Step-by-step installation guide for the Traffic Filter using Full Edge Agent, Cloudflare Workers, or PHP Proxy

Traffic Filter — Installation Guide

After creating a site in the Traffic Filter wizard, you need to install the edge connector on your external landing page. This is what routes traffic between your safe page and money page.

There are three installation methods, ranked by security and protection level:

Method	Security	Best For
Full Edge Agent	Highest	VPS/Cloud with root access
Cloudflare Worker	High	Any hosting behind Cloudflare
PHP Proxy	Standard	Shared hosting or VPS with PHP

All three methods connect to the same decision engine. The difference is where the routing logic runs and how much control you have over the environment.

Option 1 — Full Edge Agent (Recommended)

Best for: VPS or cloud servers (DigitalOcean, AWS, Hetzner, etc.) where you have root access. Highest level of protection — the edge agent takes over the web server entirely.

Requirements:

VPS or cloud server with root/sudo access
Domain DNS pointing to the server
Ports 80 + 443 available
SSL certificate (via Certbot)

Prerequisites

Before running the install command, your server needs a standard web setup:

# 1. Install nginx, certbot, and tools
sudo apt update
sudo apt install nginx unzip curl certbot python3-certbot-nginx -y

# 2. Create a basic nginx config for your domain
sudo nano /etc/nginx/sites-available/yourdomain.com

Add a basic nginx config:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    root /var/www/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Then enable and get SSL:

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

# Upload your safe page files to /var/www/html/ via SFTP

# Get SSL certificate
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Install the Edge Agent

Once your server has nginx + SSL + safe page files, run the install command from the CasinoFlux Traffic Filter install panel:

curl -sL https://ghost.casinoflux.app/install.sh | sudo bash -s -- \
  --site-id=YOUR_SITE_ID \
  --secret=YOUR_EDGE_SECRET \
  --brain=https://ghost.casinoflux.app \
  --domain=yourdomain.com

The exact command with your credentials is shown in the CasinoFlux Traffic Filter → your site → Install tab → expand Full Edge Agent.

The install script will:

Verify SSL certificate and safe page files exist
Add swap space if needed (prevents issues on small servers)
Install Node.js 18 (if not present)
Stop nginx (the edge agent takes over ports 80/443)
Download and start the edge server via PM2 (process manager)
Configure auto-restart on boot

Verify It Works

# Check edge server status
pm2 status

# View real-time logs
pm2 logs ghost-edge

# Check CasinoFlux → Traffic Filter → Sites — status should show Online

Managing the Edge Agent

pm2 logs ghost-edge      # View logs
pm2 restart ghost-edge   # Restart
pm2 stop ghost-edge      # Stop
pm2 start ghost-edge     # Start

How It Works

Visitor → DNS → Edge Agent (port 443, HTTP/2 + TLS)
                    ↓
           Decision Engine query
                    ↓
          safe → serve local files from /var/www/html/
          money → proxy money page content (domain stays same)

The edge agent runs directly on your server with full control over the request pipeline. It handles SSL termination, serves your safe page, queries the decision engine, and proxies money pages — all in a single process. Heartbeats are sent automatically every 60 seconds.

The edge agent replaces nginx — it takes over ports 80 and 443. To revert, stop the agent and re-enable nginx: pm2 stop ghost-edge && sudo systemctl enable nginx && sudo systemctl start nginx

Option 2 — Cloudflare Worker

Best for: Any hosting setup. Works with static sites, shared hosting, VPS — anything behind Cloudflare.

Requirements:

Domain added to Cloudflare (free plan works)
Cloudflare Workers enabled (free tier: 100,000 requests/day)

Step 1 — Create the Worker

Go to Cloudflare Dashboard → Workers & Pages
Click Create application → Create Worker
Select Start with Hello World!
Name your worker (e.g. ghost-mysite)
Click Deploy

Step 2 — Add the Worker Code

Click Edit code on your newly created worker
Delete the default code
Go to the CasinoFlux Traffic Filter → your site → Install tab → expand Cloudflare Worker
Copy the Worker Code and paste it into the Cloudflare editor
Click Deploy

Step 3 — Add Environment Variables

Go to your worker → Settings → Variables and Secrets
Add the following variables (values are shown in the CasinoFlux install panel):

Variable	Type	Description
`SITE_ID`	Text	Your site ID from CasinoFlux
`EDGE_SECRET`	Secret	Your edge authentication secret
`BRAIN_URL`	Text	Decision engine URL (shown in install panel)
`MONEY_ORIGIN`	Text	Money page origin, e.g. `https://app.casinoflux.app`

Set EDGE_SECRET as type Secret (encrypted) — this keeps the value hidden in the Cloudflare dashboard.

Step 4 — Add Routes

Go to your worker → Settings → Domains & Routes
Click + Add → select Route
Set the route to your domain: yourdomain.com/*
Select the matching Zone
Set Failure mode to Fail open (proceed) — if the worker errors or the free plan limit is hit, traffic passes through to your site normally
Click Add route

Important: Add a separate route for www.yourdomain.com/* as well. Without this, visitors hitting the www version of your domain will bypass the worker entirely and always see the safe page.

Step 5 — Add Heartbeat Cron

The heartbeat keeps your site status as Online in CasinoFlux. Without it, your site will show as "Pending Install".

Go to your worker → Settings → Trigger Events
Click + Add → select Cron Triggers
Enter: */5 * * * * (every 5 minutes)
Click Add

Verify It Works

Go to Workers → your worker → Observability to see request logs
Visit your domain — you should see [Ghost] safe: reason in the logs
Check CasinoFlux → Traffic Filter → Sites — status should show Online
To test the money page redirect, visit your domain with the required parameters (e.g. ?gclid=test) from a targeted geo

The worker proxies money page content instead of redirecting — your domain stays in the browser URL bar. Static assets from your safe page pass through to origin, while Next.js assets (/_next/) are proxied from the money page origin automatically.

How It Works

Visitor → Cloudflare Edge → Worker → Decision Engine
                                        ↓
                              Decision: safe or money
                                        ↓
                     safe → pass through to origin (safe page)
                     money → proxy money page content (domain stays same)

The worker runs at Cloudflare's edge (300+ locations worldwide), so the routing decision happens in milliseconds before the request reaches your server. Money pages are proxied (not redirected), so your domain stays in the visitor's browser — the money page URL is never exposed.

Option 3 — PHP Proxy

Best for: VPS or shared hosting with PHP support. Works with nginx or Apache.

Requirements:

Linux server with root/SSH access
PHP 7.4+ with curl extension
nginx or Apache web server

Step 1 — Install PHP (if not already installed)

# Ubuntu/Debian
apt update && apt install -y php-fpm php-curl

# Verify installation
php -v && php -m | grep curl

# Check the php-fpm socket path (you'll need this for nginx)
ls /run/php/php*-fpm.sock

Step 2 — Add the PHP Proxy Script

Go to the CasinoFlux Traffic Filter → your site → Install tab → expand PHP Proxy
Copy the PHP Code
Save it as wp-analytics.php in your site's root directory (e.g. /var/www/html/)

nano /var/www/html/wp-analytics.php
# Paste the PHP code and save

Step 3 — Rename Your Index File

The PHP script serves your safe page from _index.html:

mv /var/www/html/index.html /var/www/html/_index.html

Step 4 — Configure Your Web Server

The nginx config below includes asset proxying for CasinoFlux money pages. The resolver and $money_origin variable are required to force IPv4 DNS resolution — without them, nginx may try IPv6 and fail on some hosting providers.

nginx Configuration

Replace your site's nginx config with:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/html;
    index wp-analytics.php _index.html;

    resolver 1.1.1.1 ipv6=off;
    set $money_origin https://app.casinoflux.app;

    # Proxy money page assets to CasinoFlux
    location /_next/ {
        proxy_pass $money_origin$request_uri;
        proxy_set_header Host app.casinoflux.app;
        proxy_ssl_server_name on;
    }

    location /themes/ {
        proxy_pass $money_origin$request_uri;
        proxy_set_header Host app.casinoflux.app;
        proxy_ssl_server_name on;
    }

    location /fonts/ {
        proxy_pass $money_origin$request_uri;
        proxy_set_header Host app.casinoflux.app;
        proxy_ssl_server_name on;
    }

    location = /manifest.json {
        proxy_pass $money_origin/manifest.json;
        proxy_set_header Host app.casinoflux.app;
        proxy_ssl_server_name on;
    }

    # Route everything else through the PHP proxy
    location / {
        try_files $uri /wp-analytics.php?$query_string;
    }

    # PHP processing
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Adjust the fastcgi_pass socket path to match your PHP version. Check with: ls /run/php/php*-fpm.sock

Then enable and reload:

# If creating a new config
ln -s /etc/nginx/sites-available/yourdomain.conf /etc/nginx/sites-enabled/

# Test and reload
nginx -t && systemctl reload nginx

Apache Configuration (.htaccess)

If using Apache instead of nginx, copy the .htaccess Rules from the CasinoFlux install panel and add them to your site's .htaccess file.

Step 5 — Add Heartbeat Cron

The PHP script only runs when visitors hit your site — it can't send periodic heartbeats on its own. Add a system cron job to keep your site status as Online in CasinoFlux.

The heartbeat values (SITE_ID, EDGE_SECRET, BRAIN_URL) are shown in the CasinoFlux install panel under Environment Variables.

crontab -e

Add this line (replace the values with your own from the install panel):

*/5 * * * * curl -s -X POST BRAIN_URL/v2/heartbeat -H "Content-Type: application/json" -H "X-Edge-Secret: YOUR_EDGE_SECRET" -d '{"siteId":"YOUR_SITE_ID","ip":"php-proxy","version":"php-lite-1.0.0","uptime":0}' > /dev/null 2>&1

Verify:

crontab -l

Step 6 — Configure Cloudflare SSL

If your domain is behind Cloudflare:

Set SSL/TLS mode to Full (not Flexible — Flexible causes redirect loops with nginx HTTPS)
If you don't have an SSL cert on the server, use Flexible and remove the HTTP→HTTPS redirect from nginx

Verify It Works

Visit your domain — the safe page (_index.html) should load
Visit with your traffic rule parameters (e.g. ?gclid=test from a targeted geo) — you should see the money page
Check CasinoFlux → Traffic Filter → Sites — status should show Online within 5 minutes
Check decision logs: CasinoFlux → Traffic Filter → Logs

How It Works

Visitor → Cloudflare → nginx → PHP Proxy → Decision Engine
                                               ↓
                                     Decision: safe or money
                                               ↓
                        safe → serve _index.html (local file)
                        money → proxy money page content (domain stays same)

Assets: /_next/, /themes/, /fonts/ → nginx proxy_pass → app.casinoflux.app

Troubleshooting

Status shows "Pending Install"

The heartbeat hasn't reached the decision engine:

Cloudflare Workers: verify the cron trigger is set up (Step 5)
PHP Proxy: verify the system cron job is running (crontab -l)
Check that BRAIN_URL is correct
Test manually: curl -s -X POST BRAIN_URL/v2/heartbeat ...

Safe page shown for all traffic

Check your Traffic Rules in CasinoFlux:

Target Geo — is the visitor's country in the list?
Require GCLID — does the URL have a ?gclid= parameter?
Block Direct — is there a referer header?
Cloak Paths — does the visited path match the configured paths?
Devices — is the visitor's device type allowed?

Money page loads without styling

Cloudflare Workers: set the MONEY_ORIGIN environment variable (e.g. https://app.casinoflux.app)
PHP Proxy (nginx): verify the /_next/, /themes/, /fonts/ proxy_pass blocks are in your nginx config
Check nginx -t for config errors and tail /var/log/nginx/error.log for runtime errors

nginx proxy returns 502 or "Network is unreachable"

Your server can't reach app.casinoflux.app via IPv6. Ensure your nginx config has:

resolver 1.1.1.1 ipv6=off;
set $money_origin https://app.casinoflux.app;

The $money_origin variable forces nginx to use the resolver at runtime (not system DNS at startup).

Traffic from www bypasses the filter

Add www.yourdomain.com to your config:

Cloudflare Workers: add a second route www.yourdomain.com/*
PHP Proxy (nginx): include www.yourdomain.com in the server_name directive

Cloudflare 525 SSL Handshake Failed

Your Cloudflare SSL mode doesn't match your origin setup:

Full: requires a valid SSL cert on the server (Let's Encrypt or Cloudflare Origin cert)
Flexible: Cloudflare terminates SSL, connects to origin over HTTP (port 80) — no cert needed on server but don't add HTTP→HTTPS redirect in nginx

Auth errors (401)

Verify EDGE_SECRET matches the value shown in the CasinoFlux install panel
Ensure siteId is sent in the request body (not as a header)

Free plan limits (Cloudflare Workers only)

Cloudflare Workers free plan allows 100,000 requests per day. If exceeded:

With Fail open: traffic passes through to your origin normally (safe page shown)
With Fail closed: visitors see an error page
Upgrade to Workers Paid ($5/month) for 10M+ requests

Traffic Filter — Installation Guide

On this page