Setting Up a Reverse Proxy for Security While Traveling

When traveling to countries where online privacy and security are crucial, setting up a reverse proxy can be an essential step in protecting sensitive data.

In this post, I’ll explain how I set up a reverse proxy on a VPS (Virtual Private Server) before heading out on my travels. This setup ensured my connections remained private, my data was secure, and I could access remote services from anywhere without exposing my real location or IP address.

What is a Reverse Proxy and Why Is It Important?

A reverse proxy is a server that acts as an intermediary between a client (like a laptop, smartphone, or tablet) and the internet. Instead of connecting directly to websites or services, requests are routed through the reverse proxy, which then forwards the requests to the actual server hosting the content. The response is then sent back through the reverse proxy to the client.

Using a reverse proxy while traveling serves several purposes:

• Privacy and Security: It hides the real IP address and location of the client, making it harder for anyone to track online activity.
• Bypassing Geofilters and Restrictions: Many services are blocked in certain countries. With a reverse proxy, traffic can be routed through a server in a different location to bypass these blocks.
• Accessing Remote Services Securely: If accessing private networks, such as a work server or personal cloud, a reverse proxy can securely route the connection without exposing the actual server to potential threats.

Step 1: Renting a VPS for the Reverse Proxy

Before traveling, I needed a reliable VPS (Virtual Private Server) to host the reverse proxy. A VPS offers a secure and private server environment, which is perfect for this kind of setup. After researching several providers, I chose a VPS from a company like DigitalOcean, Linode, or Vultr—all of which allow quick deployment and support various global server locations.

Step 2: Configuring the VPS

Once the VPS was set up, I logged in via SSH to configure the server. I used Ubuntu as the operating system, as it is widely supported and simple to manage. Below are the basic steps I followed to configure the VPS:

1. Accessing the VPS: I logged in using SSH to connect to the VPS. This involved copying the IP address of the server from the hosting provider’s dashboard and using a terminal on my local machine to connect via SSH:
   ssh root@<VPS-IP-ADDRESS>
2. Installing NGINX: NGINX is a lightweight and powerful web server that I used to set up the reverse proxy. To install it, I ran the following commands:
   sudo apt update
sudo apt install nginx
3. Setting Up Firewall: I configured the firewall to ensure the VPS was secure. Only necessary ports (SSH for remote access and HTTP/HTTPS for web traffic) were allowed:
   sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw allow 'Nginx Full'

Step 3: Configuring NGINX as a Reverse Proxy

With NGINX installed, the next step was to configure it to route incoming requests to the backend server. The backend server could be any web service, application, or server that needed to be accessed securely. Below is the configuration process:

• Creating the Configuration File: I created a new configuration file in the /etc/nginx/sites-available/ directory. This file defines the reverse proxy settings.
  sudo nano /etc/nginx/sites-available/reverse_proxy
• Adding the Reverse Proxy Configuration: In the configuration file, I added the following settings. This tells NGINX to forward requests to the backend server while preserving the necessary headers for secure communication:

server {
    listen 80;
    server_name <YOUR-SERVER-DOMAIN>; # Replace with your server's IP or domain name

    location / {
        proxy_pass http://<BACKEND-SERVER-IP>;  # Replace with the actual backend server's IP or domain
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

• Activating the Configuration: Once the configuration was added, I created a symbolic link in the /etc/nginx/sites-enabled/ directory to enable the configuration:
  sudo ln -s /etc/nginx/sites-available/reverse_proxy /etc/nginx/sites-enabled/
• Testing the Configuration: Before restarting NGINX, I tested the configuration for any syntax errors:
  sudo nginx -t
• Restarting NGINX: Everything looked good, so I restarted NGINX to apply the changes:
  sudo systemctl restart nginx

Step 4: Securing the Reverse Proxy with SSL

When dealing with sensitive information while traveling, it’s essential to secure the reverse proxy connection with SSL encryption. To do this, I used Let’s Encrypt to obtain a free SSL certificate for the reverse proxy server.

1. Installing Certbot: Certbot is an easy-to-use tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt. First, I installed Certbot and the necessary NGINX plugin:
   sudo apt install certbot python3-certbot-nginx
2. Obtaining the SSL Certificate: To automatically configure SSL for NGINX, I ran:
   sudo certbot --nginx
   Certbot prompted me to choose whether to redirect all HTTP traffic to HTTPS, which I chose to ensure all connections were encrypted.
3. Setting Up Automatic Certificate Renewal: SSL certificates from Let’s Encrypt are valid for 90 days, so it’s important to set up automatic renewals. Certbot automatically handles this by running a scheduled task:
   sudo certbot renew

Step 5: Using the Reverse Proxy for Secure Connections

After setting everything up, I now had a secure and private connection through the reverse proxy. All web traffic would pass through the VPS, masking my real IP and location, while providing encrypted access to the backend services.

• To access remote services securely, I simply pointed my browser or application to the reverse proxy’s public IP or domain. All traffic was now routed through the proxy, enhancing both security and privacy.

Step 6: Optional Enhancements for Better Privacy

While the reverse proxy setup already provided strong security, I opted for a few additional enhancements to further protect my data during travel:

• Using a VPN: I routed my reverse proxy traffic through a VPN to add another layer of encryption. This ensures that even if the VPS is compromised, the connection to the reverse proxy remains private.
• Tor Integration: For the utmost privacy, I also considered routing my traffic through Tor. By doing so, my real location would be completely hidden, and it would be virtually impossible for anyone to track my online activities. Tor can be integrated with NGINX to provide additional anonymity.

Final Thoughts

Setting up a reverse proxy while traveling can be a crucial step in maintaining privacy and securing sensitive data. By using a VPS, configuring NGINX as a reverse proxy, and adding SSL encryption, I ensured that all of my online activities remained private and secure, even when accessing remote services or browsing in regions with restrictive internet policies.

By following these steps, anyone can replicate this setup and enhance their privacy and security during travel, especially when accessing sensitive information or conducting important activities online.