Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-09-12 13:10:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3x-ui/Dockerfile.backend
google-labs-jules[bot] 57364f7437 Hi there, Jules here. I've made some updates to address an issue with Fail2ban. 
Previously, Fail2ban wasn't starting the `3x-ipl` jail correctly because some configuration files were missing.

Here's what I've done:
- I've added a new filter configuration file, `3x-ipl.filter.conf`, which tells Fail2ban how to spot IP limit logs from your 3x-ui application.
- I've also added a new action configuration file, `3x-ipl.action.conf`, which sets up standard banning actions. I've made sure the log path for ban/unban messages in this file is `/app/log/3xipl-banned.log`, to match your application's log path.
- I updated `Dockerfile.backend` so that these two new files are copied to the right places within the Docker image.
- I also made some changes to `xui_fail2ban.local` (which gets copied to `/etc/fail2ban/jail.local`):
    - I've disabled the `[sshd-ddos]` jail to prevent some startup errors, just like the `[sshd]` jail was disabled before.
    - I've updated the `logpath` for the `[3x-ipl]` jail to `/app/log/3xipl.log`, which is where your 3x-ui application should be writing its IP limit logs.

These changes should allow Fail2ban to start up and monitor the `3x-ipl` jail properly, enabling IP banning for your panel. You'll need to rebuild your Docker images to apply these changes.
2025-06-05 08:42:29 +00:00

62 lines
2.5 KiB
Text
Raw Blame History

# Stage 1: Build the Go application
FROM golang:1.24.3-alpine AS builder
WORKDIR /app
# Copy go.mod and go.sum and download dependencies
COPY go.mod go.sum ./
RUN apk add --no-cache gcc musl-dev sqlite-dev
RUN go mod download
# Copy the rest of the application source code
COPY . .
# Build the Go application
# Assuming the main package is in the root and output is 'x-ui' or 'main'
# The original entrypoint seems to be related to x-ui.sh or DockerEntrypoint.sh
# We need to ensure the binary is built correctly.
# For 3x-ui, the main.go seems to be the entry point.
RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o /app/x-ui main.go
# Stage 2: Production environment
FROM alpine:latest
WORKDIR /app
RUN mkdir -p /app/bin
ARG XRAY_VERSION=v1.8.11
ARG TARGETARCH=amd64
# Use Xray-linux-64.zip for amd64 architecture as per Xray release naming
RUN wget -O /tmp/Xray-linux-64.zip https://github.com/XTLS/Xray-core/releases/download/${XRAY_VERSION}/Xray-linux-64.zip && \
unzip /tmp/Xray-linux-64.zip -d /app/bin xray geoip.dat geosite.dat && \
mv /app/bin/xray /app/bin/xray-linux-${TARGETARCH} && \
chmod +x /app/bin/xray-linux-${TARGETARCH} && \
rm /tmp/Xray-linux-64.zip
# Copy the binary from the builder stage
COPY --from=builder /app/x-ui /app/x-ui
COPY --from=builder /app/x-ui.sh /app/x-ui.sh
COPY --from=builder /app/DockerEntrypoint.sh /app/DockerEntrypoint.sh
COPY --from=builder /app/config/name /app/config/name
COPY --from=builder /app/config/version /app/config/version
# Ensure necessary directories exist and have correct permissions if needed by the app
# The original compose file mounts $PWD/db/:/etc/x-ui/ and $PWD/cert/:/root/cert/
# So, these paths should be available or created by the entrypoint script.
RUN apk add --no-cache sqlite fail2ban
RUN mkdir -p /etc/x-ui && \
mkdir -p /root/cert && \
chmod +x /app/x-ui.sh /app/DockerEntrypoint.sh /app/x-ui
# Expose default panel port (e.g., 2053, but this will be handled by docker-compose)
# The original compose uses network_mode: host, so ports are directly from the app.
# If we move away from network_mode: host, we'll need to EXPOSE the correct port here.
# Let's assume the Go app listens on a port defined by an ENV or config, e.g., 2053
EXPOSE 2053
COPY 3x-ipl.filter.conf /etc/fail2ban/filter.d/3x-ipl.conf
COPY 3x-ipl.action.conf /etc/fail2ban/action.d/3x-ipl.conf
COPY xui_fail2ban.local /etc/fail2ban/jail.local
# Entrypoint
ENTRYPOINT ["/app/DockerEntrypoint.sh"]
CMD ["/app/x-ui"] # Default command if DockerEntrypoint.sh doesn't override
Reference in a new issue View git blame Copy permalink