introduction

It's funny how bureaucracy changes daily life. If there is problem with a social service, just kill the service so there won't be any problems.

In this case, the Asian Games imposes limited internet cut out on local institutions, just so hackers will not have any chance to sabotage. As a result, I now have trouble connecting back into campus LAN through reliable proxies.

solution

Reverse proxy always work, it's just you need an extra server. In this case, I found that Synology Quickconnect works perfectly as an emergency backup. The speed is about 7MB/2MB, enough for light use.

sudo tee /usr/syno/share/nginx/conf.d/dsm.xxx.conf <<EOF
location /some-path/ {
  proxy_redirect off;
  proxy_pass http://127.0.0.1:$some_port;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
}
EOF

Refer to /etc/nginx/nginx.conf for server conf path pattern.

The trick is that the Quickconnect service checks cookies, otherwise it will return 307. You will have to connect normally with a browser, then copy paste the cookies in the headers of your websocket request for it to pass the check.