NGINX TIPS


Overview

NGINX is our recommended method of setting up a proxy since it is fast, requires few resources, and has caching support. You will need a server with root access in order to compile and use NGINX. Don't use a precompiled binary from your distributions repos (e.g. apt-get install package) since it will not have the required modules.



NGINX Method

With the NGINX method, you will compile NGINX from source in order to include the substitutions module. The substitutions module allows NGINX to search and replace text on the pages. Once set up, the NGINX server will serve as a fully functioning reverse proxy without the need for any server side code or scripts.

In order to compile NGINX, you will need root access to a Linux based server

1. Once you have your server online you will want to get NGINX compiled and installed.

To do this, we will first need to install some packages.

a) If you're using a Debian based OS (e.g. Ubuntu), run this:

apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev gcc make git wget

b) If you're using a Red Hat based OS (e.g. Centos), run this:

yum install -y zlib zlib-devel pcre pcre-devel openssl openssl-devel gcc make git wget tar

2. Now that the packages are installed, we will download the NGINX source code to the /tmp/nginx directory and compile it.

You can find the latest version here .

mkdir -p /tmp/nginx;cd /tmp/nginx
wget https://nginx.org/download/nginx-1.16.1.tar.gz

3. We need to download the substitutions module in order to make text and regex replacements with the proxy.

Clone the Github repository with the following command.

git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git

4. Extract the source.

tar xzvf nginx-1.16.1.tar.gz;cd nginx-1.16.1

5. Now we can configure NGINX. Ensure that the substitutions module folder path is correct.

See this link for more configuration options.

./configure --with-http_ssl_module --add-module=/tmp/nginx/ngx_http_substitutions_filter_module

6. Now we can compile and install NGINX. It will be installed to /usr/local/nginx/ by default.

make && make install

7. Test if NGINX is working by starting it

Note: If logged in as root, you don't need the sudo command

sudo /usr/local/nginx/sbin/nginx

8. Check if it's working by typing in your server IP in your web browser. You should see the "Welcome to NGINX!" message.

If it's working, stop NGINX with the following command now so we can configure it.

If it's not working, ensure nothing else is running on port 80 ( link ) or try checking Google for a solution.

If you're using a Centos/RHEL based Linux distro, ensure your firewall is allowing HTTP traffic, see this link

sudo /usr/local/nginx/sbin/nginx -s stop

9. Rename the default config file so we've got a copy of the original config

cd /usr/local/nginx/conf;mv nginx.conf nginx.conf-backup

10. Copy the following config and insert it into nginx.conf using a text editor such as nano or vi. (e.g. nano nginx.conf). Change yourdomain.com to your own domain in the config.

For more information on how to configure NGINX, see this link.

Update: April 2020 The NGINX config has been updated for the new TPB update. We have also added caching support

worker_processes auto; events {worker_connections 1024;} http { include mime.types; default_type application/octet-stream; proxy_ssl_server_name on; sendfile on; gzip on; #Logs access_log logs/access.log; error_log logs/error.log; #Enable Caching proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=12h max_size=500m; server { listen 80; server_name yourdomain.com; #Redirects proxy_redirect https://thepiratebay.org http://$host; proxy_redirect http://thepiratebay.org http://$host; #Other URI's location = / {return 301 /index.html;} location /session {return 302 /;} location ~ /torrent/(?<myvar>[0-9]+)/ {return 301 /description.php?id=$myvar;} location ~ /search/(?<myvar>.+)/0/ {return 301 /search.php?q=$myvar;} #Root URI - 1 day cache location / { proxy_pass https://thepiratebay.org; proxy_set_header Host thepiratebay.org; proxy_set_header Referer 'https://thepiratebay.org'; proxy_set_header Accept-Encoding ""; proxy_set_header CF-Connecting-IP ""; proxy_cache_valid 200 1d; expires 1d; proxy_ignore_headers Expires Cache-Control Set-Cookie; proxy_cache STATIC; add_header Cache-Control public; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; #Substitutions subs_filter_types 'application/javascript'; subs_filter '<a href="http://piratebayztemzmv.onion" title="tor address">TOR</a> |' '<b><a href="https://proxybay.gdn" title="Proxy List">Proxy List</a></b> |'; subs_filter 'https://torrindex.net' "http://$host/torrindexp"; subs_filter 'https://apibay.org' "http://$host/apip"; subs_filter '<a href="/session/" title="Login/Upload">Login/Upload</a> |' ''; subs_filter '<a href="/session/" title="Register">Register</a>' ''; subs_filter '<a href="/session/" title="Login">Login</a> |' ''; subs_filter '<a href="" title="Register">Register</a>' ''; subs_filter 'https://thepiratebay.org' http://$host; subs_filter 'thepiratebay.org' $host; } #API URI - 1 day cache location /apip/ { proxy_pass https://apibay.org/; proxy_set_header Host apibay.org; proxy_set_header Referer 'https://thepiratebay.org'; proxy_set_header Accept-Encoding ""; proxy_set_header CF-Connecting-IP ""; proxy_cache_valid 200 1d; expires 1d; proxy_ignore_headers Expires Cache-Control Set-Cookie; proxy_cache STATIC; add_header Cache-Control public; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } #Recent URI - 1 hour cache location /apip/precompiled/data_top100_recent.json { proxy_pass https://apibay.org/precompiled/data_top100_recent.json; proxy_set_header Host apibay.org; proxy_set_header Referer 'https://thepiratebay.org'; proxy_set_header Accept-Encoding ""; proxy_set_header CF-Connecting-IP ""; proxy_cache_valid 200 1h; expires 1h; proxy_ignore_headers Expires Cache-Control Set-Cookie; proxy_cache STATIC; add_header Cache-Control public; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } #Torrindex URI - 30 day cache location /torrindexp { proxy_pass https://torrindex.net/; proxy_set_header Host torrindex.net; proxy_set_header Referer 'https://thepiratebay.org'; proxy_set_header Accept-Encoding ""; proxy_set_header CF-Connecting-IP ""; proxy_cache_valid 200 30d; expires 30d; proxy_ignore_headers Expires Cache-Control Set-Cookie; proxy_cache STATIC; add_header Cache-Control public; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } } }

11. Test your config works by starting NGINX with the following command.

If you see an error, try checking inputting the error in Google for solutions. You can also check the error log by going to /usr/local/nginx/logs/.

sudo /usr/local/nginx/sbin/nginx

12. You can test if it works by going to your domain in your browser or running the following curl command on your server.

curl -H 'Host: yourdomain.com' localhost

13. You should now setup an init script to load NGINX when your server starts.

You can find startup scripts for different distributions here . Be sure to change the paths to match where your NGINX installation is located


Tips

Find a good Web Host

Try looking for a provider that ignores DMCA requests and is not based in the USA or UK. Some hosts (even in Europe) will honour DMCA takedowns, so it's good to do your research. Try doing a Google search for keywords such as: offshore, vps, dmca.


Use a CDN

Use a free CDN service such as Cloudflare to help speed up your site and lessen the load on your server. It will also conceal the true location of your server.

Note: If you are using Cloudflare, you will need to add proxy_set_header CF-Connecting-IP ''; to your Nginx config for it to work. Otherwise you might get DNS errors


Security

To prevent your server IP from being attack, we recommend preventing search engine bots from scraping your site. If you are using Cloudflare, this can be done by either creating a firewall rule or enabling the DDOS protection.

You can create a firewall rule in Cloudflare by going to Firewall > Firewall Rules and selecting Create a Firewall rule . As the field select Known Bots and ensure the action is set as Block . You can then deploy the new rule to make it active

Note: This will prevent your site from being crawled by search engines


Use SSL

Aside from protecting the privacy of your users, using SSL can also bypass a lot of blocks from ISP's. Therefore, it is highly recommended to use SSL for your proxy

Cloudlfare automatically provides an SSL certificate for your site so you can simply add https in front of your domain.


Use NGINX

Take a look at the NGINX Documentation to further configure it to your needs

Here is a guide on how to optimize NGINX