AghayeCoder/tx-ui

ACME

To manage SSL certificates using ACME:

1. Ensure your domain is correctly resolved to the server.

2. Run the x-ui command in the terminal, then choose SSL Certificate Management.

3. You will be presented with the following options:

   • Get SSL: Obtain SSL certificates.
   • Revoke: Revoke existing SSL certificates.
   • Force Renew: Force renewal of SSL certificates.
   • Show Existing Domains: Display all domain certificates available on the server.
   • Set Certificate Paths for the Panel: Specify the certificate for your domain to be used by the panel.

Certbot

To install and use Certbot:

apt-get install certbot -y
certbot certonly --standalone --agree-tos --register-unsafely-without-email -d yourdomain.com
certbot renew --dry-run

Cloudflare

The management script includes a built-in SSL certificate application for Cloudflare. To use this script to apply for a
certificate, you need the following:

• Cloudflare registered email
• Cloudflare Global API Key
• The domain name must be resolved to the current server through Cloudflare

How to get the Cloudflare Global API Key:

1. Run the x-ui command in the terminal, then choose Cloudflare SSL Certificate.
2. Visit the link: Cloudflare API Tokens.
3. Click on "View Global API Key" (see the screenshot below):
   
4. You may need to re-authenticate your account. After that, the API Key will be shown (see the screenshot below):
   

When using, just enter your domain name, email, and API KEY. The diagram is as follows:

Usage

1. To download the latest version of the compressed package directly to your server, run the following command:

ARCH=$(uname -m)
case "${ARCH}" in
  x86_64 | x64 | amd64) XUI_ARCH="amd64" ;; 
  i*86 | x86) XUI_ARCH="386" ;; 
  armv8* | armv8 | arm64 | aarch64) XUI_ARCH="arm64" ;; 
  armv7* | armv7) XUI_ARCH="armv7" ;; 
  armv6* | armv6) XUI_ARCH="armv6" ;; 
  armv5* | armv5) XUI_ARCH="armv5" ;; 
  s390x) echo 's390x' ;; 
  *) XUI_ARCH="amd64" ;; 
esac


wget https://github.com/AghayeCoder/tx-ui/releases/latest/download/x-ui-linux-${XUI_ARCH}.tar.gz

2. Once the compressed package is downloaded, execute the following commands to install or upgrade x-ui:

ARCH=$(uname -m)
case "${ARCH}" in
  x86_64 | x64 | amd64) XUI_ARCH="amd64" ;; 
  i*86 | x86) XUI_ARCH="386" ;; 
  armv8* | armv8 | arm64 | aarch64) XUI_ARCH="arm64" ;; 
  armv7* | armv7) XUI_ARCH="armv7" ;; 
  armv6* | armv6) XUI_ARCH="armv6" ;; 
  armv5* | armv5) XUI_ARCH="armv5" ;; 
  s390x) echo 's390x' ;; 
  *) XUI_ARCH="amd64" ;; 
esac

cd /root/ 
rm -rf x-ui/ /usr/local/x-ui/ /usr/bin/x-ui
tar zxvf x-ui-linux-${XUI_ARCH}.tar.gz
chmod +x x-ui/x-ui x-ui/bin/xray-linux-* x-ui/x-ui.sh
cp x-ui/x-ui.sh /usr/bin/x-ui
cp -f x-ui/x-ui.service /etc/systemd/system/
mv x-ui/ /usr/local/
systemctl daemon-reload
systemctl enable x-ui
systemctl restart x-ui

Usage

1. Install Docker:

   bash <(curl -sSL https://get.docker.com)

2. Clone the Project Repository:

   git clone https://github.com/AghayeCoder/tx-ui.git
   cd tx-ui

3. Start the Service:

   docker compose up -d

Add --pull always flag to make docker automatically recreate container if a newer image is pulled.
See https://docs.docker.com/reference/cli/docker/container/run/#pull for more info.

OR

docker run -itd \
   -e XRAY_VMESS_AEAD_FORCED=false \
   -v $PWD/db/:/etc/x-ui/ \
   -v $PWD/cert/:/root/cert/ \
   --network=host \
   --restart=unless-stopped \
   --name tx-ui \
   ghcr.io/aghayecoder/tx-ui:latest

4. Update to the Latest Version:

   cd tx-ui
   docker compose down
   docker compose pull tx-ui
   docker compose up -d

5. Remove tx-ui from Docker:

   docker stop tx-ui
   docker rm tx-ui
   cd --
   rm -r tx-ui

Nginx Reverse Proxy

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Range $http_range;
    proxy_set_header If-Range $http_if_range; 
    proxy_redirect off;
    proxy_pass http://127.0.0.1:2053;
}

Nginx sub-path

• Ensure that the "URI Path" in the /sub panel settings is the same.
• The url in the panel settings needs to end with /.

location /sub {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Range $http_range;
    proxy_set_header If-Range $http_if_range; 
    proxy_redirect off;
    proxy_pass http://127.0.0.1:2053;
}

Our platform offers compatibility with a diverse range of architectures and devices, ensuring flexibility across various
computing environments. The following are key architectures that we support:

• amd64: This prevalent architecture is the standard for personal computers and servers, accommodating most modern
  operating systems seamlessly.

• x86 / i386: Widely adopted in desktop and laptop computers, this architecture enjoys broad support from numerous
  operating systems and applications, including but not limited to Windows, macOS, and Linux systems.

• armv8 / arm64 / aarch64: Tailored for contemporary mobile and embedded devices, such as smartphones and tablets,
  this architecture is exemplified by devices like Raspberry Pi 4, Raspberry Pi 3, Raspberry Pi Zero 2/Zero 2 W, Orange
  Pi 3 LTS, and more.

• armv7 / arm / arm32: Serving as the architecture for older mobile and embedded devices, it remains widely utilized
  in devices like Orange Pi Zero LTS, Orange Pi PC Plus, Raspberry Pi 2, among others.

• armv6 / arm / arm32: Geared towards very old embedded devices, this architecture, while less prevalent, is still
  in use. Devices such as Raspberry Pi 1, Raspberry Pi Zero/Zero W, rely on this architecture.

• armv5 / arm / arm32: An older architecture primarily associated with early embedded systems, it is less common
  today but may still be found in legacy devices like early Raspberry Pi versions and some older smartphones.

• s390x: This architecture is commonly used in IBM mainframe computers and offers high performance and reliability
  for enterprise workloads.

Username, Password, Port, and Web Base Path

If you choose not to modify these settings, they will be generated randomly (this does not apply to Docker).

Default Settings for Docker:

• Username: admin
• Password: admin
• Port: 2053

Database Management:

You can conveniently perform database Backups and Restores directly from the panel.

• Database Path:
  • /etc/x-ui/x-ui.db

Web Base Path

1. Reset Web Base Path:

   • Open your terminal.
   • Run the x-ui command.
   • Select the option to Reset Web Base Path.

2. Generate or Customize Path:

   • The path will be randomly generated, or you can enter a custom path.

3. View Current Settings:

   • To view your current settings, use the x-ui settings command in the terminal or View Current Settings in
     x-ui

Security Recommendation:

• For enhanced security, use a long, random word in your URL structure.

Examples:

• http://ip:port/*webbasepath*/panel
• http://domain:port/*webbasepath*/panel

Usage

Note: IP Limit won't work correctly when using IP Tunnel.

To enable the IP Limit functionality, you need to install fail2ban and its required files by following these steps:

1. Run the x-ui command in the terminal, then choose IP Limit Management.

2. You will see the following options:

   • Change Ban Duration: Adjust the duration of bans.
   • Unban Everyone: Lift all current bans.
   • Check Logs: Review the logs.
   • Fail2ban Status: Check the status of fail2ban.
   • Restart Fail2ban: Restart the fail2ban service.
   • Uninstall Fail2ban: Uninstall Fail2ban with configuration.

3. Add a path for the access log on the panel by setting Xray Configs/log/Access log to ./access.log then save and
   restart xray.

Usage

The web panel supports daily traffic, panel login, database backup, system status, client info, and other notification
and functions through the Telegram Bot. To use the bot, you need to set the bot-related parameters in the panel,
including:

• Telegram Token
• Admin Chat ID(s)
• Notification Time (in cron syntax)
• Expiration Date Notification
• Traffic Cap Notification
• Database Backup
• CPU Load Notification

Reference syntax:

• 30 * * * * * - Notify at the 30s of each point
• 0 */10 * * * * - Notify at the first second of each 10 minutes
• @hourly - Hourly notification
• @daily - Daily notification (00:00 in the morning)
• @weekly - weekly notification
• @every 8h - Notify every 8 hours

Telegram Bot Features

• Report periodic
• Login notification
• CPU threshold notification
• Threshold for Expiration time and Traffic to report in advance
• Support client report menu if client's telegram username added to the user's configurations
• Support telegram traffic report searched with UUID (VMESS/VLESS) or Password (TROJAN) - anonymously
• Menu-based bot
• Search client by email (only admin)
• Check all inbounds
• Check server status
• Check depleted users
• Receive backup by request and in periodic reports
• Multi-language bot

Setting up Telegram bot

• Start Botfather in your Telegram account:
  

• Create a new Bot using /newbot command: It will ask you 2 questions, A name and a username for your bot. Note that the
  username has to end with the word "bot".
  

• Start the bot you've just created. You can find the link to your bot here.
  

• Enter your panel and config Telegram bot settings like below:
  

Enter your bot token in input field number 3.
Enter the user ID in input field number 4. The Telegram accounts with this id will be the bot admin. (You can enter more
than one, Just separate them with ,)

• How to get Telegram user ID? Use this bot, Start the bot and it will give you the
  Telegram user ID.
  

Usage

• API Documentation
• /login with POST user data: {username: '', password: ''} for login
• /panel/api/inbounds base for following actions:

• The field clientId should be filled by:

• client.id for VMESS and VLESS

• client.password for TROJAN

• client.email for Shadowsocks .

/panel/api/server base for following actions:

Usage

Example:

XUI_BIN_FOLDER="bin" XUI_DB_FOLDER="/etc/x-ui" go build main.go