How to setup a proxy server with redirects?


  • CraftMiner

    Hello,

    I am curious to know how to setup my own proxy server at home for educational purposes, that will also redirect specific URLs to a local file. (e.g. going to http://example.com while connected to the proxy will serve you a local page called test.html).

    Ideally I would like to use nginx on an Ubuntu Server, but I’ll try other methods if easier. Also, I don’t want any caching on the proxy at all. Any ideas/advice?


  • Administrator

    Hey Ninja,

    I can higly recommend checking out the official NGINX guide here.

    Also check this example:

    upstream SOMEUPSTREAMNAME {
      server SOMEIP_ORSOMEDOMAIN_WITH_SOME_PORT_IF_DESIRED;
    }
    
    server {
      listen 80;
      server_name YOURDOMAIN;
      return 301 https://$server_name$request_uri;
     }
    
    server {
        listen 443 ssl http2;
        server_name YOURDOMAIN;
    
        # strenghen ssl security
        ssl_certificate YOURSSLPATH;
        ssl_certificate_key YOURSSLPATH;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        ssl_dhparam PATHTODHPARAM;
    
        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header Content-Security-Policy "frame-ancestors 'self'";
    
        location / {
          proxy_set_header    Host $host;
          proxy_set_header    X-Real-IP $remote_addr;
          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header    X-Forwarded-Proto $scheme;
          proxy_redirect      http:// https://;
          proxy_pass          http://SOMEUPSTREAMNAME;
        }
      }
    

    This not only is a reverse proxy, this also rewrites and serves all requests via ssl. The above template is fine-tuned to deliver a secure connection (regarding this test).

    To get free ssl certificates you might want to check out Let’s Encrypt.

    Cheers
    Bent


  • CraftMiner

    Wow, that’s perfect, thanks! :)


  • Administrator

    has it helped with your project @Paint_Ninja ?


  • CraftMiner

    @Bent Yes, however I unfortunately abandoned the project due to my lack of dynamic code knowledge (such as PHP) and the lack of time to learn it. I was working on a Technic Launcher fork and wanted to route API traffic normally but redirect the “Discover” page to a custom one provided by verified pack authors depending on what packs are most frequently launched. The launcher’s design could also be further customised by the pack author (just like you could change your pack’s background image on the Modpacks tab, you could change the blue tab bar to any colour you want). Additionally there were plans to enable installing and launching packs directly from a website with an embeddable one-click button through the use of command line args support.

    If anyone has good knowledge with PHP and wants to work on this project, I’d be happy to revive this project and work on the client-side features.


Log in to reply
 

Looks like your connection to UnitedWorldMiners was lost, please wait while we try to reconnect.