Best way to setup reverse proxy for lower latency and speed

Hello LES members,
Just need some idea to setup a reverse proxy (bouncer proxy) to act as exit node to the web.
I have a few VPS(s) in Europe, USA and used it for personal media server as well as host some personal websites and a owncloud server in NL.
I need to mainly decrease the latency as well as extra hops if possible for my VPS which is running in Europe & USA.
I have a VPS on vultr in New Delhi (which is the closet location from home) and me and some friends nearby this location are accessing it.

Host Server (A) <-------> Vultr VPS - Act as reverse proxy (B) <---- WWW (Internet)

In short I need all the web traffic enter and exit thrue Vultr VPS and it is communicating on internal network to my Host VPS(s)

what is the best way to archive this.. any idea/suggestion welcomed

Thanks!

Comments

  • haproxy is pretty easy to set up, it's what I use.

    Although your reasons for wanting to do this seem a bit odd. You'll actually be increasing latency to the servers unless you happen to have a really terrible route from where you are to your servers, but a really good route from you to Vultr and from Vultr to your servers.

    You'll also be making the latency substantially worse for anyone close to the current servers, as everything will require a pointless roundtrip to India, so it doesn't seem sensible to use it for anything public facing.

    Thanked by (1)hostaspace
  • You could try to optimize your latency towards india using your current vps's yes.
    mesh vpn with latency optimization could possibly do something.

    However, why not just use a CDN?

    Thanked by (1)hostaspace
  • edited May 2023

    nginx and openresty are powerful, and the latency is acceptable.
    Or you can try caddy or haproxy

    Thanked by (1)hostaspace
  • @ralf said: Although your reasons for wanting to do this seem a bit odd. You'll actually be increasing latency to the servers unless you happen to have a really terrible route from where you are to your servers, but a really good route from you to Vultr and from Vultr to your servers.

    you are right.. its very terrible routing from my location to the servers in compression from vultr.

    @Neoon said: However, why not just use a CDN?

    Hum...! low end sprit. As i transfer almost 1-1.5 TB of data from owncloud and mediaserver alone which is very expensive to use over cdn but, yes i use web applications over cloudflare and cloudfront cdn.

    @dwight said: nginx and openresty are powerful, and the latency is acceptable.

    yea I'm learning about it, will give a try.

  • @Neoon said: mesh vpn with latency optimization could possibly do something.

    can i use tailscale between host and remote server alongside reverse proxy ?

    host server <-----tailscale------> vps (with reverse proxy. eg, nginx) <-----> WWW

  • @hostaspace said:

    @Neoon said: mesh vpn with latency optimization could possibly do something.

    can i use tailscale between host and remote server alongside reverse proxy ?

    host server <-----tailscale------> vps (with reverse proxy. eg, nginx) <-----> WWW

    I have been using tailscale to connect to my server's local networks and although the speeds are poor (10~100 Mbps compared to 1Gbps) it is good enough for small file transfers and SSH connections.

    If it’s not broken, keep fixing it until it is. Blink twice if you agree.

  • edited May 2023

    @somik yes that's what I doubt of in beginning after reading posts on reddit users. What abt vpn.

  • You can also try sniproxy. If you are using https, sniproxy won't decrypt traffic

  • @hostaspace said:
    @somik yes that's what I doubt of in beginning after reading posts on reddit users. What abt vpn.

    I used wireguard and OpenVPN previously. Speeds were definitely better but I had issues with the VPN crashing after I used it for a week or two and although reboot helped initially, after a while, even rebooting did not get it to work. I had to reinstall the VPN to get it to work.

    I used pivpn to setup those vpns on ubuntu x64 servers. So it could be configuration issue, dunno.

    If it’s not broken, keep fixing it until it is. Blink twice if you agree.

  • FrankZFrankZ Moderator

    For a home to VPS VPN tunnel I personally have found tinc to be the most resilient. If it drops it will automatically reconnect. I have a very low speed internet connection at home so I can't say how tinc would work regarding throughput.

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • @hostaspace said:

    @Neoon said: mesh vpn with latency optimization could possibly do something.

    can i use tailscale between host and remote server alongside reverse proxy ?

    host server <-----tailscale------> vps (with reverse proxy. eg, nginx) <-----> WWW

    I don't use tailscale, so no idea.
    I do use my own wg-mesh.

  • Are you sure that a reverse proxy is even what you actually want?

    For your use case, it sounds like these websites are all for personal use. If so, you might be better setting up your Vultr node as a private VPN that uses wireguard between you and it and then accesses the existing site directly. You could even route your web traffic over another wireguard connection between it and your web server (as you'd probably do anyway with reverse proxy). If it's just for you, a few friends and family, you can just create as many wireguard endpoints as you need for all your devices.

    The only reason I'd think of for not doing that is that you really do intend this to be shared by many others or if wireguard/UDP traffic is filtered by your ISP.

  • thanks for all the suggestion.. Trying wg, overall things are looking good .

  • All the ideas so far are pretty good - wireguard, tinc, haproxy. If you're mostly interested in web browsing (the diagram says "www") then another option is to just use SOCKS. Very simple to set up, and you can adjust the proxyconf.pac to exclude certain sites/domains (e.g. if local or geoblocked).

  • edited May 2023

    Don't know if it serve your purpose. We use bunny pullzone as reverse proxy for one of our application(The best part is it can secure the layer 7 attacks as they claims) and also protect your origin load, and you can also route your traffic to the closest location from their newly introduced routing traffic feature. Only draw back is that they don't support websockets, and they said its in their roadmap. If you use volume tier, b/w will cost you 0.005 /gb. Regarding latency, if you want to truly reduce your global latency, You have to implement geo dns and then a loadbalancer that can route your traffic through the closest location to the closest node in the backen.

  • As it is a personal project website and data sharing i just need to proxy from a specific location to decrease the latency used by me and few mates, also huge data transfers (sometimes 1-2TB/day) so don't want to use a commercial cdn on this to save some cash :p , one of my dna modeling app & apis using akami EdgeDNS and Cloudflare pass-through for the same.

    Right now wg does its job and somewhat happy. Reading about GRE tunneling may be try after sometime as its look more beneficial. > @sreekanth850 said:

    Don't know if it serve your purpose. We use bunny pullzone as reverse proxy for one of our application(The best part is it can secure the layer 7 attacks as they claims) and also protect your origin load, and you can also route your traffic to the closest location from their newly introduced routing traffic feature. Only draw back is that they don't support websockets, and they said its in their roadmap. If you use volume tier, b/w will cost you 0.005 /gb. Regarding latency, if you want to truly reduce your global latency, You have to implement geo dns and then a loadbalancer that can route your traffic through the closest location to the closest node in the backen.

Sign In or Register to comment.