below methods have been tested using SSTP and SE server 4.41
from https://en.wikipedia.org/wiki/Domain_frontingDomain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than is discernable to third parties monitoring the requests and connections.
disclaimer
it is about a few days I got to know about "domain fronting". So by using the term "domain fronting" I mean avoid SE server end-point IP be exposed and accessing it via a helper domain (mainly using SSTP since domain verification is needed)
Method 1 - double VPN
This one is simple to setup but it may case somes issues.
pros
- hop-2 IP will be hidden
cons
- hop-1 itself IP address is exposed
- throughput on hop-1 server with cascade connection
- if hop-2 default page be disabled (by creating directory hamcore/wwwroot/index.html) hop-1 cascade connection fails
Method 2 - traffic redirection from hop-1 to hop-2
https://serverfault.com/questions/58648 ... me-network
We can forward hop-1 traffic to hop-2. The speed will decreases around 10% to 30% or more.
pros
- hop-2 IP will be hidden
- hop-2 default page can be disabled
cons
- hop-1 itself IP address is exposed
Method 3 - using a CDN (e.g. CloudFlare)
This method is not straight forward + it seems in free plans CF does not support non-HTTP traffic forwarding
List of ports CF supports
https://developers.cloudflare.com/funda ... ork-ports/
and forwarding availability
https://developers.cloudflare.com/spectrum/
Also I have tested this method (3) with CF origin server certificate but did not work.
pros
- hide hop-X IP address
cons
- seems not working because of lack of protocol support
So what other ways do you know or are possible?
Regards