Feature Embedded proxy in your server.

[kito2]

Seems really useful!

 

[Alpha]

Hello @Mkalo

I have server in Europe, bought small VPS in US, installed there nginx, configured it to stream player packets to my gamesevrer port in EU with configuration you provided.

A.A.A.A - IP of EU server
B.B.B.B - IP of US proxy server
C.C.C.C - IP of Brazilian player

stream {
    server {
        listen 7172;
        proxy_pass A.A.A.A:7172;
    }
}

Here is example dump for one player from `tcptrack -r 5 -i eth0`

   Client             Server
C.C.C.C:49713     B.B.B.B:5061
B.B.B.B:56642     A.A.A.A:7172

And it works like a charm.

The problem is on EU server side all players have the same IP (B.B.B.B), so having a rule

iptables -A INPUT -p tcp --syn --dport 7172 -m connlimit --connlimit-above 3 -j REJECT

I will cut out every 3+ player using my US proxy.

I was trying to pass player headers to my EU server in nginx configuration, for example by

stream {
    server {
        listen 7172;
        proxy_pass_request_headers on;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass A.A.A.A:5061;
#        proxy_pass_request_headers on;
    }
}

But none of the lines (even one by one) don't cooperate with `stream`. How can I pass player's IP through stream to my server?

Facing a similar issue, have you made any progress regarding this?

I've also been playing around with adding

proxy_bind $remote_addr transparent;

to the server block, but that is essentially IP spoofing, which I suspect might be blocked by the hosts for remote servers, and even if it wasn't, I don't think this method would be applicable with TFS anyway, see IP Transparency and Direct Server Return with NGINX Plus

I thought of a way in which the real ip would get placed in a column in the players table by the login server, and the game server would then use that upon connecting the player to the game. However, there is a flaw in this system, for example: Player 1 opens the char list on account A, Player 2 opens the char list on account A, Player 1 connects to the game -> the game server will display Player 2's IP address.
If anyone has more insight regarding networking, or potential solutions to this problem, it would be appreciated. In the end it would still be best if the game server could somehow detect the real client IP through the proxy.

 

[GSMaster]

hello, I have a question I never used NGINX, do I think how good it should work:

1. Server (Europe) = OTS
2. Server BR (or US) = Proxy (with NGINX configured)

player Connect to server (1) > player have set use proxy > server (1) change proxy user to (2) > player login to server ?? right?

 

[kor]

@sick7 My case is a little different. I'm using The Forgotten Login Server (Milice/forgottenloginserver) which is hosted on EU machine so I always have the real IP address of connecting player. Answering your question, I didn't made any progress with passing player IP, so still if player connect to my EU server through USA proxy, every of them has the IP of USA proxy ingame. Reffering to my problem with iptables rules I have modified them to

ptables -A INPUT -p tcp --dport 7172 -s USA_IP -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 7172 -m connlimit --connlimit-above 3 -j REJECT

So if there is more than 3 connections from the same IP they will be rejected except those from USA proxy.

@GSMaster Not exactly, if you have prepared characters list correctly (entry with seleted character point to your BR IP), player will connect to your EU server through this proxy, not only during login but whole game.

 

[Alpha]

@sick7 My case is a little different. I'm using The Forgotten Login Server (Milice/forgottenloginserver) which is hosted on EU machine so I always have the real IP address of connecting player. Answering your question, I didn't made any progress with passing player IP, so still if player connect to my EU server through USA proxy, every of them has the IP of USA proxy ingame. Reffering to my problem with iptables rules I have modified them to

ptables -A INPUT -p tcp --dport 7172 -s USA_IP -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 7172 -m connlimit --connlimit-above 3 -j REJECT

So if there is more than 3 connections from the same IP they will be rejected except those from USA proxy.

@GSMaster Not exactly, if you have prepared characters list correctly (entry with seleted character point to your BR IP), player will connect to your EU server through this proxy, not only during login but whole game.

The only problem I have is having players connect to the game server via the proxy while still being able to detect their real IP address on the game server. I also use a seperate login server on another machine, but that doesn't really matter, even if one didn't they would have the same issue.
Tagging @Don Daniello, maybe he's got some useful insight on the matter as he started a discussion about proxy servers once (OT Server Proxy)

 

[roriscrave]

it work in tfs 0.4 whitout modifications in the codes?

it work in tfs 0.4 whitout modifications in the codes?

When I add this proxy script, when I try to log in only to account and then not login, what can it be?

 

[guhsvasc]

what the point of this?

 

[drakylucas]

what the point of this?

It's about tunneling into a better route (so users far away from the host can have lower latency and play smoothly) made inside the server.

 

[roriscrave]

This was made in TFS 1.3 but should work in any TFS distribution as long you implement it correctly.

View attachment 29645

It works by changing the gameserver ip and port that the client is going to connect to. The proxyId is bound to the account and should be changed through your website. I won't provide any web page for this as there is too many AAC's so if you use it please consider sharing the page code with everyone (It would be nice since you are using this for free.)

You can add as many proxies you want in config.lua, tho it won't check if the proxy is alive or not.

Changes:
proxyList.patch · GitHub

And this in the database:

ALTER TABLE `accounts` ADD `proxy_id` INT NOT NULL DEFAULT '0' AFTER `lastday`;

How to setup your proxy using nginx:

Run:

sudo nano /etc/nginx/nginx.conf

Add this:

stream {
    server {
        listen YOUR_PROXY_PORT;
        proxy_pass SERVER_IP:SERVER_PORT;
    }
}

Save it and run:

sudo nginx -s reload

i need nginx installed in the 2 machines?
machine proxy and host proxy?

 

[kor]

No, you need only nginx on proxy server, because configuration posted by Mkalo is for nginx. On your "real" server you can have any other like lighttpd or apache.

 

[roriscrave]

when the proxy is active, all players enter with the same IP, but I did not see improvement in relation to PING, did I do something wrong?

my host is in the usa
my proxy is in BR
the players are in BR

 

[kor]

In my case also all players have the same IP if any of them is connecting through proxy. That's why I asked Mkalo how to avoid that and here is his reply:

Have your tried with:

proxy_bind $remote_addr transparent;

?

But sadly my version of nginx don't support "transparent" parameters

About ping improvement, you don't see difference because your proxy is in BR and players are from BR. In my case, I have proxy in USA, server in EU and players connecting from South America through proxy have even 80 ms better ping than directly connected to server in EU.

 

[klenio0]

In my case also all players have the same IP if any of them is connecting through proxy. That's why I asked Mkalo how to avoid that and here is his reply:


But sadly my version of nginx don't support "transparent" parameters

About ping improvement, you don't see difference because your proxy is in BR and players are from BR. In my case, I have proxy in USA, server in EU and players connecting from South America through proxy have even 80 ms better ping than directly connected to server in EU.

I have a vps with nginx plus, nginx plus supports "transparent" parameters. Would you like to try some progress on the proxy on this machine?

 

[Fortera Global]

Has anyone installed it, changed the ping (lag)? I installed everything but the ping remains the same, it seems that there was no difference (in my case). The character's IP changed, but it made no difference, using VPS BR and CA for tests. It looks like host ping prevailed.

 

[chekybrekyv]

can someone add script to log all IPS and character logged in information into file for this? and also gesior version if anyone got it here??

 

[kor]

I would like to help you, but I don't undersyand you

 

[chekybrekyv]

I would like to help you, but I don't undersyand you

u login through server you will have proxy IP no ? make proxy log character name : IP

 

[Olddies]

sorry for my ignorance but do i have to put the file proxyList.patch somewhere? or i just need to do the part of the nginx and it will be working?

 

[Olddies]

nvm was trying to add it to othire but i think it wont work :=)

 

[swordman]

The Nginx part is also giving me issues.

Using Linux Debian 8.11

● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: failed (Result: exit-code) since Wed 2019-02-20 11:25:21 EST; 9s ago
  Process: 2584 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 2573 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 2670 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 2574 (code=exited, status=0/SUCCESS)

Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx nginx[2670]: nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:16
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx nginx[2670]: nginx: configuration file /etc/nginx/nginx.conf test failed
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx systemd[1]: nginx.service: control process exited, code=exited status=1
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx systemd[1]: Unit nginx.service entered failed state.
[email protected]:~# service nginx restart