table <anonymous> persist file "/etc/pf/iplists/anonymsites.txt"
$ext_ip="xxx.xxx.xxx.xxx" $int_if=" " rdr on $int_if proto tcp from $clients to <anonymous> port 80 -> $ext_ip port 3129 rdr on $int_if proto tcp from $clients to <anonymous> port 443 -> $ext_ip port 3129
http_port 3129 # header_access From deny all header_access Server deny all header_access User-Agent deny all header_access WWW-Authenticate deny all header_access Link deny all header_access X-Forwarded-For deny all header_access Via deny all header_access Cache-Control deny all forwarded_for off # VPS vpn- cache_peer 10.10.10.250 parent 3128 0 no-query no-digest cache_peer_access 10.10.10.250 allow all never_direct allow all
# OpenVPN mode server tls-server port 2080 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem tls-auth /etc/openvpn/keys/ta.key 0 topology subnet ifconfig 10.10.10.1 255.255.255.0 keepalive 10 120 max-clients 10 comp-lzo cipher DES-EDE3-CBC user nobody group nogroup persist-key persist-tun verb 4 mute 20 client-to-client client-config-dir /etc/openvpn/ccd status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log
# OpenVPN client dev tun proto udp remote xxx.xxx.xxx.xxx 2080 pull topology subnet user nobody group nobody persist-key persist-tun ca /usr/local/etc/openvpn/keys/ca.crt cert /usr/local/etc/openvpn/keys/vps.crt key /usr/local/etc/openvpn/keys/vps.key tls-client tls-auth /usr/local/etc/openvpn/keys/ta.key 1 cipher DES-EDE3-CBC comp-lzo verb 3 status /var/log/openvpn-status.log log /var/log/openvpn.log mute 20
http_port 3128 # header_access From deny all header_access Server deny all header_access User-Agent deny all header_access WWW-Authenticate deny all header_access Link deny all header_access X-Forwarded-For deny all header_access Via deny all header_access Cache-Control deny all forwarded_for off
$ext_if=" " rdr on $ext_if proto tcp from any to $ext_if port 80 -> 127.0.0.1 port 8180 rdr on $ext_if proto tcp from any to $ext_if port 443 -> 127.0.0.1 port 4443
#stunnel.conf VPS pid = /var/run/stunnel.pid debug = 4 output = /var/log/stunnel.log cert = /usr/local/etc/stunnel/stunnel.cert key = /usr/local/etc/stunnel/stunnel.key sslVersion = SSLv3 options = DONT_INSERT_EMPTY_FRAGMENTS ciphers = AES256-SHA socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 compression = rle [http] client = yes accept = 8180 connect = 10.10.10.1:8180 TIMEOUTclose = 0 [https] client = yes accept = 4443 connect = 10.10.10.1:4443 TIMEOUTclose = 0
#stunnel.conf - pid = /var/run/stunnel.pid debug = 4 output = /var/log/stunnel.log cert = /usr/local/etc/stunnel/stunnel.cert key = /usr/local/etc/stunnel/stunnel.key sslVersion = SSLv3 options = DONT_INSERT_EMPTY_FRAGMENTS ciphers = AES256-SHA socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 compression = rle [http] accept = 8180 connect = 192.168.XXX.YYY:80 TIMEOUTclose = 0 [https] accept = 4443 connect = 192.168.XXX.YYY:443 TIMEOUTclose = 0
example.com
domain in DNS can map the main external ip, and the subdomain www.example.com
www.example.com
(often an alias for the main one) - ip of the remote VPS.
Source: https://habr.com/ru/post/217629/