aheh/MasterHttpRelayVPN
1
0
Fork 0
mirror of https://github.com/masterking32/MasterHttpRelayVPN.git synced 2026-05-17 21:24:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
python_testing
MasterHttpRelayVPN/docs/SECURITY.md
T
Abolfazl 70bbcf217f Add comprehensive documentation for MasterHttpRelayVPN 
- Introduced ARCHITECTURE.md to outline the system architecture and flow.
- Created CONFIGURATION.md detailing configuration options and their meanings.
- Added DOCKER.md for Docker setup instructions and usage.
- Developed GETTING_STARTED.md to guide users through initial setup and usage.
- Included LAN_SHARING.md to explain how to enable LAN sharing for the proxy.
- Established SECURITY.md to highlight security practices and responsibilities.
- Compiled TROUBLESHOOTING.md to assist users in resolving common issues.
- Translated documentation into Persian, including ARCHITECTURE.md and CONFIGURATION.md.
2026-05-09 05:01:08 +03:30

51 lines
1.6 KiB
Markdown
Raw Permalink Blame History

# Security Notes
MasterHttpRelayVPN is a powerful local proxy. Treat its secrets and generated certificates carefully.
## Responsibility
This project is provided for educational, testing, and research use. You are responsible for following applicable laws, network rules, account rules, and service terms.
## Secrets You Must Protect
Never share:
- `config.json`
- `auth_key`
- `ca/ca.key`
- the full `ca/` folder
- an exit-node URL together with a valid PSK
- live Apps Script Deployment IDs paired with a valid `auth_key`
## Why The CA Matters
The local CA lets the proxy handle HTTPS traffic from your browser. Anyone with your `ca/ca.key` could impersonate websites for browsers that trust that CA.
Keep `ca/` private. If it is exposed, remove the old certificate from trust stores, delete `ca/`, and let the app generate a new CA.
## Recommended Defaults
- Keep `listen_host` as `127.0.0.1` unless you intentionally use LAN sharing.
- Keep `verify_ssl` as `true`.
- Use a long random `auth_key`.
- Use a separate long random exit-node PSK.
- Rotate secrets if you pasted them into chat, logs, screenshots, or issue reports.
## LAN Sharing Risk
With LAN sharing enabled, other devices on your network can use the proxy. Only enable it on trusted networks and turn it off when finished.
## Google Apps Script Quotas
Apps Script deployments have daily execution quotas. Heavy browsing, video, and multiple users can consume quota quickly. If quota is exhausted, relay responses may fail until the quota resets.
## Removing The CA
Run:
```bash
python main.py --uninstall-cert
```
You can also remove the certificate manually from your OS and browser trust stores.
Reference in New Issue View Git Blame Copy Permalink