security with rathole

using nginx to forward proxy protocol

21 Apr 2024

#selfhost
#networking
#security

# what is rathole

“rathole” is a performant and lightweight reverse proxy for NAT traversal. Out of the box, it does not forward packets that allow the server (rathole’s clients) to identify the clients (those who are accessing the page) address. This is addressed by the proxy protocol.

# implementing the proxy protocol with nginx

A workaround was proposed using nginx’s stream module. It is possible to send along data using the proxy protocol like this:

# /etc/nginx.conf

events {}

stream {
    server {
        listen          80;
        proxy_pass      rathole:80;
        proxy_protocol  on;
        error_log off;
    }
    server {
        listen          443;
        proxy_pass      rathole:443;
        proxy_protocol  on;
        error_log off;
    }
}