Today I’ll guide you the set up an nginx server to host mirrors for blocked websites.
So you can visit them freely in restricted areas.
You’ll need a server that can access those blocked websites as well as can be accessed by your local machine.
If you haven’t got one, follow the very first step of this former tutorial.
I assume you already got an CentOS installed on your server.
Just type the following commands:
sudo yum install epel-release -y
sudo yum install nginx -y
service nginx start
Then try to open your server ip address in your local browser, if you see the words “Welcome to nginx”, you’re well to go.
You need to add an DNS record to your server on your domain name provider’s website.
Or you’ll have to remember the server IP address which is hard to use.
Domain name is very cheap these days, if you haven’t got one, try to pick one you like on GoDaddy.
The Magic happening part!
Create a new vhost config file in your nginx directory and then add the following config script:
server
{
listen 80;
server_name YOUR.OWN.DOMAIN.URL;
location / {
proxy_pass http://THE.SITE.URL.YOU.WANT.TO.DELEGAGE/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Save the file and reload it to your nginx and you are good to go!
service nginx restart
Nowadays, many big websites enabled https to enforce security, you could use https for free if you think it’s necessary.
Add a few lines of config script prepare for setting https up:
server
{
listen 80;
server_name YOUR.OWN.DOMAIN.URL;
location / {
proxy_pass https://THE.SITE.URL.YOU.WANT.TO.DELEGAGE/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Add the following lines
location ~ /.well-known {
allow all;
}
}
Download the certbot
tool for generating the https certifications automatically.
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
Try to run certbot
for the first time and wait it install its dependencies:
./cerbot-auto
When the things are down, try to obtain your certificate by running:
./cerbot-auto certonly
Follow the directions and you’ll get your certification files.
Then edit the nginx again to enable the https:
# Force redirect all http traffic to https
server {
listen 80;
return 301 https://$host$request_uri;
}
server
{
listen 443;
server_name YOUR.OWN.DOMAIN.URL;
ssl_certificate /etc/letsencrypt/live/YOUR.OWN.DOMAIN.URL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.OWN.DOMAIN.URL/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://THE.SITE.URL.YOU.WANT.TO.DELEGAGE;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
}
Restart the nginx again and Magic happens.
Back To Top