No need for a public IP, no need to manually manage certificate updates. The server used in this article is debian12.
- Register a cloudflare account
Add your domain in the control panel, add site.
Happy to choose the free option 😎 cloudflare is awesome.
-
Change the domain NS to cloudflare
Follow the tutorial, here is a brief explanation... -
Install cloudflare zero trust tunnel
https://one.dash.cloudflare.com/
Select Access->Tunnels in order
Follow the documentation for installation
- After installation, select Public Hostname->Add your own domain
Here is an example, add your own subdomain
Include the complete subdomain in the Http Header
-
Install docker
Using apt (debian based)For other platforms, please refer to
https://www.docker.com/products/docker-desktop/ -
Write docker-compose file
Create a new folder named rsshub, open it, and create docker-compose.yml
Change ACCESS_KEY
Save, then run docker compose up -d
The service is now running, open your domain, and the rsshub default page should be displayed.
Deployment is complete, when using your own subscription source in the future, use https://${your_domain}/${subscription_path}?key=your_ACCESS_KEY
Advanced gameplay:
Add an additional layer of local WAF using Thunder Trench
- Uninstall nginx/apache/caddy on your local machine to free up ports 80 and 443
- Install Thunder Trench
Thunder Trench management page
https://localhost:9443/
Map SSH to server 9443 to open it normally
- Add the domain on port 80 in Thunder Trench, reverse proxy
Change the port in Tunnels to 80
- Add a certificate in Thunder Trench
Thunder Trench general configuration->Certificate management
- Add port 443 in Thunder Trench
Use the certificate
Change the port in Tunnels to 443
Now you can use https to open the rsshub page, and the traffic passing through your server is cleaned, making it more secure.
After confirming that https is working fine, enable http2 and force https
Remember to set the Thunder Trench source IP acquisition method to obtain from HttpHeader, fill in X-Forwarded-For
Enable http2 in the tunnel settings
Now the settings are complete, because Thunder Trench comes with statistics and protection, you can have a better understanding of the site's operational status and whether it is being abused.