VPN Router for Home Networks

Using a reverse proxy to conceal VPN service

To conceal the existence of your VPN service from monitors, you can set up a reverse proxy using a web server such as Nginx or Caddy.

To do this, you need to configure the webserver to forward incoming requests to the inbound port of the VPN service. This will allow the VPN service to operate behind the web server, effectively hiding it from view.

One advantage of using a web server as a reverse proxy is that it allows you to hide multiple inbound services behind the reverse proxy, all while using the same port (such as port 443 for HTTPS).

This can be useful if you want to provide multiple services, such as a VPN, a web server, and other services, all from the same server, without exposing each service individually.

Sing-Box Behind Nginx example:

  1. Create subdomains
  2. Install Sing-Box
  3. Download and customize sing-box config on your server:
    curl https://raw.githubusercontent.com/bitcoinvps/singbox-vpn/main/nginx-cdn/server/config.json > /etc/sing-box/config.json
  4. Get certificates
  5. Install Nginx and edit its config file
  6. Optionally you can also hide your VPS server IP address behind a CDN like Cloudflare or Arvancloud CDN.

Connecting Clients:

The most efficient method to connect all your devices is to use a Sing-Box as your home VPN gateway. Another option is to install and use a compatible VPN client on each device. All outbound should set to connect through port 443.

Download config.json for your Sing-Box client:

curl https://raw.githubusercontent.com/bitcoinvps/singbox-vpn/main/nginx-cdn/client/config.json > /etc/sing-box/config.jsonCode language: JavaScript (javascript)

If assistance is needed with customizing the config.json file on either side, refer to the inbound/outbound sections outlined in this configuration:

Trojan TLS over TCP → Inbound / Outbound

Trojan TLS over WebSocket → Inbound / Outbound

VMess TLS over TCP → Inbound / Outbound

VMess over WebSocket → Inbound / Outbound

VMess TLS over WebSocket → Inbound / Outbound

Hiding your VPS IP address behind CDN edge servers, acting as a proxy, can be achieved by replacing your SERVER-IP-ADDRESS with subdomains.

It’s important to note that while using a reverse proxy can help to conceal a VPN service from monitors, it is not a foolproof method for protecting the privacy of VPN users. Other factors, such as the use of encryption and secure protocols, also need to be considered when setting up a VPN service.

As a warning, always keep in mind the potential risks of using a single server for your VPN. For further information, refer to our post on multi-hop VPNs.

,