Tag: Server

v2ray server setup tutorial

Get your server up to date:

1apt update && apt upgrade -y

Also install curl and socat:

1apt install curl socat -y

Install Acme Script

Download and install the Acme script for getting a free SSL certificate:

1curl https://get.acme.sh | sh

Get Free SSL Certificate

Set the default provider to Let’s Encrypt:

1~/.acme.sh/acme.sh –set-default-ca –server letsencrypt

Register your account for a free SSL certificate. In the next command, replace xxxx@xxxx.com by your actual email address:

1~/.acme.sh/acme.sh –register-account -m xxxx@xxxx.com

Obtain an SSL certificate. In the next command, replace host.mydomain.com by your actual host name:

1~/.acme.sh/acme.sh –issue -d host.mydomain.com –standalone

After a minute or so, the script terminates. On success, you will receive feedback as to the location of the certificate and key:

1
2
3
4		Your cert is in: /root/.acme.sh/host.mydomain.com/host.mydomain.com.cer
Your cert key is in: /root/.acme.sh/host.mydomain.com/host.mydomain.com.key
The intermediate CA cert is in: /root/.acme.sh/host.mydomain.com/ca.cer
And the full chain certs is there: /root/.acme.sh/host.mydomain.com/fullchain.cer

You cannot use the certificate and key in their current locations, as these may be temporary. Therefore install the certificate and key to a permanent location. In the next command, replace host.mydomain.com by your actual host name:

1~/.acme.sh/acme.sh –installcert -d host.mydomain.com –key-file /root/private.key –fullchain-file /root/cert.crt
Install certificate and key issued by Acme script

Run the X-UI Install Script

Download and run the one-click install script provided by the developer:

1bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)

Common Panel Commands

From the command line, you can control the server with various commands:

CommandEffect
x-uiDisplay the management menu
x-ui startStart the X-UI panel
x-ui stopStop the X-UI panel
x-ui restartRestart the X-UI panel
x-ui statusView X-UI status
x-ui enableSet X-UI to start automatically after boot
x-ui disableCancel X-UI boot from start
x-ui logView X-UI log
x-ui updateUpdate the X-UI panel
x-ui installInstall X-UI panel
x-ui uninstallUninstall X-UI panel

First Time Login

You can get to the X-UI panel on your PC by opening a browser and typing your server IP address and port 54321. For example:

1http://123.45.67.89:54321

By default, the login user name is admin, and the password is also admin.

First-time login to X-UI panel

Side Menu

After you have logged in, the side menu offers these options:

ChineseEnglish
系统状态System status
入站列表Inbound list
面板设置Panel settings
其他Other
退出登录Sign out
Side menu on X-UI panel

Enable HTTPS on Panel

You will notice that, at first, you used plain text HTTP to reach the panel. This is not secure.

To enable HTTPS, choose 面板设置 (Panel settings).

You will need to specify your certificate and key.

1
2
3
4		面板证书公钥文件路径
填写一个 ‘/’ 开头的绝对路径,重启面板生效
Panel certificate public key file path
Fill in an absolute path starting with’/’, restart the panel to take effect

Fill in /root/cert.crt.

1
2
3
4		面板证书密钥文件路径
填写一个 ‘/’ 开头的绝对路径,重启面板生效
Panel certificate key file path
Fill in an absolute path starting with’/’, restart the panel to take effect

Fill in /root/private.key.

Specifying certificate and key in X-UI panel settings

Save these options.

Now in your SSH session issue the command:

1x-ui restart

Now you can reach the panel using HTTPS. For example:

1https://host.mydomain.com:54321
HTTPS login to X-UI panel

Change Admin Password

The default admin user name admin and password admin are the same for all installations. This is not secure. Input the old values of admin and admin, and choose new, unique values:

ChineseEnglish
原用户名Original user name
原密码Old password
新用户名New user name
新密码New password
X-UI panel change user name and password

Save the new values.

Sign out, then sign in again with the new user name and password.

HTTPS login with new user name and password

Add VLESS+XTLS Xray User

We are going to add an inbound user account using VLESS and Xray. VLESS is an an updated version of the older Vmess protocol. After several developers found flaws in Vmess protocol and showed that the Vmess protocol can be detected by deep packet inspection or DPI, VLESS was developed. (Note that it is plain Vmess that can be detected; Vmess+WS+TLS is still secure and supports the use of a CDN.) Xray core was developed as an alternative to the older V2Ray core. According to the Xray developers, Xray is more stable, better for UDP gaming, and 30% faster than V2Ray. XTLS speeds up TLS by reducing double-encryption.

On the side menu, select 入站列表 (Inbound list).

Click the plus sign to add a new inbound user.

The 添加入站 (Add inbound) box appears.

Enter fields as follows.

FieldContents
RemarkPut a unique and meaningful description
EnableOn
Protocolvless
监听 IP Listening IPLeave blank
端口 Port443
总流量(GB) Total bandwidth (GB)0 means unlimited
到期时间 Expiry dateBlank
IdLeave the generated UUID as is
Flowxtls-rprx-direct
FallbacksNone
传输 Transmissiontcp
HTTP 伪装 masqueradingOff
TLSOff
XTLSOn
域名 Domain namePut your host name, e.g. host.mydomain.com
公钥文件路径 Public key file path/root/cert.crt
密钥文件路径 Key file path/root/private.key
SniffingOn
Adding a new VLESS+XTLS user

Save the new user.

Click the 操作 (operating) button at the start of its row to display the QR code for the new user.

Displaying QR code in X-UI panel

Client

Clients are available for Android, iOS, Windows, macOS, and Linux. Examples are v2rayNG, Shadowrocket, and Qv2ray.

Add the profile in the QR code to your client.

Example of Qv2ray client

You can check that your connection is working by opening a browser and going to https://whatismyipaddress.com.

whatismyipaddress.com

Android , Windows , ios v2ray free app fair – NapsternetV

Setup OpenConnect VPN Server for Cisco AnyConnect on Ubuntu 14.04 x64

OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.

This article will show you how to install and setup ocserv on Ubuntu 14.04 x64.

Installing ocserv

Since Ubuntu 14.04 does not ship with ocserv, we will have to download the source code and compile it. The latest stable version of ocserv is 0.9.2.

Download ocserv from the official site.

wget ftp://ftp.infradead.org/pub/ocserv/ocserv-0.9.2.tar.xz
tar -xf ocserv-0.9.2.tar.xz
cd ocserv-0.9.2

Next, install the compile dependencies.

apt-get install build-essential pkg-config libgnutls28-dev libwrap0-dev libpam0g-dev libseccomp-dev libreadline-dev libnl-route-3-dev

Compile and install ocserv.

./configure
make
make install

Configuring ocserv

A sample config file is placed under the directory ocser-0.9.2/doc. We will use this file as a template. At first, we have to make our own CA cert and server cert.

cd ~
apt-get install gnutls-bin
mkdir certificates
cd certificates

We create a CA template file (ca.tmpl) with the content similar to the following. You can set your own “cn” and “organization”.

cn = "VPN CA" 
organization = "Big Corp" 
serial = 1 
expiration_days = 3650
ca 
signing_key 
cert_signing_key 
crl_signing_key

Then, generate a CA key and CA cert.

certtool --generate-privkey --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem

Next, create a local server certificate template file (server.tmpl) with the the content below. Please pay attention to the “cn” field, it must match the DNS name or IP address of your server.

cn = "you domain name or ip"
organization = "MyCompany" 
expiration_days = 3650 
signing_key 
encryption_key
tls_www_server

Then, generate the server key and certificate.

certtool --generate-privkey --outfile server-key.pem
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem

Copy the key, certificate, and config file to the ocserv config directory.

mkdir /etc/ocserv
cp server-cert.pem server-key.pem /etc/ocserv
cd ~/ocserv-0.9.2/doc
cp sample.config /etc/ocserv/config
cd /etc/ocserv

Edit the config file under /etc/ocserv. Uncomment or modify the fields described below.

auth = "plain[/etc/ocserv/ocpasswd]"

try-mtu-discovery = true

server-cert = /etc/ocserv/server-cert.pem
server-key = /etc/ocserv/server-key.pem

dns = 8.8.8.8

# comment out all route fields
#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64
#no-route = 192.168.5.0/255.255.255.0

cisco-client-compat = true

Generate a user that will be used to login to ocserv.

ocpasswd -c /etc/ocserv/ocpasswd username

Enable NAT.

iptables -t nat -A POSTROUTING -j MASQUERADE

Enable IPv4 forwarding. Edit the file /etc/sysctl.conf.

net.ipv4.ip_forward=1

Apply this modification.

sysctl -p /etc/sysctl.conf

Start ocserv and connect using Cisco AnyConnect

First, start ocserv.

ocserv -c /etc/ocserv/config

Then, install Cisco AnyConnect on any of your devices, such as iPhone, iPad, or an Android device. Since we used a self-signed server key and certificate, we have to uncheck the option which prevents insecure servers. This option is located in the settings of AnyConnect. At this point, we can setup a new connection with the domain name or IP address of our ocserv and the username/password that we created.

Connect and enjoy!

How to Change the Administrator Password in Windows Server 2008 R2, 2012, 2012R2, 2016

In the event that you need to change your server administrator password you can do so by following the steps below.

Please Note: If you are going to change your administrator password. You will need to contact the support office with your new password so the system can be updated with the new password.

Change your Server Administrator Password in Windows Server 2012

  1. Log into your server via Remote Desktop.
  2. Press your Windows key and type Administrative Tools.
  3. Double click on Computer Management.
  4. Expand Local Users and Groups.
  5. Click on Users
  6. Right click on Administrator. Click on Set Password > Proceed

7.Type your new password in both fields then press OK.

Change your Sever Administrator Password in Windows Server 2008 R2

  1. Log into your server via Remote Desktop.
  2. Right click on Computer  and select Manage.
  3. Double click Configuration.
  4. Expand Local Users and Groups and then select Users.
  5. Right click on Administrator and choose Set Password and then click Proceed.

6.Type in the new password and select OK.

Change your Sever Administrator Password in Windows Server 2003

  1. Log into your server via Remote Desktop.
  2. Right click on My Computer  and select Manage.
  3. Expand Local Users and Groups and then select Users.
  4. Right click on Administrator and choose Set Password and then click Proceed.

5.Type in the new password and select OK.