171 commits

Author	SHA1	Message	Date
MHSanaei	72d8ebd269	fix(x-ui.sh): pass silent flag to stop/start during IP SSL setup	2026-05-09 19:59:01 +02:00
MHSanaei	7f703f927e	fix(scripts): harden server-IP detection with multi-provider + manual fallback ... Try six IPv4 providers in turn, accept only HTTP 200 + IPv4-shaped body, and prompt the user to enter their IP if every provider fails. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-08 00:51:28 +02:00
MHSanaei	3349dcbc13	fix(fail2ban): fix banning regression and Docker zero-jail issue ... - DockerEntrypoint.sh: create jail.d/filter.d/action.d config files before starting fail2ban so Docker containers no longer start with 0 active jails (fixes #4134) - x-ui.sh create_iplimit_jails: lower maxretry from 2 to 1 so fail2ban bans on the first log entry; with maxretry=2 and the partitionLiveIps logic the second occurrence could arrive after the 32 s findtime window, silently preventing any ban (fixes #4163) - x-ui.sh: fix datepattern (%%Y -> %Y) so fail2ban parses the Go log timestamp correctly instead of looking for a literal %%Y string - x-ui.sh / DockerEntrypoint.sh: fix date command in actionban / actionunban echo (%%Y -> %Y) so the ban log records actual dates - check_client_ip_job.go: replace log.SetOutput / log.SetFlags on the global standard-library logger with a local log.New instance, eliminating the dangling closed-file-handle between calls and stopping unrelated stdlib log output from polluting 3xipl.log Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-07 13:53:34 +02:00
MHSanaei	e19061d513	TLS: Remove ECH Force Query	2026-05-04 13:20:24 +02:00
pwnnex	71ac920436	x-ui.sh: install nftables alongside fail2ban in install_iplimit ... On fresh Debian 12+, Ubuntu 24+ and recent RHEL-family minimal images the fail2ban package ships with `banaction = nftables-multiport` as the default in /etc/fail2ban/jail.conf but does not pull in the `nftables` package as a dependency. The first SSH brute-force attempt hits the default sshd jail and fail2ban logs stderr: /bin/sh: 1: nft: not found returned 127 -- HINT on 127: "Command not found" repeatedly, which users mistake for a 3x-ui regression (see the discussion on #4083). The 3x-ipl jail itself is unaffected — it uses an iptables-based action configured in create_iplimit_jails — so this is only stray noise, but noisy enough to look like a real failure on first install. Add `nftables` to the package list in every branch of install_iplimit so new installs end up with a working default sshd jail out of the box. Existing installs where `nftables` is already present are a no-op.	2026-04-22 18:50:42 +03:00
Yunheng Liu	e02f78ac68	Fix SSL domain setup on reinstall: reuse existing certs and avoid false success/failure logs (#4004) ... * perf: replace /dev/urandom | tr with openssl rand to fix CPU spike * fix: add cron to default package installation and improve SSL certificate handling * Reworked `--installcert` success criteria, cleanup behavior adjusted.	2026-04-17 12:19:45 +02:00
Yunheng Liu	169b216d7e	perf: replace /dev/urandom | tr with openssl rand to fix CPU spike (#3887)	2026-04-01 13:59:48 +02:00
kazan417	38d87230d3	Update x-ui.sh (#3947) ... looks like now cert management is option 19	2026-03-18 19:45:45 +01:00
MHSanaei	258b08fff3	Update fail2ban filter regex in x-ui.sh	2026-03-08 11:53:34 +01:00
子寒	842fae18d7	Add 'default' runlevel to x-ui service in Alpine (#3854) ... it should be 'default' runlevel when add x-ui service to openrc, default is 'sysinit' runlevel. 'sysinit' runlevel is unnecessary,maybe. if not, there is an error when call to function 'check_enabled()' as command 'grep default -c' can`t print 'default' runlevel. check_enabled() { if [[ $release == "alpine" ]]; then if [[ $(rc-update show | grep -F 'x-ui' | grep default -c) == 1 ]]; then return 0 else return 1 fi	2026-03-04 12:32:01 +01:00
Alireza Ahmadi	2b1d3e7347	[feat] restart xray-core from cli #3825	2026-02-20 00:03:16 +01:00
MHSanaei	f4057989f5	Require HTTP 200 from curl before using IP ... Replace simple curl+trim checks with a response+http_code parse to ensure the remote URL returns HTTP 200 and a non-empty body before assigning server_ip. Changes applied to install.sh, update.sh and x-ui.sh: use curl -w to append the status code, extract http_code and ip_result, and only set server_ip when http_code == 200 and ip_result is non-empty. This makes the IP discovery more robust against error pages or partial responses while keeping the existing timeout behavior.	2026-02-11 21:32:23 +01:00
Sam Mosleh	d5ea8d0f38	Fix default CA by enforcing it everywhere (#3719)	2026-01-30 16:35:24 +01:00
Nebulosa	2f4018bbe5	feat: improve BBR management with sysctl.d and backup support (#3658)	2026-01-18 15:47:02 +01:00
Vorontsov Amadey	f273708f6d	Feature: Use of username and passwords consisting of several words (#3647)	2026-01-18 15:44:49 +01:00
VolgaIgor	a691eaea8d	Fixed incorrect filtering for IDN top-level domains (#3666)	2026-01-12 02:53:43 +01:00
MHSanaei	f8c9aac97c	Add port selection and checks for ACME HTTP-01 listener ... Introduces user prompts to select the port for ACME HTTP-01 certificate validation (default 80), checks if the chosen port is available, and provides guidance for port forwarding. Adds is_port_in_use helper to all scripts and improves messaging for certificate issuance and error handling.	2026-01-11 15:28:43 +01:00
Nebulosa	427b7b67d8	Refactor ca-certificate dependency (#3655)	2026-01-09 17:05:55 +01:00
Nebulosa	ccf08086ac	refactor update geofiles fuctions (#3653)	2026-01-09 17:03:53 +01:00
Sanaei	a9770e1da2	ip cert (#3631)	2026-01-05 05:47:15 +01:00
Nebulosa	719ae0e014	Remove wget dependency from everywhere (#3598) ... * Remove wget dependency * Merge branch 'curl_only' of https://github.com/nebulosa2007/3x-ui into nebulosa2007-curl_only --------- Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-01-03 06:41:40 +01:00
Nebulosa	692a73788a	Set variables for packaging purposes (#3600) ... * Set Variables for settings	2026-01-03 03:57:19 +01:00
Nebulosa	c061337ce7	Set log folder variable to /var/log/3x-ui (#3599) ... * Set log folder variable to /var/log/3x-ui * Set log folder as x-ui and create the log folder * Create the log folder in install and update scripts	2026-01-02 16:11:32 +01:00
Wyatt	260eedf8c4	fix: add missing is_domain helper function to x-ui.sh (#3612) ... The is_domain function was being called in ssl_cert_issue() but was never defined in x-ui.sh, causing 'Invalid domain format' errors for valid domains. Added is_ipv4, is_ipv6, is_ip, and is_domain helper functions to match the definitions in install.sh and update.sh. Co-authored-by: wyatt <wyatt@Wyatts-MacBook-Air.local>	2025-12-28 16:38:26 +01:00
Sanaei	69ccdba734	Self-signed SSL (#3611)	2025-12-28 00:03:33 +01:00
MHSanaei	0ea8b5352a	fix	2025-12-04 00:09:13 +01:00
JieXu	e8c509c720	Update for Red Hat base Linux (#3589) ... * Update install.sh * Update update.sh * Update x-ui.sh * Update install.sh * Update update.sh * Update x-ui.sh * fix	2025-12-03 21:40:49 +01:00
Evgeny Popov	ad659e48cf	Update x-ui.sh (#3595) ... Add curl & openssl pkgs for acme inside docker container	2025-12-03 14:42:10 +01:00
fgsfds	cf38226b5d	Add update-all-geofiles key to x-ui.sh (#3586) ... * added update-all-geofiles key to x-ui.sh that updated all geofiles * fix * text fixes * typo fix * cleanup	2025-11-07 19:26:43 +01:00
JieXu	cafcb250ec	Add support for OpenSUSE Leap (#3573) ... * Update update.sh * Update install.sh * Update x-ui.sh * Update x-ui.sh	2025-10-01 23:11:37 +02:00
JieXu	90c3529301	[Security] Replace timestamp-based password generation with random generator (#3571) ... * Update x-ui.sh * Update x-ui.sh * Update x-ui.sh * Update x-ui.sh	2025-10-01 18:37:31 +02:00
Mikhail Grigorev	3056583388	feat: Add update script (#3555) ... * feat: Add update script * Small fix * Fixed typo * Fixed typo * chmod +x * Update x-ui * Fixed update message * Fixed typo * Added downloading via IPv4 * Remove check_glibc_version * Fixed self destroy * Fixed typo * Fixed self destroy ---------	2025-09-28 14:09:27 +02:00
Evgeny Volferts	b3e96230c4	Add Alpine Linux support (#3534) ... * Add Alpine linux support * Fix for reading logs	2025-09-22 21:56:43 +02:00
mhsanaei	24a3411465	more list for public IP address	2025-08-21 14:24:25 +02:00
mhsanaei	3d0212c21d	fix: fail2ban on Debian 12 #1701	2025-08-15 13:34:02 +02:00
xujie86	75416eebd7	Increase the number of characters for webBasePath (#3239)	2025-07-22 12:53:12 +02:00
mhsanaei	bbdeb65291	new alternative to get public IP address	2025-07-06 20:45:58 +02:00
Shishkevich D.	5d11e6e13f	chore: reset two-factor authentication after changing admin credentials (#3029) ... * chore: add `resetTwoFactor` argument for main.go fixes #3025 * chore: reset two-factor authentication after changing admin credentials * chore: reset two-factor authentication after changing admin credentials --------- Co-authored-by: somebodywashere <68244480+somebodywashere@users.noreply.github.com> Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2025-07-02 11:25:25 +02:00
xujie86	e5752239f4	Update x-ui.sh	2025-06-19 14:38:24 +08:00
Pk-web6936	c93467b852	Code refactoring (#3011) ... * Code refactoring read without -r will mangle backslashes https://github.com/koalaman/shellcheck/wiki/SC2162 * Update x-ui.sh	2025-05-16 20:23:57 +02:00
Shishkevich D.	fe3b1c9b52	chore: implement 2fa auth (#2968) ... * chore: implement 2fa auth from #2786 * chore: format code * chore: replace two factor token input with qr-code * chore: requesting confirmation of setting/removing two-factor authentication otpauth library was taken from cdnjs * chore: revert changes in `ClipboardManager` don't need it. * chore: removing twoFactor prop in settings page * chore: remove `twoFactorQr` object in `mounted` function	2025-05-08 16:20:58 +02:00
Pk-web6936	b75a1ef5e1	Code refactoring (#2877) ... * read without -r will mangle backslashes. https://github.com/koalaman/shellcheck/wiki/SC2162 * read without -r will mangle backslashes.	2025-04-09 11:12:14 +02:00
mhsanaei	6545d8b61d	glibc version ... replace with OS check	2025-03-22 07:48:50 +01:00
mhsanaei	db945e2fbd	OS: Alma Linux 9.5+	2025-03-21 12:49:23 +01:00
mhsanaei	667fac15f4	OS: Rocky Linux 9.5+	2025-03-21 12:40:13 +01:00
mhsanaei	29033a7828	OS: Debian 12+	2025-03-20 19:45:29 +01:00
somebodywashere	fa5fb927c1	Update to regular cert issue (#2790)	2025-03-18 13:47:58 +01:00
somebodywashere	e3120c4028	Updates to CF cert issue (#2780)	2025-03-17 09:12:52 +01:00
Sanaei	cac00224db	runs-on: ubuntu-22.04 (#2767) ... https://github.com/actions/runner-images/issues/11101	2025-03-13 16:06:08 +01:00
mhsanaei	0f97eca314	Xray core v25.3.3	2025-03-04 09:54:10 +01:00