Skip to content

Deployment Overview of 3X-UI Graphics Panel on Server

Prerequisites and Basic Requirements

To ensure a successful deployment, the following requirements must be met:

  • Operating System: Ubuntu or Debian (for apt based systems) or CentOS/RHEL (for dnf/yum based systems).

  • Privileges: Root or sudo access is required for installing dependencies and managing Docker.

  • Domain: A domain managed via hostkey.in.

  • Ports: The following ports must be open on the host:

    • 22/tcp (SSH)

    • 80/tcp (HTTP / Certbot challenge)

    • 443/tcp (HTTPS)

FQDN of the final panel

The access URL for the panel follows this format: <prefix><Server ID>.hostkey.in:<port>

Where:

  • <prefix> is 3x-ui.

  • <port> is the internal port configured for the service (defaulting to 34171).

File and Directory Structure

The application utilizes several directories on the host system for configuration, data persistence, and SSL certificates:

Path Description
/root/3x-ui Deployment directory containing compose.yml
/data/3x-ui/db Database storage for 3X-UI
/data/3x-ui/cert Certificate related data
/data/nginx Nginx configuration and environment files
/data/nginx/user_conf.d Custom Nginx server blocks
/data/nginx/letsencrypt/.well-known/acme-challenge Certbot ACME challenge directory

Application installation process

The application is deployed using a Docker Compose-based method. The deployment includes the following components:

  • 3X-UI Image: ghcr.io/mhsanaei/3x-ui:latest

  • Nginx-Certbot Image: jonasal/nginx-certbot:latest

Access Rights and Security

Security is managed through both host-level firewalls and container configurations:

  • Firewall Management:

    • For RHEL-based systems, firewalld is disabled.

    • For Debian/Ubuntu-based systems, ufw is enabled with rules allowing ports 22, 80, and 443.

  • Container Security: The 3x-ui container runs with the environment variable XRAY_VMESS_AEAD_FORCED: "false".

  • User Credentials: Upon installation, default administrative credentials are updated to match the system's SSH password for both admin and root users.

Docker Containers and Their Deployment

The deployment is orchestrated via Docker Compose. The following services are running in containers:

3X-UI Container

  • Name: 3x-ui

  • Restart Policy: unless-stopped

  • Volumes:

    • /data/3x-ui/db/ mapped to /etc/x-ui/

    • nginx_secrets volume mapped to /root/cert/

Nginx-Certbot Container

  • Name: nginx-certbot

  • Restart Policy: unless-stopped

  • Volumes:

    • nginx_secrets volume mapped to /etc/letsencrypt

    • /data/nginx/user_conf.d mapped to /etc/nginx/user_conf.d

    • /data/nginx/letsencrypt mapped to /var/www/letsencrypt

Proxy Servers

The system uses nginx-certbot as a reverse proxy and SSL terminator:

  • SSL/TLS: Automated certificate management via Certbot with a renewal interval of 8 days.

  • HTTP Redirection: All traffic on port 80 is automatically redirected to the HTTPS endpoint.

  • Proxy Configuration: Nginx acts as a reverse proxy for the 3x-ui container, handling WebSocket upgrades and passing headers such as X-Real-IP, X-Forwarded-For, and Upgrade.

Location of configuration files and data

File/Directory Host Path
Docker Compose File /root/3x-ui/compose.yml
Nginx Environment File /data/nginx/nginx-certbot.env
Nginx Configuration /data/nginx/user_conf.d/<prefix><server_id>.hostkey.in.conf
Database Files /data/3x-ui/db/

Available ports for connection

The following port mappings are utilized:

Service Internal Port External/Proxy Port
3X-UI Panel 34171 Managed via Nginx (HTTPS)
HTTP (Certbot) 80 80
HTTPS (Nginx) 443 443
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×