Niko @niko@gts.niko.lgbt
Public

i am once again going to put this PSA out because i've just seen yet another case of a fedi instance doing this (and especially if you're hosting at home you should do this)

if you are using a reverse proxy to hide your origin IP, you should proxy ALL outbound requests through the same proxy server
if you don't do this all it takes to expose your origin IP is spinning up a fedi instance and getting a inbound request from your instance

GoToSocial natively supports this with the HTTP_PROXY environment variable, this instance uses https://github.com/cfal/shoes as its outbound proxy and it works great for the load i get
other fedi software likely supports similar

A high-performance multi-protocol proxy server written in Rust (HTTP, SOCKS5, Vmess, Vless, Shadowsocks, Trojan, Snell, Hysteria2, TUIC v5) - cfal/shoes

GitHub - cfal/shoes: A high-performance multi-protocol proxy server written in Rust (HTTP, SOCKS5, Vmess, Vless, Shadowsocks, Trojan, Snell, Hysteria2, TUIC v5)

A high-performance multi-protocol proxy server written in Rust (HTTP, SOCKS5, Vmess, Vless, Shadowsocks, Trojan, Snell, Hysteria2, TUIC v5) - cfal/shoes

github.com · GitHub

0
5
0

If you have a fediverse account, you can quote this note from your own instance. Search https://gts.niko.lgbt/users/niko/statuses/01KCRBF2X9AK6N1H9C3Q40KHYW on your instance and quote it. (Note that quoting is not supported in Mastodon.)