The beacon of human civilization: scientific Internet access using X-UI panel

September 16, 2022 3 comments 14.14k readings 17 people like it mlldxe

The system in this paper is Debian9: One click DD replaces/reinstalls pure Debian9 for VPS server
One click installation script implemented by various gods reduces the difficulty of building to a certain extent: The beacon of human civilization (science online)
The advantage of using panels to build is that with the UI interface, the information display is quite intuitive, which is more convenient for beginners to operate (no command line is required). Project address: https://github.com/mlldxe/X-UI

Preparation required

VPS

domain

Cloudfare Account

Start building

Use Github to enter the official X-UI warehouse: https://github.com/vaxilu/x-ui
Copy the officially recommended script:

 bash <(curl -Ls  https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh )

Upgrade the original panel to this optimized version:

 wget -N --no-check-certificate  https://raw.githubusercontent.com/taffychan/x-ui-3/main/install.sh  && bash install.sh

Prompt that curl tool is not installed, please install curl tool first

 apt-get update

 apt-get upgrade

 apt-get install curl

XUI5
After adding, we open a new page and enter your domain name: port in the URL input column（ mlldxe.ss-v2ray.xyz:2096 ）, press Enter to enter our login interface.
XUI6
XUI7

CDN application

If you need to support CDN application, you also need to apply for a set of SSL certificates. This set of certificates is actually used for the authentication of your sub domain name. Please do not confuse it with the certificate of the main domain name! The application mode used is the DNS API mode, which is simply to use the API provided by the nameserver vendor of your domain name to complete certificate issuance. This mode does not depend on port opening, etc., and the success rate is currently the highest.
1. Add A record:
XUI1
2. Set Cloudflare API:
XUI2
XUI3
XUI4
You can use the entire script directly, and the specific usage is as follows:

 bash <(curl -Ls  https://raw.githubusercontent.com/FranzKafkaYu/BashScripts/main/SSLAutoInstall/SSLAutoInstall.sh )

CDN applied to panel

In addition to the nodes we build, our X-UI panel also supports CDN application. If the X-UI panel also needs to apply the CDN, we need to modify the port that the panel listens to to the port supported by Cloudflare in the panel, and set the SSL certificate key path. Note that the listening port of the panel must not share the same port with your node.
XUI8
XUI9

Set Node

Enter the panel interface and add an inbound node. The settings are as follows:
XUI10
XUI11

 Domain name: v2.mlldxe.cn Public key path:/etc/cert/cert.crt Key path:/etc/cert/private.key

 Domain name: xui.mlldxe.cn Public key path:/etc/cert/cert.crt Key path:/etc/cert/private.key

vmess+ws+tls+cdn

Enable: On
Protocol: vmess
Port: 443
Disable Unsecure Encryption: Off
Transport protocol: ws
AcceptProxyProtocol: off
Path:/temp
Request header: Name: Host Value: v2.mllldxe.cn
Tls: on
Domain name: v2.mllldxe.cn
alpn:http/1.1
Public key file path:/etc/cert/cert.crt
Private key file path:/etc/cert/private.key
Sniffing: on

Latest: Debian10 construction -- bulianglin

https://bulianglin.com/

 #Update Software Source apt update #Enable BBR TCP congestion control algorithm echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf sysctl -p #Install Curl apt-get install curl -y #Install x-ui: #Original bash <(curl -Ls  https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh ) #Optimization Magic Revision wget -N --no-check-certificate  https://raw.githubusercontent.com/taffychan/x-ui-3/main/install.sh  && bash install.sh #Install nginx apt install nginx #Install acme: curl  https://get.acme.sh  | sh #Add soft link: ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh #Switch CA organization: acme.sh --set-default-ca --server letsencrypt #Application certificate: Acme.sh -- issue - d Your domain name - k ec-256 -- webroot/var/www/html #Installation certificate: Acme.sh -- install cert - d Your domain name -- ecc -- key file/etc/x-ui/server. key -- fullchain file/etc/x-ui/server. crt -- reloadcmd "systemctl force reload nginx"

Find a suitable camouflage station

The http site is preferred, and the personal network disk conforms to the characteristics of single node high traffic

Example keyword: context: log in to Cloudsave

Configure nginx

Configuration file path:/etc/nginx/nginx.conf

 user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; gzip on; server { listen 8443 ssl; listen 2096 ssl; listen 443 ssl; listen 8080 ssl; listen 80 ssl; Server_name mlldxe. mlldxes. xyz; # Your domain name Ssl_certificate/etc/x-ui/server.crt; # Certificate location Ssl_certificate_key/etc/x-ui/server. key; # Private key location ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols    TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; location / { proxy_pass  https://www.hao123.com/ ; # Camouflage URL proxy_redirect off; proxy_ssl_server_name on; sub_filter_once off; Sub_filter "www.hao123. com" $server_name; # Camouflage URL Proxy_set_header Host "www.hao123. com"; # Camouflage URL proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Language "zh-CN"; } Location/mlldxe {# Shunt path proxy_redirect off; proxy_pass  http://127.0.0.1:22911 ; # Xray port proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } Location/admin {# xui path proxy_redirect off; proxy_pass  http://127.0.0.1:54321 ;  # Xui listening port proxy_http_version 1.1; proxy_set_header Host $host; } } server { listen 443; listen 80; location /.well-known/ { root /var/www/html; } location / { rewrite ^(.*)$ https://$host$1 permanent; } } }

You must use the systemctl reload nginx command to reload the configuration file every time you modify the nginx configuration file

Multi user

Implement ws path splitting by modifying the configuration file of nginx

 Location/ray {# Shunt path proxy_redirect off; proxy_pass  http://127.0.0.1:10000 ; # Xray port proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }

This work adopts Knowledge Sharing Attribution - Sharing the Same Way 4.0 International License Agreement Licensing

dddd say:

6:10 p.m. on March 30, 2023

Warning : Undefined variable $uapic in /home/wwwroot/mlldxe/wwwroot/wp-content/themes/kratos-pjax/inc/ua.php on line four hundred and twenty-four

Google Chrome Windows 10
The Nignx at the back of the big guy doesn't want to use port 443. How can I switch to another port
reply
1. mlldxe say:
  
  9:06 am, March 31, 2023
  
  Warning : Undefined variable $uapic in /home/wwwroot/mlldxe/wwwroot/wp-content/themes/kratos-pjax/inc/ua.php on line four hundred and twenty-four
  
  Google Chrome Windows 10
  Listen Add port
  reply
  1. dddd say:
    
    12:08 p.m., April 3, 2023
    
    Warning : Undefined variable $uapic in /home/wwwroot/mlldxe/wwwroot/wp-content/themes/kratos-pjax/inc/ua.php on line four hundred and twenty-four
    
    Google Chrome Windows 10
    Thank you, boss. What's wrong with a type of anti proxy website that hasn't worked https://www.isuyun.cn/ Try it
    reply

Mlldxe's Blog