Overview of Nginx Reverse Proxy

How to Set Up an Nginx Reverse Proxy Server for Xtream UI: A Comprehensive Guide

If you've been trying to set up an Nginx reverse proxy server for Xtream UI and faced some initial challenges, this guide is here to help. We'll walk you through the setup, from configuring Nginx to ensuring SSL is properly managed. Let’s dive in!

Overview of Nginx Reverse Proxy

An Nginx reverse proxy server acts as an intermediary between your clients and your main server. It handles incoming requests, forwards them to the main server, and then sends the response back to the clients. This setup hides your main server's IP address and enhances security by exposing only the proxy server's IP.

Data Flow Diagram

For a clearer understanding, here's a simplified data flow:

arduino
Client --> Nginx Reverse Proxy Server --> Xtream UI MAIN Server

Initial Setup

Servers Used:

  1. Xtream UI MAIN / Admin Server
  2. Xtream UI LB1 Server
  3. Xtream UI LB2 Server
  4. Nginx Reverse Proxy Server

Configuration Steps:

  1. Install Nginx on the Reverse Proxy Server:

    bash
    sudo apt-get update sudo apt-get install nginx
  2. Remove the Default Site Configuration:

    bash
    sudo unlink /etc/nginx/sites-enabled/default
  3. Create the Reverse Proxy Configuration:

    bash
    sudo nano /etc/nginx/sites-available/reverse-proxy.conf

    Add the following configuration, replacing placeholders with your specific details:

    nginx
    server { listen ####; # Replace #### with your HTTP broadcast port (e.g., 8080 or 25461). location / { proxy_pass http://your_main_server_ip_or_dns; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Original-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; client_body_timeout 12; keepalive_timeout 15; send_timeout 10; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }
  4. Enable the Configuration:

    bash
    sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
  5. Test the Configuration:

    bash
    sudo nginx -t
  6. Restart Nginx:

    bash
    sudo systemctl restart nginx
  7. Check the Status of Nginx:

    bash
    sudo systemctl status nginx

Configuring Xtream UI on the Main Server

  1. Edit the Nginx Configuration for Xtream UI:

    bash
    sudo nano /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf

    Update the file to listen on the correct ports and add your reverse proxy server’s IP:

    nginx
    set_real_ip_from your_proxy_server_ip; # IP address of the proxy server
  2. Test and Reload Nginx Configuration:

    bash
    sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -t sudo /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -s reload

Updating the APK File

  1. Modify the DNS Address in the APK File: Ensure the DNS address points to the Nginx Reverse Proxy Server’s IP and the HTTP broadcast port. Example: http://MYNGINXPROXYDNS.NET:8080

  2. Recompile the APK and Test: Log in and verify that streams are playing correctly through the proxy.

HTTPS Configuration

If you need SSL support, follow these steps:

  1. Acquire a Domain and SSL Certificate:

    • Buy a domain and configure it with your proxy server’s IP.
    • Install Certbot:
      bash
      sudo apt-get install certbot
    • Obtain an SSL certificate:
      bash
      sudo certbot certonly --standalone --preferred-challenges http -d yourdomain.com
  2. Update Nginx Configuration for SSL:

    bash
    sudo nano /etc/nginx/nginx.conf

    Add SSL settings:

    nginx
    server { listen 80; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_pass https://your_main_server_dns:port; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90; proxy_redirect off; } }
  3. Download and Set Up Diffie-Hellman Parameters:

    bash
    wget --no-check-certificate "https://ssl-config.mozilla.org/ffdhe4096.txt" -O /etc/nginx/dhparam.pem
  4. Test and Restart Nginx:

    bash
    sudo nginx -t sudo systemctl restart nginx
  5. Update Your Firewall: Allow connections from your proxy server IP to your main server.

By following these steps, you should have a robust and secure Nginx reverse proxy setup for Xtream UI. This configuration will help mask your main server’s IP, load balance traffic, and, with SSL, secure your communications.

  • 0 Utilisateurs l'ont trouvée utile
Cette réponse était-elle pertinente?

Articles connexes

Essential Linux Commands

Essential Linux Commands: A Comprehensive Guide for Beginners Introduction Linux is a powerful...