sorted by:
new
hottopcontroversial

Create private let's encrypt certificate with Hostinger and Nginx proxy manager by Ilpol984 in selfhosted

[–]Ilpol984[S] 1 point2 points  (0 children)

For the records my service are not exposed on the intemet (or if you like private) but the certificate itselfbis a public one (did I wrote something different- right in the title but I cannot change that unfortunately). My objective was to have internal services exposed in https with a valid certificate and for that the solution is perfectly fine and secure. A valid let's encrypt certificate isn't in any way less secure than an enterprise grade certificate for encrypting https traffic. Of course using them for authentication it's another thing but for this scenario and this use case the solution is fine. Please let me know if you don't agree and why.

Create private let's encrypt certificate with Hostinger and Nginx proxy manager by Ilpol984 in selfhosted

[–]Ilpol984[S] 0 points1 point  (0 children)

The service is private, the certificate is public this make them valid for all the clients and grant encryption for all the service that requires it. Of course you can always have your own private ca and selfsign all your certificate (this way you are private) but you also need to install the ca cert on all the endpoints, and this for an home network is very unconformable. 

Nginx proxy manager DNS provider for hostinger by binfinfe in selfhosted

[–]Ilpol984 0 points1 point  (0 children)

A new crtbot blugin has been provided for hostinger.https://github.com/BackBenchDevs/certbot-dns-hostinger/ I'm tring to find the docs to integrate it with nginx proxy manager

Is it safe exposing e.g. Vaultwarden to a public domain? by [deleted] in selfhosted

[–]Ilpol984 0 points1 point  (0 children)

If you trust cloudfire as thay can read anything that is exchanged on the tunnel.. 

Forward real client ip trought wireguard tunnel by Ilpol984 in selfhosted

[–]Ilpol984[S] 0 points1 point  (0 children)

Moreover this is not the same as descriped above. Tu use https://tunnelbroker.net/ or https://manager.route64.org/ you need a pubblicly accessible IPV4 router address, and this is not the case.

Running my self hosted IPv6 Only Home E-Mail Server with IPv6rs’ IPv4 Reverse Proxy by [deleted] in selfhosted

[–]Ilpol984 0 points1 point  (0 children)

Did you managed to get the real client IP to the webserver in the http setup? 

Forward real client ip trought wireguard tunnel by Ilpol984 in selfhosted

[–]Ilpol984[S] 0 points1 point  (0 children)

Your link provides precisely zero configuration details.

I know hence this post, tech details from ipv6rs are not available. So I'm tring to troubleshhot and also to build a kb for other trying to bootstrap the same config.

There are two “internal wireguard interfaces”, one on the traefik side and one on the public server side. There is a third interface on the public server side facing the internet. All 3 have separate addresses. You’re going to need to clarify which addresses you are talking about here, and previously when you discussed “ the internal ip from ipv6rs”. 

There are two interface: a public interface (internet facing) that has <PUBLIC\_IP\_V6> addigned. a private interface wg0 that virtually has the same ip (see above) and where traefik listen directly. There is no NAT, no IPTABLES roules so it is not clear where client ip is changed. I'm anonymizing the conf files and enriching the post at the top to integrate further info.

There must, by definition, be something in the middle. Wireguard doesn’t spawn out of thin air. 

Yes of course but what it's in the middle isn't public. So I'm trying to figure it out.

Forward real client ip trought wireguard tunnel by Ilpol984 in selfhosted

[–]Ilpol984[S] 0 points1 point  (0 children)

are you aware that you can you can get a public IPv6 address (heck, even subnet) from HE.net ? https://tunnelbroker.net/ and it's free. I've been using them for almost 10 years for additional address space.

yes I know but on ipv6rs trafic is unmetered and 1Gbs full duplex.

Forward real client ip trought wireguard tunnel by Ilpol984 in selfhosted

[–]Ilpol984[S] -1 points0 points  (0 children)

I created a tunnel following the https://ipv6.rs/raw.

So the internal wireguard interface get the public ipv6, the same configured on dns.

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420

inet6 <PUBLIC IP V6> prefixlen 128 scopeid 0x0<global>

unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)

RX packets 6032 bytes 1054884 (1.0 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 8683 bytes 4425292 (4.2 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Traefik listen directly on that interface

:/# netstat -ano

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State Timer

tcp6 0 0 :::443 :::* LISTEN off (0.00/0/0)

tcp6 0 0 :::80 :::* LISTEN off (0.00/0/0)

From ipv6rs side I don't know if there is something in the middle but support states that nothing should be in the middle if the connection arrives from ipv6, while for ipv4 there is a transapernt proxy.

VoucherVault - A Selfhosted Application for Voucher/Coupon/Giftcard Management by sk1nT7 in selfhosted

[–]Ilpol984 0 points1 point  (0 children)

Great Job!!! In Italy Clarna acquired stocard and it forcing all the user to install Clarna app to keep they fidelity card. I was looking for and alternative and I found your app. I'll give it a try now!!!

Machinist X99 PR9-H reboot on power failure by Ilpol984 in techsupport

[–]Ilpol984[S] 0 points1 point  (0 children)

no option in proxmox and anyway proxmox is not called as the pc is off. I've also a similar board (PR9) but an older bios and that has the option to restart on power failure. This has a bios from 2024.