3x-ui/Dockerfile

# ========================================================
# Stage: Builder
# ========================================================
FROM golang:1.23-alpine AS builder
WORKDIR /app
ARG TARGETARCH
ARG BUILD_WITH_ANTIZAPRET

RUN apk --no-cache --update add \
  build-base \
  gcc \
  wget \
  unzip

COPY . .

ENV CGO_ENABLED=1
ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
RUN go build -o build/x-ui main.go
RUN ./DockerInit.sh "$TARGETARCH" "$BUILD_WITH_ANTIZAPRET"

# ========================================================
# Stage: Final Image of 3x-ui
# ========================================================
FROM alpine
ENV TZ=Europe/Moscow
WORKDIR /app

RUN apk add --no-cache --update \
  ca-certificates \
  tzdata \
  fail2ban \
  ip6tables \
  iptables \
  bash \
  nano \
  unzip

COPY --from=builder /app/build/ /app/
COPY --from=builder /app/DockerEntrypoint.sh /app/
COPY --from=builder /app/x-ui.sh /usr/bin/x-ui


# Configure fail2ban
RUN rm -f /etc/fail2ban/jail.d/alpine-ssh.conf \
  && cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local \
  && sed -i "s/^\[ssh\]$/&\nenabled = false/" /etc/fail2ban/jail.local \
  && sed -i "s/^\[sshd\]$/&\nenabled = false/" /etc/fail2ban/jail.local \
  && sed -i "s/#allowipv6 = auto/allowipv6 = auto/g" /etc/fail2ban/fail2ban.conf

RUN <<EOT
bantime="15"
log_folder="/var/log"
iplimit_log_path="${log_folder}/3xipl.log"
iplimit_banned_log_path="${log_folder}/3xipl-banned.log"

cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf
[3x-ipl]
enabled=true
backend=auto
filter=3x-ipl
action=3x-ipl
logpath=${iplimit_log_path}
maxretry=2
findtime=32
bantime=${bantime}m
EOF

cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf
[Definition]
datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
failregex   = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR>
ignoreregex =
EOF

cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf
[INCLUDES]
before = iptables-common.conf

[Definition]
actionstart = <iptables> -N f2b-<name>
              <iptables> -A f2b-<name> -j <returntype>
              <iptables> -I <chain> -p <protocol> -j f2b-<name>

actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
             <actionflush>
             <iptables> -X f2b-<name>

actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'

actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
            echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S")   BAN   [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> ${iplimit_banned_log_path}

actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
              echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S")   UNBAN   [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path}

[Init]
name = default
protocol = tcp
chain = INPUT
EOF

cat << EOF > /etc/fail2ban/action.d/iptables-common.conf
[INCLUDES]
after = iptables-blocktype.local
        iptables-common.local

[Definition]
actionflush = <iptables> -F f2b-<name>

[Init]
chain = INPUT
name = default
port = ssh
protocol = tcp
blocktype = REJECT --reject-with icmp-port-unreachable
returntype = RETURN
lockingopt = -w
iptables = iptables <lockingopt>

[Init?family=inet6]
blocktype = REJECT --reject-with icmp6-port-unreachable
iptables = ip6tables <lockingopt>
EOF

sed -i "1s/^/[INCLUDES]\n\nbefore = iptables-common.conf\n\n/" /etc/fail2ban/action.d/iptables.conf
EOT

RUN mkdir -p /etc/x-ui && touch /etc/x-ui/announce.txt

RUN chmod +x \
  /app/DockerEntrypoint.sh \
  /app/x-ui \
  /usr/bin/x-ui

VOLUME [ "/etc/x-ui" ]
CMD [ "./x-ui" ]
ENTRYPOINT [ "/app/DockerEntrypoint.sh" ]
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`# ========================================================`
			`# Stage: Builder`
			`# ========================================================`
GO v1.23.0 , docker (#2500) docker build error 2024-08-28 07:15:48 +00:00			`FROM golang:1.23-alpine AS builder`
👷 Added Docker CI 2023-05-07 16:59:37 +00:00			`WORKDIR /app`
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`ARG TARGETARCH`
github actions docker build envs docker image github actions 2024-12-13 10:41:05 +00:00			`ARG BUILD_WITH_ANTIZAPRET`
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00
			`RUN apk --no-cache --update add \`
			`build-base \`
			`gcc \`
			`wget \`
			`unzip`

👷 Added Docker CI 2023-05-07 16:59:37 +00:00			`COPY . .`
Fixed Dockerfile 2023-05-08 02:22:48 +00:00
remove multi protocol script 2024-01-27 09:26:10 +00:00			`ENV CGO_ENABLED=1`
			`ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE"`
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`RUN go build -o build/x-ui main.go`
github actions docker build envs docker image github actions 2024-12-13 10:41:05 +00:00			`RUN ./DockerInit.sh "$TARGETARCH" "$BUILD_WITH_ANTIZAPRET"`
Fixed Dockerfile 2023-05-08 02:22:48 +00:00
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`# ========================================================`
			`# Stage: Final Image of 3x-ui`
			`# ========================================================`
Cleaner Docker file with much lighter base image (#387) * updated dockerfile * updated dockerfile * Update Dockerfile added platform * added iran.dat * added iran.dat --------- Co-authored-by: Hossein Abaiyani <hossein.abaiyani@arvancloud.com> 2023-05-11 09:38:44 +00:00			`FROM alpine`
initial 2024-11-06 12:26:02 +00:00			`ENV TZ=Europe/Moscow`
👷 Added Docker CI 2023-05-07 16:59:37 +00:00			`WORKDIR /app`
Fixed Dockerfile 2023-05-08 02:22:48 +00:00
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`RUN apk add --no-cache --update \`
			`ca-certificates \`
			`tzdata \`
remove multi protocol script 2024-01-27 09:26:10 +00:00			`fail2ban \`
7 / fail2ban, iptables and some fixes (#9) * 7 / fail2ban, iptables and some fixes * 7 / get public ip from env 2024-12-08 15:05:37 +00:00			`ip6tables \`
			`iptables \`
initial 2024-11-06 12:26:02 +00:00			`bash \`
			`nano \`
			`unzip`
👷 Added Docker CI 2023-05-07 16:59:37 +00:00
remove multi protocol script 2024-01-27 09:26:10 +00:00			`COPY --from=builder /app/build/ /app/`
			`COPY --from=builder /app/DockerEntrypoint.sh /app/`
			`COPY --from=builder /app/x-ui.sh /usr/bin/x-ui`
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00

			`# Configure fail2ban`
			`RUN rm -f /etc/fail2ban/jail.d/alpine-ssh.conf \`
			`&& cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local \`
silence allowipv6 warning in docker 2023-07-20 18:24:51 +00:00			`&& sed -i "s/^\[ssh\]$/&\nenabled = false/" /etc/fail2ban/jail.local \`
			`&& sed -i "s/^\[sshd\]$/&\nenabled = false/" /etc/fail2ban/jail.local \`
			`&& sed -i "s/#allowipv6 = auto/allowipv6 = auto/g" /etc/fail2ban/fail2ban.conf`
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00
7 / fail2ban, iptables and some fixes (#9) * 7 / fail2ban, iptables and some fixes * 7 / get public ip from env 2024-12-08 15:05:37 +00:00			`RUN <<EOT`
			`bantime="15"`
			`log_folder="/var/log"`
			`iplimit_log_path="${log_folder}/3xipl.log"`
			`iplimit_banned_log_path="${log_folder}/3xipl-banned.log"`

			`cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf`
			`[3x-ipl]`
			`enabled=true`
			`backend=auto`
			`filter=3x-ipl`
			`action=3x-ipl`
			`logpath=${iplimit_log_path}`
			`maxretry=2`
			`findtime=32`
			`bantime=${bantime}m`
			`EOF`

			`cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf`
			`[Definition]`
			`datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S`
			`failregex = \[LIMIT_IP\]\sEmail\s=\s<F-USER>.+</F-USER>\s\\|\\|\sSRC\s=\s*<ADDR>`
			`ignoreregex =`
			`EOF`

			`cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf`
			`[INCLUDES]`
			`before = iptables-common.conf`

			`[Definition]`
			`actionstart = <iptables> -N f2b-<name>`
			`<iptables> -A f2b-<name> -j <returntype>`
			`<iptables> -I <chain> -p <protocol> -j f2b-<name>`

			`actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>`
			`<actionflush>`
			`<iptables> -X f2b-<name>`

			`actioncheck = <iptables> -n -L <chain> \| grep -q 'f2b-<name>[ \t]'`

			`actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>`
			`echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> ${iplimit_banned_log_path}`

			`actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>`
			`echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path}`

			`[Init]`
			`name = default`
			`protocol = tcp`
			`chain = INPUT`
			`EOF`

			`cat << EOF > /etc/fail2ban/action.d/iptables-common.conf`
			`[INCLUDES]`
			`after = iptables-blocktype.local`
			`iptables-common.local`

			`[Definition]`
			`actionflush = <iptables> -F f2b-<name>`

			`[Init]`
			`chain = INPUT`
			`name = default`
			`port = ssh`
			`protocol = tcp`
			`blocktype = REJECT --reject-with icmp-port-unreachable`
			`returntype = RETURN`
			`lockingopt = -w`
			`iptables = iptables <lockingopt>`

			`[Init?family=inet6]`
			`blocktype = REJECT --reject-with icmp6-port-unreachable`
			`iptables = ip6tables <lockingopt>`
			`EOF`

			`sed -i "1s/^/[INCLUDES]\n\nbefore = iptables-common.conf\n\n/" /etc/fail2ban/action.d/iptables.conf`
			`EOT`

			`RUN mkdir -p /etc/x-ui && touch /etc/x-ui/announce.txt`

🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`RUN chmod +x \`
			`/app/DockerEntrypoint.sh \`
			`/app/x-ui \`
			`/usr/bin/x-ui`

Cleaner Docker file with much lighter base image (#387) * updated dockerfile * updated dockerfile * Update Dockerfile added platform * added iran.dat * added iran.dat --------- Co-authored-by: Hossein Abaiyani <hossein.abaiyani@arvancloud.com> 2023-05-11 09:38:44 +00:00			`VOLUME [ "/etc/x-ui" ]`
remove multi protocol script 2024-01-27 09:26:10 +00:00			`CMD [ "./x-ui" ]`
🚀 Some improvements for x-ui.sh and ip job (#665) 2023-07-01 12:26:43 +00:00			`ENTRYPOINT [ "/app/DockerEntrypoint.sh" ]`