),当前不能用原设置端口登陆XUI面板,通过FinalShell登陆XUI后台查看,登陆端口也没有被改变;
    是不是warp解锁配置XUI面板代码导致,用IP+端口不可用,返回代码为“404 page not found”;

Leave a Reply

Your email address will not be published. Required fields are marked *