3x-ui/deploy
MHSanaei 5c725df702
Some checks failed
CI / go-test (push) Has been cancelled
CI / codegen (push) Has been cancelled
CI / govulncheck (push) Has been cancelled
CI / race (push) Has been cancelled
CI / fuzz-smoke (push) Has been cancelled
CI / golangci (push) Has been cancelled
CI / frontend (push) Has been cancelled
CodeQL Advanced / Analyze (go) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Release 3X-UI / build (386) (push) Has been cancelled
Release 3X-UI / build (amd64) (push) Has been cancelled
Release 3X-UI / build (arm64) (push) Has been cancelled
Release 3X-UI / build (armv5) (push) Has been cancelled
Release 3X-UI / build (armv6) (push) Has been cancelled
Release 3X-UI / build (armv7) (push) Has been cancelled
Release 3X-UI / build (s390x) (push) Has been cancelled
Release 3X-UI / Build for Windows (push) Has been cancelled
Deploy Smoke Tests / noninteractive-install (ubuntu-24.04-arm) (push) Has been cancelled
Deploy Smoke Tests / noninteractive-install (ubuntu-latest) (push) Has been cancelled
Deploy Smoke Tests / release-tag-install (ubuntu-24.04-arm) (push) Has been cancelled
Deploy Smoke Tests / release-tag-install (ubuntu-latest) (push) Has been cancelled
Release 3X-UI / Publish rolling dev release (push) Has been cancelled
fix(ci): pin the tag smoke test to the release under test
The v3.4.2 tag push triggered the smoke workflow immediately, but
install.sh with no arguments resolves releases/latest, which still pointed
at v3.4.1 while release.yml was uploading the new assets. The green smoke
run therefore validated the previous release (#5756). A paths filter alone
cannot exclude tag pushes because a brand-new tag ref has no diff base.

Restrict the push trigger to branches so tag pushes no longer start the
unpinned job, and add a workflow_run job that fires after the release
workflow completes for a v* tag: it checks out the tagged commit, passes
the tag through smoke-noninteractive.sh into install.sh's explicit-version
path, and asserts the installed binary reports exactly that version.

Closes #5756
2026-07-03 10:21:46 +02:00
..
cloud-init
marketplace/hetzner
test
README.md

Cloud deployment (unattended install)

Tooling to ship the 3x-ui panel via unattended install, with per-instance credentials generated on first boot (never admin/admin, never a shared session secret). Works on amd64 and arm64.

Path What it is Use when
cloud-init/ Generic cloud-init user-data (unattended install.sh) Any cloud, no image build
marketplace/hetzner/ Hetzner Cloud notes Hetzner deployments
test/ Container smoke test Verifying the install path

How it works

install.sh runs unattended when XUI_NONINTERACTIVE=1 or stdin is not a TTY. Each instance installs and configures itself with random credentials. See cloud-init/README.md.

Unattended install knobs

install.sh reads these env vars in non-interactive mode (all optional; unset ⇒ secure random / default):

XUI_USERNAME, XUI_PASSWORD, XUI_PANEL_PORT, XUI_WEB_BASE_PATH, XUI_SSL_MODE (none|ip|domain, default none), XUI_DOMAIN, XUI_ACME_EMAIL, XUI_ACME_HTTP_PORT (ACME HTTP-01 listener port, default 80), XUI_SSL_IPV6 (optional IPv6 address to add to an ip-mode cert), XUI_SERVER_IP (fallback IP for the displayed access URL when auto-detection fails), XUI_DB_TYPE (sqlite|postgres), XUI_DB_DSN.

The resulting credentials are written to /etc/x-ui/install-result.env (mode 600).