This series of fixes and improvements addresses issues related to Xray-core execution, Fail2ban configuration, frontend API calls, and Docker build processes.
Here's a summary of the key changes:
1. **Backend (`Dockerfile.backend`, `DockerEntrypoint.sh`):**
- I enabled CGo and installed SQLite dependencies.
- I installed Fail2ban.
- I created the `/app/bin` directory.
- I've ensured the Xray-core binary (`v1.8.11` for linux-amd64), `geoip.dat`, and `geosite.dat` are downloaded and correctly placed into `/app/bin/` with execute permissions.
- I copied custom Fail2ban filter (`3x-ipl.filter.conf`) and action (`3x-ipl.action.conf`) files to the appropriate directories in `/etc/fail2ban/`.
- I copied a custom `jail.local` (as `xui_fail2ban.local`) to `/etc/fail2ban/`. This configuration:
- Disables `sshd` and `sshd-ddos` jails.
- Sets `logpath` for the `[3x-ipl]` jail to `/app/log/3xipl.log`.
- I created the `/app/log` directory and the files `3xipl.log` and `3xipl-banned.log` to ensure they exist for Fail2ban.
- The `DockerEntrypoint.sh` script now checks for `fail2ban-client` before execution.
2. **Frontend (`new-frontend/Dockerfile`, `docker-compose.yml`):**
- I modified `new-frontend/Dockerfile` to include `ARG NEXT_PUBLIC_API_BASE_URL` and `ENV NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL` before the `npm run build` command.
- I updated `docker-compose.yml` for the `frontend` service to pass `NEXT_PUBLIC_API_BASE_URL` as a build argument via the `args` section. This ensures the API base URL is correctly inlined during the Next.js build, fixing issues with API calls that were previously going to the frontend's own host and port.
3. **Docker Compose (`docker-compose.yml`):**
- I removed the obsolete `version: '3.8'` line.
4. **New Configuration Files (root of repo):**
- `xui_fail2ban.local`: Custom jail settings for Fail2ban.
- `3x-ipl.filter.conf`: Filter definition for 3x-ui IP limiting.
- `3x-ipl.action.conf`: Action definition for 3x-ui IP limiting.
These changes aim to provide a stable build and runtime environment, resolve frontend API call issues, and correctly configure Fail2ban.
You should pull these changes, rebuild your Docker images, and test thoroughly.
Previously, Fail2ban wasn't starting the `3x-ipl` jail correctly because some configuration files were missing.
Here's what I've done:
- I've added a new filter configuration file, `3x-ipl.filter.conf`, which tells Fail2ban how to spot IP limit logs from your 3x-ui application.
- I've also added a new action configuration file, `3x-ipl.action.conf`, which sets up standard banning actions. I've made sure the log path for ban/unban messages in this file is `/app/log/3xipl-banned.log`, to match your application's log path.
- I updated `Dockerfile.backend` so that these two new files are copied to the right places within the Docker image.
- I also made some changes to `xui_fail2ban.local` (which gets copied to `/etc/fail2ban/jail.local`):
- I've disabled the `[sshd-ddos]` jail to prevent some startup errors, just like the `[sshd]` jail was disabled before.
- I've updated the `logpath` for the `[3x-ipl]` jail to `/app/log/3xipl.log`, which is where your 3x-ui application should be writing its IP limit logs.
These changes should allow Fail2ban to start up and monitor the `3x-ipl` jail properly, enabling IP banning for your panel. You'll need to rebuild your Docker images to apply these changes.
The previous attempt to download Xray-core resulted in a 404 error
because the specified version/filename combination was incorrect for
the amd64 architecture.
This commit updates `Dockerfile.backend` to:
- Use Xray-core version `v1.8.11`.
- Use the filename `Xray-linux-64.zip` for downloading, which is the
correct asset name for the linux-amd64 architecture for this version.
- Ensure the extracted binary is still renamed to `xray-linux-${TARGETARCH}`
(e.g., `xray-linux-amd64`) to match your application's expectations.
This should resolve the Docker build failure caused by the inability
to download the Xray-core binary.
This commit addresses several issues I identified in the backend Docker container:
1. **Xray-core Execution Failure (`open bin/config.json`):**
- I modified `Dockerfile.backend` to correctly set up the Xray-core environment:
- It now creates the `/app/bin` directory.
- It downloads a specified version (v1.8.10) of Xray-core for linux-amd64, along with `geoip.dat` and `geosite.dat`, from the XTLS/Xray-core GitHub releases.
- It renames the Xray binary to `xray-linux-amd64` (matching the expected name pattern from `xray/process.go`) and places it, `geoip.dat`, and `geosite.dat` into `/app/bin/`.
- It makes the `/app/bin/xray-linux-amd64` binary executable.
- This ensures that the `x-ui` application can find the Xray binary and has a writable directory for `config.json`, resolving the "open bin/config.json: no such file or directory" errors.
2. **Fail2ban Configuration Error (`Have not found any log file for sshd jail`):**
- I created a new configuration file `xui_fail2ban.local`.
- This file is copied to `/etc/fail2ban/jail.local` within the Docker image.
- It explicitly disables the `[sshd]` jail, which was causing errors in an environment without an active sshd service or its logs.
- It ensures the `[3x-ipl]` jail (presumably for the panel's IP limiting) remains enabled, relying on the application to manage its specific filter and action rules.
3. **Docker Compose Version Warning:**
- I removed the `version: '3.8'` line from `docker-compose.yml` as it is obsolete and was causing a warning.
These changes aim to create a more stable and correctly configured backend service. You will need to rebuild the Docker images using `docker compose up -d --build --remove-orphans` to apply these fixes.
This commit addresses two primary issues in the backend Docker setup:
1. **Database Initialization Error (CGO_ENABLED):**
The Go binary was previously compiled with `CGO_ENABLED=0`. This caused an error ("Binary was compiled with 'CGO_ENABLED=0', go-sqlite3 requires cgo to work") because `go-sqlite3` requires CGo.
- Modified `Dockerfile.backend` to set `CGO_ENABLED=1` during the build.
- Added `gcc`, `musl-dev`, and `sqlite-dev` to the builder stage dependencies for CGo compilation on Alpine.
- Added `sqlite` to the final image stage for runtime library availability.
2. **fail2ban-client Not Found Error:**
The `DockerEntrypoint.sh` script attempted to start `fail2ban-client` without ensuring its presence in the image.
- Added `fail2ban` to the `apk add` command in the final stage of `Dockerfile.backend`.
- Updated `DockerEntrypoint.sh` to check if `fail2ban-client` is available before attempting to start it, preventing errors if it's not found (e.g., if `XUI_ENABLE_FAIL2BAN` is true but installation failed).
These changes should allow the backend container to build and start correctly, resolving the reported database and fail2ban errors. You will need to run `docker compose up -d --build` to apply these changes.
