Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-07-02 21:12:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
3x-ui/Dockerfile.backend
google-labs-jules[bot] b09e953450 Hi there! I've made some comprehensive updates to the backend, frontend, and Docker setup. 
This series of fixes and improvements addresses issues related to Xray-core execution, Fail2ban configuration, frontend API calls, and Docker build processes.

Here's a summary of the key changes:

1.  **Backend (`Dockerfile.backend`, `DockerEntrypoint.sh`):**
    - I enabled CGo and installed SQLite dependencies.
    - I installed Fail2ban.
    - I created the `/app/bin` directory.
    - I've ensured the Xray-core binary (`v1.8.11` for linux-amd64), `geoip.dat`, and `geosite.dat` are downloaded and correctly placed into `/app/bin/` with execute permissions.
    - I copied custom Fail2ban filter (`3x-ipl.filter.conf`) and action (`3x-ipl.action.conf`) files to the appropriate directories in `/etc/fail2ban/`.
    - I copied a custom `jail.local` (as `xui_fail2ban.local`) to `/etc/fail2ban/`. This configuration:
        - Disables `sshd` and `sshd-ddos` jails.
        - Sets `logpath` for the `[3x-ipl]` jail to `/app/log/3xipl.log`.
    - I created the `/app/log` directory and the files `3xipl.log` and `3xipl-banned.log` to ensure they exist for Fail2ban.
    - The `DockerEntrypoint.sh` script now checks for `fail2ban-client` before execution.

2.  **Frontend (`new-frontend/Dockerfile`, `docker-compose.yml`):**
    - I modified `new-frontend/Dockerfile` to include `ARG NEXT_PUBLIC_API_BASE_URL` and `ENV NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL` before the `npm run build` command.
    - I updated `docker-compose.yml` for the `frontend` service to pass `NEXT_PUBLIC_API_BASE_URL` as a build argument via the `args` section. This ensures the API base URL is correctly inlined during the Next.js build, fixing issues with API calls that were previously going to the frontend's own host and port.

3.  **Docker Compose (`docker-compose.yml`):**
    - I removed the obsolete `version: '3.8'` line.

4.  **New Configuration Files (root of repo):**
    - `xui_fail2ban.local`: Custom jail settings for Fail2ban.
    - `3x-ipl.filter.conf`: Filter definition for 3x-ui IP limiting.
    - `3x-ipl.action.conf`: Action definition for 3x-ui IP limiting.

These changes aim to provide a stable build and runtime environment, resolve frontend API call issues, and correctly configure Fail2ban.
You should pull these changes, rebuild your Docker images, and test thoroughly.
2025-06-05 09:44:59 +00:00

66 lines
2.6 KiB
Text
Raw Blame History

# Stage 1: Build the Go application
FROM golang:1.24.3-alpine AS builder
WORKDIR /app
# Copy go.mod and go.sum and download dependencies
COPY go.mod go.sum ./
RUN apk add --no-cache gcc musl-dev sqlite-dev
RUN go mod download
# Copy the rest of the application source code
COPY . .
# Build the Go application
# Assuming the main package is in the root and output is 'x-ui' or 'main'
# The original entrypoint seems to be related to x-ui.sh or DockerEntrypoint.sh
# We need to ensure the binary is built correctly.
# For 3x-ui, the main.go seems to be the entry point.
RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o /app/x-ui main.go
# Stage 2: Production environment
FROM alpine:latest
WORKDIR /app
RUN mkdir -p /app/bin
ARG XRAY_VERSION=v1.8.11
ARG TARGETARCH=amd64
# Use Xray-linux-64.zip for amd64 architecture as per Xray release naming
RUN wget -O /tmp/Xray-linux-64.zip https://github.com/XTLS/Xray-core/releases/download/${XRAY_VERSION}/Xray-linux-64.zip && \
unzip /tmp/Xray-linux-64.zip -d /app/bin xray geoip.dat geosite.dat && \
mv /app/bin/xray /app/bin/xray-linux-${TARGETARCH} && \
chmod +x /app/bin/xray-linux-${TARGETARCH} && \
rm /tmp/Xray-linux-64.zip
RUN mkdir -p /app/log && \
touch /app/log/3xipl.log && \
touch /app/log/3xipl-banned.log
# Copy the binary from the builder stage
COPY --from=builder /app/x-ui /app/x-ui
COPY --from=builder /app/x-ui.sh /app/x-ui.sh
COPY --from=builder /app/DockerEntrypoint.sh /app/DockerEntrypoint.sh
COPY --from=builder /app/config/name /app/config/name
COPY --from=builder /app/config/version /app/config/version
# Ensure necessary directories exist and have correct permissions if needed by the app
# The original compose file mounts $PWD/db/:/etc/x-ui/ and $PWD/cert/:/root/cert/
# So, these paths should be available or created by the entrypoint script.
RUN apk add --no-cache sqlite fail2ban
RUN mkdir -p /etc/x-ui && \
mkdir -p /root/cert && \
chmod +x /app/x-ui.sh /app/DockerEntrypoint.sh /app/x-ui
# Expose default panel port (e.g., 2053, but this will be handled by docker-compose)
# The original compose uses network_mode: host, so ports are directly from the app.
# If we move away from network_mode: host, we'll need to EXPOSE the correct port here.
# Let's assume the Go app listens on a port defined by an ENV or config, e.g., 2053
EXPOSE 2053
COPY 3x-ipl.filter.conf /etc/fail2ban/filter.d/3x-ipl.conf
COPY 3x-ipl.action.conf /etc/fail2ban/action.d/3x-ipl.conf
COPY xui_fail2ban.local /etc/fail2ban/jail.local
# Entrypoint
ENTRYPOINT ["/app/DockerEntrypoint.sh"]
CMD ["/app/x-ui"] # Default command if DockerEntrypoint.sh doesn't override
Reference in a new issue View git blame Copy permalink