-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Localrelay is a reverse proxy which is designed to run on your edge device (e.g. your laptop, phone etc). Localrelay allows you to setup failovers and SOCKS proxies to route specific connections various ways, providing both utility and redundancy.
Assume one wants to proxy Bitwarden over the Tor network. Bitwarden's mobile app does not support SOCKS5 proxies, this is where Localrelay comes in.
A relay can be created in Localrelay which points to Bitwarden's API and routes it over TCP using a SOCKS5 proxy (e.g. 127.0.0.1:9050 Orbot). In the Bitwarden app, the user would direct the API to point to localhost, and of course provide the port of the relay.
If you self-host applications behind a firewall, you may want to access such applications whilst away from home. Furthermore, you may want your device to connect directly via the localnetwork when available, and connect via some proxy/relay service or overlay network when away from home.
A highly secure and free way to set this up utilises Tor as a overlay network. Setup a Tor hidden-service on your server, expose your web-server (or other application) to the Tor network. Additionally, you may want to setup Client Authentication Using Curve25519 Keys to secure access.
- Retains high network security (good replacement for hosting a VPN)*
- Free for ever
- Zero bandwidth limits
- No need for port forwarding
- Does not expose your IP address
- End-to-end encryption maintaining privacy
*Assumes your have setup client authentication
- High ping
- Slow connectivity
- Higher volatility
Instead of using Tor hidden services as your failover, you could use one of the following, listed most advisable to least:
- Ngrok
- Localrelay on a public server (e.g. VPS)
- Cloudflared
- I2P
- Port forwarding but IP whitelisted
- Iptables, Nginx, Trafix proxy etc
- Lokinet (highly unadvised unless you are a network admin)*
- Port forwarding (exposed to anyone, unadvised)
*Lokinet (by Oxen labs) is a new anonymity overlay network, however, it lacks the ability to firewall incoming connections to your loki address, thus exposing your whole loopback address to the network.
It is therefore recommended to contain Lokinet to a container or VM, then enforce firewall rules manually.