How to Setup a Signal Proxy on Bare Metal

  • Website: https://signal.org/blog/signal-proxy/

  • Description: Bypass Signal blocking while maintaining E2EE

1

Domain Name Configuration

Make sure A-record and AAAA-record (IPv6) points to the vultr instance for your subdomain or for @ and www.

2

Environment

  • Using a Debian Bookworm (v12) instance on Vultr

Install Packages

apt-get install nginx certbot python3-certbot-nginx

Make sure ports are open

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload
3

Installation

  • Follow instructions here: https://github.com/signalapp/Signal-TLS-Proxy

Verify ports can be accessed

sudo lsof -i -P -n | grep LISTEN
sshd      934     root    3u  IPv4  16420      0t0  TCP *:22 (LISTEN)
sshd      934     root    4u  IPv6  16422      0t0  TCP *:22 (LISTEN)
nginx    4269     root    5u  IPv4  27939      0t0  TCP *:80 (LISTEN)
nginx    4269     root    6u  IPv6  27940      0t0  TCP *:80 (LISTEN)
nginx    5764 www-data    5u  IPv4  27939      0t0  TCP *:80 (LISTEN)
nginx    5764 www-data    6u  IPv6  27940      0t0  TCP *:80 (LISTEN)
nginx    5765 www-data    5u  IPv4  27939      0t0  TCP *:80 (LISTEN)
nginx    5765 www-data    6u  IPv6  27940      0t0  TCP *:80 (LISTEN)

  • Once you’re live, you’ll see:

root@funbox:~/signal# docker compose up --detach
[+] Running 3/3
  Container signal-nginx-relay-1      Running                                                                                                                                0.0s
  Container signal-certbot-1          Running                                                                                                                                0.0s
  Container signal-nginx-terminate-1  Started
root@funbox:~/signal# docker ps
CONTAINER ID   IMAGE                    COMMAND                  CREATED         STATUS         PORTS                                                                      NAMES
0a92bd625e68   signal-nginx-terminate   "/docker-entrypoint.…"   4 minutes ago   Up 5 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   signal-nginx-terminate-1
ad5f7541cbba   signal-nginx-relay       "/docker-entrypoint.…"   4 minutes ago   Up 3 minutes   80/tcp                                                                     signal-nginx-relay-1
579de561be69   certbot/certbot          "/bin/sh -c 'trap ex…"   4 minutes ago   Up 4 minutes   80/tcp, 443/tcp
4

Testing

On Signal for iOS:

  • Click your picture

  • Go to Settings > Privacy > Advanced > Proxy

  • Click on the row and turn on Use Proxy

  • In the Proxy Address, add your URL

PreviousCode Review GuidelinesNextHow to Setup a Tor Bridge on Bare Metal

Was this helpful?