Hook
Active member
- Joined
- Jul 8, 2024
- Posts
- 193
- Reaction score
- 140
- Trophy points
- 44
For anyone who builds sites, or creates questionable content on domains that might be infringing, you'll get inundated with DMCA complaints, fake reports of phishing and other reports of the sort to your Hosting provider, and usually they don't take too kindly to this. After a few reports, they'll probably end up suspending your account or asking you to move elsewhere.An easy solution to this is creating a reverse proxy server to forward your domain traffic to the origin server.
Now the steps a visitor takes looks like this: User > proxy server > origin server. We can take this a step further by using Cloudflare for another layer of obfuscation:
User > Cloudflare > Proxy Server > Origin Server
With this, when someone complains about the content hosted on your domain, it goes to the proxy hosting provider, not your origin.
It just happens that hosting providers like aeza.net have webservers you can buy with Crypto and are based in Moscow, and rarely take any action to DMCA complaints. Another way is if you are renting a server from another company who is housed in the same Data Centre (most Hosting Companies don't own the DC, they just rent rack space, so you will have near 0ms latency).
Setup Proxy Server
This setup is for WordPress, it includes SSL on the proxy server which is REQUIRED for WordPress (unless you edit the core files).You need a fresh install of Linux, now lets run a script for configuring this:
Bash:
#!/bin/bash
# === SAFETY CHECK ===
if [[ $EUID -ne 0 ]]; then
echo "❌ Please run as root (sudo)."
exit 1
fi
echo "[1/5] Updating system..."
apt update && apt upgrade -y
echo "[2/5] Installing required packages..."
apt install -y nginx certbot python3-certbot-nginx ufw curl software-properties-common
echo "[3/5] Starting and enabling Nginx..."
systemctl enable nginx --now
echo "[4/5] Configuring UFW firewall..."
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw --force enable
echo "[5/5] Clear default files"
cd /etc/nginx/conf.d/
rm -rf *
nginx -t && systemctl reload nginx
echo ""
echo "✅ SERVER SETUP COMPLETE"This has installed Nginx, removed default files, made slight changes to the firewall.
The next script is used for creating the domains, find a suitable folder for the script and the .txt file which lists your domains.
You need to edit the data at the top of this file, you need your origin server IP, email (for SSL certs) and txt file name.
Bash:
# === CONFIGURATION ===
ORIGIN_IP="{origin_ip}"
EMAIL="{email_here}"
DOMAINS_FILE="$(dirname "$0")/{txt_filename}.txt"
NGINX_DIR="/etc/nginx/conf.d"
if [ ! -f "$DOMAINS_FILE" ]; then
echo "[!] domains.txt not found!"
exit 1
fi
echo "[1/6] Removing old global HTTP redirect config if present..."
rm -f "$NGINX_DIR/redirect-http.conf"
echo "[2/6] Generating SSL certs with Certbot..."
while IFS= read -r DOMAIN; do
CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
if [ -f "$CERT_PATH" ]; then
echo "✅ $DOMAIN: certificate already exists"
continue
fi
echo "→ Requesting cert for: $DOMAIN"
certbot certonly --nginx --non-interactive --agree-tos --email "$EMAIL" \
-d "$DOMAIN" -d "www.$DOMAIN" || echo "⚠️ Cert failed for $DOMAIN"
done < "$DOMAINS_FILE"
echo "[3/6] Creating HTTP and HTTPS reverse proxy configs for each domain..."
while IFS= read -r DOMAIN; do
CONF_FILE="$NGINX_DIR/$DOMAIN.conf"
CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
KEY_PATH="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
if [ -f "$CONF_FILE" ]; then
echo "$DOMAIN: already exists"
continue
fi
echo "$DOMAIN: added host files"
cat > "$CONF_FILE" <<EOF
# HTTP proxy block (no redirect)
server {
listen 80;
server_name $DOMAIN www.$DOMAIN;
location / {
proxy_pass http://$ORIGIN_IP;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
# HTTPS secure reverse proxy
server {
listen 443 ssl http2;
server_name $DOMAIN www.$DOMAIN;
ssl_certificate $CERT_PATH;
ssl_certificate_key $KEY_PATH;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://$ORIGIN_IP;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
done < "$DOMAINS_FILE"
echo "[4/6] Testing and reloading Nginx..."
nginx -t && systemctl reload nginx
echo "[5/6] Setting up automatic SSL renewal cron job..."
if ! crontab -l | grep -q 'certbot renew'; then
(crontab -l 2>/dev/null; echo "0 3 * * * certbot renew --quiet && systemctl reload nginx") | crontab -If you have issues with the SSL certificate, you can manually issue them with:
Bash:
sudo certbot certonly --standalone --non-interactive --agree-tos --email {email} -d {domain} -d www.{domain}Before running the above script^^ You need to setup the site on Cloudflare, add the NS to the domain as Lets Encrypt has to verify that the site is pointing to the PROXY server.
Cloudflare settings:
A record: {domain} {proxy_ip}
cname: www {domain}
SSL set settings set to "Full"
Origin Server
There is no requirements on the origin server, it should work exactly the same as if the domain IP was pointing directly to it. I use this on a lot of my adult sites, but can also be used for casino, nutra or blackhat finance affiliate sites