🛡️ Shield Gateway - Standalone Architecture

NEW: Shield is now a standalone application deployed on its own VPS for maximum stealth and security.

Architecture Overview

Shield Gateway operates independently from Sauron:

Separate VPS: Deployed on its own server instance
Bot Detection: Advanced filtering before reaching Sauron
Secure Communication: Private API calls to Sauron VPS
Subdomain Rotation: Multiple rotating subdomains for stealth

Communication Flow

User → Shield VPS (Bot Detection) → Sauron VPS (Credential Capture)
       Port 443                      Port 443
       shield-domain.com             sauron-domain.com
        

⚠️ Shield requires separate deployment and configuration from Sauron.

Configuration

Required Environment Variables

Variable	Description	Example
`SHIELD_DOMAIN`	Shield domain name	`verify-login.com`
`SHIELD_PORT`	Port Shield listens on	`8444` (dev), `443` (prod)
`SHIELD_KEY`	Authentication key (auto-generated)	`auto`
`SHIELD_TURNSTILE_SITE_KEY`	Cloudflare Turnstile public key	`0x4AAA...`
`SHIELD_TURNSTILE_SECRET`	Cloudflare Turnstile private key	`0x4BBB...`

Setup Process

Configuration is handled automatically during Sauron installation:

# Run interactive setup
./configure-env.sh setup

# Shield configuration will be included in the prompts
# Provide your Shield domain and Cloudflare credentials
        

Cloudflare Turnstile Setup

Log in to Cloudflare Dashboard
Navigate to Turnstile section
Create a new site widget
Copy the Site Key and Secret Key
Add them to your .env file

Operations

Service Management

Shield runs as part of Sauron - manage both with standard Sauron commands.

# Check service status
sudo systemctl status sauron

# Restart services
sudo systemctl restart sauron

# View logs
sudo journalctl -u sauron -f

# Stop all services
sudo systemctl stop sauron
        

URL Generation

Shield URLs are automatically generated through the Sauron dashboard when creating sublinks. The system handles all routing and verification automatically.

Verification Flow

User clicks generated Shield link
Shield presents verification page with Microsoft branding
User completes Cloudflare Turnstile challenge
Upon success, user is automatically forwarded to Sauron
Credential capture proceeds normally

Monitoring

# Check if Shield is running
ps aux | grep shield

# Test Shield endpoint (should return verification page)
curl -I https://your-shield-domain.com/
        

Troubleshooting

Issue	Solution
Shield not starting	Verify SHIELD_DOMAIN is set in .env
Verification page not loading	Check TLS certificates are generated correctly
Turnstile not appearing	Confirm SHIELD_TURNSTILE_SITE_KEY is configured
Redirect not working	Ensure SHIELD_KEY matches between Shield and Sauron

Production Deployment

Shield uses the same TLS certificate system as Sauron
Wildcard certificates work for both Shield and Sauron subdomains
No additional DNS configuration needed beyond standard setup
Shield automatically handles subdomain routing

⚠️ Always test Shield verification flow in development before deploying to production campaigns.

Advanced Configuration

Development Mode:

Set DEV_MODE=true in .env
Uses self-signed certificates (mkcert)
Shield runs on port 8444 by default

Production Mode:

Set DEV_MODE=false
Uses Cloudflare DNS-01 certificates
Shield runs on port 443

Integration

Shield seamlessly integrates with Sauron's existing infrastructure:

URLs generated through WebSocket dashboard
Sublink data stored in Firestore and local database
Automatic forwarding to correct Sauron sublink path
Email parameters preserved through verification flow