slawlor
commented
1 year ago The minimum you need to do is open a single port on either 5222, 80, or 443. If you chose to utilize 443 it has an additional level of encryption enabled which is a one-off certificate generated at container startup. If you'd like certificate rotation for example, you can setup a cron job or something to periodically restart the container, which will automatically generate a new certificate (you would disconnect briefly during the restart but it's a very fast process)
An additional hardening guide would be something we could do. I'll keep this issue opened to track that.
As for authentication, unfortunately since it's a TCP proxy we don't support any form of authentication today. This may be something we could identify in the future should we move to something like SOCKS proxying.
hiddify-com
ttimasdf
99799454668
I haven't found any notes in how to harden the proxy to minimise risk of its application such as by changing or randomising the ssl certificate or by showing custom error messages. I think it will be helpful if a section can be assigned to the hardening and detection subjects in the readme file.
At the moment, anyone can use the proxy by having its IP address which can help in detecting the service. As the proxy has been implemented to circumvent existing censorship, is there any way to add authentication to it to prevent unwanted parties (those in charge of censorship) to identify its usage easily?
A quick port scan on the common ports can also ease this process for those who want to block the IP address. What are the least ports which it can run with?
Thank you for helping everyone to stay safe and free from any censorship!