Struggling with a reverse proxy
So, I've been setting up something to allow me to use nginx, openvpn, and a EC2 to have a remote proxy, mostly for the sake of hiding my actual IP address and security.
The setup is as so:
user -> [internet] -> AWS EC2 -> [OpenVPN] -> on_premises
The setup I expect to work is basically, allowing inbound/outbound on 25565 and additionally openvpns required ports.
(The issue is the proxy doesnt work unless the ip address is EXPLICITLY stated in the Network ACL of the VPC bound to the EC2, for some unknown reason)
Basically at this point, im very prepared to rip everything out and start from scratch due to how long this is taking to get working, so, any sollutions or alternative ways to host with a reverse proxy in place?34 Replies
am I crazy or couldnt u just do a GRE tunnel
if you have 2 machines
BitLaunch News and Guides
How to set up and configure a GRE tunnel
This guide will walk through the setup and configuration of a GRE tunnel between two Linux hosts. The two Linux hosts are running Ubuntu 22.04 LTS.
unless im missing something
I'm not the best when it comes to networking but you could just GRE or run the proxy on the AWS vps
then link the servers to the main
I think theres a image of a setup like this 1s
this is proxy example
ofc the oracle part can be a aws machine if u wish
If he's home hosting which by the setup im guessing he 100% is, this wont be possible as residential ips are behind nat and not dedicated, he wont recieve gre packets
Also why are you using aws for the reverse? When there are like 2913883 better choices
Correctamundo
Also, eh? I dunno, just seemed like the easiest to setup, and I had someone helping me along with things. I kinda already got the openVPN part so it was just forwarding the traffic that had to be done
ahh mbm
b
i mean he can still do proxy option
I mean this is effectively what im doing
My major issue is, the EC2 just refuses to let anyone else connect, so swapping the setup out wouldn’t quite work if the server remains unreachable
ah
I’ve already setup network ACLs so on so forth to allow connections, SGs seem fine, had someone else look at it, everything looks good
Also why are you fowarding through openvpn?
But like why amazon
AWS is expensive as shit
If the point was saving yourself the $25 bucks for tcpshield it won't really work for that
Just seemed easy? And I mean, if the connection succeeds is it really like, an issue? And I’m running under AWS free tier
Idk man i used aws free tier once for some experimentation then got an invoice for $70 worth of bandwidth costs
I didnt really know something like that existed, everything or most places suggested just, running something similar to what im doing, so, openVPN and nginx seemed to make sense, my IP its self is never directly revealed anywhere
Where did you even ask they don't know about the existence of reverse proxy services 😭
For a low price you have the reverse setup with anycast and near perfect uptime figured out, in addition to actually doing something against ddos attacks
OpenVPN and Nginx.... both are just not...
Is there any reason you can't point directly to your home ip?
OpenVPN is gonna cause a massive performerance hit
I mean, if i can save myself the trouble of just, having my IP sit in a home record, im gonna do that
I know in the long run, if anything we’re to happen
Just obfuscate the ddns
The lack of my IP being on the internet is not going to change something, but it atleast lightens the load on my head
Or you can code a script to update the reverse backend everytime your ip changes without the need for ddns
So what exactly is the goal here? Just hiding your ip? DDoS protection?
The general goal is yeah, the first part, hiding my IP and any additional security i can grant myself beyond “don’t open up 15 ports you don’t need”
Did you try playit?
I was mostly avoiding it since i don’t plan to exlusively use the reverse proxy for just minecraft, or just a single server
Im pretty sure playit support any tcp/udp application
If im gonna go from paying a server host 27 bucks a month to, paying a service 30 bucks a month, it kinda defeats the point in my head (even if AWS is more expensive, if it runs under that 27 bucks? what do i care)
Playit is free??
Play it lists they have a limit of 4 ports, and i’ve got a lot more im planning to host in house
misread, 3 bucks, not 30, so fair
Then do yourself a favor and at least upgrade to HAProxy and Wireguard
Ah i miss the days when hosting was 30 bucks
i mean okay, as far as im getting, just, scrap out the EC2, replace it with a proxy service (such as playit.gg), ?????, profit
granted afais playit doesn’t have an ubuntu binary but, w/e
Is it for friends? you planning on hosting a public server?
And im pretty sure they do have that or something similar because i know hosts that use them
mostly for friends, but at the same time, i plan to host some other things so, a proxy service that just does whatever’s needed is best
as for the ubuntu binary, that’s hashed, just, using the raw binary seemed to handle it
i mean as long as you do nothing production then playit should be just fine
i mean that’s, kinda the end goal? like sure, im not running anything im making money off of, but, in the scope of things, being limited to exclusively TCP/UDP traffic is kinda ech but, ill deal i guess
wdym ech
the internet consists of tcp/udp