MethylBlog

Setting Up My Server: A Fresh Restart

If you visit my old website, you’ll be greeted by a welcome page. As an amateur Linux operations engineer, I sometimes do stupid things like accidentally deleting things without a backup. This post is basically a guide for my future self in case I break my server again.

The purpose of using a VPS.

The point of using a VPS and not a hosting platform is that fewer limitations exist. In my case, I mainly use my VPS as a proxy so my family and friends, who live in a more internet-restricted country, can communicate like people living in the rest of the world.

I use a protocol called VMess, which is a protocol for encrypted communications and includes both inbound and outbound proxy. There is a tool called x-ui with multi-user support for VMess and other protocols, and it is simple to set up.

But before that, I have to prepare everything else first.

Update the repositories and install important packages.

Here is a list of stuff that I want to install right now:

  • nginx for web hosting and reverse proxying
  • snapd for certbot and SSL stuff
  • docker because I want to set up consistent environments for development rapidly.
  • x-ui, of course, for multi-user support proxy.
$ sudo apt update
$ sudo apt install snapd nginx
$ sudo snap install core
$ sudo snap refresh core
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

What I’ve done here: 

First, I prepared my server by updating the package sources list with the latest versions of the packages in the repositories. Then, I installed snap and nginx with apt and certbot with snap. Finally, I created a symbolic link for my certbot installation to make it work.

Add repository and install Docker.

I will use Docker because it’s an elegant way to set up almost anything. It’s simple, and that’s what I care about. They have good guides on their website, but it’s long, so I’m going to shorten it and only write what works for me.

First, install packages to allow apt to use a repository over HTTPS, and add Docker’s official GPG key. 

$ sudo apt install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
$ sudo mkdir -p /etc/apt/keyrings
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

Next, use this command to set up the repository.

$ echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Now we can update Docker’s package list, install Docker Engine, containerd, and Docker Compose.

$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

We can test our Docker installation with the following command. 

$ sudo docker run hello-world

Manage Docker as a non-root user.

Although we have Docker installed, we need root permission to use it. Otherwise, we will be greeted with errors like this:

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

We can create a Unix group called docker and add users to it, so when the Docker daemon starts, it creates a Unix socket accessible by members of the docker group. I’m using Ubuntu, so the docker group is already made for me. I can simply add a user to it.

$ sudo usermod -aG docker $USER

Refresh to activate the changes.

$ newgrp docker

Now test again without sudo.

$ docker run hello-world

If you see Docker up and running, you are good to go.

Configure Docker to start on boot.

Ubuntu uses systemd to manage which services start when the system boots. We can simply add Docker and containerd to systemd.

$ sudo systemctl enable docker.service
$ sudo systemctl enable containerd.service

From now on, Docker will start when the system boots. It is very handy for someone lazy like me.

Install x-ui with a Docker image.

It’s a very simple. Run the following command and wait. 

$ cd ~
$ mkdir x-ui && cd x-ui
$ docker run -itd --network=host \
    -v $PWD/db/:/etc/x-ui/ \
    -v $PWD/cert/:/root/cert/ \
    --name x-ui --restart=unless-stopped \
    enwaiax/x-ui:latest

With the command above, you:

  • Changed directory to your home folder.
  • Made and changed into a new directory called x-ui.
  • Downloaded and installed the Docker image for x-ui into the new x-ui directory.

Now, x-ui should be up and running. The default port is 54321. You can check the status with the following command or just visit your panel in a browser. The default username and password are admin.

$ docker ps

Setting up SSL for your x-ui panel.

In this part, we will be setting up SSL for the panel. Here, we will install a nginx plugin for certbot

$ sudo apt install python3-certbot-nginx

Next, add a new configuration file in /etc/nginx/conf.d for your new x-ui panel.

$ sudo touch /etc/nginx/conf.d/xui.conf

Add the following configurations. Remember to use your own domains.

server {
    listen 80;
    listen [::]:80;
    server_name example.com;

    location /panel {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:54321;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
    }

    # This part desribe how to reverse websocket proxy
     location /xray {
         proxy_redirect off;
         proxy_pass http://127.0.0.1:10001;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Y-Real-IP $realip_remote_addr;
     }
}

Validate the configuration file and use certbot to get a new certificate for your domain.

$ sudo nginx -t
$ sudo certbot --nginx --agree-tos --no-eff-email --email you@example.com

Reload nginx configurations.

$ sudo nginx -s reload

Locate your SSL certificate.

I will not go over the details of using the x-ui panel itself because it’s pretty self-explanatory.

Your SSL certificates should be located here.

/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem

If you have connection issues, it is likely because the x-ui panel cannot access your certificates. To solve the problem, you can copy its content and paste them directly into your panel’s certificate file content boxes.

$ sudo cat /etc/letsencrypt/live/example.com/fullchain.pem
$ sudo cat /etc/letsencrypt/live/example.com/privkey.pem

Now you should be able to connect to your proxy without issues.

Posted

in

by

Metheno

Tags:

,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.