This repository has been archived by the owner on Jan 13, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 478
Speed up & Secure with CloudFlare
Yukiho Kikuchi edited this page Jun 7, 2019
·
11 revisions
To make your server safer, you can use Nginx Reserved Proxy and WebSocket supported CDN to hide your original IP and speed up, we take a VPS and a CloudFlare as example to show how to do.
Please note that your device won't be listed on SDR.HU after using this method. In other words, this method is for those who have high security requirements for the server.
- Your ISP didn't provide you with a public IP address.
- You have a VPS (IP 1.2.3.4), with Nginx (Port 80), local web expose tool (Port 8080, for example Frp-Server) is installed, and your Raspberry has also installed Frp-Client.
- You have your own domain
- You have a CloudFlare Account, and your domain is hosted in it.
- Switch on the WebSocket in CloudFlare Dashbroad (Your Domain --> Network --> WebSockets --> Switch On). Then turn to "Crypto", set SSL option to "Flexible" and switch on "Automatic Https Rewrite" to avoid losing stylesheet. If you want to redirect automatically when accessing, switch on " Always use Https".
- Add your record, forwarding to your VPS and light the "cloud", we set "s.example.org" here.
- Login to your VPS, edit
/etc/hosts
, add the following line:
1.2.3.4 s.example.org
- Edit Nginx configure file by the following, it'll work in
https://s.example.org/webview/
and WebSocket will work inwss://s.example.org/ws/
, the root path can put your profilehttps://s.example.org/
.
server {
listen 80;
server_name s.example.org;
location /webview/ {
proxy_pass http://s.example.org:8080/;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
location /ws/ {
proxy_redirect off;
proxy_pass http://s.example.org:8080/ws/;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
index index.php index.html index.htm default.php default.htm default.html;
root /www/htdocs;
error_page 404 /404.html;
error_page 502 /502.html;
access_log /www/logs/access.log;
error_log /www/logs/error.log;
}
5. Set the local listen port to 8073 in Frp-Client configure file frpc.ini
, and run Frp-Client in its folder ./frpc -c ./frpc.ini
(Frp-Server should be running).
[common]
server_addr = 1.2.3.4
server_port = 3000
token = 123456
login_fail_exit = false
[web]
type = http
local_ip = 127.0.0.1
local_port = 8073
use_encryption = false
use_compression = false
custom_domains = s.example.org
- In
htdocs/openwebrx.js
, replace line 1698,
ws_url="ws://"+(window.location.origin.split("://")[1])+"/ws/";
with
ws_url="wss://s.example.org/ws/";
In config_webrx.py
, set:
server_hostname="s.example.org/webview/"
in openwebrx.py
, replace line 673 with:
("%[WS_URL]","wss://s.example.org/ws/"),
- OK, now type
python openwebrx.py
in terminal of Raspberry Pi, and openhttps://s.example.org/webview
in your browser, it runs!