I’m an American currently living in Moldova. Unfortunately this means that Netflix (along with many other sites) isn’t available to me here. So being the tech savvy guy that I am I thought that I would build my own.
I could have gone the easy route and set up a VPN but that would slow down all of my internet traffic. I waned to build something that would only proxy the traffic for the geographically restricted services.
After much searching I found this config generator for Haproxy on github and managed to get haproxy configured on Ubuntu 14.04 along with bind which I’m using for DNS as opposed to dnsmasq which is outlined on the github project. I used the SNA only mode for the config generator. I had a bit of credit that is about to expire from a $20 Vultr coupon so I used Vultr to host the VPS. I would recommend using something even cheaper. a $15 a year ultra low end VPS with RamNode would suffice. (edit : I tried setting this up on a Ramnode OpenVZ based VPS and it won’t work on a VPS using OpenVZ without editing OpenVZ settings on the host. Most VPS hosts won’t do that so avoid a VPS using OpenVZ) If I didn’t have the Vultr credit it’s what I would have used and after my existing credit runs out on Vultr I will probably move this over to RamNode myself. So far everything is working great on my laptop.
I’ve spend way too much time over the past couple of days trying to duplicate this same functionality using Nginx. I was attempting to use a TCP proxy to pass the SSL encrypted traffic directly to the end user. This would prevent the need for an SSL cert on the proxy server. I found and was working with this Nginx TCP proxy module but I ran into an obstacles that I don’t think I can overcome at the moment. Nginx doesn’t currently support passing the SNA host via proxy_pass. SNA proxy sport is in the development branch of 1.7. My plan was to simply forward all traffic on ports 80 and 443 to the host in the request headers.
I had planned on doing a DIY tutorial on getting this up and running with Nginx but for the moment at least, it doesn’t look like that’s going to happen.
If you need any help getting the Haproxy method working feel free to leave a comment. If I have the time and their is enough interest I could do a post on that.
Once the 1.7 branch is stable I might take another look at this but for now I’ll still with the haproxy method.
A far less expensive and even simpler solution would have been to just spend a couple of dollar for the proxy/vpn service at SmartDNSProxy.com. I’ve set it up for a couple of acquaintances that I’ve met over here and it’s working great for them. It’s what I would recommend for anyone that doesn’t want to spend the time learning how to configure Haproxy.