3x-ui-setup
Complete VPN server setup from scratch. Takes a fresh VPS (IP + root + password from hosting provider) through full server hardening and 3x-ui (Xray proxy panel) installation with VLESS Reality or VLESS TLS. Guides user through connecting via Hiddify client. Use when user mentions v2ray, xray, vless, 3x-ui, proxy server, vpn server, or wants to set up encrypted proxy access on a VPS. Designed for beginners — hand-holds through every step.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/davydenkovm/3x-ui-vpn-setupVPN Server Setup (3x-ui)
Complete setup: fresh VPS from provider → secured server → working VPN with Hiddify client.
Workflow Overview
ЧАСТЬ 1: Настройка сервера
Fresh VPS (IP + root + password)
→ Determine execution mode (remote or local)
→ Generate SSH key / setup access
→ Connect as root
→ Update system
→ Create non-root user + sudo
→ Install SSH key
→ TEST new user login (critical!)
→ Firewall (ufw)
→ Kernel hardening
→ Time sync + packages
→ Configure local ~/.ssh/config
→ ✅ Server secured
ЧАСТЬ 2: Установка VPN (3x-ui)
→ Install 3x-ui panel
→ Enable BBR (TCP optimization)
→ Disable ICMP (stealth)
→ Reality: scanner → create inbound → get link
→ Install Hiddify client
→ Verify connection
→ Generate guide file (credentials + instructions)
→ Install fail2ban + lock SSH (after key verified)
→ ✅ VPN working
PART 1: Server Hardening
Secure a fresh server from provider credentials to production-ready state.
Step 0: Collect Information
First, determine execution mode:
Где запущен Claude Code?
- На локальном компьютере (Remote mode) -- настраиваем удалённый сервер через SSH
- На самом сервере (Local mode) -- настраиваем этот же сервер напрямую
Remote Mode -- ASK the user for:
- Server IP -- from provider email
- Root password -- from provider email
- Desired username -- for the new non-root account
- Server nickname -- for SSH config (e.g.,
myserver,vpn1) - Has domain? -- if unsure, recommend "no" (Reality path, simpler)
- Domain name (if yes to #5) -- must already point to server IP
Local Mode -- ASK the user for:
- Desired username -- for the new non-root account
- Server nickname -- for future SSH access from user's computer (e.g.,
myserver,vpn1) - Has domain? -- if unsure, recommend "no" (Reality path, simpler)
- Domain name (if yes to #3) -- must already point to server IP
In Local mode, get server IP automatically:
curl -4 -s ifconfig.me
If user pastes the full provider email, extract the data from it.
Recommend Reality (no domain) for beginners. Explain:
- Reality: works without domain, free, simpler setup, great performance
- TLS: needs domain purchase (~$10/year), more traditional, allows fallback site
Execution Modes
All commands in this skill are written for Remote mode (via SSH). For Local mode, adapt as follows:
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-davydenkovm-3x-ui-vpn-setup": {
"enabled": true,
"auto_update": true
}
}
}