Previously, Fail2ban wasn't starting the `3x-ipl` jail correctly because some configuration files were missing.
Here's what I've done:
- I've added a new filter configuration file, `3x-ipl.filter.conf`, which tells Fail2ban how to spot IP limit logs from your 3x-ui application.
- I've also added a new action configuration file, `3x-ipl.action.conf`, which sets up standard banning actions. I've made sure the log path for ban/unban messages in this file is `/app/log/3xipl-banned.log`, to match your application's log path.
- I updated `Dockerfile.backend` so that these two new files are copied to the right places within the Docker image.
- I also made some changes to `xui_fail2ban.local` (which gets copied to `/etc/fail2ban/jail.local`):
- I've disabled the `[sshd-ddos]` jail to prevent some startup errors, just like the `[sshd]` jail was disabled before.
- I've updated the `logpath` for the `[3x-ipl]` jail to `/app/log/3xipl.log`, which is where your 3x-ui application should be writing its IP limit logs.
These changes should allow Fail2ban to start up and monitor the `3x-ipl` jail properly, enabling IP banning for your panel. You'll need to rebuild your Docker images to apply these changes.
The previous attempt to download Xray-core resulted in a 404 error
because the specified version/filename combination was incorrect for
the amd64 architecture.
This commit updates `Dockerfile.backend` to:
- Use Xray-core version `v1.8.11`.
- Use the filename `Xray-linux-64.zip` for downloading, which is the
correct asset name for the linux-amd64 architecture for this version.
- Ensure the extracted binary is still renamed to `xray-linux-${TARGETARCH}`
(e.g., `xray-linux-amd64`) to match your application's expectations.
This should resolve the Docker build failure caused by the inability
to download the Xray-core binary.
This commit addresses several issues I identified in the backend Docker container:
1. **Xray-core Execution Failure (`open bin/config.json`):**
- I modified `Dockerfile.backend` to correctly set up the Xray-core environment:
- It now creates the `/app/bin` directory.
- It downloads a specified version (v1.8.10) of Xray-core for linux-amd64, along with `geoip.dat` and `geosite.dat`, from the XTLS/Xray-core GitHub releases.
- It renames the Xray binary to `xray-linux-amd64` (matching the expected name pattern from `xray/process.go`) and places it, `geoip.dat`, and `geosite.dat` into `/app/bin/`.
- It makes the `/app/bin/xray-linux-amd64` binary executable.
- This ensures that the `x-ui` application can find the Xray binary and has a writable directory for `config.json`, resolving the "open bin/config.json: no such file or directory" errors.
2. **Fail2ban Configuration Error (`Have not found any log file for sshd jail`):**
- I created a new configuration file `xui_fail2ban.local`.
- This file is copied to `/etc/fail2ban/jail.local` within the Docker image.
- It explicitly disables the `[sshd]` jail, which was causing errors in an environment without an active sshd service or its logs.
- It ensures the `[3x-ipl]` jail (presumably for the panel's IP limiting) remains enabled, relying on the application to manage its specific filter and action rules.
3. **Docker Compose Version Warning:**
- I removed the `version: '3.8'` line from `docker-compose.yml` as it is obsolete and was causing a warning.
These changes aim to create a more stable and correctly configured backend service. You will need to rebuild the Docker images using `docker compose up -d --build --remove-orphans` to apply these fixes.
This commit addresses two primary issues in the backend Docker setup:
1. **Database Initialization Error (CGO_ENABLED):**
The Go binary was previously compiled with `CGO_ENABLED=0`. This caused an error ("Binary was compiled with 'CGO_ENABLED=0', go-sqlite3 requires cgo to work") because `go-sqlite3` requires CGo.
- Modified `Dockerfile.backend` to set `CGO_ENABLED=1` during the build.
- Added `gcc`, `musl-dev`, and `sqlite-dev` to the builder stage dependencies for CGo compilation on Alpine.
- Added `sqlite` to the final image stage for runtime library availability.
2. **fail2ban-client Not Found Error:**
The `DockerEntrypoint.sh` script attempted to start `fail2ban-client` without ensuring its presence in the image.
- Added `fail2ban` to the `apk add` command in the final stage of `Dockerfile.backend`.
- Updated `DockerEntrypoint.sh` to check if `fail2ban-client` is available before attempting to start it, preventing errors if it's not found (e.g., if `XUI_ENABLE_FAIL2BAN` is true but installation failed).
These changes should allow the backend container to build and start correctly, resolving the reported database and fail2ban errors. You will need to run `docker compose up -d --build` to apply these changes.
This commit delivers a fully rebuilt frontend using React/Next.js and a new Docker-based deployment strategy.
Key accomplishments included in this submission:
- **Frontend Application (new-frontend/):**
- All major UI features implemented: Login, Dashboard, Inbounds Management (CRUD for inbounds and clients with protocol-specific UIs for VMess, VLESS, Trojan, Shadowsocks; QR/Link sharing), comprehensive Settings page (Panel, User, 2FA, Telegram, Subscription, Other), Xray Logs viewer, and Xray/Geo management tools.
- Dark mode support reviewed.
- API service updated to use NEXT_PUBLIC_API_BASE_URL for Docker compatibility.
- Frontend project successfully builds with default Next.js output.
- Dynamic pages restored to full functionality.
- **Dockerization:**
- `new-frontend/Dockerfile`: Created for building and running the Next.js frontend.
- `Dockerfile.backend`: Created for building and running the Go backend.
- `docker-compose.yml`: Updated to define and orchestrate both frontend and backend services, manage networking, ports, volumes, and environment variables (including NEXT_PUBLIC_API_BASE_URL).
- **Installation Script (`install.sh`):**
- Completely refactored to support the new Docker-based deployment.
- Includes functions to check for/install Docker and Docker Compose.
- Clones/updates the project repository.
- Prompts you for necessary configurations (ports, installation directory).
- Creates a `.env` file for `docker-compose`.
- Uses `docker compose up -d --build` to launch the panel.
- Syntax errors you reported have been fixed.
- **Documentation (`README.md`):**
- Significantly updated to reflect the new frontend and the Docker-based installation process.
- Includes new quick install command and detailed steps for using `install.sh` and managing services with `docker compose`.
This submission prepares the project for your testing of the new installation script and the fully featured panel. You can now pull this branch and run the `install.sh` script from the repository root to set up the panel.
This commit marks the completion of the primary development phase for the new React/Next.js frontend and the setup for a Docker-based deployment.
Key accomplishments in this phase:
- **Inbounds Management (Concluded)**
- Full CRUD for inbounds and their clients (VMess, VLESS, Trojan via UI; Shadowsocks via UI for main params, others via JSON).
- QR Code and Subscription Link display.
- **Settings Management (Concluded)**
- Comprehensive settings page with tabs for Panel, User Account (Credentials & 2FA), Telegram Bot, Subscription Links, and Other settings.
- **Other Features**
- Xray Logs Modal.
- Xray Version and Geo Files Management Modal.
- **Deployment Strategy & Integration (Core Setup Done)**
- Successfully resolved the build issues by confirming your environment can build the full-featured Next.js application.
- Created `Dockerfile` for the `new-frontend` (Next.js app).
- Created `Dockerfile.backend` for the Go backend.
- Updated `docker-compose.yml` to manage both frontend and backend services, including network communication and environment variable setup (like NEXT_PUBLIC_API_BASE_URL).
- Drafted and finalized a new `install.sh` script that automates the installation of Docker, Docker Compose, clones the repository, and uses `docker-compose` to build and run the application.
- Significantly updated `README.md` with detailed instructions for the new Docker-based installation and management.
**Response to your feedback ("It's vague, tell me how to apply this"):**
The primary way to "apply" these changes and run the new panel is by using the updated `install.sh` script on a clean server or by following the Docker Compose instructions in the new `README.md`.
The general steps outlined in the new README are:
1. Ensure prerequisites (Docker, Docker Compose, git, curl) are met. The `install.sh` attempts to install Docker and Docker Compose.
2. Use the quick install command: `bash <(curl -Ls https://raw.githubusercontent.com/MHSanaei/3x-ui/main/install.sh)` (assuming `install.sh` in `main` branch is updated with the new content).
3. The script will guide you through setting host ports and then run `docker compose up -d --build`.
4. The frontend will be accessible on the specified frontend port (default 3000), and it will communicate with the backend service running in another Docker container.
**Next Steps (Primarily for you/maintainer):**
1. **Thorough Testing of `install.sh`:** The new installation script needs to be tested on various target Linux distributions.
2. **Full Functional Testing:** All aspects of the new UI should be tested in a deployed environment.
3. **Final UI/UX Refinements & Dark Mode Polish:** Based on testing.
4. Consideration of remaining minor features (e.g., DB backup/restore UI, Xray JSON config UI) if still desired.
The frontend codebase is in `new-frontend/`. All Docker-related files (`Dockerfile.backend`, `docker-compose.yml`, updated `install.sh`, updated `README.md`) are in the repository root.
* chore: implement 2fa auth
from #2786
* chore: format code
* chore: replace two factor token input with qr-code
* chore: requesting confirmation of setting/removing two-factor authentication
otpauth library was taken from cdnjs
* chore: revert changes in `ClipboardManager`
don't need it.
* chore: removing twoFactor prop in settings page
* chore: remove `twoFactorQr` object in `mounted` function
* Add a new button to but : Reset All Clients
* handel translation for `Reset All Clients` button
* refactoring
* add a new button to telegram bot >> `Sorted Traffic Usage Report`
* - refactoring
* add ip limit conifg on new client adding time
