Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Traefik instead of HAProxy #229

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Use Traefik instead of HAProxy #229

wants to merge 4 commits into from

Conversation

ttimasdf
Copy link

@ttimasdf ttimasdf commented Nov 4, 2023
edited
Loading

This PR adds a full configuration to setup a WhatsApp proxy with Traefik, expose similar ports to existing haproxy configuration, but with a much simpler setup process and more versatile configurations.

The main advantages over HAProxy include:

  1. No more building process. only a compose file and traefik image from docker official image, minimize maintenance cost for project maintainers. (Resolves Suggestion: Create tag release along with the docker releases  #131)
  2. Much simpler setup process for users. docker compose up -d is all we need.
  3. Safer default settings. Using wildcard DNS for proxy access protect server from malicious scanners. The domain name defaults to whatsapp-<host-ip>.traefik.me but easy configurable, user can change to whatever-<host-ip>.other-wildcard-dns.provider even their own domain names.
    The domain name is essentially the password for accessing the proxy, while others can only see an empty 404 page, which resolves How to minimise the detection factors? #16, also resolves Using domain/sub-domain instead of an IP #120. The only server fingerprint is the default TLS certificate which only indicate it being a traefik server but not whatsapp proxy server. and it can also be further anonymized easily
    the server name setting can even be hot reloaded (a traefik feature😉)
  4. Easier co-existance with other web services on same server, saving precious 80/443 ports. Traefik is a container-native edge router (a reverse proxy) which is much much simpler to manage than nginx/haproxy if all your services are running in docker.
  5. One-click ACME setup. The necessary config blocks are provided as comments inside traefik.toml and whatsapp_proxy.toml. However the certificate is not very important because WhatsApp client does not verify this certificate, and medias are sent with TLS passthrough, the connection of which is already secure.

I'd recommend Traefik to be the default option for average users, but let it be an alternative for now 😉

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Nov 4, 2023
@ttimasdf ttimasdf mentioned this pull request Nov 4, 2023
Open
@GoOd91BoY
Copy link

Copyright (c) Meta Platforms, Inc. and affiliates.

License found in the LICENSE file in the root directory

of this source tree.

version: '3.3'

services:
proxy:
container_name: whatsapp_proxy
build: ../
restart: unless-stopped
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "5222:5222" # JABBER
- "8199:8199" # HAPROXY statistics page
- "8080:8080" # HTTP with accept-proxy processing
- "8443:8443" # HTTPS with accept-proxy processing
- "8222:8222" # JABBER with accept-proxy processing
- "587:587" # whatsapp.net
- "7777:7777" # whatsapp.net
healthcheck:
test: /usr/local/bin/healthcheck.sh
interval: 10s
start_period: 5s
environment:
- PUBLIC_IP=10.0.0.1

@GoOd91BoY
Copy link

I need to share my what's app image or file.but i Can't

@ttimasdf
Copy link
Author

@GoOd91BoY you should use markdown code block if you want to share your compose.yml config.

I need to share my what's app image or file.but i Can't

and why not?

@varenc
Copy link

varenc commented Feb 1, 2024

Thanks for this! I'm a bit doubtful Meta will merge any time soon, but it's certainly a useful WhatsApp proxy with more minimal config. For others that think this sounds useful you can use it more easily on the author's branch here: https://github.com/ttimasdf/whatsapp-proxy/blob/with-traefik/traefik/README.md

@offer1983
Copy link

Do you need two separate servers for WhatsApp proxy and Traefik? Otherwise, the ports will conflict.

@dephea
Copy link

dephea commented Aug 6, 2024

Doesn't work

@bilogic
Copy link

bilogic commented Sep 13, 2024

@ttimasdf

if I run curl -k -v https://traefik-proxy.com:587 to connect to this PR, does it still show CN=*.whatsapp.net?

* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.whatsapp.net

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.
Projects
None yet
Milestone
No milestone
7 participants
@ttimasdf @GoOd91BoY @varenc @offer1983 @dephea @bilogic @facebook-github-bot