Alpha Proxy Guide (kondrah/otclient multi-path proxy)

[Gesior.pl]

Just a passing thought - maybe we can receive the "login proxy" list over http when the client is opened - that'd keep me happy haha

You can set list of proxies in init.lua, login to account (with OTCv8 proxy system, it will pick 1 working proxy to send login packet), get new list of proxies in login packet, call g_proxy.clear() to remove all proxies (OTCv8 does it by default, Mehah does not) and add new proxies to client. It will use new proxies to connect to OTS.

I didn't want to hard code anything, since I also use multiple login proxies for failover, the same way CipSoft does it, just in case one of them goes down.

How do you use multiple login proxies for failover without proxy system? Using some external load balancer with HTTP protocol to login?
From first post description, it looks like you must put 1 of haproxy IPs as server IP in client, set login port to 7100 and it will connect using it (no failover) or you login to account using IP of dedic with OTS, which makes this system absolutely useless. If attacker can get real OTS IP, he can DDoS it and OTCv8 proxy becomes useless.

 

[Alpha]

How do you use multiple login proxies for failover without proxy system? Using some external load balancer with HTTP protocol to login?
From first post description, it looks like you must put 1 of haproxy IPs as server IP in client, set login port to 7100 and it will connect using it (no failover) or you login to account using IP of dedic with OTS, which makes this system absolutely useless. If attacker can get real OTS IP, he can DDoS it and OTCv8 proxy becomes useless.

You can add a seperate listening port in the HAProxy configuration on the forward proxy servers for the login protocol, which will forward to another HAProxy instance running on the backend game server, which in turn can foward to TFS (assuming you still use the protocollogin that is included in TFS). So the login protocol flow would be: Client -> Forward Proxy (HAProxy) -> Backend (HAProxy) -> TFS
For failover you can simply adjust the code of OTClients entergame.lua module and make it try different login servers the same way the original CipSoft client does it. If one login server times out, it will move down to the next and try again, and only display a final error message if all of them fail. Users do never connect directly to the game server, so no, the backend IP will never be exposed.

Example configs:

Forward Proxy haproxy.cfg (for example login01.example.com, login02.example.com, login03.example.com etc)

# Login protocol
listen l3
        bind 0.0.0.0:6003
        mode tcp
        server srv1 <your backend ip>:6003 send-proxy-v2

Backend haproxy.cfg

# Login protocol
listen l1
        bind 0.0.0.0:6003 accept-proxy
        mode tcp
        server srv1 127.0.0.1:7171 send-proxy-v2

Of course, due to forwarding the request to TFS using the PROXY v2 protocol, you will need code in the game server to parse the TCP headers properly and restore the users real IP address from the PROXY v2 protocol. If you use a standalone login server, like TFLS from Milice, then you don't really need to proxy the login protocol at all if you don't run the login servers on the same host as the game server.