nutbutter @ nutbutter @discuss.tchncs.de

Posts

31

Comments

429

Joined

2 yr. ago

I am not sure how to do that. Can you, please, link a guide or any documentation? Does this method prevent the VPS provider from looking into the data being passed through?

Do you mean, using it without Steam? I do use Proton with Steam. AC Valhalla runs so great.

Thanks. So, I just have to put this stream block in my nginx.conf file and everything will work? Do I still have to use reverse proxy for my existing WordPress sites? Or can they stay normally configured?

TLS termination is very simple, and I have been doing that for years, now, but I trust my VPS provider. This is what you need to do for that. Install WireGuard on your Oracle VPS and your home server, and create a simple tunnel. Then install Nginx Proxy Manager (NPM) on your VPS. So, when you set up different services on your home server, say Nextcloud on port 8080, Jellyfin on port 3096, etc, all you have to do is point your NPM to these ports and use your WireGuard IP. NPM will also be able to issue certificates with no problems at all.

The concern with this is Oracle can (and probably will) sniff all the data that is going through. I have been trying to understand how to do the TLS pass through, but I have had no luck. Do share your experience if you do this.

I recommend setting up a home server using any old PC or laptop you have. Not having a static public IP may not be an issue, but if you are behind CGNAT, and cannot forward ports, you can route your data through a free provider like Oracle or Google. Those free servers are very weak but will be good enough to just pass through the data. This way even if they randomly decide to shut down and delete your instance, your data stays intact. I also recommend using SSL/TLS pass through, instead of termination, for better privacy.

Off-topic. Not about cost, but about privacy:

Considering you are using Proton, you care about digital privacy. If you are not trusting Proton, you should not trust Tailscale as well, in my opinion. Tailscale's backend is closed-source, you get no control, and nothing is stopping them from selling you data either. If you go for Headscale, you may be in a slightly better position. But websites and big companies like Google can still make detailed profile of you, as you will be connecting to everything using a single IP, that is, the IP of your VPS. But again, nobody is stopping your VPS provider from selling your data either.

Another question is that why are you paying $19 for that? They have $10-12 plans that come with 500 GB storage, emails with 3 custom domains and high-speed VPN.

Also, if you do not trust Proton, you can consider Mullvad or IVPN. They are just $5/m, and you can pay via Monero, but they do not have as many servers as Proton does.

Another question that pops in my mind is, why do you need a VPN? Do you need to connect to your services privately, or do you just need to change your IP for (relatively) better privacy? Again, paying someone with multiple VPN options is better than setting up a single VPN by yourself, in my opinion.

There is TLS termination at the Cloudflare's backend servers, so theoretically, they can look at all the data going through.

This looks like a really great tool, but I cannot seem to find TLS pass through options in here. Or maybe I am too dumb to understand. I do not want the proxy server to generate or keep any certificates, all that will be done by my home server. All I want the proxy server to do is pass through the TCP connection.

Can you link some documentation or a guide that can explain all this?

It works with embedded content too. And if you're on android, check out UntrackMe app on f-droid.

So, how do you hide your IP from the peers?

There is an extension called LibRedirect that does this. It's customisable, as in, we can set if we want to redirect to piped or invidious, and which specific instances to use. Not only just YouTube but other services like GitHub to Gothub, Twitter to Nitter, reddit to libreddit etc. The default settings are already great.

Edit - added the link.

Most wifi routers have wifi range entending modes. I have an old, cheap TP Link wifi router. If I use a wire I get good speeds, about 40-80mbps. But when using it as a range entender, I get not more than 40mbps, but it suits me fine.

I use Nextcloud bookmarks with Floccus. Floccus can be installed as an add-on in Firefox and as an app on Android. It retains the folder structures of bookmarks.

Use a VPN, and turn on "Anonymous mode" in your client settings. Also change the setting saying "allow encryption" to "require encryption".

What does your economic status have to do with creating docker images?

I used to be a leacher, even when I had a broadband connection. I never really knew why seeding was important. Now, I try to match the data I have uploaded, at least, if not more. Like, of I download a 50gb of something. I seed at least 50gb before I remove it.

You can use Bookstack.

A lot of people/companies use it as wiki, but it can also be used a journal. It can also have multiple users with some shared books or pages if you need. You can use markdown or WYSIWYG editor. A lot of exporting formats are available.

I think MIUI was its pioneer. Even the settings app had ads.

That conversion isn't accurate at all, at least in the cities I have been. I used to trust OSM a lot, but it led me to wrong places a few times. I use Organic Maps, which is based on OSM, for general navigation, but I have to rely on Google Maps for finding precise locations. I use web interface only, for google maps, but OSM can be a pain in the butt, especially if others are dependent on me navigating them.