This project forked from mhsanaei/3x-ui
〔3X-UI〕中文优化版,Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vless & Vmess & Trojan & ShadowSocks & Wireguard),基于原版3x-ui进行优化修改。
Home Page: https://t.me/XUI_CN
License: GNU General Public License v3.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
3x-ui面板生成的客户端配置文件中没有level字段,这导致流量统计开了跟没开一样,3x-ui面板首页的总带宽和总流量始终是0
Describe the bug
nginx 反代后,订阅返回服务端ip 为 客户端源IP
Expected behavior
fix
Version (please complete the following information):
Additional context
Nginx config:
server
{
listen 80;
listen 443 ssl reuseport;
listen 443 quic reuseport;
http2 on;
server_name la.xxxxxxxxxxxxx.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/la.xxxxxxxxxxxxx.com;
#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/la.xxxxxxxxxxxxx.com.conf;
#CERT-APPLY-CHECK--END
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/fullchain.pem;
ssl_certificate_key /www/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Alt-Svc 'h3=":443"; ma=86400';
error_page 497 https://$host$request_uri;
ssl_stapling on;
ssl_stapling_verify on;
ssl_ecdh_curve X25519:P-256;
#SSL-END
if ($scheme = http) {
return 301 https://$host$request_uri;
}
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
#清理缓存规则
location ~ /purge(/.*) {
proxy_cache_purge cache_one $host$1$is_args$args;
#access_log /www/wwwlogs/la.xxxxxxxxxxxxx.com_purge_cache.log;
}
#引用反向代理规则,注释后配置的反向代理将无效
location ^~ /av1561563/
{
proxy_pass http://127.0.0.1:2096/av1561563/; #**(只保留此行返回的address为:127.0.0.1)**
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_fileSipaPlin 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_fileSipaPlin 1;
expires 1m;
}
if ( $static_fileSipaPlin = 0 )
{
add_header Cache-Control no-cache;
}
}
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/la.xxxxxxxxxxxxx.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
access_log /www/wwwlogs/la.xxxxxxxxxxxxx.com.log;
error_log /www/wwwlogs/la.xxxxxxxxxxxxx.com.error.log;
}
详细说明:
开发者你好,我水平有限,只能尽可能提供详细的信息辅助定位问题。
目前怀疑是 这个PR 或者 这个X-REAL-IP pr 错误的被订阅引用了客户端IP。
具体复现操作
1.拥有一个域名,nginx根据以上config 反代,( https不影响bug结果)
2.面板内根据截图设置好反代路径 (不使用CF等CDN)
3.使用v2rayn等软件订阅。
4.根据反代规则会返回不同的值
如只保留 (proxy_pass http://127.0.0.1:2096/av1561563/; ,则客户端订阅后得到的服务器IP为127.0.0.1
若完整配置
proxy_pass http://127.0.0.1:2096/av1561563/; #**(只保留此行返回的address为:127.0.0.1)**
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
得到的值为客户端源IP,举个例子:vps ip 为 2.2.2.2,已经反代为la.xxxxxxxxxxxxx.com,客户端所在地公网ip为221.1.1.1,客户端使用订阅链接后,得到的address为:221.1.1.1,而不是正确的la.xxxxxxxxxxxxx.com。
报错:
It seems that you are using sudo, please read this page first:
https://github.com/acmesh-official/acme.sh/wiki/sudo
docker版可以修改access.log记录时长吗?原版只能记录一小时的日志,不太够用
提示安转成功,端口也放开了,网页访问不了
Version (please complete the following information):
Additional context
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.