proxy icon indicating copy to clipboard operation
proxy copied to clipboard

Published 20 hours ago verified publisher icon WhatsApp

Use Traefik instead of HAProxy

Open ttimasdf opened this issue 1 year ago • 7 comments

This PR adds a full configuration to setup a WhatsApp proxy with Traefik, expose similar ports to existing haproxy configuration, but with a much simpler setup process and more versatile configurations.

The main advantages over HAProxy include:

  1. No more building process. only a compose file and traefik image from docker official image, minimize maintenance cost for project maintainers. (Resolves #131)
  2. Much simpler setup process for users. docker compose up -d is all we need.
  3. Safer default settings. Using wildcard DNS for proxy access protect server from malicious scanners. The domain name defaults to whatsapp-<host-ip>.traefik.me but easy configurable, user can change to whatever-<host-ip>.other-wildcard-dns.provider even their own domain names. The domain name is essentially the password for accessing the proxy, while others can only see an empty 404 page, which resolves #16, also resolves #120. The only server fingerprint is the default TLS certificate which only indicate it being a traefik server but not whatsapp proxy server. and it can also be further anonymized easily the server name setting can even be hot reloaded (a traefik feature😉)
  4. Easier co-existance with other web services on same server, saving precious 80/443 ports. Traefik is a container-native edge router (a reverse proxy) which is much much simpler to manage than nginx/haproxy if all your services are running in docker.
  5. One-click ACME setup. The necessary config blocks are provided as comments inside traefik.toml and whatsapp_proxy.toml. However the certificate is not very important because WhatsApp client does not verify this certificate, and medias are sent with TLS passthrough, the connection of which is already secure.

I'd recommend Traefik to be the default option for average users, but let it be an alternative for now 😉

ttimasdf avatar Nov 04 '23 12:11 ttimasdf

Copyright (c) Meta Platforms, Inc. and affiliates.

License found in the LICENSE file in the root directory

of this source tree.

version: '3.3'

services: proxy: container_name: whatsapp_proxy build: ../ restart: unless-stopped ports: - "80:80" # HTTP - "443:443" # HTTPS - "5222:5222" # JABBER - "8199:8199" # HAPROXY statistics page - "8080:8080" # HTTP with accept-proxy processing - "8443:8443" # HTTPS with accept-proxy processing - "8222:8222" # JABBER with accept-proxy processing - "587:587" # whatsapp.net - "7777:7777" # whatsapp.net healthcheck: test: /usr/local/bin/healthcheck.sh interval: 10s start_period: 5s environment: - PUBLIC_IP=10.0.0.1

GoOd91BoY avatar Nov 08 '23 01:11 GoOd91BoY

I need to share my what's app image or file.but i Can't

GoOd91BoY avatar Nov 08 '23 01:11 GoOd91BoY

@GoOd91BoY you should use markdown code block if you want to share your compose.yml config.

I need to share my what's app image or file.but i Can't

and why not?

ttimasdf avatar Nov 13 '23 03:11 ttimasdf

Thanks for this! I'm a bit doubtful Meta will merge any time soon, but it's certainly a useful WhatsApp proxy with more minimal config. For others that think this sounds useful you can use it more easily on the author's branch here: https://github.com/ttimasdf/whatsapp-proxy/blob/with-traefik/traefik/README.md

varenc avatar Feb 01 '24 21:02 varenc

Do you need two separate servers for WhatsApp proxy and Traefik? Otherwise, the ports will conflict.

offer1983 avatar Aug 05 '24 06:08 offer1983

Doesn't work

dephea avatar Aug 06 '24 10:08 dephea

@ttimasdf

if I run curl -k -v https://traefik-proxy.com:587 to connect to this PR, does it still show CN=*.whatsapp.net?

* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.whatsapp.net

bilogic avatar Sep 13 '24 07:09 bilogic