X-UI,支持多协议多用户的Xray面板
X-ui,支持多协议多用户的 Xray 面板!
1.0 安装x-ui
- x-ui地址: https://github.com/vaxilu/x-ui
- acme脚本地址: https://github.com/acmesh-official/acme.sh
1.0.1更新及安装组件
apt update -y # Debian/Ubuntu 命令
apt install -y curl #Debian/Ubuntu 命令
apt install -y socat #Debian/Ubuntu 命令
yum update -y #CentOS 命令
yum install -y curl #CentOS 命令
yum install -y socat #CentOS 命令
# 关闭防火墙
systemctl disable firewalld.service
systemctl stop firewalld.service
1.0.2 安装 Acme 脚本
curl https://get.acme.sh | sh
1.0.3 80 端口空闲的证书申请方式
自行更换代码中的域名、邮箱为你解析的域名及邮箱
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt /zerossl
~/.acme.sh/acme.sh --register-account -m xxxx@xxxx.com
~/.acme.sh/acme.sh --issue -d mydomain.com --standalone
1.0.4 安装证书到指定文件夹(选做)
自行更换代码中的域名为你解析的域名
~/.acme.sh/acme.sh --installcert -d mydomain.com --key-file /root/private.key --fullchain-file /root/cert.crt
1.0.5 安装 & 升级 X-ui 面板
安装及升级的一键代码
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
# 2023-8 之后安装方法,可切换xray1.8
bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/956bf85bbac978d56c0e319c5fac2d6db7df9564/install.sh) 0.3.4.4
2.0 节点配置及功能讲解
2.0.1 更改面板端口,根路径,用户名和密码
2.0.2 更改xray版本到最新(选做)
2.0.3 创建节点
vmess协议
vless 协议
Trojan 协议
2.0.4 nginx配置
配置此项之前先搭建https静态网站(伪装)
- filebrowser (目前推荐安装此服务)
- 反代别人的网站
- 安装nginx
dnf install nginx -y
- 安装filebrowser
curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
#创建配置数据库
filebrowser -d /etc/filebrowser/filebrowser.db config init
#设置监听端口
filebrowser -d /etc/filebrowser/filebrowser.db config set --port 5210
#设置语言环境
filebrowser -d /etc/filebrowser/filebrowser.db config set --locale zh-cn
#添加一个用户
filebrowser -d /etc/filebrowser/filebrowser.db users add admin password --perm.admin
#设置网盘根目录
mkdir -p /data/fs
filebrowser -d /etc/filebrowser/filebrowser.db config set --root /data/fs
vim /lib/systemd/system/filebrowser.service
-----------------------------filebrowser.service------------
[Unit]
Description=File Browser
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/filebrowser -d /etc/filebrowser/filebrowser.db
Restart=on-abnormal
RestartSec=5s
KillMode=mixed
[Install]
WantedBy=multi-user.target
-----------------------------------------------------------
systemctl daemon-reload
systemctl start filebrowser
systemctl status filebrowser
systemctl enable filebrowser
用户名:admin
密码:password
- 修改nginx配置
# 先删除nginx默认的80端口配置
vim /etc/nginx/nginx.conf
确保http中有红框中的内容
# 再添加新的配置
vim /etc/nginx/conf.d/vps.conf
server{
ssl on;
listen 443;
server_name fs.gossip.tk;
ssl_certificate /root/.acme.sh/fs.gossip.tk/fs.gossip.tk.cer;
ssl_certificate_key /root/.acme.sh/fs.gossip.tk/fs.gossip.tk.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# 反向代理filebrowser网站
location / {
proxy_pass http://127.0.0.1:5210;
# 设置文件上传大小
client_max_body_size 100M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# x-ui面板
location ^~ /cocoly {
proxy_pass http://127.0.0.1:10105/cocoly;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# ws协议
location /gofic {
proxy_redirect off;
proxy_pass http://127.0.0.1:31694;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 300s;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 可以把ws协议统一管理
# include /etc/x-ui/location/*.conf;
}
可自行更改x-ui的根路径和端口(下面的内容应填在https配置的地方)
location ^~ 面板url根路径 {
proxy_pass http://127.0.0.1:面板监听端口/面板url根路径;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location 节点路径 {
proxy_redirect off;
proxy_pass http://127.0.0.1:节点端口;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 300s;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ok之后可以到cloudflare开启小云朵代理
将SSL的模式改为完全,不然访问网站时可能会报** **此页面不能正确地重定向 错误
我的配置
vim /etc/nginx/conf.d/vps.conf
动态伪装网站配置(搭建了filebrowser)
server{
ssl on;
listen 443;
server_name fs.gossip.tk;
ssl_certificate /root/.acme.sh/fs.gossip.tk/fs.gossip.tk.cer;
ssl_certificate_key /root/.acme.sh/fs.gossip.tk/fs.gossip.tk.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# 反向代理filebrowser网站
location / {
proxy_pass http://127.0.0.1:5210;
# 设置文件上传大小
client_max_body_size 100M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# x-ui面板
location ^~ /cocoly {
proxy_pass http://127.0.0.1:10105/cocoly;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# ws协议
location /gofic {
proxy_redirect off;
proxy_pass http://127.0.0.1:31694;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 300s;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 可以把ws协议统一管理
# include /etc/x-ui/location/*.conf;
}
# 停止80端口的使用,证书的申请需要占用80端口
#server {
# listen 80;
# server_name pan.gossip.tk;
# rewrite ^(.*)$ https://$host$1 permanent;
#}
配置完成后重启nginx
# 检查nginx 配置的语法错误
nginx -t
systemctl restart nginx
nginx -t 测试配置文件
nginx -s reload 修改配置后重载生效
nginx -s reopen 重新打开日志文件
nginx -s stop 快速停止
nginx -s quit
如果语法检查通过,重启报错的话,应该是端口被占用了
复制节点信息到代理软件中
注意勾选底层传输为tls(虽然节点并没有开启tls,但nginx已经转发到了443端口),并填写伪装域名
开启cloudflare代理(选做)
优选IP
软件下载地址
将优选出来的IP填入到之前的域名地址中,注意填写伪装域名
成功之后可对节点进行测速,对比之前的0.4M/s快了很多
3.0 快速生成WS协议反代脚本
#!/bin/bash
read -p "请输入WS路径(/xxx): " ws_path
read -p "请输入要反代的端口: " inverse_port
file_path=/etc/x-ui/location
if [ ! -d ${file_path} ];then
mkdir -p ${file_path}
fi
cat > ${file_path}${ws_path}.conf << EOF
location ${ws_path} {
proxy_redirect off;
proxy_pass http://127.0.0.1:${inverse_port};
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$http_host;
proxy_read_timeout 300s;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
EOF
# 重启Nginx
nginx -s reload