Configuring proxying in Nginx. How to Make your Own Cloudflare
obsession
1 Why do I need proxying?
2 Configuring nginx proxying by Cloudflare type
3 The cost of services
Greetings, gentlemen. In the last post, I promised to tell you how to set up your own proxy server. This is sometimes necessary in order to hide the real IP on which the site is located. Many people know a service like Cloudflare, which positions itself as a means to protect against attacks, to speed up sites using caching. So that's the essence of this service — they just proxy any sites through their own servers using Nginx. And I'll show you how it can be done on any servers.
Why is proxying necessary?
For example, I remembered this because a law came into force in Kazakhstan not so long ago prohibiting the placement of sites on kz domains not on Kazakhstani IP. That is, such sites must be geographically located in the same country. And since Kazakh hosting services are many times more expensive than the same resources somewhere in Europe or even in Russia, then to solve such a problem, you can cheat by placing the most inexpensive VPS in Kazakhstan, where your site's DNS will look, and place the site itself anywhere, anywhere in the world on any cheap servers. And no checks will get to the bottom of it, because requests to the site will be accepted by a server actually located in Kazakhstan. This makes sense, as it can save you tens of dollars a month. And the more resources you need for sites, the more it will make sense.
Sometimes people use this to hide from RCN's locks, or someone else's. Sometimes they are used to hijack websites, but it is easy to protect yourself from this with the help of policies prohibiting the return of content to "left" domains, so there is not much point in this.
Configuring nginx proxying by Cloudflare type
So, if you want to do proxying, you will need any, the cheapest VPS with minimal configuration. You only need to install nginx on it. Nothing else. And for each site on this nginx, you need to create a configuration of this type:
server { server_name yoursite.com www.yoursite.com; charset off; index index.html index.php; access_log /var/www/httpd-logs/yoursite.com.access.log; error_log /var/www/httpd-logs/yoursite.com.error.log crit; set $root_path /var/www/yoursite.com; root $root_path; location / { proxy_pass http://2.2.2.2:80; proxy_redirect http://2.2.2.2:80 /; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } listen 1.1.1.1:80; }
Now a few explanations. So, let's say your new proxy server has an IP address 1.1.1.1, and your server where the site is actually located is 2.2.2.2
The most important part in this config is the proxy_pass string http://2.2.2.2:80;
Naturally the domain yoursite.com you need to replace it with your own. Absolutely no settings need to be made on your 2.2.2.2 server. Everything is done only on the proxying nginx with the address 1.1.1.1. In this case, I have provided the configuration only for http. Since most sites now work on https, accordingly, you will need to create a configuration for https, where you will add certificate settings in addition to proxying settings.
listen will then look like listen 1.1.1.1:443; respectively. If the site is already running on https on your 2.2.2.2 server, then you will need to specify proxy_pass in the proxy_pass directive as well https://2.2.2.2:443;
But https settings are another story, in the simplest case you need to take certificates and settings from your existing 2.2.2.2 server
Well, now, after you have set up and checked everything, all that remains is to change the IP address from 2.2.2.2 to 1.1.1.1 in the DNS record settings for your domain.
That's actually all.