!hokCjFXtQcxTAIXSdZ:matrix.org

#selfhosted

1319 Members
#selfhosted : discussion about self hosted or in house applications and services for private cloud and privacy preservation use cases. inspired by /r/selfhosted community on reddit (no official affiliation). 279 Servers

Load older messages


SenderMessageTime
25 Jul 2021
@uuuyl:matrix.org@uuuyl:matrix.org left the room.09:25:51
@myr0bz:matrix.orgmyr0bz changed their profile picture.11:37:41
@alanwalker420:matrix.orgAlan Walker
In reply to @bbaovanc:boba.best
adguard home has built in support for DoH, if you want to run your own dns resolver (such as unbound), then you can just run it locally so there's no need for DoH
Hello again. So I followed your advice and I'm trying to set up adguard with unbound as a resolver and it seems to match my needs. The problem that I'm facing is that I'm using the docker image behind jwilder nginx proxy that manages also ssl certificates. The doh of adguard uses port 443 which is already used by nginx. So I don't know what to do to make it work
13:23:08
@_xmpp_x0n=40jabb3r.org:matrix.org@_xmpp_x0n=40jabb3r.org:matrix.org left the room.14:01:22
@dudestofmen:jupiterbroadcasting.comDudestOfMenYou should be able to tweak the docker config to remap ports. Short version is there's a separate docker network internal to docker (or several, if you want). You can tweak your docker-compose file (or equivalent) to map your public facing ports to be what you need, and to map to what you need. In this case it sounds like you need to have the nginx reverse proxy pass doh to unbound and other urls to other containers (possibly though you didn't mention them). I'm not sure on the correct nginx config or that it can handle doh, but that's the direction I'd search in: docker network config and nginx doh config. 14:16:55
@alanwalker420:matrix.orgAlan Walker
In reply to @dudestofmen:jupiterbroadcasting.com
You should be able to tweak the docker config to remap ports. Short version is there's a separate docker network internal to docker (or several, if you want). You can tweak your docker-compose file (or equivalent) to map your public facing ports to be what you need, and to map to what you need. In this case it sounds like you need to have the nginx reverse proxy pass doh to unbound and other urls to other containers (possibly though you didn't mention them). I'm not sure on the correct nginx config or that it can handle doh, but that's the direction I'd search in: docker network config and nginx doh config.
Ok I'll give it a try. Thank you
14:39:30
@johndoed:matrix.orgJohnDoed Just glanced at the chat, DudestOfMen that is one of the best handles I have seen in a long time LOL 15:06:45
@_xmpp_x0n=40jabb3r.org:matrix.org@_xmpp_x0n=40jabb3r.org:matrix.org joined the room.15:47:03
@stephen:matrix.bozg.seStephenHeimdall question: Is there a way to "copy" new users? I just spent ages adding apps only to realise I was logged in as the wrong user! As far as I know, it's not possible via the frontend but can't be it be done via the database?17:10:38
@dudestofmen:jupiterbroadcasting.comDudestOfMen Duuude! Thanks, JohnDoed - you're quite the dude yourself! 17:46:39
@gregz:enactive.netgregz joined the room.17:53:43
@_xmpp_x0n=40jabb3r.org:matrix.org@_xmpp_x0n=40jabb3r.org:matrix.org left the room.19:44:39
@bbaovanc:boba.bestbbaovanc
In reply to @alanwalker420:matrix.org
Hello again. So I followed your advice and I'm trying to set up adguard with unbound as a resolver and it seems to match my needs. The problem that I'm facing is that I'm using the docker image behind jwilder nginx proxy that manages also ssl certificates. The doh of adguard uses port 443 which is already used by nginx. So I don't know what to do to make it work
remap that 443 port from adguard home to another port, then use nginx to reverse proxy
19:50:02
@bbaovanc:boba.bestbbaovancalthough still keep in mind that using DoH when connecting to a dns server on your local network isn't going to make any real difference because those dns requests aren't even leaving your home network in the first place19:50:41
26 Jul 2021
@scarecrowdaycare:matrix.orgscarecrowdaycare joined the room.01:51:04
@testrun1776:matrix.org@testrun1776:matrix.org joined the room.07:02:19
@testrun1776:matrix.org@testrun1776:matrix.org left the room.07:05:03
@belligeratoris1:matrix.orgbelligeratoris1 joined the room.07:13:54
@alanwalker420:matrix.orgAlan Walker
In reply to @bbaovanc:boba.best
remap that 443 port from adguard home to another port, then use nginx to reverse proxy
Hello and thanks for your answer. Actually the problem was that adguard was set behind nginx proxy that manages ssl certificates while adguard home asks for certificate as well to set up doh. Even changing ports didn't work. To solve this, I enabled an option in adguard config file allow_unencrypted_doh which is not accessible from the web panel. Then you let nginx do the encryption and pass doh request to the insecure http port for adguard. I also needed to use dot for my android phone, so I had to open the 853 port on my firewall for it to work
07:36:55
@bbaovanc:boba.bestbbaovancoh ok that's great!07:37:29
@alanwalker420:matrix.orgAlan Walker
In reply to @bbaovanc:boba.best
although still keep in mind that using DoH when connecting to a dns server on your local network isn't going to make any real difference because those dns requests aren't even leaving your home network in the first place
Yes I understand. This is for when I'm not home for both my laptop using doh and my phone using dot
07:38:02
@jascha:matrix.jaschad.dejascha left the room.10:20:59
@freshgum-bubbles:halogen.cityfreshgum bubbles joined the room.14:02:55
@ta180m:exozy.meAnyone here have any experience with LDAP? Is it worth it for self-hosted setups with multiple users?14:59:23
@robberbob:matrix.orgrobberbobFor windows machines or linux machines? I haven't done either but I've been thinking about doing it for awhile.15:05:27
@ta180m:exozy.meFor Linux ofc. Why would anyone put themselves through the pain of Windows server?15:51:17
@robberbob:matrix.orgrobberbobI wasn't talking about setting up a windows server. I was wondering if you were planning on pointing a family member's windows pc to it or something.15:53:23
@ta180m:exozy.meNot really. I want my users to be able to use the same account for SSH, Nextcloud, Gitea, etc so I thought LDAP might be a way to do it16:07:14
@robberbob:matrix.orgrobberbobThat should work. If you also wanted to distribute their public keys for passwordless login, you could store a users public key in their ldap user and have a cronjob to see if a user is a member of a group to access ssh on the server, add them, pull their cert out of ldap and add it to their authorized_keys file. About an afternoon's worth of work but could be fun.16:16:15
@kunalr:matrix.orgFrasogle joined the room.17:07:56

There are no newer messages yet.


Back to Room List