Deployment Overview of 3X-UI Graphics Panel on Server¶
Prerequisites and Basic Requirements¶
To ensure a successful deployment, the following requirements must be met:
-
Operating System: Ubuntu or Debian (for
aptbased systems) or CentOS/RHEL (fordnf/yumbased systems). -
Privileges: Root or sudo access is required for installing dependencies and managing Docker.
-
Domain: A domain managed via
hostkey.in. -
Ports: The following ports must be open on the host:
-
22/tcp(SSH) -
80/tcp(HTTP / Certbot challenge) -
443/tcp(HTTPS)
-
FQDN of the final panel¶
The access URL for the panel follows this format: <prefix><Server ID>.hostkey.in:<port>
Where:
-
<prefix>is3x-ui. -
<port>is the internal port configured for the service (defaulting to34171).
File and Directory Structure¶
The application utilizes several directories on the host system for configuration, data persistence, and SSL certificates:
| Path | Description |
|---|---|
/root/3x-ui | Deployment directory containing compose.yml |
/data/3x-ui/db | Database storage for 3X-UI |
/data/3x-ui/cert | Certificate related data |
/data/nginx | Nginx configuration and environment files |
/data/nginx/user_conf.d | Custom Nginx server blocks |
/data/nginx/letsencrypt/.well-known/acme-challenge | Certbot ACME challenge directory |
Application installation process¶
The application is deployed using a Docker Compose-based method. The deployment includes the following components:
-
3X-UI Image:
ghcr.io/mhsanaei/3x-ui:latest -
Nginx-Certbot Image:
jonasal/nginx-certbot:latest
Access Rights and Security¶
Security is managed through both host-level firewalls and container configurations:
-
Firewall Management:
-
For RHEL-based systems,
firewalldis disabled. -
For Debian/Ubuntu-based systems,
ufwis enabled with rules allowing ports22,80, and443.
-
-
Container Security: The
3x-uicontainer runs with the environment variableXRAY_VMESS_AEAD_FORCED: "false". -
User Credentials: Upon installation, default administrative credentials are updated to match the system's SSH password for both
adminandrootusers.
Docker Containers and Their Deployment¶
The deployment is orchestrated via Docker Compose. The following services are running in containers:
3X-UI Container¶
-
Name:
3x-ui -
Restart Policy:
unless-stopped -
Volumes:
-
/data/3x-ui/db/mapped to/etc/x-ui/ -
nginx_secretsvolume mapped to/root/cert/
-
Nginx-Certbot Container¶
-
Name:
nginx-certbot -
Restart Policy:
unless-stopped -
Volumes:
-
nginx_secretsvolume mapped to/etc/letsencrypt -
/data/nginx/user_conf.dmapped to/etc/nginx/user_conf.d -
/data/nginx/letsencryptmapped to/var/www/letsencrypt
-
Proxy Servers¶
The system uses nginx-certbot as a reverse proxy and SSL terminator:
-
SSL/TLS: Automated certificate management via Certbot with a renewal interval of 8 days.
-
HTTP Redirection: All traffic on port 80 is automatically redirected to the HTTPS endpoint.
-
Proxy Configuration: Nginx acts as a reverse proxy for the
3x-uicontainer, handling WebSocket upgrades and passing headers such asX-Real-IP,X-Forwarded-For, andUpgrade.
Location of configuration files and data¶
| File/Directory | Host Path |
|---|---|
| Docker Compose File | /root/3x-ui/compose.yml |
| Nginx Environment File | /data/nginx/nginx-certbot.env |
| Nginx Configuration | /data/nginx/user_conf.d/<prefix><server_id>.hostkey.in.conf |
| Database Files | /data/3x-ui/db/ |
Available ports for connection¶
The following port mappings are utilized:
| Service | Internal Port | External/Proxy Port |
|---|---|---|
| 3X-UI Panel | 34171 | Managed via Nginx (HTTPS) |
| HTTP (Certbot) | 80 | 80 |
| HTTPS (Nginx) | 443 | 443 |