Create HOSTING.md

2023-08-31 16:36:44 +07:00 · 2023-08-31 16:36:44 +07:00 · f3fe584bfa
commit f3fe584bfa
parent bb835d2732
1 changed files with 107 additions and 0 deletions
--- a/HOSTING.md
+++ b/HOSTING.md
@ -0,0 +1,107 @@
+# Self-Hosting Guide
+
+This guide will walk you through the process of setting up your own instance of ForwardDomain. This is not a guide for setting up a development environment, but rather a guide for setting up a production instance.
+
+## Prerequisites
+
+- [Node.js](https://nodejs.org/en/) (version 16 or higher).
+- A machine with public IP address installed.
+
+## Installation
+
+1. Clone the repository: `git clone https://github.com/willnode/forward-domain.git`
+2. Install dependencies: `npm install`
+3. Copy `.env.example` to `.env` and fill in the values
+4. Run the app: `npm start`
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Description |
+| --- | --- |
+HTTP_PORT | The port to listen for HTTP requests
+HTTPS_PORT | The port to listen for HTTPS requests
+STAT_PORT | The port to listen for getting API metrics
+BLACKLIST_HOSTS | A comma-separated list of hosts to blacklist
+BLACKLIST_REDIRECT | The URL to redirect to when a blacklisted host is accessed
+
+### SSL Certificates
+
+SSL certificates is saved in `./.certs` directory. No additional configuration is needed. 
+
+## Running the App
+
+`sudo npm start` is recommended to run the app. This is because the app needs to listen to port 80 and 443 directly, which requires root access.
+
+If you want to run the app without root access, or wanted to filter some domains for other services, you have to use NGINX with stream plugin 
+
+## NGINX + Stream Plugin
+
+[NGINX Stream plugin](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) is used to filter some domain while still be able forwards HTTPS connection directly. It has to be that way since NGINX doesn't handle HTTPS certificates.
+
+This configuration below, setups the following:
+ Port `80` is listened by `http` block, with default site forwards connection to port `5080`.
+ Port `443` is listened by `stream` block, with default stream forwards connection to port `5443`.
+ All normal HTTPS connection in `http` block listen to `6443`, to be cached by some domains in `stream` block.
+ Port `5080` and `5443` is set for `forward-domain` service listened to.
+
+
+```nginx
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections  1024;
+}
+stream {
+    upstream main {
+        server 167.172.5.31:6443;
+    }
+    upstream forwarder {
+        server 167.172.5.31:5443;
+    }
+
+    map $ssl_preread_server_name $upstream {
+        s.forwarddomain.net main;
+        default forwarder;
+    }
+
+    server {
+        listen 167.172.5.31:443;
+        listen [2400:6180:0:d0::e08:a001]:443;
+        resolver 1.1.1.1;
+        proxy_pass $upstream;
+        ssl_preread on;
+    }
+}
+http {       
+    server {
+        server_name _ default_server;
+        listen 167.172.5.31;
+        listen [2400:6180:0:d0::e08:a001];
+        location / {
+            proxy_pass http://127.0.0.1:5080;
+            proxy_set_header Host $host;
+        }
+    }
+        
+    server {
+        server_name s.forwarddomain.net;
+        listen 167.172.5.31;
+        listen [2400:6180:0:d0::e08:a001];
+        location / {
+            proxy_pass http://127.0.0.1:5900;
+            proxy_set_header Host $host;
+        }
+        listen 167.172.5.31:6443 ssl;
+        listen [2400:6180:0:d0::e08:a001]:6443 ssl;
+        ssl_certificate /home/s/ssl.combined;
+        ssl_certificate_key /home/s/ssl.key;
+    }
+}
+```