Overview

Warning

THIS REPOSITORY IS AN EDUCATIONAL EXAMPLE FOR LEARNING NGINX, REVERSE PROXY AND NETWORK SECURITY BASICS. THIS SCRIPT DEMONSTRATES NGINX CONFIGURATION AS A REVERSE PROXY. NOT FOR PRODUCTION USE! IF YOU DON’T UNDERSTAND HOW THE CONTROL PANEL WORKS - THAT’S YOUR PROBLEM, NOT THE SCRIPT AUTHOR’S. USE AT YOUR OWN RISK!

Server uses Nginx Reverse-Proxy

This script is designed to streamline the setup of a reverse proxy server using NGINX and Xray, as well as to automate the installation of the Remnawave control panel and node. In this configuration, Xray operates directly on port 443, forwarding traffic through a socket that NGINX listens to. This approach minimizes unnecessary TCP overhead, delivering improved performance and connection reliability.

Important

Supports Debian and Ubuntu. The script has been tested in a KVM virtualization environment. For proper operation, you will need your own domain. It is recommended to run it with root privileges on a freshly installed system.

The script supports deployment on either a single server (with both the panel and node together) or two separate servers, depending on your needs:

• Single Server: Ideal for a compact setup where the control panel and Xray node are installed on the same machine.
• Panel Server: Serves as the central management hub, without hosting an Xray node.
• Node Server: Hosts the Xray node along with a Self Steal stub for VLESS REALITY. To ensure proper operation, you need to prepare three domains (or subdomains) in advance: the first will be used for the control panel, the second for handling subscriptions, and the third for the Self Steal stub site, which is hosted on the node server.

Panel Protection via URL Parameter

To enhance the security of the panel, an additional layer of protection against detection has been implemented in the NGINX configuration:

• To access the panel, you must navigate to a URL in the following format:

https://panel.example.com/auth/login?<SECRET_KEY>=<SECRET_KEY>

• This request automatically sets a special Cookie in the browser with the name <SECRET_KEY> and the value <SECRET_KEY>.
• If the Cookie is missing or the URL request lacks the specified parameter, the user will encounter either a blank page or a 404 error, depending on the requested path.

This mechanism ensures the panel remains hidden from unauthorized access. Even if an attacker attempts to scan the host or brute-force paths, they will be unable to access the panel without the correct parameter and corresponding Cookie.

Proxy server configuration

1. Proxy server configuration:
   • Support for automatic configuration updates via subscription and JSON subscription with the ability to convert to formats for popular applications.
2. NGINX reverse proxy setup in combination with Xray.
3. Security measures:
   • UFW setup for access management.
   • Cloudflare/ACME SSL certificates with automatic renewal
   • Manage IPv6 to prevent potential vulnerabilities.
   • BBR optimization for TCP connections.
   • Selecting a random website template from an array.

Issues

Found an issue? Let us know by creating an issue on repository page or discuss it in Telegram chat.

Donations

If you enjoy this project and want to support its ongoing development, please consider making a donation. Your contribution helps fund future updates and enhancements!

Donation Methods:

• TON USDT: UQAxyZDwKUPQ5Bp09JOFcaDVakjYQT46rf3iP3lnl_qc9xVS