← Back to library
Protocols Practice PRO

Selfsteal + nginx: step by step

Setting up selfsteal by hand on nginx. A decoy site on a local socket, a cert for your domain, an inbound with xver, and verifying that from the outside an ordinary website is what shows. Type your domain into the builder above. Why do all this and how it breaks deep analysis — I covered in the paired theory piece.

Read the theory

This material is about engineering your own infrastructure and is educational in nature. Complying with the laws of your own jurisdiction is your responsibility.

What we're building

Ordinary Reality steals the handshake from someone else's site, but the foreign domain's SNI doesn't resolve to your IP — under deep analysis that's a mismatch. Selfsteal fixes it: serverNames = your domain (with an A record to the node), target = your decoy site on a local nginx socke…

/

This guide is part of paid access

Get full access to unlock the text, configs and builder.

Unlock access