Create key

Dockerfile

@@ -1,34 +1,26 @@
 FROM debian:bullseye-slim
 
-# Install prerequisites
+# Install necessary packages and clean up
 RUN apt-get update && apt-get install -y \
-    curl \
-    gnupg \
-    ca-certificates \
     dos2unix \
     wget \
+    curl \
     tar \
     bash \
+    ca-certificates \
     --no-install-recommends && \
     rm -rf /var/lib/apt/lists/*
 
 SHELL ["/bin/bash", "-c"]
 
-# Set a working directory
-WORKDIR /opt/app
-
-# Install tools
-ARG SINGBOX_VERSION=1.12.8
-RUN wget -O /tmp/sing-box.tar.gz "https://github.com/SagerNet/sing-box/releases/download/v${SINGBOX_VERSION}/sing-box-${SINGBOX_VERSION}-linux-amd64.tar.gz" && \
-    tar -zxvf /tmp/sing-box.tar.gz -C /tmp && \
-    mv /tmp/sing-box-${SINGBOX_VERSION}-linux-amd64/sing-box /usr/local/bin/sing-box && \
-    chmod +x /usr/local/bin/sing-box && \
-    rm -rf /tmp/sing-box*
+# Install chisel
 ARG CHISEL_VERSION=1.10.1
 RUN wget https://github.com/jpillora/chisel/releases/download/v${CHISEL_VERSION}/chisel_${CHISEL_VERSION}_linux_amd64.gz -O /tmp/chisel.gz && \
     gunzip /tmp/chisel.gz && \
     mv /tmp/chisel /usr/local/bin/chisel && \
     chmod +x /usr/local/bin/chisel
+
+# Download and extract 3x-ui
 RUN ARCH=$(uname -m) && \
     if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; fi && \
     if [ "$ARCH" = "aarch64" ]; then ARCH="arm64"; fi && \
@@ -38,22 +30,19 @@ RUN ARCH=$(uname -m) && \
     tar -zxvf /usr/local/x-ui-linux-*.tar.gz -C /usr/local/x-ui/ --strip-components=1 && \
     rm /usr/local/x-ui-linux-*.tar.gz && \
     chmod +x /usr/local/x-ui/x-ui && \
-    cp /usr/local/x-ui/x-ui.sh /usr/bin/x-ui && \
-    
-    # --- Backup original bin contents ---
-    mkdir -p /opt/xray-backup && \
-    cp -r /usr/local/x-ui/bin/. /opt/xray-backup/
+    cp /usr/local/x-ui/x-ui.sh /usr/bin/x-ui
 
-# Copy all files from the build context (huggingface-x-ui-final) into the work directory
-COPY . .
+# Copy the startup script
+COPY start.sh /usr/local/bin/start.sh
 
-# Make scripts executable
-RUN chmod +x /opt/app/warp_proxy.sh && \
-    chmod +x /opt/app/start.sh
+# Make the script executable
+RUN chmod +x /usr/local/bin/start.sh
 
 # Expose the x-ui port
-EXPOSE 2023
+EXPOSE 62789
 
 # Set the entrypoint to our startup script
 RUN chmod -R 777 /usr/local/x-ui/
-ENTRYPOINT ["/bin/bash", "-c", "/opt/app/start.sh"]
+ENTRYPOINT ["/bin/bash", "-c", "/usr/local/bin/start.sh"]
+# Trivial change to force rebuild
+

README.md

@@ -1,11 +1,12 @@
 ---
 license: mit
-title: X-UI with Chisel and WARP
+title: x-ui
 sdk: docker
 emoji: 🚀
 colorFrom: gray
 colorTo: indigo
 pinned: true
-app_port: 2023
+app_port: 2053
 persistent_storage: true
 ---
+--- title: X-UI Proxy emoji: 🚀 colorFrom: blue colorTo: indigo sdk: docker app_port: 2053 sdk_version: "1.0" pinned: false ---\n\n# X-UI Proxy Hugging Face Space\n\nThis Space hosts a Dockerized X-UI instance, accessible via a Chisel tunnel.

start.sh

@@ -1,30 +1,4 @@
 #!/bin/bash
-# Restore original xray binaries and data files from the backup location
-# to the tmpfs-mounted bin directory.
-cp -r /opt/xray-backup/. /usr/local/x-ui/bin/
-echo "Architecture: $(uname -m)"
-
-# --- Restore Configs from baked-in repo files ---
-CONFIG_DIR_IN_REPO="/opt/app/x-ui-configs"
-LIVE_XUI_DB_PATH="/tmp/x-ui.db"
-LIVE_XRAY_CONFIG_PATH="/usr/local/x-ui/bin/config.json"
-
-echo "Restoring configs from baked-in files..."
-if [ -f "${CONFIG_DIR_IN_REPO}/config.json" ]; then
-    cp -f "${CONFIG_DIR_IN_REPO}/config.json" "${LIVE_XRAY_CONFIG_PATH}"
-    echo "Restored config.json"
-fi
-if [ -f "${CONFIG_DIR_IN_REPO}/x-ui.db" ]; then
-    cp -f "${CONFIG_DIR_IN_REPO}/x-ui.db" "${LIVE_XUI_DB_PATH}"
-    echo "Restored x-ui.db"
-fi
-# --- End Restore ---
-
-# --- WARP SOCKS Proxy Setup ---
-echo "Starting WARP SOCKS5 proxy via sing-box..."
-nohup /opt/app/warp_proxy.sh > /tmp/warp.log 2>&1 &
-echo "WARP SOCKS5 proxy started in background. Log at /tmp/warp.log"
-# --- End WARP SOCKS Proxy Setup ---
 
 # Set a writable directory for the x-ui database
 export XUI_DB_FOLDER=/tmp
@@ -33,8 +7,7 @@ export XUI_DB_FOLDER=/tmp
 run_chisel() {
   while true; do
     echo "Starting chisel client..."
-    # This is the line from the user's last instruction
-    /usr/local/bin/chisel client -v --auth "cloud:2025" --keepalive 25s "https://vds1.iri1968.dpdns.org/chisel-ws" R:8080:127.0.0.1:2023 R:8081:127.0.0.1:20001
+    /usr/local/bin/chisel client -v --auth "cloud:2025" vds1.iri1968.dpdns.org:8443 R:8000:127.0.0.1:2053
     echo "Chisel client exited. Restarting in 5 seconds..."
     sleep 5
   done
@@ -43,21 +16,12 @@ run_chisel() {
 # Start chisel in the background
 run_chisel &
 
-# Wait a moment for the background process to start
-sleep 2
-
-# --- ADDED USER SETTINGS ---
-echo "Configuring x-ui web base path..."
+# Set webBasePath
 /usr/local/x-ui/x-ui setting -webBasePath /
 
-echo "Resetting x-ui admin credentials..."
+# Reset x-ui admin credentials to admin/admin
 /usr/local/x-ui/x-ui setting -username prog10 -password 04091968
 
-# This command is from a previous step, it is needed for the port
-/usr/local/x-ui/x-ui setting -port 2023
-# --- END ADDED SETTINGS ---
-
 # Start x-ui in the foreground
-echo "Starting x-ui panel..."
 cd /usr/local/x-ui
-exec ./x-ui
+./x-ui

sync.sh

@@ -1,73 +0,0 @@
-#!/bin/bash
-
-# This script assumes that start.sh has already cloned the repo and set up SSH.
-
-# --- Paths ---
-# The git repo is cloned into /tmp/repo by start.sh
-GIT_REPO_DIR="/tmp/repo"
-LOG_FILE="/tmp/sync.log"
-
-# Live files to be backed up
-XUI_DB_PATH="/tmp/x-ui.db"
-XRAY_CONFIG_PATH="/usr/local/x-ui/bin/config.json"
-
-# Destination for the backed up files inside the git repo
-TARGET_DIR="${GIT_REPO_DIR}/x-ui-configs"
-
-# Git commit message
-COMMIT_MESSAGE="Automatic sync of x-ui configs"
-
-# --- Functions ---
-
-log() {
-  echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
-}
-
-# --- Main ---
-
-log "--- Starting Hourly Sync ---"
-
-# Navigate to the Git repository
-if [ ! -d "$GIT_REPO_DIR/.git" ]; then
-  log "Error: Git repository not found at $GIT_REPO_DIR. Exiting sync."
-  exit 1
-fi
-cd "$GIT_REPO_DIR" || exit 1
-
-# Configure git user for this operation
-git config user.email "igor04091968@gmail.com"
-git config user.name "igor04091968"
-
-# Pull latest changes first to avoid conflicts
-log "Pulling latest changes from remote..."
-git pull --rebase
-
-# Ensure the target directory for configs exists
-mkdir -p "$TARGET_DIR"
-
-# Copy live files into the git repo
-log "Copying live db from ${XUI_DB_PATH} and config from ${XRAY_CONFIG_PATH} into git repo..."
-cp -f "${XUI_DB_PATH}" "${TARGET_DIR}/x-ui.db"
-cp -f "${XRAY_CONFIG_PATH}" "${TARGET_DIR}/config.json"
-
-# Add, commit, and push
-log "Adding changes to git..."
-git add "$TARGET_DIR/x-ui.db" "$TARGET_DIR/config.json"
-
-# Commit only if there are changes
-if ! git diff-index --quiet HEAD; then
-  log "Found changes, committing..."
-  git commit -m "$COMMIT_MESSAGE"
-  log "Committed changes."
-  
-  log "Pushing changes to remote..."
-  if git push; then
-    log "Successfully pushed changes to the remote repository."
-  else
-    log "Error: Failed to push changes."
-  fi
-else
-  log "No changes to commit."
-fi
-
-log "--- Hourly Sync Finished ---"

warp_proxy.sh

@@ -1,58 +0,0 @@
-#!/bin/bash
-# Based on the entrypoint from Mon-ius/Docker-Warp-Socks v5
-
-set -e
-sleep 3
-
-# Get WARP configuration
-RESPONSE=$(curl -fsSL bit.ly/create-cloudflare-warp | sh -s)
-
-# Extract variables
-CF_CLIENT_ID=$(echo "$RESPONSE" | grep -oP '(?<=CLIENT_ID = ).*$')
-CF_PRIVATE_KEY=$(echo "$RESPONSE" | grep -oP '(?<=PRIVATE_KEY = ).*$')
-CF_ADDR_V4=$(echo "$RESPONSE" | grep -oP '(?<=V4 = ).*$')
-CF_ADDR_V6=$(echo "$RESPONSE" | grep -oP '(?<=V6 = ).*$')
-
-# Generate sing-box config
-cat > /tmp/sing-box-config.json <<EOF
-{
-  "log": {
-    "level": "info",
-    "timestamp": true
-  },
-  "inbounds": [
-    {
-      "type": "socks",
-      "tag": "socks-in",
-      "listen": "0.0.0.0",
-      "listen_port": 1080
-    }
-  ],
-  "outbounds": [
-    {
-      "type": "wireguard",
-      "tag": "warp-out",
-      "server": "engage.cloudflareclient.com",
-      "server_port": 2408,
-      "local_address": [
-        "${CF_ADDR_V4}/32",
-        "${CF_ADDR_V6}/128"
-      ],
-      "private_key": "${CF_PRIVATE_KEY}",
-      "peer_public_key": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=",
-      "reserved": [${reserved_bytes}],
-      "mtu": 1280
-    }
-  ]
-}
-EOF
-
-# Replace reserved_bytes placeholder
-# od -An -t u1 formats the bytes as unsigned decimal integers
-reserved_bytes=$(echo "$CF_CLIENT_ID" | base64 -d | od -An -t u1 | awk 
-'{print $1", "$2", "$3}')
-sed -i "s/\[${reserved_bytes}\]/\[${reserved_bytes}\]/" /tmp/sing-box-config.json
-
-
-echo "Starting sing-box WARP proxy..."
-exec /usr/local/bin/sing-box run -c /tmp/sing-box-config.json

x-ui-configs/config.json

@@ -1,135 +0,0 @@
-{
-  "log": {
-    "access": "none",
-    "dnsLog": false,
-    "error": "",
-    "loglevel": "warning",
-    "maskAddress": ""
-  },
-  "routing": {
-    "domainStrategy": "AsIs",
-    "rules": [
-      {
-        "type": "field",
-        "inboundTag": [
-          "api"
-        ],
-        "outboundTag": "api"
-      },
-      {
-        "type": "field",
-        "outboundTag": "blocked",
-        "ip": [
-          "geoip:private"
-        ]
-      },
-      {
-        "type": "field",
-        "outboundTag": "blocked",
-        "protocol": [
-          "bittorrent"
-        ]
-      },
-      {
-        "type": "field",
-        "network": "tcp,udp",
-        "outboundTag": "warp-out"
-      }
-    ]
-  },
-  "dns": null,
-  "inbounds": [
-    {
-      "listen": "127.0.0.1",
-      "port": 62789,
-      "protocol": "tunnel",
-      "settings": {
-        "address": "127.0.0.1"
-      },
-      "streamSettings": null,
-      "tag": "api",
-      "sniffing": null
-    },
-    {
-      "tag": "vless-in",
-      "port": 20001,
-      "listen": "0.0.0.0",
-      "protocol": "vless",
-      "settings": {
-        "clients": [
-          {
-            "id": "978b0df4-479f-452b-8cff-816ec34b04af",
-            "email": "user@example.com"
-          }
-        ],
-        "decryption": "none"
-      },
-      "streamSettings": {
-        "network": "ws",
-        "wsSettings": {
-          "path": "/vds1client"
-        }
-      }
-    }
-  ],
-  "outbounds": [
-    {
-      "tag": "direct",
-      "protocol": "freedom",
-      "settings": {
-        "domainStrategy": "AsIs",
-        "redirect": "",
-        "noises": []
-      }
-    },
-    {
-      "tag": "blocked",
-      "protocol": "blackhole",
-      "settings": {}
-    },
-    {
-      "protocol": "socks",
-      "settings": {
-        "servers": [
-          {
-            "address": "127.0.0.1",
-            "port": 1080
-          }
-        ]
-      },
-      "tag": "warp-out"
-    }
-  ],
-  "transport": null,
-  "policy": {
-    "levels": {
-      "0": {
-        "statsUserDownlink": true,
-        "statsUserUplink": true
-      }
-    },
-    "system": {
-      "statsInboundDownlink": true,
-      "statsInboundUplink": true,
-      "statsOutboundDownlink": false,
-      "statsOutboundUplink": false
-    }
-  },
-  "api": {
-    "tag": "api",
-    "services": [
-      "HandlerService",
-      "LoggerService",
-      "StatsService"
-    ]
-  },
-  "stats": {},
-  "reverse": null,
-  "fakedns": null,
-  "observatory": null,
-  "burstObservatory": null,
-  "metrics": {
-    "tag": "metrics_out",
-    "listen": "127.0.0.1:11111"
-  }
-}

x-ui-deployment-scheme.md

@@ -0,0 +1,49 @@
+# X-UI Deployment Scheme
+
+This document outlines the architecture for deploying and accessing the X-UI web interface, leveraging Nginx for secure HTTPS access and Chisel for tunneling.
+
+## Components:
+
+1.  **X-UI Docker Container:**
+    *   Runs the X-UI application, listening on port `2053`.
+    *   Includes a `chisel` client that establishes a reverse tunnel.
+
+2.  **Chisel Client (inside Docker Container):**
+    *   Connects to `vds1.iri1968.dpdns.org` on port `80`.
+    *   Establishes a reverse tunnel: `R:8443:localhost:2053`. This means any traffic sent to `localhost:8443` on `vds1.iri1968.dpdns.org` will be forwarded to `localhost:2053` inside the Docker container (where X-UI is running).
+
+3.  **Nginx on `vds1.iri1968.dpdns.org`:**
+    *   **HTTPS Listener (Port 443):**
+        *   Listens for secure HTTPS traffic on `vds1.iri1968.dpdns.org`.
+        *   Uses Let's Encrypt SSL certificates for secure communication.
+        *   Proxies all incoming requests to `http://localhost:8443` on the `vds1` server.
+        *   Includes WebSocket support headers (`Upgrade` and `Connection: upgrade`) for proper X-UI panel and proxy traffic handling.
+    *   **HTTP Listener (Port 80):**
+        *   Listens for insecure HTTP traffic on `vds1.iri1968.dpdns.org`.
+        *   Redirects all HTTP traffic to HTTPS (`https://$host$request_uri;`).
+
+## Access Flow:
+
+1.  **User Access (Browser):**
+    *   The user opens their web browser and navigates to `https://vds1.iri1968.dpdns.org`.
+
+2.  **Nginx Processing (on `vds1.iri1968.dpdns.org`):**
+    *   Nginx receives the HTTPS request on port `443`.
+    *   It decrypts the SSL traffic using the configured certificates.
+    *   Nginx then proxies this request internally to `http://localhost:8443` on the `vds1` server.
+
+3.  **Chisel Server Processing (on `vds1.iri1968.dpdns.org`):**
+    *   The `chisel` server (which is configured to listen on port `8443` due to the reverse tunnel initiated by the client in the Docker container) receives the request from Nginx.
+    *   The `chisel` server forwards this request through the established `chisel` tunnel back to the `chisel` client running inside the Docker container.
+
+4.  **Chisel Client & X-UI (inside Docker Container):**
+    *   The `chisel` client inside the Docker container receives the request from the `chisel` server.
+    *   It then forwards this request to `localhost:2053` within its own container, where the X-UI web interface is actively listening.
+    *   X-UI processes the request and sends the response back through the same tunnel in reverse.
+
+## Summary of Access Points:
+
+*   **Primary Access (Recommended):** `https://vds1.iri1968.dpdns.org` (secure, external access via Nginx and Chisel tunnel).
+*   **Direct Container Access (Local Only):** `http://localhost:2053` (if the container's port 2053 is mapped to the host's 2053, for local testing/development).
+
+This setup ensures secure, encrypted communication from the user's browser to the Nginx server, and then leverages the `chisel` tunnel for secure and reliable internal communication to the X-UI application, even if the X-UI container is behind a NAT or firewall.

x-ui.key

@@ -0,0 +1 @@
+key