Closed ghost closed 5 years ago
Unfortunately, vddos only supports http protocol. Can You post the configuration of your nginx proxy?
I have several VM's with proxmox.
a VM is the vDDos, and another is the azuracast VM,
and in the VM where I have installed azuracast a nginx server is installed with the installation of azuracast, The nginx server will be installed automatically
i do not use a nginx reverse proxy for azuracast but for everybody else, azuracast installation is in a VM and I also use this VM as a reverse proxy for other websites, with other websites I mean the VDDoS reverse proxy or other webserver in my local network ,, Raspberry Pi, Etc.,
I changed my nginx azuracast config a bit but here it is
server {
listen 443 ssl http2;
server_name radio.domain.tk;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
root /var/azuracast/www/web;
index index.php;
add_header X-XSS-Protection 1;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy no-referrer-when-downgrade;
access_log /var/azuracast/www_tmp/access.log;
error_log /var/azuracast/www_tmp/error.log;
client_max_body_size 50M;
location / {
try_files $uri @clean_url;
}
location @clean_url {
rewrite ^(.*)$ /index.php last;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/azuracast/www/web$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 1800;
}
# Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490)
location ~ ^/radio/(8[0-4][0-9]0)(/?)(.*)$ {
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_next_upstream error timeout invalid_header;
proxy_redirect off;
proxy_connect_timeout 60;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
proxy_set_header Host localhost:$1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:$1/$3?$args;
}
# Reverse proxy the Liquidsoap harbor inputs to allow for streaming.
location ~ ^/radio/(8[0-4][0-9]5)(/?)(.*)$ {
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
proxy_pass http://127.0.0.1:$1/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
and here is the configuration of my reverse proxy to my Raspberry Pi or other web server on my local network
#####
# ALL PROXY
server {
listen 443 default_server ssl http2;
###########
# set client body size to 5GB #
client_max_body_size 5000M;
###########
#
#SSL
ssl on;
ssl_certificate /etc/nginx/ssl/crt.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
#
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_comp_level 9;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
#
#Remove Version from Server Header Banner in nginx
server_tokens off;
#
#Clickjacking Attack
##11/28/2018#add_header X-Frame-Options "SAMEORIGIN";
#
#X-XSS Protection
##11/28/2018#add_header X-XSS-Protection "1; mode=block";
#
#CSP##
#add_header Content-Security-Policy "default-src 'self' helptech.gr;";
######
#
#
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
send_timeout 900;
#
set_real_ip_from 192.168.2.1/24;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;
location / {
proxy_pass https://192.168.2.13;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
}
#####
#####
# domainGR PROXY
server {
listen 443 ssl http2;
server_name domain.gr www.domain.gr questions.domain.gr www.domain.gr;
###########
# set client body size to 5GB #
client_max_body_size 5000M;
###########
#
#SSL
ssl on;
ssl_certificate /etc/nginx/ssl/crt.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
#
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_comp_level 9;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
#
#Remove Version from Server Header Banner in nginx
server_tokens off;
#
#Clickjacking Attack
##11/28/2018#add_header X-Frame-Options "SAMEORIGIN";
#
#X-XSS Protection
##11/28/2018#add_header X-XSS-Protection "1; mode=block";
#
#CSP##
#add_header Content-Security-Policy "default-src 'self' helptech.gr;";
######
#
#
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
send_timeout 900;
#
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.2.1/24;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;
location / {
proxy_pass https://192.168.2.8;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
}
#####
You can try install vDDOS on Azuracast Server and replacing Nginx with vDDOS: The following is the extended configuration to vddos support "proxy_http_version 1.1"
nano /vddos/conf.d/cus/radio.domain.tk.server.conf
# Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490)
location ~ ^/radio/(8[0-4][0-9]0)(/?)(.*)$ {
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_next_upstream error timeout invalid_header;
proxy_redirect off;
proxy_connect_timeout 60;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
proxy_set_header Host localhost:$1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:$1/$3?$args;
}
# Reverse proxy the Liquidsoap harbor inputs to allow for streaming.
location ~ ^/radio/(8[0-4][0-9]5)(/?)(.*)$ {
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
proxy_pass http://127.0.0.1:$1/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
vDDOS 1.15.1
I have a question I can install vDDoS on Ubuntu somehow?
vDDoS cannot be installed on ubuntu-debian; You can let the service listen in IP addresses (eg 11.22.33.44), You can then proxy from another vddos server to those ports:
nano /vddos/conf.d/cus/radio.domain.tk.server.conf
# Reverse proxy all possible radio listening ports (8000, 8010...8480, 8490)
location ~ ^/radio/(8[0-4][0-9]0)(/?)(.*)$ {
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_next_upstream error timeout invalid_header;
proxy_redirect off;
proxy_connect_timeout 60;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
proxy_set_header Host localhost:$1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://11.22.33.44:$1/$3?$args;
}
# Reverse proxy the Liquidsoap harbor inputs to allow for streaming.
location ~ ^/radio/(8[0-4][0-9]5)(/?)(.*)$ {
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
proxy_pass http://11.22.33.44:$1/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
I found out that without the reverse proxy of vDDoS this problem does not occur, i have used a nginx reverse proxy now and it works, the problem is with vDDoS,
😢 I do not use vDDos anymore for this reason.
🤩 I would like to continue to use vDDoS
https://github.com/AzuraCast/AzuraCast/issues/1044