How to run behind reverse proxy #312
Comments
|
I recently solved a similar problem, but I have been running mtg in Kubernetes with Traefik as the Ingress controller. Here are the key points of the manifest I used to run it: apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy-mtg
namespace: apps
labels: {app: "proxy-mtg"}
spec:
replicas: 1
selector: {matchLabels: {app: "proxy-mtg"}}
template:
metadata: {labels: {app: "proxy-mtg"}}
spec:
automountServiceAccountToken: false
containers:
- name: "proxy-mtg"
image: "ghcr.io/9seconds/mtg:2.1.7"
args:
- simple-run
- 0.0.0.0:443
- <SECRET_HERE>
- --concurrency=512
- --prefer-ip=prefer-ipv4
- --domain-fronting-port=443
- --doh-ip=9.9.9.9
- --antireplay-cache-size=1MB
ports:
- {name: tg-proxy-port, containerPort: 443, protocol: TCP}
---
apiVersion: v1
kind: Service
metadata:
name: proxy-mtg-service
namespace: apps
labels: {app: "proxy-mtg"}
spec:
type: ClusterIP
selector: {app: "proxy-mtg"}
ports:
- name: proxy-mtg-tcp-port
protocol: TCP
port: 443
targetPort: 443
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: proxy-mtg-http-tcp-ingress
namespace: apps
spec:
entryPoints: [websecure]
routes:
# IMPORTANT: You need to regenerate the secret whenever the domain name is changed!
- match: HostSNI(`mtg.example.com`)
services: [{name: "proxy-mtg-service", namespace: apps, port: 443}]
tls: {passthrough: true} # <-- IMPORTANTI would be happy if this helps save someone time 🐱 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi
The mentioned repository in #162 no longer exists, also that answer is for v1.
Can you provide a guide on how to share 443 of the host with other services like Nginx or Traefik?
I have a Traefik reverse proxy on my host that uses port 443, other services like nginx, open-connect, ... are behind that, I know nothing about Fake TLS, Please help me to run mtg v2 behind a reverse proxy.
Thank you.
The text was updated successfully, but these errors were encountered: