search

Jigsaw-Code / outline-server

Outline Server, developed by Jigsaw. The Outline Server is a proxy server that runs a Shadowsocks instance and provides a REST API for access key management.
https://getoutline.org/
Apache License 2.0
5.67k stars 770 forks source link

Usage with traefik or similar reverse proxy to serve web page as well? #516

Open sometimescool22 opened 4 years ago

sometimescool22 commented 4 years ago

I am wondering if there is a way to setup Outline so that when you visit domain.com:80 in a web browser you will be served an actual page (perhaps from a docker container serving something, that is where the reverse proxy comes in) but outline will still work at domain:80.

How would I do this? I need to use standard ports like 80 and 443. Is it possible to make the vpn connect to say domain.com:80/vpn instead, and just use Traefik rules to direct that traffic to the outline container?

JonathanDCohen commented 4 years ago

I'm not familiar with Traefik but let's see --

so you want your client to connect to port 443 (encrypted traffic on port 80 might look fishy) where Traefik is serving as a reverse proxy, and have that traffic routed to outline-ss-server running on the same server to decrypt and forward your traffic?

I believe ss-local expects a shadowsocks server to be running at domain:port, so I'm not sure you can do what you want. Why do you need the same domain name?

I do know that some people are running Kubernetes clusters of outline servers, but it's not trivial, if you're looking to do something like that.

sometimescool22 commented 4 years ago

@JonathanDCohen Sorry, not sure if I explained this properly. Say a network admin sees a spike in traffic to domain.com on port 443 (the vpn), goes to check it out and gets a resource not found error. They think it's suspicious, so the domain is blocked.

I would like to get around that by serving a page on the same domain as Outline, so it seems less suspicious. Traefik is used to send specific traffic to specific docker containers so I thought that might be of use.

Is it possible to get outline to connect to domain.com/vpn? That way I can just have traefik send anything other than /vpn traffic to the outline container.

proletarius101 commented 4 years ago

This idea sounds like what Chinese people are doing. You may need a wildcard TCP router rule plus a http router with hostname specified.

Although Traefik is popular, I feel it's more for automation in a container environment rather than a "bare mental" server. Nginx, for example, has better performance.