OTCv8 proxy + HAProxy

[gesior]

Pull Request Prelude

Code to read real connection IP from OTCv8 proxy and HAProxy send-proxy-v2 protocols.
Changes also allow owner to edit server IP showed in "server status protocol", so it's possible to add different VPS IP - with haproxy running on 7171 - as OTS IP to otservlist etc. = hide real server IP from DDoSers.

Goal is to hide IP on which is running OTS, so it can't be DDoSed.
With OTCv8 packets to/from server will go thru multiple proxy VPSes, so you can use multiple anti-DDoS services in same time and as long as any of them keep one proxy online, OTS will be online and does not lag.

Changes Proposed

OTCv8 proxy is proxy system available in: OTCv8, OTCR (Mehah) and real Tibia Client (with extra .exe, more info: mehah/otclient#978 (comment) )

How OTCv8 proxy works

OTC with Proxy System enabled will connect to multiple haproxy servers - each can be on other VPS behind other anti-DDoS system.
Each second it measures ping to OTS thru each haproxy - it measures real ping to OTS machine, not just ping to VPS hosting haproxy.
If there is any packet to send, OTC sends it thru 2 proxies with lowest ping (duplicates packet).

List of proxy server you must add in init.lua of OTC ex.:

g_proxy.addProxy('arm.skalski.pro', 6501, 0)
g_proxy.addProxy('arm.skalski.pro', 6502, 0)
g_proxy.addProxy('arm.skalski.pro', 6503, 0)
g_proxy.addProxy('arm.skalski.pro', 6504, 0)

Then every connection to 127.0.0.1 will be handled by Proxy System and send thru haproxy to OTS server machine.
On machine with OTS you must install "OTCv8 Proxy System server side app" (re-host: https://downloads-oracle.ots.me/?dir=data/otcv8-proxy-server).
This server side app will detect duplicated packets and send only first packet that comes with given ID to OTS.
Packets send by OTS will also go thru this app, it will duplicate them and send thru 2 haproxy servers to OTC.
Server side app is compatible with send-proxy-v2 protocol and may send real IP of player to OTS - without that feature all players would have IP 127.0.0.1 on OTS, as connections to OTS come from server side proxy app.

How to configure server/OTCv8/haproxy by OTCv8 author:
http://web.archive.org/web/20201109120714/http://otclient.net/showthread.php?tid=438

More info about configuration and other apps required:
mehah/otclient#978

[Zbizu]

how to determine which proxy to serve for a client that is using a webservice to login? (speaking of version 12+ vanilla client)

[gesior]

how to determine which proxy to serve for a client that is using a webservice to login? (speaking of version 12+ vanilla client)

Connection to webservice ex. https://test.com/login.php is not passed thru proxy. Only connections to 127.0.0.1 are passed thru OTC proxy. For webservice protection you can use CloudFlare or similar service.

For 12+ client you must use "proxy launcher app", which you can get ex. from giveria.com client.
Giveria.exe is launcher app made by OTCv8 author and proxy.config configures proxy servers and ports, it looks like this:

.\ClientFiles\bin\client.exe
7171 7172
proxy01.giveria.com proxy01.giveria.com 7162
proxy02.giveria.com proxy02.giveria.com 7162
proxyca.giveria.com proxyca.giveria.com 7162
proxyuk.giveria.com proxyuk.giveria.com 7162
proxyde.giveria.com proxyde.giveria.com 7162
proxy03.giveria.com proxy03.giveria.com 7162
proxy04.giveria.com proxy04.giveria.com 7162
(...)

This launcher will start server on localhost listening on ports 7171 and 7172 and then run .\ClientFiles\bin\client.exe, which is Tibia 13+ .exe.
All connections to these ports on localhost will be passed thru all proxy servers listed below. "Launcher" is OTCv8 proxy client code running as standalone app. It will check ping to all servers every second, pick 2 servers with lowest ping and send packets thru them.

If you are asking about 'how to check which 2 proxy VPSes are used by OTC proxy' with Tibia vanilla client, it's probably impossible right now (except checking transfer per IP with WireShark or other network analysis tool).
There was an exe released by OTCv8 author that was a simple terminal app that showed "OTCv8 proxy launcher stats" similar to "Debug view" in OTCv8 module (how many packets/KB send/receive from each proxy IP), but it's exe and source code was lost.

Webservice has to return IP of OTS set to 127.0.0.1. OTCv8 proxy takes control over all connections to 127.0.0.1 from OTC (or Launcher app). It sends their packets thru haproxy to OTCv8 proxy server app, which removes duplicated packets and "unpack" them to localhost network. So your connection to 127.0.0.1:7171 will be passed thru 2 proxies with lowest ping to OTS machine, "unpacked" and send to localhost to port 7171 (OTS must listen on 127.0.0.1 / 0.0.0.0[any IP] to allow "OTCv8 proxy server app" to connect to OTS).

[gesior]

For anyone interested: TFS 1.4 version:
gesior@3de653a
It's not clean 1.4, because it's based on my 1.4 branch that has some code updates from 1.6, to make it compile without errors on new Windows/Linuxes.