Content Delivery Networks, or CDNs, are a popular way to improve the performance of websites and web-based applications by caching content and delivering it to users from a location that is closer to them.
CDNs can also be used to obscure the IP address of a VPN server, making it more difficult for censors to block access to it. In this article, I will explain how a CDN can be used to hide the IP address of a Virtual Private Network (VPN) server.
A VPN allows users to securely connect to a private network over the internet to access resources on that network or hide their internet activity from third parties.
VPN servers can be configured to use a domain name instead of an IP address, which can then be configured to resolve to the IP address of a CDN edge servers.
When clients connect to the VPN server, they will actually connect to the CDN edge servers, which will forward the connection to the VPN server.
CDN edge servers can connect to servers through ports 80 (for HTTP) and 443 (for HTTPS). This means that if you want to use a CDN to hide the IP address of a VPN server, the VPN server will need to be configured to listen on one of these ports.
It is worth noting that some CDN providers, such as Cloudflare, support the gRPC protocol, which can be used for VPN traffic in addition to HTTP/2 and WebSocket. This may provide an additional option for routing VPN traffic through a CDN.
Suppose you plan to run multiple services on the same port, such as port 443 (the default port for HTTPS). Using a reverse proxy, you can run multiple services on the same port and forward requests to the appropriate service based on the request’s destination.
This can be especially useful if you want to hide a VPN service behind a web server like Nginx, as you can use the reverse proxy to forward VPN requests to the VPN service.
Hiding your VPS IP address behind CDN edge servers can be done by following these steps:
- Connect your domain to a CDN provider such as Cloudflare or Arvancloud
- Install Sing-Box on your VPS server
- Create Subdomains
- Get Certificates
- Install & Configure Nginx
- Turn on the Cloud Proxy for WebSocket Traffic
- Connect to your server using subdomains instead of IP addresses
