Proxy - SapuSeven/BetterUntis GitHub Wiki
A proxy server allows you to increase privacy by preventing your IP address or user agent being sent to the Untis servers.
You can use the server provided by Perflyst if you don't want to setup your own server:
betteruntis.perflyst.de
Note by Perflyst:
I have full control over the connection and therefore I could inject malicious code, read your password or analyze the data you transmit. I do not process nor look into any of your data which is transmitted. All logs are disabled by default, they can be enabled for debugging purposes. If so, they are deleted at least after 24 hours.
Note: This section was copied from Perflyst and is not tested. Please open an issue if you encounter any problems.
Using nginx, you can copy the following configuration file.
Please note that the security (SSL) headers may need to be changed depending on your OS and nginx version. You can also completely remove them, they are optional and do not change functionality in general.
server {
listen <IPv4>:80;
listen <IPv6>:80;
server_name betteruntis.example.com; # Replace with your own domain
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
access_log /dev/null;
error_log /dev/null;
}
server {
listen <IPv4>:443 ssl http2;
listen <IPv6>:443 ssl http2;
server_name betteruntis.example.com; # Replace with your own domain
access_log /dev/null;
error_log /dev/null;
# optional security headers (may need to be changed!)
#ssl_protocols TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/nginx/dhparam.pem;
#ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
#ssl_ecdh_curve secp384r1;
#ssl_session_timeout 10m;
#ssl_session_cache shared:SSL:10m;
#ssl_session_tickets off;
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#add_header Referrer-Policy "no-referrer";
#add_header Expect-CT "enforce, max-age=21600";
# Replace with your certificate paths
ssl_certificate /etc/letsencrypt/live/betteruntis.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/betteruntis.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/betteruntis.example.com/chain.pem;
client_max_body_size 0;
location / {
proxy_pass https://mobile.webuntis.com;
proxy_redirect https://mobile.webuntis.com/ /;
proxy_set_header Host mobile.webuntis.com;
# we do not want to leak any IP, uncomment if you want to
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0";
sub_filter_types text/html, application/json;
sub_filter_once off;
sub_filter "mobile.webuntis.com" "betteruntis.example.com"; # Replace with your domain
}
}