| 25 Jul 2021 |
|  @uuuyl:matrix.org left the room. | 09:25:51 |
|  myr0bz changed their profile picture. | 11:37:41 |
 Alan Walker | In reply to @bbaovanc:boba.best
adguard home has built in support for DoH, if you want to run your own dns resolver (such as unbound), then you can just run it locally so there's no need for DoH Hello again. So I followed your advice and I'm trying to set up adguard with unbound as a resolver and it seems to match my needs. The problem that I'm facing is that I'm using the docker image behind jwilder nginx proxy that manages also ssl certificates. The doh of adguard uses port 443 which is already used by nginx. So I don't know what to do to make it work | 13:23:08 |
|  @_xmpp_x0n=40jabb3r.org:matrix.org left the room. | 14:01:22 |
 DudestOfMen | You should be able to tweak the docker config to remap ports. Short version is there's a separate docker network internal to docker (or several, if you want). You can tweak your docker-compose file (or equivalent) to map your public facing ports to be what you need, and to map to what you need.
In this case it sounds like you need to have the nginx reverse proxy pass doh to unbound and other urls to other containers (possibly though you didn't mention them).
I'm not sure on the correct nginx config or that it can handle doh, but that's the direction I'd search in: docker network config and nginx doh config. | 14:16:55 |
| Alan Walker | In reply to @dudestofmen:jupiterbroadcasting.com
You should be able to tweak the docker config to remap ports. Short version is there's a separate docker network internal to docker (or several, if you want). You can tweak your docker-compose file (or equivalent) to map your public facing ports to be what you need, and to map to what you need.
In this case it sounds like you need to have the nginx reverse proxy pass doh to unbound and other urls to other containers (possibly though you didn't mention them).
I'm not sure on the correct nginx config or that it can handle doh, but that's the direction I'd search in: docker network config and nginx doh config. Ok I'll give it a try. Thank you | 14:39:30 |
 JohnDoed | Just glanced at the chat, DudestOfMen that is one of the best handles I have seen in a long time LOL | 15:06:45 |
| @_xmpp_x0n=40jabb3r.org:matrix.org joined the room. | 15:47:03 |
 Stephen | Heimdall question: Is there a way to "copy" new users? I just spent ages adding apps only to realise I was logged in as the wrong user! As far as I know, it's not possible via the frontend but can't be it be done via the database? | 17:10:38 |
| DudestOfMen | Duuude! Thanks, JohnDoed - you're quite the dude yourself! | 17:46:39 |
|  gregz joined the room. | 17:53:43 |
| @_xmpp_x0n=40jabb3r.org:matrix.org left the room. | 19:44:39 |
 bbaovanc | In reply to @alanwalker420:matrix.org
Hello again. So I followed your advice and I'm trying to set up adguard with unbound as a resolver and it seems to match my needs. The problem that I'm facing is that I'm using the docker image behind jwilder nginx proxy that manages also ssl certificates. The doh of adguard uses port 443 which is already used by nginx. So I don't know what to do to make it work remap that 443 port from adguard home to another port, then use nginx to reverse proxy | 19:50:02 |
| bbaovanc | although still keep in mind that using DoH when connecting to a dns server on your local network isn't going to make any real difference because those dns requests aren't even leaving your home network in the first place | 19:50:41 |
| 26 Jul 2021 |
|  scarecrowdaycare joined the room. | 01:51:04 |
|  @testrun1776:matrix.org joined the room. | 07:02:19 |
| @testrun1776:matrix.org left the room. | 07:05:03 |
|  belligeratoris1 joined the room. | 07:13:54 |
| Alan Walker | In reply to @bbaovanc:boba.best
remap that 443 port from adguard home to another port, then use nginx to reverse proxy Hello and thanks for your answer. Actually the problem was that adguard was set behind nginx proxy that manages ssl certificates while adguard home asks for certificate as well to set up doh. Even changing ports didn't work.
To solve this, I enabled an option in adguard config file allow_unencrypted_doh which is not accessible from the web panel. Then you let nginx do the encryption and pass doh request to the insecure http port for adguard.
I also needed to use dot for my android phone, so I had to open the 853 port on my firewall for it to work | 07:36:55 |
| bbaovanc | oh ok that's great! | 07:37:29 |
| Alan Walker | In reply to @bbaovanc:boba.best
although still keep in mind that using DoH when connecting to a dns server on your local network isn't going to make any real difference because those dns requests aren't even leaving your home network in the first place Yes I understand. This is for when I'm not home for both my laptop using doh and my phone using dot | 07:38:02 |
|  jascha left the room. | 10:20:59 |
|  freshgum bubbles joined the room. | 14:02:55 |
 | Anyone here have any experience with LDAP? Is it worth it for self-hosted setups with multiple users? | 14:59:23 |
 robberbob | For windows machines or linux machines? I haven't done either but I've been thinking about doing it for awhile. | 15:05:27 |
| | For Linux ofc. Why would anyone put themselves through the pain of Windows server? | 15:51:17 |
| robberbob | I wasn't talking about setting up a windows server. I was wondering if you were planning on pointing a family member's windows pc to it or something. | 15:53:23 |
| | Not really. I want my users to be able to use the same account for SSH, Nextcloud, Gitea, etc so I thought LDAP might be a way to do it | 16:07:14 |
| robberbob | That should work.
If you also wanted to distribute their public keys for passwordless login, you could store a users public key in their ldap user and have a cronjob to see if a user is a member of a group to access ssh on the server, add them, pull their cert out of ldap and add it to their authorized_keys file. About an afternoon's worth of work but could be fun. | 16:16:15 |
|  Frasogle joined the room. | 17:07:56 |
