zbofrvo/common-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: xui inbound client must have enable:true, fix WS nginx headers

Browse Source 
- lessons-learned: add two critical issues from first real deployment
  1. client enable:false causes auto-removal by x-ui scheduler
  2. CF proxy strips Connection header, nginx must hardcode WS headers
- xray-inbound-config.md: fix API path, add enable:true to client,
  hardcode Upgrade/Connection headers in nginx WS location
This commit is contained in:
Team
2026-04-25 20:20:03 +08:00
parent 21a530484d
commit 881fbf6dbb
2 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/xui-deploy/references/lessons-learned.md
+32
View File
@@ -129,3 +129,35 @@ docker restart x-ui
- **CDN**: Cloudflare 橙云已开启
- **防火墙**: Oracle Cloud 安全组管理,不使用 ufw
- **KeePass 条目**: x-ui
### [2026-04-25] 客户端创建后被自动移除导致无法连接
**环境**: Ubuntu 20.04 / Docker (ghcr.io/mhsanaei/3x-ui:latest) / Xray 26.4.17
**现象**: 入站配置正确,Nginx 返回 101,但代理无法使用,Xray 日志反复出现 `Remove Inbound User due to expiration or traffic limit`
**原因**: 通过 API 创建客户端时未显式设置 `"enable": true`x-ui 默认写入 `enable: false`。x-ui 有定时任务会扫描并从 Xray 运行时移除禁用/过期客户端,导致 UUID 被删除,所有连接被拒绝
**解决**: 通过 API 更新客户端,显式设置 `enable: true`
```bash
curl -s -b /tmp/xui.cookie \
-X POST http://127.0.0.1:54321/xui/panel/api/inbounds/updateClient/<uuid> \
-H 'Content-Type: application/json' \
-d '{"id":<inbound_id>,"settings":"{\"clients\":[{\"id\":\"<uuid>\",\"flow\":\"\",\"enable\":true,\"expiryTime\":0,\"totalGB\":0}]}"}'
```
**预防**: 创建客户端时 `addClient` API 的 settings 里必须包含 `"enable":true`
```json
{"id": <inbound_id>, "settings": "{\"clients\":[{\"id\":\"<uuid>\",\"flow\":\"\",\"enable\":true}]}"}
```
### [2026-04-25] Nginx 转发 WebSocket 时 Connection 头丢失
**环境**: Ubuntu 20.04 / Nginx 1.18 / Cloudflare 橙云代理
**现象**: Xray 日志 `websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header`
**原因**: Cloudflare 回源时不传递 `Connection: upgrade` 头;若 Nginx 用 `proxy_set_header Connection $http_upgrade` 则当变量为空时传空值
**解决**: Nginx WS location 里硬编码头部值,不依赖客户端传入:
```nginx
location /ws/ {
proxy_pass http://127.0.0.1:<inbound_port>;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
```
skills/xui-deploy/references/xray-inbound-config.md
+3 -3
View File
@@ -56,7 +56,7 @@ UUID=$(ssh -i <key_path> -p <ssh_port> <user>@<host> "cat /proc/sys/kernel/rando
# 3. Create VLESS + WebSocket inbound
ssh -i <key_path> -p <ssh_port> <user>@<host> "
curl -sb /tmp/xui-cookie.txt \
-X POST http://127.0.0.1:<panel_port><base_path>xui/API/inbounds/add \
-X POST http://127.0.0.1:<panel_port><base_path>panel/api/inbounds/add \
-H 'Content-Type: application/json' \
-d '{
\"remark\": \"vless-ws\",
@@ -79,8 +79,8 @@ Append to the existing Nginx config (`/etc/nginx/conf.d/x-ui.conf`):
location /ws/ {
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 86400s;