ArchLinux安装Marzban

发表于2023-10-24Zeno Chen

一、安装相关依赖

ArchLinux

pacman -S gcc

目前仅支持python3.11.9的版本

pacman -U python311-3.11.9-2-x86_64.pkg.tar.zst

Ubuntu

sudo su
apt update && apt-get upgrade && apt-get install gcc python3-pip python3-virtualenvwrapper

Oracle Linux

sudo su
yum update && yum install python-pip 
pip install virtualenvwrapper

代理软件

安装xray-core

pacman -U xray*

Ubuntu/Oracle Linux

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install

更新地理信息

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install-geodata

二、安装Nginx

ArchLinux

pacman -S nginx nginx-mod-cache_purge nginx-mod-geoip2 nginx-mod-vts

Ubuntu

apt install nginx

Oracle Linux

yum install nginx

nano -w /etc/nginx/nginx.conf

    include vhost/*.conf;
}

mkdir /etc/nginx/vhost && cd /etc/nginx/vhost

nano -w default_ssl.conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name v.example.com;

    ssl_certificate /etc/nginx/ssl/v.example.com.pem;
    ssl_certificate_key /etc/nginx/ssl/v.example.com.key;
    ssl_session_timeout 5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers    ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    root         /srv/http/marzban;
    index        index.php;

    #charset koi8-r;

    access_log  /var/log/nginx/v.example.com.access.log;
    error_log   /var/log/nginx/v.example.com.error.log;

    # 禁止DNS缓存
    resolver_timeout 0;
    expires epoch;
    # 禁用游览器缓存
    add_header Cache-Control "no-cache, no-store, must-revalidate";
    add_header Pragma "no-cache";
    add_header Expires 0;
    set $skip_cache 1;
    proxy_cache_bypass $skip_cache;    
    proxy_no_cache $skip_cache;    

    location ~* /(static|dashboard|sub|api|docs|redoc|openapi.json) {
        proxy_pass http://0.0.0.0:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # xray-core ws-path: /
    # client ws-path: /marzban/me/2087
    #
    # 所有流量通过 443 端口进行代理,然后分发至真正的 xray 端口(2087、2088 等等)。
    # 路径中的 “/marzban” 可以改为任意合法 URL 字符.
    #
    # /${path}/${username}/${xray-port}
    location ~* /marzban/.+/(.+)$ {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:$1/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

三、安装数据库

ArchLinux

pacman -S mariadb

Ubuntu

apt-get install mysql-server

启动 MariaDB 服务并设置开机启动

systemctl start mariadb
systemctl enable mariadb

初始化数据库

mariadb-install-db --user=mysql --basedir=/usr --datadir=/srv/mysql

修改数据库数据目录

nano -w /etc/my.cnf.d/server.cnf

[mysqld]
datadir = /srv/mysql

nano -w /etc/my.cnf.d/mysql-clients.cnf

[mysql]
password = password

重新启动MariaDB

systemctl restart mariadb

进入系统修改密码

mysql> ALTER USER USER() IDENTIFIED BY 'password';

创建数据库

mysql> CREATE DATABASE marzban CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
mysql> CREATE USER 'marzban'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON marzban.* TO 'marzban'@'localhost';
mysql> FLUSH PRIVILEGES;

五、安装Marzban

安装虚拟环境

ArchLinux

cd /srv
set VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3.11
/usr/bin/virtualenvwrapper.sh marzban_env
/usr/bin/python3.11 -m venv /srv/marzban_env
/srv/marzban_env/bin/pip install --upgrade pip

Ubuntu

cd /srv
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
/usr/bin/python3 -m venv /srv/marzban_env
/srv/marzban_env/bin/pip install --upgrade pip

Oracle Linux

cd /srv
/usr/local/bin/virtualenvwrapper.sh marzban_env
/usr/bin/python -m venv /srv/marzban_env
/srv/marzban_env/bin/pip install --upgrade pip
git clone https://github.com/Gozargah/Marzban.git
cd Marzban

修改requirements.txt

#grpcio==1.50.0
#grpcio-tools==1.44.0
grpcio==1.59.3
grpcio-tools==1.59.3
#protobuf==3.20.3
protobuf==4.21.6
#typing_extensions==4.4.0
typing_extensions==4.6.0
#PyYAML==6.0
PyYAML==6.0.1
#psycopg2-binary==2.9.7
psycopg2-binary-2.9.9
#cffi==1.15.1
cffi==1.16.0
#httptools==0.5.0
httptools==0.6.1
#Pillow==9.4.0
Pillow==10.4.0
#uvloop==0.17.0 
uvloop==0.19.0
#pycparser==2.21
pycparser==2.22
#greenlet==2.0.1
greenlet==3.0.3
/srv/marzban_env/bin/pip3 install -r requirements.txt

修改配置文件

cp .env.example .env 
mkdir /var/lib/marzban
nano .env
UVICORN_HOST = "0.0.0.0"
UVICORN_PORT = 8000


## We highly recommend add admin using `marzban cli` tool and do not use
## the following variables which is somehow hard codded infrmation.
SUDO_USERNAME = "admin"
SUDO_PASSWORD = "password"

# UVICORN_UDS: "/run/marzban.socket"
# UVICORN_SSL_CERTFILE = "/var/lib/marzban/certs/example.com/fullchain.pem"
# UVICORN_SSL_KEYFILE = "/var/lib/marzban/certs/example.com/key.pem"


# XRAY_JSON = "xray_config.json"
# XRAY_SUBSCRIPTION_URL_PREFIX = "https://example.com"
# XRAY_SUBSCRIPTION_PATH = sub
# XRAY_EXECUTABLE_PATH = "/usr/local/bin/xray"
# XRAY_ASSETS_PATH = "/usr/local/share/xray"
# XRAY_EXCLUDE_INBOUND_TAGS = "INBOUND_X INBOUND_Y"
# XRAY_FALLBACKS_INBOUND_TAG = "INBOUND_X"


# TELEGRAM_API_TOKEN = 123456789:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# TELEGRAM_ADMIN_ID = 987654321, 123456789
# TELEGRAM_LOGGER_CHANNEL_ID = -1234567890123
# TELEGRAM_DEFAULT_VLESS_FLOW = "xtls-rprx-vision"
# TELEGRAM_PROXY_URL = "http://localhost:8080"

# DISCORD_WEBHOOK_URL = "https://discord.com/api/webhooks/xxxxxxx"

# CUSTOM_TEMPLATES_DIRECTORY="/var/lib/marzban/templates/"
# CUSTOM_TEMPLATES_DIRECTORY="/srv/Marzban/templates/"
# CLASH_SUBSCRIPTION_TEMPLATE="clash/my-custom-template.yml"
# SUBSCRIPTION_PAGE_TEMPLATE="subscription/index.html"
# SUBSCRIPTION_PAGE_TEMPLATE="subscription/index.html"
# HOME_PAGE_TEMPLATE="home/index.html"

# Set headers for subscription
# SUB_PROFILE_TITLE = "Susbcription"
# SUB_SUPPORT_URL = "https://t.me/support"
# SUB_UPDATE_INTERVAL = "12"

# SQLALCHEMY_DATABASE_URL = "sqlite:///db.sqlite3"
SQLALCHEMY_DATABASE_URL = "mysql+pymysql://marzban:password@127.0.0.1:3306/marzban?charset=utf8"

### for developers
# DOCS=true
# DEBUG=true

# If You Want To Send Webhook To Multiple Server Add Multi Address
# WEBHOOK_ADDRESS = "http://127.0.0.1:9000/,http://127.0.0.1:9001/"
# WEBHOOK_SECRET = "something-very-very-secret"

# VITE_BASE_API="https://example.com/api/"
# JWT_ACCESS_TOKEN_EXPIRE_MINUTES = 1440

初始化数据

/srv/marzban_env/bin/pip3 install alembic
/srv/marzban_env/bin/pip3 install uvicorn
/srv/marzban_env/bin/alembic upgrade head

修复时区bug,因为过期时间存储的timestamp,并且使用字符串传过来的,所以带了时区信息,这里需要比较的时候使用系统时间来做判断
当然了, 管理浏览器的时区需要和服务器的时区一致,否则会出现问题

nano -w /srv/Marzban/app/jobs/review_users.py

def review():
    now = datetime.now()

运行起来

/srv/marzban_env/bin/python3 main.py

也可使用 linux systemctl 启动:

nano -w /usr/lib/systemd/system/marzban.service

[Unit]
Description=Marzban Service
Documentation=https://github.com/gozargah/marzban
After=network.target nss-lookup.target

[Service]
ExecStart=/srv/marzban_env/bin/python3 /srv/Marzban/main.py
Restart=on-failure
WorkingDirectory=/srv/Marzban

[Install]
WantedBy=multi-user.target
systemctl enable marzban.service
systemctl start marzban

创建管理员用户

/srv/marzban_env/bin/python3 marzban-cli.py admin create --sudo

更多命令请查看

/srv/marzban_env/bin/python3 marzban-cli.py help

六、安装MarzBan节点

下载软件包

cd /srv && git clone https://github.com/Gozargah/Marzban-node
cd Marzban-node

创建虚拟运行环境

ArchLinux

目前仅支持python3.11.9的版本

pacman -S gcc
pacman -U python311-3.11.9-2-x86_64.pkg.tar.zst
pacman -S gcc python-pip python-virtualenvwrapper

Ubuntu

sudo su
apt update && apt-get upgrade && apt-get install python3-pip python3-virtualenvwrapper

Oracle Linux

sudo su
yum update && yum install python-pip 
pip install virtualenvwrapper

ArchLinux

cd /srv
set VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3.11
/usr/bin/virtualenvwrapper.sh marzban_env
/usr/bin/python3.11 -m venv /srv/marzban_env
/srv/marzban_env/bin/pip install --upgrade pip

Ubuntu

cd /srv
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
apt install python3.12-venv
/usr/bin/python3 -m venv /srv/marzban_env
/srv/marzban_env/bin/pip install --upgrade pip

Oracle Linux

cd /srv
/usr/local/bin/virtualenvwrapper.sh marzban_env
/usr/bin/python -m venv /srv/marzban_env
/srv/marzban_env/bin/pip install --upgrade pip

全部都要

cd Marzban-node
/srv/marzban_env/bin/pip install -r requirements.txt

生成证书

mkdir -p /var/lib/marzban-node
cp .env.example .env

nano -w .env
XRAY_EXECUTABLE_PATH = /usr/bin/xray        
XRAY_ASSETS_PATH = /usr/share/xray

到主服务器上复制证书,然后写入到证书文件中

nano -w /var/lib/marzban-node/ssl_client_cert.pem

七、服务自动启动

nano -w /usr/lib/systemd/system/marzban-node.service

[Unit]
Description=Marzban Service
Documentation=https://github.com/gozargah/marzban
After=network.target nss-lookup.target

[Service]
ExecStart=/srv/marzban_env/bin/python3 /srv/Marzban-node/main.py
Restart=on-failure
WorkingDirectory=/srv/Marzban-node

[Install]
WantedBy=multi-user.target
systemctl enable marzban-node.service
systemctl start marzban-node

如果节点和主服务器的架构不一样,请把小众架构的机器设置成rest协议

nano -w config.py

#SERVICE_PROTOCOL = config('SERVICE_PROTOCOL', cast=str, default='rpyc')
SERVICE_PROTOCOL = config('SERVICE_PROTOCOL', cast=str, default='rest')

八、给订阅页面增加下载链接

nano -w app/templates/subscription/index.html

    <h2>Links:</h2>
    <ul>
    ...
    </ul>

后面增加

    <h2>Downloads:</h2>
    <ul>
        <li>
            <p>Windows:
            <br>&nbsp;&nbsp;<a href="https://github.com/2dust/v2rayN/releases/download/6.29/v2rayN-32.zip">win32</a>
            &nbsp;&nbsp;<a href="https://github.com/2dust/v2rayN/releases/download/6.29/v2rayN-With-Core.zip">win64</a>    
            &nbsp;&nbsp;<a href="https://github.com/2dust/v2rayN/releases/download/6.29/v2rayN-arm64.zip">arm64</a>    
            </p>
       </li>
        <li>
            <p>
            MacOS:
            <br>&nbsp;&nbsp;<a href="https://apps.apple.com/app/foxray/id6448898396">macOS</a>
            </p>
       </li>
        <li>
            <p>
            iOS:
            <br>&nbsp;&nbsp;<a href="https://apps.apple.com/app/foxray/id6448898396">iOS</a>
            </p>
        </li>
    </ul>

也可以自定义订阅页面

cp index /srv/Marzban/templates/subscription

修改配置文件

CUSTOM_TEMPLATES_DIRECTORY="/srv/Marzban/templates/"

创建静态目录

mkdir -p /srv/Marzban/app/dashboard/public
cp static /srv/Marzban/

本地化cdn的相关资源

cd /srv/Marzban/
mkdir -p static/{css,js}
cd static/js
wget -O full.css https://cdn.jsdelivr.net/npm/daisyui@3.7.3/dist/full.css
wget -O font-face.css https://cdn.jsdelivr.net/gh/rastikerdar/shabnam-font@v5.0.1/dist/font-face.css
wget -O be-vietnam-pro.css https://fonts.cdnfonts.com/css/be-vietnam-pro
cd ../js
wget -O alpinejs-i18n.min.js https://cdn.jsdelivr.net/npm/alpinejs-i18n@2.4.0/dist/cdn.min.js
wget -O collapse.min.js https://unpkg.com/@alpinejs/collapse@3.x.x/dist/cdn.min.js
wget -O flowbite.min.js https://cdnjs.cloudflare.com/ajax/libs/flowbite/1.8.1/flowbite.min.js
wget -O alpinejs.min.js https://unpkg.com/alpinejs
wget -O bhenfmcm.js https://cdn.lordicon.com/bhenfmcm.js
wget -O qrcode.min.js https://cdn.rawgit.com/davidshimjs/qrcodejs/gh-pages/qrcode.min.js

修改python,增加static的目录

nano -w app/__init__

from fastapi.staticfiles import StaticFiles
# 设置静态文件目录 /static name="static" 为挂载点 可选
app.mount("/static", StaticFiles(directory="static"), name="static")

九、啃爹的Oracle VPS开了防火墙

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
apt-get purge netfilter-persistent

关于Zeno Chen

本人涉及的领域较多,杂而不精 程序设计语言: Perl, Java, PHP, Python; 数据库系统: MySQL,Oracle; 偶尔做做电路板的开发,主攻STM32单片机
此条目发表在Linux分类目录。将固定链接加入收藏夹。