• 8 Posts
  • 13 Comments
Joined 1Y ago
cake
Cake day: Jun 13, 2023

help-circle
rss

Sophos XG115 Rev. 3 as OPNsense firewall?
Has someone experience running these as firewall preferably with package inspection and incoming Wireguard connections? Sophos XG115 or XG105 seem to be quiet cheap on eBay
fedilink

OPNsense with DSL?
I'm looking for a cheap but futureproof way to run OPNsense at my place. So I'm looking for a DSL modem capable of running at 300 Mbits and being able to run im bridge mode, it's fine if I buy it used I just couldn't find any good recommendations as FritzBox seems to not like running in bridge mode. Being able to flash something like OpenWRT on it is a bonus. And on the other hand I'm looking for good recommendations for the OPNsense box. Should have enough power for Wireguard and package inspection. Used ist probably preferred Thanks in advance :)
fedilink

If you already have Nextcloud running you can use the Nextcloud Forms app


Honestly, I would say because you just have less struggle. I had just a lot more problems when I was using Ubuntu instead of Debian. But I thinks it’s mostly personal preference


I don’t know about photoprism but I guess that’s not going to work because it’s really hard to provide features like face recognition and a web frontend with a zero trust setup. So if you just want the to have a automatic photo backup you could take a look at encrypted folders for nextcloud


And container to container works fine, im able to communicate p.e. with keycloak:9000


But the network is created externally, so shouldn’t this be the same?



Problem connecting to host from Docker container
I followed this [Guide](https://blog.gurucomputing.com.au/Smart%20VPNS%20with%20Headscale/Introduction/) to setup headscale with caddy. And tried to add Keycloak with this [guide](https://blog.gurucomputing.com.au/Authentication%20with%20Keycloak/Authentication%20with%20Keycloak/) from the same guy. Sadly my docker containers do not seem to be able to connect to the keycloak server. What happens is that if i try to download the openid configuration from the host (via wget) or from my local PC it just works. But the headscale server gets a timeout when trying to connect to the endpoint. When i use the internal docker name to connect to the keycloak container the connection works fine but then i get an error because its not the external url. I experimented a bit and managed to reproduce the issue with a different container (running an ubuntu container and also getting a timeout when trying to download the config from keycloak). If i run the container with the host network i works just fine. Does anyone know how to fix this? PS: i also tried the example from the guide with gitea an its also the same problem Update: I tried most suggestions and for some reason it just didn't work. My solution that is working now is that I bind the container ports to localhost only (by using p.e.: ports: -"127.0.0.1:4567:8080") and using the caddy server in host network mode. Now all containers can connect like expected and are working flawlessly. Thanks for all your suggestions :)
fedilink

For Headscale you don’t need a lot of bandwidth or power because your traffic is not routed through the Headscale server. Headscale only helps to directly connect your clients together without having to open ports


I agree with you that by using tailscale you have to trust them, but your traffic is not routed through their servers, they are only responsible to directly connect your devices (by nat traversal)


Just in case you never heard of it, there is also the option to use Tailscale. It lets you connect to your services without opening any ports and uses Wireguard under the hood but makes configuration simpler


How do you use Tailscale?
I've read a lot of recommendations for tailscale and am on my way to try it out myself. Do you use Tailscale in the "normal" way or do you host your own Headscale server (as I'm planning to do)? Any pros and cons?
fedilink

Maybe you could also try to generate your one SSL certificate and add it to your Android/Linux/Windows devices as root certificate 🤷🏼‍♂️.

That’s only a possibility, of you’re willing to do this to every single device that should be able to connect to your services


I’m testing frugal right know and ist working fine but it seems to miss some content. So I took a look at the promotions page on r/Usenet and these two providers would be really cheap while being on different backbones. But I’m probably going to be alright with the yearly frugal subscription with the block account added


Usenet Providers security
Is it save to use identifying information (credit card, PayPal) for paying a Usenet provider? I'm especially interested in thecubenet.com and easynews. Have there been any incidents where someone got into trouble for downloading copyright protected content from a provider? Also should I use a VPN for downloading even when SSL is enabled? Thanks in advance :)
fedilink

Seedbox needs VPN?
Do I need to use a VPN when torrenting with a Seedbox (especially giga-rapid and ultra.cc)?
fedilink

I edited my post, i meant GigaBox from GigaRapid not from Vodafon etc.


Recommandations for a Seedbox
I'm looking for good price to performance seedboxes for around 15€/month. I found the offers from GigaBox from GigaRapid very appealing. Does anyone have experiences with this provider? Do I have to worry about copyright claims when torrenting with any/this seedbox?
fedilink

How do you host your container services?
Do you host all services just from your root account with docker or do you seperate the services between user accounts with rootless docker? Do you use podman or docker? It's easier to just host everything from root with normal docker, but seperating services into special user account is probably way saver, at least as far as i know. Do you think ist worth going the extra step or do you just trust docker and your containers to not get exploited? Last but not least do you use an automatic update service for your host system and your containers?
fedilink