If you visit my old website, you’ll be greeted by a welcome page. As an amateur Linux operations engineer, I sometimes do stupid things like accidentally deleting things without a backup. This post is basically a guide for my future self in case I break my server again.
The purpose of using a VPS.
The point of using a VPS and not a hosting platform is that fewer limitations exist. In my case, I mainly use my VPS as a proxy so my family and friends, who live in a more internet-restricted country, can communicate like people living in the rest of the world.
I use a protocol called VMess, which is a protocol for encrypted communications and includes both inbound and outbound proxy. There is a tool called x-ui
with multi-user support for VMess and other protocols, and it is simple to set up.
But before that, I have to prepare everything else first.
Update the repositories and install important packages.
Here is a list of stuff that I want to install right now:
nginx
for web hosting and reverse proxyingsnapd
forcertbot
and SSL stuffdocker
because I want to set up consistent environments for development rapidly.x-ui
, of course, for multi-user support proxy.
$ sudo apt update
$ sudo apt install snapd nginx
$ sudo snap install core
$ sudo snap refresh core
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
What I’ve done here:
First, I prepared my server by updating the package sources list with the latest versions of the packages in the repositories. Then, I installed snap
and nginx
with apt
and certbot
with snap
. Finally, I created a symbolic link for my certbot
installation to make it work.
Add repository and install Docker.
I will use Docker because it’s an elegant way to set up almost anything. It’s simple, and that’s what I care about. They have good guides on their website, but it’s long, so I’m going to shorten it and only write what works for me.
First, install packages to allow apt to use a repository over HTTPS, and add Docker’s official GPG key.
$ sudo apt install \
ca-certificates \
curl \
gnupg \
lsb-release
$ sudo mkdir -p /etc/apt/keyrings
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
Next, use this command to set up the repository.
$ echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Now we can update Docker’s package list, install Docker Engine, containerd
, and Docker Compose.
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
We can test our Docker installation with the following command.
$ sudo docker run hello-world
Manage Docker as a non-root user.
Although we have Docker installed, we need root permission to use it. Otherwise, we will be greeted with errors like this:
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
We can create a Unix group called docker
and add users to it, so when the Docker daemon starts, it creates a Unix socket accessible by members of the docker
group. I’m using Ubuntu, so the docker
group is already made for me. I can simply add a user to it.
$ sudo usermod -aG docker $USER
Refresh to activate the changes.
$ newgrp docker
Now test again without sudo
.
$ docker run hello-world
If you see Docker up and running, you are good to go.
Configure Docker to start on boot.
Ubuntu uses systemd
to manage which services start when the system boots. We can simply add Docker and containerd
to systemd
.
$ sudo systemctl enable docker.service
$ sudo systemctl enable containerd.service
From now on, Docker will start when the system boots. It is very handy for someone lazy like me.
Install x-ui with a Docker image.
It’s a very simple. Run the following command and wait.
$ cd ~
$ mkdir x-ui && cd x-ui
$ docker run -itd --network=host \
-v $PWD/db/:/etc/x-ui/ \
-v $PWD/cert/:/root/cert/ \
--name x-ui --restart=unless-stopped \
enwaiax/x-ui:latest
With the command above, you:
- Changed directory to your home folder.
- Made and changed into a new directory called
x-ui
. - Downloaded and installed the Docker image for
x-ui
into the newx-ui
directory.
Now, x-ui should be up and running. The default port is 54321. You can check the status with the following command or just visit your panel in a browser. The default username and password are admin.
$ docker ps
Setting up SSL for your x-ui panel.
In this part, we will be setting up SSL for the panel. Here, we will install a nginx
plugin for certbot
.
$ sudo apt install python3-certbot-nginx
Next, add a new configuration file in /etc/nginx/conf.d for your new x-ui
panel.
$ sudo touch /etc/nginx/conf.d/xui.conf
Add the following configurations. Remember to use your own domains.
server {
listen 80;
listen [::]:80;
server_name example.com;
location /panel {
proxy_redirect off;
proxy_pass http://127.0.0.1:54321;
proxy_http_version 1.1;
proxy_set_header Host $host;
}
# This part desribe how to reverse websocket proxy
location /xray {
proxy_redirect off;
proxy_pass http://127.0.0.1:10001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Y-Real-IP $realip_remote_addr;
}
}
Validate the configuration file and use certbot
to get a new certificate for your domain.
$ sudo nginx -t
$ sudo certbot --nginx --agree-tos --no-eff-email --email you@example.com
Reload nginx configurations.
$ sudo nginx -s reload
Locate your SSL certificate.
I will not go over the details of using the x-ui
panel itself because it’s pretty self-explanatory.
Your SSL certificates should be located here.
/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem
If you have connection issues, it is likely because the x-ui panel cannot access your certificates. To solve the problem, you can copy its content and paste them directly into your panel’s certificate file content boxes.
$ sudo cat /etc/letsencrypt/live/example.com/fullchain.pem
$ sudo cat /etc/letsencrypt/live/example.com/privkey.pem
Now you should be able to connect to your proxy without issues.
Leave a Reply