How to set reverse proxy when hosting warez, torrent, or streaming site

Started by Shadow, 04-17-2019

2076
9
How to set reverse proxy when hosting warez, torrent, or streaming site
  04-17-2019, 07:56 PM (Updated: 09-07-2019, 01:56 PM by Shadow.)
#1
This tutorial is based on my previous tutorial about how to host torrent/streaming sites.

Before we being you need to know what is the difference between KVM and OpenVZ when purchasing VPS/Dedicated and why KVM is more expensive than OpenVZ.
  • KVM is true virtualization where the VPS operates as its own server, independently of the host node.
  • OpenVZ is a container style of virtualization which relies on the host node's kernel.
  • KVM has no restrictions in terms of functionality, but it has more overhead than OpenVZ.
  • OpenVZ is constrained by the host node kernel, but it has less overhead in the containers themselves.
  • KVM is generally more stable than OpenVZ.

KVM (Kernel-based Virtual Machine) is full virtualization and practically any OS that can be installed from an ISO is supported, every guest (VPS) has its own kernel and no restrictions in terms of functionality; Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.

---

Now as you got the point, you need to consider the next thing:

  1. Your front-end server must be a DDoS protected VPS/dedicated server which is hosted offshore and has DMCA ignored ruleset.
  2. Your back-end server can be any possible shared (yes, shared hosting can apply too), vps, or dedicated server. It doesn't matter, on the backend you are going to store files, and everything, but no one will know that server as it will be hidden from everyone (even Cloudflare for example). For backend, you should use something fast and reliable such as OVH, Ramnode, etc.
  3. Of course, you will need a Cloudflare or any other front proxy.

---

The server setup logic goes like this:

Visitors --> Cloudflare --> Front-end DDOS Protected VPS/Dedicated Server --> Back-end Shared Hosting/VPS/Dedicated Server

Everything can be found until the last piece, which is untraceable by Cloudflare, visitors, copyright agents and such.

---

Front-end server setup (DdoS protected, off-shore server)

PS: Commands are written for CentOS/RHEL as I'm using it for more than 6 years.
  1. Install nginx mainline version preferable -- https://nginx.org/en/linux_packages.html
  2. Create or edit existing default.conf file with
    Code:
    server {
           listen         80;
           server_name    yourdomain.com;
          
           location / {
                proxy_pass https://YOUR_BACKEND_SERVER_IP;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-SSL on;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_max_temp_file_size 0;
                client_max_body_size 10m;
                client_body_buffer_size 128k;
                proxy_connect_timeout 90;
                proxy_send_timeout 90;
                proxy_read_timeout 90;
                proxy_buffer_size 4k;
                proxy_buffers 4 32k;
                proxy_busy_buffers_size 64k;
                proxy_temp_file_write_size 64k;

          }
    }

    server {
          listen 443 ssl;
          server_name yourdomain.com;

        ssl_certificate /location/to/key.crt
        ssl_certificate_key /location/to/key.crt

          location / {
                proxy_pass https://YOUR_BACKEND_SERVER_IP;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-SSL on;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_max_temp_file_size 0;
                client_max_body_size 10m;
                client_body_buffer_size 128k;
                proxy_connect_timeout 90;
                proxy_send_timeout 90;
                proxy_read_timeout 90;
                proxy_buffer_size 4k;
                proxy_buffers 4 32k;
                proxy_busy_buffers_size 64k;
                proxy_temp_file_write_size 64k;

          }
    }
  3. IPtables configuration:
    Code:
    iptables -F
    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
    iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P INPUT DROP
  4. On end do service iptables save.

Explanation:
  • This is a modified and optimized reverse proxy by me, you can modify it for your needs.
  • It includes both SSL and NON-SSL reverse proxy. You can remove SSL part if you don't plan to install full-strict SSL with let's encrypt.
  • Replace ¬†server_name ¬† ¬†yourdomain.com; with your domain, and add your backend server IP on proxy_pass https://YOUR_BACKEND_SERVER_IP;
  • After that service nginx restart to restart the configuration, now your front-end server will redirect all traffic to your backend server.

PS: If you have enough money, you can chain multiple front-end servers until backend, but it's not necessary.

Also, it is important to have front-end and back-end servers from a different country, on a different provider, which is not close to your location.

---

Cloudflare configuration

You just have to set A record with your front-end server IP and enable orange cloud icons on both www and A records.

---

Backend server configuration
  • Yes, your backend server can be apache as well, you are not limited by anything. In theory, it will use nginx as front-end and apache as backend.
  • Nothing special as you would do it normally, it's like a shared or normal VPS server which goes through your front end server.


Want to contact me? [[email protected]][email protected][/email]

[Image: J8PdCI3.png]


[-]
No Permission
You cannot reply or view replies as a guest.

Create an Account

Create a free account today and get all features available. It only takes a few seconds.

Log In

Log into an existing account.


« Next Oldest | Next Newest »


Possibly Related Threads…
Thread Author Replies Views Last Post
How to host a warez, torrent, or streaming site Shadow 31 6,660 05-10-2020, 02:00 PM
Last Post: jujuman



1 Guest(s)