Feature Embedded proxy in your server.

sick7

Relentless
Joined
Apr 3, 2011
Messages
269
Reaction score
35
Location
South Korea
Hello @Mkalo

I have server in Europe, bought small VPS in US, installed there nginx, configured it to stream player packets to my gamesevrer port in EU with configuration you provided.

A.A.A.A - IP of EU server
B.B.B.B - IP of US proxy server
C.C.C.C - IP of Brazilian player
Code:
stream {
    server {
        listen 7172;
        proxy_pass A.A.A.A:7172;
    }
}
Here is example dump for one player from `tcptrack -r 5 -i eth0`
Code:
   Client             Server
C.C.C.C:49713     B.B.B.B:5061
B.B.B.B:56642     A.A.A.A:7172
And it works like a charm.

The problem is on EU server side all players have the same IP (B.B.B.B), so having a rule
Code:
iptables -A INPUT -p tcp --syn --dport 7172 -m connlimit --connlimit-above 3 -j REJECT
I will cut out every 3+ player using my US proxy.

I was trying to pass player headers to my EU server in nginx configuration, for example by
Code:
stream {
    server {
        listen 7172;
        proxy_pass_request_headers on;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass A.A.A.A:5061;
#        proxy_pass_request_headers on;
    }
}
But none of the lines (even one by one) don't cooperate with `stream`. How can I pass player's IP through stream to my server?
Facing a similar issue, have you made any progress regarding this?

I've also been playing around with adding
Code:
proxy_bind $remote_addr transparent;
to the server block, but that is essentially IP spoofing, which I suspect might be blocked by the hosts for remote servers, and even if it wasn't, I don't think this method would be applicable with TFS anyway, see IP Transparency and Direct Server Return with NGINX Plus

I thought of a way in which the real ip would get placed in a column in the players table by the login server, and the game server would then use that upon connecting the player to the game. However, there is a flaw in this system, for example: Player 1 opens the char list on account A, Player 2 opens the char list on account A, Player 1 connects to the game -> the game server will display Player 2's IP address.
If anyone has more insight regarding networking, or potential solutions to this problem, it would be appreciated. In the end it would still be best if the game server could somehow detect the real client IP through the proxy.
 

GSMaster

Why? for money
Joined
Oct 26, 2008
Messages
157
Reaction score
8
Location
HKS <3
hello, I have a question I never used NGINX, do I think how good it should work:

1. Server (Europe) = OTS
2. Server BR (or US) = Proxy (with NGINX configured)

player Connect to server (1) > player have set use proxy > server (1) change proxy user to (2) > player login to server ?? right?
 

kor

PHP ziom
Premium User
Joined
Jul 12, 2008
Messages
86
Reaction score
50
Location
Bialystok, Poland
@sick7 My case is a little different. I'm using The Forgotten Login Server (Milice/forgottenloginserver) which is hosted on EU machine so I always have the real IP address of connecting player. Answering your question, I didn't made any progress with passing player IP, so still if player connect to my EU server through USA proxy, every of them has the IP of USA proxy ingame. Reffering to my problem with iptables rules I have modified them to
PHP:
ptables -A INPUT -p tcp --dport 7172 -s USA_IP -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 7172 -m connlimit --connlimit-above 3 -j REJECT
So if there is more than 3 connections from the same IP they will be rejected except those from USA proxy.

@GSMaster Not exactly, if you have prepared characters list correctly (entry with seleted character point to your BR IP), player will connect to your EU server through this proxy, not only during login but whole game.
 

sick7

Relentless
Joined
Apr 3, 2011
Messages
269
Reaction score
35
Location
South Korea
@sick7 My case is a little different. I'm using The Forgotten Login Server (Milice/forgottenloginserver) which is hosted on EU machine so I always have the real IP address of connecting player. Answering your question, I didn't made any progress with passing player IP, so still if player connect to my EU server through USA proxy, every of them has the IP of USA proxy ingame. Reffering to my problem with iptables rules I have modified them to
PHP:
ptables -A INPUT -p tcp --dport 7172 -s USA_IP -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 7172 -m connlimit --connlimit-above 3 -j REJECT
So if there is more than 3 connections from the same IP they will be rejected except those from USA proxy.

@GSMaster Not exactly, if you have prepared characters list correctly (entry with seleted character point to your BR IP), player will connect to your EU server through this proxy, not only during login but whole game.
The only problem I have is having players connect to the game server via the proxy while still being able to detect their real IP address on the game server. I also use a seperate login server on another machine, but that doesn't really matter, even if one didn't they would have the same issue.
Tagging @Don Daniello, maybe he's got some useful insight on the matter as he started a discussion about proxy servers once (OT Server Proxy)
 

roriscrave

Intermediate OT User
Joined
Dec 7, 2011
Messages
401
Reaction score
39
it work in tfs 0.4 whitout modifications in the codes?

it work in tfs 0.4 whitout modifications in the codes?
When I add this proxy script, when I try to log in only to account and then not login, what can it be?
 
Last edited by a moderator:

roriscrave

Intermediate OT User
Joined
Dec 7, 2011
Messages
401
Reaction score
39
This was made in TFS 1.3 but should work in any TFS distribution as long you implement it correctly.

View attachment 29645

It works by changing the gameserver ip and port that the client is going to connect to. The proxyId is bound to the account and should be changed through your website. I won't provide any web page for this as there is too many AAC's so if you use it please consider sharing the page code with everyone (It would be nice since you are using this for free.)

You can add as many proxies you want in config.lua, tho it won't check if the proxy is alive or not.

Changes:
proxyList.patch · GitHub

And this in the database:
SQL:
ALTER TABLE `accounts` ADD `proxy_id` INT NOT NULL DEFAULT '0' AFTER `lastday`;
How to setup your proxy using nginx:

Run:
Code:
sudo nano /etc/nginx/nginx.conf
Add this:
Code:
stream {
    server {
        listen YOUR_PROXY_PORT;
        proxy_pass SERVER_IP:SERVER_PORT;
    }
}
Save it and run:
Code:
sudo nginx -s reload
i need nginx installed in the 2 machines?
machine proxy and host proxy?
 

kor

PHP ziom
Premium User
Joined
Jul 12, 2008
Messages
86
Reaction score
50
Location
Bialystok, Poland
No, you need only nginx on proxy server, because configuration posted by Mkalo is for nginx. On your "real" server you can have any other like lighttpd or apache.
 

roriscrave

Intermediate OT User
Joined
Dec 7, 2011
Messages
401
Reaction score
39
when the proxy is active, all players enter with the same IP, but I did not see improvement in relation to PING, did I do something wrong?

my host is in the usa
my proxy is in BR
the players are in BR
 

kor

PHP ziom
Premium User
Joined
Jul 12, 2008
Messages
86
Reaction score
50
Location
Bialystok, Poland
In my case also all players have the same IP if any of them is connecting through proxy. That's why I asked Mkalo how to avoid that and here is his reply:
Have your tried with:
Code:
proxy_bind $remote_addr transparent;
?
But sadly my version of nginx don't support "transparent" parameters :(

About ping improvement, you don't see difference because your proxy is in BR and players are from BR. In my case, I have proxy in USA, server in EU and players connecting from South America through proxy have even 80 ms better ping than directly connected to server in EU.
 

klenio0

Well-Known Member
Joined
May 10, 2010
Messages
80
Reaction score
0
In my case also all players have the same IP if any of them is connecting through proxy. That's why I asked Mkalo how to avoid that and here is his reply:


But sadly my version of nginx don't support "transparent" parameters :(

About ping improvement, you don't see difference because your proxy is in BR and players are from BR. In my case, I have proxy in USA, server in EU and players connecting from South America through proxy have even 80 ms better ping than directly connected to server in EU.

I have a vps with nginx plus, nginx plus supports "transparent" parameters. Would you like to try some progress on the proxy on this machine?
 

Impera-Global

Member
Joined
Dec 16, 2017
Messages
50
Reaction score
10
Has anyone installed it, changed the ping (lag)? I installed everything but the ping remains the same, it seems that there was no difference (in my case). The character's IP changed, but it made no difference, using VPS BR and CA for tests. It looks like host ping prevailed.
 

chekybrekyv

Banned User
Joined
Oct 15, 2018
Messages
113
Reaction score
60
can someone add script to log all IPS and character logged in information into file for this? and also gesior version if anyone got it here??
 

Olddies

www.tibianas.com
Joined
Nov 21, 2009
Messages
858
Reaction score
157
Location
Rep.Dom
sorry for my ignorance but do i have to put the file proxyList.patch somewhere? or i just need to do the part of the nginx and it will be working?
 

Olddies

www.tibianas.com
Joined
Nov 21, 2009
Messages
858
Reaction score
157
Location
Rep.Dom
nvm was trying to add it to othire but i think it wont work :=)
 

swordman

Intermediate OT User
Joined
Jun 5, 2011
Messages
390
Reaction score
4
The Nginx part is also giving me issues.

Using Linux Debian 8.11

Code:
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: failed (Result: exit-code) since Wed 2019-02-20 11:25:21 EST; 9s ago
  Process: 2584 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 2573 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 2670 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 2574 (code=exited, status=0/SUCCESS)

Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx nginx[2670]: nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:16
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx nginx[2670]: nginx: configuration file /etc/nginx/nginx.conf test failed
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx systemd[1]: nginx.service: control process exited, code=exited status=1
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Feb 20 11:25:21 xxxxxxxxxxxxxxxxxxxxxxxxxx systemd[1]: Unit nginx.service entered failed state.
[email protected]:~# service nginx restart
 
Top