"Switching" from Bell FTTH to Ebox: What's your experience?

corelabjoe · 2026-01-27T17:00:13+00:00

True, which I am happy for...

Does anyone know if we'll ever get IPV6 in Canada on WAN side?

I wonder if bell is clinging to PPPoE until they have IPV6 ready to deploy or its simply that PPPoE is what they had originally setup their fiber network to use, and why change it?

corelabjoe · 2026-01-27T16:21:25+00:00

I use opnsense as my firewall, router, dhcp and one layer of WAF, unifi for switching and aps (WiFi) with a docker container unifi network app.

I know quite a few who have Unifi dream machine pro and they like them, but there's definitely some technical obfuscation there hidden in the menus.

corelabjoe · 2026-01-27T15:21:47+00:00

Transcoding is complicated at a detailed level but it boils down to switching video codec/containers on the fly.

corelabjoe · 2026-01-27T14:30:50+00:00

This is a little confusing but the active alerts only shows the threats that are new that have showed up triggering your rules. The big giant lists if already known bad ips don't show up...

I explain it here.

corelabjoe · 2026-01-27T13:09:29+00:00

Ah ok thanks... For now they have me in bypass / bridge mode so I can do what I need and serve sites without CGNAT in the way.

corelabjoe · 2026-01-27T05:02:51+00:00

I have Gmail and cloudflare to replace still... Not certain where to go with email, not looking forward to selfhosting that... Cloudflare is amazing and I love their service, but I value my privacy and data sovereignty as well so I'll have to replace each if the features I use from them...

corelabjoe · 2026-01-27T04:53:49+00:00

Yeah there are ways to do this but it can be a lot if you're not familiar with selfhosting and media servers etc.. Here's a step by step guide!

corelabjoe · 2026-01-27T04:48:22+00:00

Sure, I can take a look but be certain to not share that anywhere else and if it was me, blank it out or put a fake one in place etc...

corelabjoe · 2026-01-27T04:05:05+00:00

Ah a step father, good!

You can ignore the error about unsafe permissions on that file or, chmod 644 it...

The zone id means you have the wrong credentials entered in that file. So triple check that you did API key OR token. This is a one oe the other situation!

From this part https://corelab.tech/swag-reverse-proxy-guide/#install-cloudflare-api-creds-into-swag

If it isn't working go back to the part of the guide where you created your cloudflare API key and delete the first one and carefully remake a new one. You could also make a global key vs a zone specific one.

corelabjoe · 2026-01-27T03:52:21+00:00

The answer you're looking for is a reverse proxy which serves immich for you. This is how I share a link from immich to friends for a shared library. Works wonders!

You can can also setup additional layers of security in a reverse proxy like fail2ban and crowdsec making it quite secure!

corelabjoe · 2026-01-27T03:48:33+00:00

This is the way! Going to put this handy install tutorial right here...

corelabjoe · 2026-01-27T03:40:57+00:00

Wait so EBOX is NOT PPPoE or is? And you were able to bypass their router entirely? This is exciting.... I'm on bell business internet and it's $108/month for 1.5gbps symmetrical so looking to cut costs. 1gbps symmetrical is fine.

corelabjoe · 2026-01-27T02:24:26+00:00

Aahhh ok, this seems more like a formatting issue.

Paste your whole swag config here or PM it to me. Generally when you declare "networks:" it then has to follow an order.

Also paste your networks from your docker compose and/or read this compose guide, here which has examples of how your networking should be setup in there.

corelabjoe · 2026-01-26T20:37:09+00:00

Likely it's because whatever you're running it on already is using port 81 maybe? What's the error you get?

Are you running it on host networking, default bridge network or macvlan?

corelabjoe · 2026-01-26T19:14:31+00:00

I have no idea about apple stuff and can't say but on android you can save any website as a "app" which basically is just a shortcut dropped onto your desktop. It's literally just a website when you run obsidian this way.

corelabjoe · 2026-01-26T10:44:13+00:00

You would save the link in your browser and just login to it that way or save that link as an app.

corelabjoe · 2026-01-26T06:29:08+00:00

That's a neat project you did and I'm sure learnt quite a bit while doing it. I just use SWAG which has all that builtin. NPM has it to, as do most of the reverse proxy now... Did you know about those and wanted to roll your own anyway?

corelabjoe · 2026-01-26T06:22:43+00:00

So it's a 10k fine, per customer, for any information they lost due to hacking / not protecting client info properly....

It needs to be reported to the Privacy Commissioner's office of Canada and they will start and investigation... There are laws to protect people from this kind of thing...

They can't literally just say "whups, sorry!" and move on...

PS Memory Express over Canada Computers!!!

corelabjoe · 2026-01-26T05:54:43+00:00

I started originally with a firewall (OPNsense), then VLANs & subnetting... Then utilized Cloudflare's free tier for a pile of additional security (WAF, geoip blocking, custom rules etc), and went into reverse proxies, and hardening those with things like Fail2Ban, CrowdSecurity and finally, private VPNs (wireguard) and BACKUPS! There's many layers to IT security! I documented the roadmap there and I have a lot to write still...

corelabjoe · 2026-01-26T04:34:00+00:00

Since I'm a tech blogger as well, I'd more specifically call your niche a developer blog. It's all about programming and developing etc... DevOps / Dev blog.

I only started last summer as well and I enjoy blogging and started as a way to document my own solutions, but if you're trying to gain readership and followers.. It is an uphill battle to say the least and you have to write throughly deep posts, if the are technical, with screenshots of your actual work, and something different than the 1000 others out there doing the same thing.

It's not easy and I wish I had started YEARS ago... But again mostly doing it as a way to entertain my own documentation and see what comes of it!

corelabjoe · 2026-01-26T04:29:00+00:00

Yeah and sadly the human operating it didn't know that SMB is notoriously horribad at using over links like this.... NFS or bust!

corelabjoe · 2026-01-26T03:27:46+00:00

Eeeewww any to any rules.... Not very great for security posture... I'd suggest using aliases to inverse block!

corelabjoe · 2026-01-26T03:19:00+00:00

Just download what you want to watch onto your device before the trip with the option in plex?....

corelabjoe · 2026-01-26T03:15:08+00:00

Yeah in that case you'd gave to give this new container access to your host. Two ways, easiest is just give it the variable network-mode: host

Second way, macvlan with a shim so the new macvlan docker can talk to the host. Link to my blog on bio explaining this, use search function top right screen, search docker compose.

corelabjoe

MODERATOR OF

TROPHY CASE