Setup Signal TLS Proxy on Hetzner with Terraform
- Hetzner Cloud Console Account
- Domain with the possibility to change DNS Records
- Installed Terraform
-
To get started you first need an API token. Sign in into the Hetzner Cloud Console choose a Project, go to Security → API Tokens, and generate a new token.
-
Create a file with terraform.tfvars in the folders bootstrap and cert with the API Token from step 1 and your domain.
hcloud_token = "aaaaaaahfhajsdjsjhasdhkjasdhkasd" domain = "your.domain.com" -
In the folder bootstrap run following commands
terraform init terraform apply -auto-approve -
(Optional but Recommended) Check if the bootstrap works, open in the browser http://<IP>:8080 and check if you see a nginx welcome screen
-
Now login in your Domain Provider and set an A-Record to your server. Each Domain Provider looks different, I can only give you a high level description
- Go to your Domain Provider and click on your domain click on Manage DNS
- Add a new Record
- Click on A Record
- Enter the IP (server ip from step 3) in the value field
Hetzner Example:
-
(Optional but Recommended) Check if you see the nginx welcome screen with http://<YOUR_DOMAIN>:8080
-
In the folder cert run following commands
terraform init terraform apply -auto-approve -
Enjoy your Proxy "https://signal.tube/#<YOUR_DOMAIN>"
Is it possible to look at the messages which are going through the tls proxy?
-> No, Signal is e2e encrypted which means that only the sender and the receiver are able to write and send messages.
How much does a Hetzner Server costs (without the domain)?
-> I choose the smallest server on hetzner (CX11) which costs 3,92 €/Month (Price from 09.10.2022) and can be cancelled on a daily basis! There a no hidden costs.
Help users in Iran reconnect to Signal
#IRanASignalProxy https://signal.tube/#signal.crazybanana.link