#!/bin/bash # X-UI Sanaee Tunnel Integration Script # اسکریپت یکپارچه‌سازی پنل X-UI با تونل set -e # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' NC='\033[0m' print_colored() { echo -e "${2}${1}${NC}" } # Check if X-UI is installed check_xui_installation() { if ! systemctl is-active --quiet x-ui 2>/dev/null; then print_colored "X-UI is not installed or not running. Installing X-UI Sanaee..." "$YELLOW" install_xui_sanaee else print_colored "X-UI is already installed and running." "$GREEN" fi } # Install X-UI Sanaee install_xui_sanaee() { print_colored "Installing X-UI Sanaee panel..." "$BLUE" # Download and install X-UI Sanaee bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh) # Wait for installation to complete sleep 5 print_colored "X-UI Sanaee installed successfully!" "$GREEN" } # Detect server location detect_location() { print_colored "Detecting server location..." "$BLUE" COUNTRY=$(curl -s --connect-timeout 10 "http://ipinfo.io/country" 2>/dev/null || echo "") PUBLIC_IP=$(curl -s --connect-timeout 10 "http://ipinfo.io/ip" 2>/dev/null || echo "") if [[ "$COUNTRY" == "IR" ]]; then SERVER_TYPE="iran" print_colored "Detected: Iran Server (Bridge) - IP: $PUBLIC_IP" "$YELLOW" else SERVER_TYPE="foreign" print_colored "Detected: Foreign Server (Exit) - IP: $PUBLIC_IP" "$YELLOW" fi } # Setup Iran server with X-UI integration setup_iran_bridge() { print_colored "Setting up Iran server as bridge with X-UI..." "$GREEN" # Get foreign server details echo read -p "Enter foreign server IP address: " FOREIGN_IP read -p "Enter foreign server outbound port (default 443): " FOREIGN_PORT FOREIGN_PORT=${FOREIGN_PORT:-443} read -p "Enter UUID for tunnel (press enter to generate): " TUNNEL_UUID if [[ -z "$TUNNEL_UUID" ]]; then # Generate UUID using available tools if command -v uuidgen &> /dev/null; then TUNNEL_UUID=$(uuidgen) else TUNNEL_UUID=$(cat /proc/sys/kernel/random/uuid) fi fi print_colored "Configuration:" "$BLUE" print_colored "Foreign Server: $FOREIGN_IP:$FOREIGN_PORT" "$BLUE" print_colored "Tunnel UUID: $TUNNEL_UUID" "$BLUE" # Create outbound configuration for X-UI create_outbound_config # Setup routing rules setup_routing_rules # Create client configs for users create_client_configs # Display X-UI panel info show_xui_panel_info } # Setup foreign server setup_foreign_exit() { print_colored "Setting up foreign server as exit node..." "$GREEN" # Generate UUID for this server if command -v uuidgen &> /dev/null; then SERVER_UUID=$(uuidgen) else SERVER_UUID=$(cat /proc/sys/kernel/random/uuid) fi print_colored "Server UUID: $SERVER_UUID" "$BLUE" # Create inbound for receiving traffic from Iran server create_bridge_inbound # Show configuration for Iran server show_foreign_config } # Create outbound configuration for Iran server create_outbound_config() { print_colored "Creating outbound configuration..." "$BLUE" # Backup original X-UI config cp /etc/x-ui/x-ui.db /etc/x-ui/x-ui.db.backup.$(date +%Y%m%d_%H%M%S) # Create outbound JSON configuration cat > /tmp/outbound_config.json << EOF { "tag": "foreign-tunnel", "protocol": "vmess", "settings": { "vnext": [ { "address": "$FOREIGN_IP", "port": $FOREIGN_PORT, "users": [ { "id": "$TUNNEL_UUID", "alterId": 0, "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/tunnel-$(openssl rand -hex 8)", "headers": { "Host": "www.speedtest.net" } }, "tlsSettings": { "serverName": "www.speedtest.net", "allowInsecure": false } }, "mux": { "enabled": true, "concurrency": 8 } } EOF print_colored "Outbound configuration created at /tmp/outbound_config.json" "$GREEN" print_colored "You need to add this to X-UI panel manually." "$YELLOW" } # Setup routing rules setup_routing_rules() { print_colored "Setting up routing rules..." "$BLUE" cat > /tmp/routing_rules.json << EOF { "domainStrategy": "IPOnDemand", "rules": [ { "type": "field", "inboundTag": ["user-inbound"], "outboundTag": "foreign-tunnel" }, { "type": "field", "ip": ["geoip:private"], "outboundTag": "blocked" }, { "type": "field", "domain": ["geosite:ir"], "outboundTag": "direct" } ] } EOF print_colored "Routing rules created at /tmp/routing_rules.json" "$GREEN" } # Create client configurations create_client_configs() { print_colored "Creating client configurations..." "$BLUE" # Generate random values for client configs CLIENT_PORT_VMESS=8080 CLIENT_PORT_VLESS=8443 CLIENT_UUID=$(cat /proc/sys/kernel/random/uuid) CLIENT_PATH="/$(openssl rand -hex 12)" # VMESS Config cat > /tmp/client_vmess.json << EOF { "remark": "Iran-Bridge-VMess", "port": $CLIENT_PORT_VMESS, "protocol": "vmess", "settings": { "clients": [ { "id": "$CLIENT_UUID", "alterId": 0 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "$CLIENT_PATH" } }, "tag": "user-inbound" } EOF # VLESS Config cat > /tmp/client_vless.json << EOF { "remark": "Iran-Bridge-VLESS", "port": $CLIENT_PORT_VLESS, "protocol": "vless", "settings": { "clients": [ { "id": "$CLIENT_UUID", "flow": "" } ], "decryption": "none" }, "streamSettings": { "network": "ws", "wsSettings": { "path": "$CLIENT_PATH-vless" } }, "tag": "user-inbound" } EOF print_colored "Client configurations created:" "$GREEN" print_colored "- VMess: /tmp/client_vmess.json (Port: $CLIENT_PORT_VMESS)" "$BLUE" print_colored "- VLESS: /tmp/client_vless.json (Port: $CLIENT_PORT_VLESS)" "$BLUE" print_colored "- Client UUID: $CLIENT_UUID" "$BLUE" print_colored "- WebSocket Path: $CLIENT_PATH" "$BLUE" } # Create bridge inbound for foreign server create_bridge_inbound() { print_colored "Creating bridge inbound configuration..." "$BLUE" BRIDGE_PORT=443 BRIDGE_PATH="/tunnel-$(openssl rand -hex 8)" cat > /tmp/bridge_inbound.json << EOF { "remark": "Bridge-From-Iran", "port": $BRIDGE_PORT, "protocol": "vmess", "settings": { "clients": [ { "id": "$SERVER_UUID", "alterId": 0 } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "$BRIDGE_PATH" }, "tlsSettings": { "certificates": [ { "certificateFile": "/etc/ssl/certs/x-ui.crt", "keyFile": "/etc/ssl/private/x-ui.key" } ] } } } EOF # Generate SSL certificate generate_ssl_cert print_colored "Bridge inbound configuration created:" "$GREEN" print_colored "- Port: $BRIDGE_PORT" "$BLUE" print_colored "- UUID: $SERVER_UUID" "$BLUE" print_colored "- Path: $BRIDGE_PATH" "$BLUE" } # Generate SSL certificate generate_ssl_cert() { mkdir -p /etc/ssl/private openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \ -subj "/C=US/ST=State/L=City/O=Organization/CN=tunnel.local" \ -keyout /etc/ssl/private/x-ui.key \ -out /etc/ssl/certs/x-ui.crt chmod 600 /etc/ssl/private/x-ui.key chmod 644 /etc/ssl/certs/x-ui.crt } # Show X-UI panel information show_xui_panel_info() { print_colored "\n=== X-UI Panel Information ===" "$GREEN" # Get X-UI port and credentials XUI_PORT=$(grep -o 'port.*[0-9]*' /etc/x-ui/x-ui.db 2>/dev/null | tail -1 | grep -o '[0-9]*' || echo "54321") print_colored "Panel URL: http://$PUBLIC_IP:$XUI_PORT" "$BLUE" print_colored "Default Username: admin" "$BLUE" print_colored "Default Password: admin" "$BLUE" print_colored "\nIMPORTANT: Change default credentials after first login!" "$RED" } # Show foreign server configuration show_foreign_config() { print_colored "\n=== Foreign Server Configuration ===" "$GREEN" print_colored "Use these settings in Iran server outbound:" "$YELLOW" print_colored "Address: $PUBLIC_IP" "$BLUE" print_colored "Port: 443" "$BLUE" print_colored "UUID: $SERVER_UUID" "$BLUE" print_colored "Path: $BRIDGE_PATH" "$BLUE" print_colored "TLS: enabled" "$BLUE" } # Optimize system performance optimize_system() { print_colored "Optimizing system performance..." "$BLUE" # TCP BBR echo 'net.core.default_qdisc=fq' >> /etc/sysctl.conf echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.conf # Network optimizations cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_fastopen=3 net.ipv4.tcp_slow_start_after_idle=0 net.core.rmem_max=67108864 net.core.wmem_max=67108864 net.ipv4.tcp_rmem=4096 65536 67108864 net.ipv4.tcp_wmem=4096 65536 67108864 net.core.netdev_max_backlog=30000 net.ipv4.tcp_max_syn_backlog=8192 net.ipv4.ip_forward=1 EOF sysctl -p # Increase file limits echo '* soft nofile 51200' >> /etc/security/limits.conf echo '* hard nofile 51200' >> /etc/security/limits.conf } # Setup firewall setup_firewall() { print_colored "Configuring firewall..." "$BLUE" # Install UFW if not present apt update && apt install -y ufw # Reset and configure UFW ufw --force reset ufw default deny incoming ufw default allow outgoing # Allow SSH ufw allow ssh # Allow X-UI panel port XUI_PORT=$(grep -o 'port.*[0-9]*' /etc/x-ui/x-ui.db 2>/dev/null | tail -1 | grep -o '[0-9]*' || echo "54321") ufw allow $XUI_PORT/tcp # Allow common ports ufw allow 80/tcp ufw allow 443/tcp ufw allow 8080/tcp ufw allow 8443/tcp ufw --force enable print_colored "Firewall configured. Allowed ports: SSH, $XUI_PORT, 80, 443, 8080, 8443" "$GREEN" } # Display setup instructions show_setup_instructions() { print_colored "\n=== Setup Instructions ===" "$GREEN" if [[ "$SERVER_TYPE" == "iran" ]]; then print_colored "\n🇮🇷 IRAN SERVER (BRIDGE) SETUP:" "$YELLOW" print_colored "1. Access X-UI panel: http://$PUBLIC_IP:$XUI_PORT" "$BLUE" print_colored "2. Go to 'Outbound' section" "$BLUE" print_colored "3. Add the outbound config from: /tmp/outbound_config.json" "$BLUE" print_colored "4. Go to 'Routing' section" "$BLUE" print_colored "5. Add routing rules from: /tmp/routing_rules.json" "$BLUE" print_colored "6. Add client inbounds from:" "$BLUE" print_colored " - VMess: /tmp/client_vmess.json" "$BLUE" print_colored " - VLESS: /tmp/client_vless.json" "$BLUE" print_colored "7. Restart X-UI service" "$BLUE" else print_colored "\n🌍 FOREIGN SERVER (EXIT) SETUP:" "$YELLOW" print_colored "1. Access X-UI panel: http://$PUBLIC_IP:$XUI_PORT" "$BLUE" print_colored "2. Add the bridge inbound from: /tmp/bridge_inbound.json" "$BLUE" print_colored "3. Configure the Iran server with these details:" "$BLUE" print_colored " - Address: $PUBLIC_IP" "$BLUE" print_colored " - Port: 443" "$BLUE" print_colored " - UUID: $SERVER_UUID" "$BLUE" fi print_colored "\n=== Client Connection (for Iran users) ===" "$GREEN" if [[ "$SERVER_TYPE" == "iran" ]]; then print_colored "VMess Configuration:" "$BLUE" print_colored "Address: $PUBLIC_IP" "$BLUE" print_colored "Port: 8080" "$BLUE" print_colored "UUID: $CLIENT_UUID" "$BLUE" print_colored "Path: $CLIENT_PATH" "$BLUE" print_colored "Network: ws" "$BLUE" print_colored "TLS: disabled (for inbound)" "$BLUE" fi } # Main function main() { print_colored "X-UI Sanaee Tunnel Integration Script" "$GREEN" print_colored "اسکریپت یکپارچه‌سازی پنل X-UI با تونل" "$GREEN" print_colored "========================================" "$GREEN" # Check if running as root if [[ $EUID -ne 0 ]]; then print_colored "This script must be run as root (sudo)" "$RED" exit 1 fi # Detect location detect_location # Check X-UI installation check_xui_installation # Setup based on server type if [[ "$SERVER_TYPE" == "iran" ]]; then setup_iran_bridge else setup_foreign_exit fi # Optimize system optimize_system # Setup firewall setup_firewall # Show instructions show_setup_instructions print_colored "\n=== Setup Complete! ===" "$GREEN" print_colored "Configuration files are ready in /tmp/" "$BLUE" print_colored "Follow the instructions above to complete the setup in X-UI panel." "$YELLOW" # Restart X-UI to apply any changes systemctl restart x-ui print_colored "\nX-UI service restarted successfully!" "$GREEN" } # Run main function main "$@"