commit 2cce35a5624cc0d93d1c2919c74519a854608c81 Author: David Fifield <david@bamsoftware.com> Date: Sat Dec 6 18:37:43 2014 -0800 Add Yawning's Nginx reflector configuration. Copied from https://trac.torproject.org/projects/tor/wiki/doc/meek#UsingnginxinsteadofGo..., which I am about to delete. --- README | 3 +++ nginx/README | 9 ++++++++ nginx/nginx.conf.example | 53 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+) diff --git a/README b/README index 4348942..72b8cb7 100644 --- a/README +++ b/README @@ -58,6 +58,9 @@ latencytest: A test program for App Engine that measures roundtrip times to different destinations. +nginx: +A reflector configuration for Nginx. + php: A php reflector similar to the appengine one above. Ideally, it can be run on any platform that supports php. A public instance is at: diff --git a/nginx/README b/nginx/README new file mode 100644 index 0000000..24a224d --- /dev/null +++ b/nginx/README @@ -0,0 +1,9 @@ +The file nginx.conf.example is an example configuration file for Nginx +that shows how to run multiple virtual-host domain names, with one of +them reflecting to an instance of meek-server. Clients can front behind +one of the ordinary domain names in order to reach the reflector domain. + +Here is the matching client torrc configuration: + UseBridges 1 + Bridge meek 0.0.2.0:1 url=https://meek-reflect.example.com/ front=www.example.com + ClientTransportPlugin meek exec ./meek-client --log meek-client.log diff --git a/nginx/nginx.conf.example b/nginx/nginx.conf.example new file mode 100644 index 0000000..0f0b4db --- /dev/null +++ b/nginx/nginx.conf.example @@ -0,0 +1,53 @@ +# The configuration for the normal HTTPS server +server { + # Set default_server so that real content gets served by default +# listen 443 default_server; + listen [::]:443 default_server; + server_name www.example.com; + + # Boilerplate for SSL, adjust as appropriate. + ssl on; + ssl_certificate /etc/ssl/nginx/example.com.crt; + ssl_certificate_key /etc/ssl/nginx/example.com.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers !RC4:HIGH:!MD5:!aNULL:!DH; + ssl_prefer_server_ciphers on; + + # Blah blah blah, normal site specific config + root /usr/share/nginx/www; + index index.html index.htm; + location / { + index index.html; + } +} + +# Configuration for the reflector +server { +# listen 443; + listen [::]:443; + + # This does not need to be a real name, but it MUST be distinct from + # the host used for real content. + server_name meek-reflect.example.com; + + # Boilerplate for SSL/TLS (copy/paste from the other server block) + ssl on; + ssl_certificate /etc/ssl/nginx/example.com.crt; + ssl_certificate_key /etc/ssl/nginx/example.com.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers !RC4:HIGH:!MD5:!aNULL:!DH; + ssl_prefer_server_ciphers on; + + # This is where the magic happens + location / { + # Proxy traffic all traffic received with the meek Host to + # a meek-server instance. + proxy_pass http://meek.bamsoftware.com:7002; + + # Disable logging for the reflector. + access_log off; + error_log /dev/null; + } +}