Skip to content

A script for full 3x-ui Xray server setup with NGINX reverse proxy

License

Notifications You must be signed in to change notification settings

fraybyl/xui-reverse-proxy

 
 

Repository files navigation

RUSSIAN

Image

XUI-REVERSE-PROXY


Proxy using VLESS-TCP-XTLS-Vision and VLESS-TCP-REALITY (Steal from yourself) behind reverse-proxy NGINX

This script is designed to quickly and easily set up a hidden proxy server, with masking via NGINX. In this variant, all incoming requests are handled by NGINX, and the server acts as a proxy server only if the request contains the correct path (URI). This increases security and helps to hide the true purpose of the server.

Important

This script has been tested on Debian 12 in a KVM virtualization environment. You will need your own domain, which needs to be bound to Cloudflare for it to work correctly. It is recommended to run the script as root on a freshly installed system.

Note

The script is configured according to routing rules for users in Russia.

Setting up cloudflare

  1. Upgrade the system and reboot the server.
  2. Configure Cloudflare:
    • Bind your domain to Cloudflare.
    • Add the following DNS records:
Type Name Content Proxy status
A your_domain_name your_server_ip Proxied
CNAME www your_domain_name DNS only
  1. SSL/TLS settings in Cloudflare:
    • Go to SSL/TLS > Overview and select Full for the Configure option.
    • Set the Minimum TLS Version to TLS 1.3.
    • Enable TLS 1.3 (true) under Edge Certificates.

Includes:

  1. 3X-UI Xray server configuration:
    • VLESS-TCP-XTLS-Vision и VLESS-TCP-REALITY (Steal from yourself).
    • Connection of subscription and JSON subscription for automatic configuration updates.
  2. Configuring NGINX reverse proxy on port 443.
  3. providing security:
    • Automatic system updates via unattended-upgrades.
  4. Configuring Cloudflare SSL certificates with automatic updates to secure connections.
  5. Configuring WARP to protect traffic.
  6. Enabling BBR - improving the performance of TCP connections.
  7. Configuring UFW (Uncomplicated Firewall) for access control.
  8. Configuring SSH, to provide the minimum required security.
  9. Disabling IPv6 to prevent possible vulnerabilities.
  10. Encrypt DNS queries using systemd-resolved or AdGuard Home (DNS over TLS or DNS over HTTPS).
  11. Generating a random website to add an extra layer of privacy and complexity for traffic analysis.

Usage XUI-RP install:

To begin configuring the server, simply run the following command in a terminal:

bash <(curl -Ls https://github.com/cortez24rus/xui-reverse-proxy/raw/refs/heads/main/xui-rp-install-server.sh)

Tg-bot:

In order to install a bot on the server, it is enough to configure the launch of the base script with the -bot switch:

bash <(https://github.com/cortez24rus/xui-reverse-proxy/raw/refs/heads/main/xui-rp-install-server.sh) -bot

Random web site:

bash <(curl -Ls https://github.com/cortez24rus/xui-reverse-proxy/raw/refs/heads/main/xui-rp-random-site.sh)

The script will then prompt you for the necessary configuration information:

image

Note:

  • Once the configuration is complete, the script will display all the necessary links and login information for the XUI administration panel.
  • All configurations will be able to be modified as needed due to the flexibility of the settings.

About

A script for full 3x-ui Xray server setup with NGINX reverse proxy

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 81.3%
  • Python 18.7%