feat: upgrade to universal outbound proxy with x-target-host header

DISCORD_PROXY_GUIDE.md

@@ -9,12 +9,14 @@ To work around this, you can easily create your own private Discord proxy using
 ## Step-by-Step Guide
 
 ### Step 1: Create a Cloudflare Worker
+
 1. Log into [Cloudflare](https://dash.cloudflare.com/) (create an account if you don't have one).
 2. On the left sidebar, go to **Workers & Pages**.
 3. Click **Create Worker** -> **Start with Hello World!**.
 4. Name it something memorable, like `discord-proxy`, and click **Deploy**.
 
 ### Step 2: Add the Proxy Code
+
 1. Once deployed, click the **Edit Code** button.
 2. In the online code editor, delete the existing code and replace it entirely with this 6-line snippet:
 
@@ -28,9 +30,10 @@ export default {
 }
 ```
 
-3. Click **Save and Deploy** in the top right corner. Cloudflare will generate a unique URL for you (e.g., `https://discord-proxy.yourname.workers.dev`).
+1. Click **Save and Deploy** in the top right corner. Cloudflare will generate a unique URL for you (e.g., `https://discord-proxy.yourname.workers.dev`).
 
 ### Step 3: Use the Proxy in n8n
+
 Because the native Discord Node hardcodes connections to `discord.com` when using Bot tokens, you must use the **Webhook** method.
 
 1. Add the standard **Discord** node to your n8n workflow.

TASK_SUMMARY.md

@@ -28,8 +28,9 @@ Enable `n8n` (running on Hugging Face Spaces) to connect to blocked external ser
 
 ### 5. Transparent Application-Level Proxy (Implemented)
 - **Status**: ✅ **Partially Fixed** (Requires External Worker)
-- **Method**: Implemented `outbound-fix.js` which patches `https.request` to redirect Telegram and Discord traffic through a Cloudflare Worker.
-- **Why it works**: By changing the target hostname to a custom Cloudflare Worker, we change the SNI (Server Name Indication). Since Cloudflare is not blocked by HF, the connection succeeds. The Worker then forwards the request to the real destination.
+- **Method**: Implemented `outbound-fix.js` which patches `https.request` to redirect blocked traffic through a single **Universal Cloudflare Worker**.
+- **Multi-Service Support**: The patch adds a `x-target-host` header to the request. The Worker reads this header to determine the final destination (Telegram, Discord, etc.), allowing one Worker to handle all blocked services.
+- **Why it works**: By changing the target hostname to your custom Cloudflare Worker, we change the SNI (Server Name Indication). Since Cloudflare is not blocked by HF, the connection succeeds.
 - **Recursion Guard**: Uses a private property `_proxied: true` on the options object to ensure requests aren't intercepted twice.
 
 ## Final Conclusion & Recommendations
@@ -39,14 +40,14 @@ The connectivity issue on Hugging Face Spaces for `n8n` is now fully understood
 2. **Network/SNI Layer**: **Addressed** via `outbound-fix.js` (Transparent Proxy).
 
 ### Next Steps for User
-1. **Deploy Cloudflare Worker**: Use the code provided in `telegram-proxy-worker.js`.
+1. **Deploy Cloudflare Worker**: Use the code provided in `outbound-proxy-worker.js`.
 2. **Set Environment Variable**: In HF Space Settings, set `OUTBOUND_PROXY_URL` to your worker's URL (e.g., `https://my-proxy.somrat.workers.dev`).
 3. **Restart Space**: The `n8n` instance will now automatically route all Telegram and Discord requests through your proxy without needing to change any workflow nodes.
 
 ## Current State of Repository
 - `dns-fix.js`: Robust DoH fallback with recursion guards.
-- `outbound-fix.js`: Transparent SNI-bypass proxy for Telegram/Discord.
-- `telegram-proxy-worker.js`: Cloudflare Worker code for the proxy.
+- `outbound-fix.js`: Transparent SNI-bypass proxy with `x-target-host` support.
+- `outbound-proxy-worker.js`: Universal Cloudflare Worker code for any blocked target.
 - `Dockerfile`: Configured to preload both fixes.
 - `access.md`: Contains test tokens and execution logs.
 

outbound-fix.js

@@ -48,15 +48,17 @@ if (PROXY_URL) {
           // Mark to prevent recursion
           if (typeof newOptions === "object") {
             newOptions._proxied = true;
+            
+            // Set headers
+            newOptions.headers = { 
+              ...(newOptions.headers || {}), 
+              host: proxy.host,
+              "x-target-host": hostname // Tell the worker where to go
+            };
+
             newOptions.hostname = proxy.hostname;
             newOptions.host = proxy.host;
             newOptions.port = proxy.port || 443;
-            
-            // Fix headers
-            if (newOptions.headers) {
-              // Cloudflare needs the correct Host header to route to the worker
-              newOptions.headers = { ...newOptions.headers, host: proxy.host };
-            }
           }
 
           // Force HTTPS if it was HTTP (unlikely for these domains but good for safety)

telegram-proxy-worker.js → outbound-proxy-worker.js

@@ -1,35 +1,44 @@
 /**
- * Cloudflare Worker: Simple Telegram/Discord Proxy
+ * Cloudflare Worker: Universal Outbound Proxy
  * 
  * Deployment:
  * 1. Go to dash.cloudflare.com -> Workers & Pages -> Create Worker.
  * 2. Paste this code and deploy.
- * 3. Use your worker URL (e.g., https://my-proxy.workers.dev) in Hugging8n.
+ * 3. Use your worker URL (e.g., https://my-proxy.workers.dev) as OUTBOUND_PROXY_URL.
+ * 
+ * This worker reads the 'x-target-host' header to determine where to forward the request.
  */
 
 export default {
   async fetch(request, env, ctx) {
     const url = new URL(request.url);
+    const targetHost = request.headers.get("x-target-host");
     
-    // Determine target based on path or header
-    // Default to telegram if path matches telegram pattern
     let targetBase = "";
-    if (url.pathname.startsWith("/bot")) {
-      targetBase = "https://api.telegram.org";
-    } else if (url.pathname.startsWith("/api/webhooks") || url.pathname.startsWith("/api/v")) {
-      targetBase = "https://discord.com";
+
+    if (targetHost) {
+      // Use the host provided in the header (preferred)
+      targetBase = `https://${targetHost}`;
     } else {
-      return new Response("Invalid request. Target not recognized.", { status: 400 });
+      // Fallback: Guess based on path (legacy support)
+      if (url.pathname.startsWith("/bot")) {
+        targetBase = "https://api.telegram.org";
+      } else if (url.pathname.startsWith("/api/webhooks") || url.pathname.startsWith("/api/v")) {
+        targetBase = "https://discord.com";
+      } else {
+        return new Response("Invalid request. 'x-target-host' header missing and target not recognized via path.", { status: 400 });
+      }
     }
 
     const targetUrl = targetBase + url.pathname + url.search;
     
-    // Copy headers and remove Cloudflare-specific ones
+    // Copy headers and remove internal/Cloudflare-specific ones
     const headers = new Headers(request.headers);
     headers.delete("cf-connecting-ip");
     headers.delete("cf-ray");
     headers.delete("cf-visitor");
     headers.delete("x-real-ip");
+    headers.delete("x-target-host"); // Don't leak this to the target
 
     const modifiedRequest = new Request(targetUrl, {
       method: request.method,
@@ -39,7 +48,12 @@ export default {
     });
 
     try {
-      return await fetch(modifiedRequest);
+      const response = await fetch(modifiedRequest);
+      
+      // Special handling for Discord/Telegram which might return 403 on some CF IPs
+      // If needed, you can add retry logic here.
+      
+      return response;
     } catch (e) {
       return new Response(`Proxy Error: ${e.message}`, { status: 502 });
     }