Skip Navigation
Jump
Wireguard + GreenTunnel
  • More details of post is always needed, else it’ll be ignored or treated as spam.

    • Having said that, this sounds more like a proxy socket. Or not?
    1
  • Jump
    Hosting for Really
  • If they’re installing an antenna to your router, that means that it creates a “rogue wireless” often used by mobile devices signed to that company when they’re on the road.

    • Though this type of setup tends to be segregated from your network, it still creates an attack vector and also means that any third party could use your network/IP as a launchpad for a nefarious act.

    • Simple advice, disconnect the antenna from your router, and demand that they disable the ‘rogue network’ preconfigured in the router.

    1
  • Jump
    nginx and authelia or authentik working docker
  • Great to hear you have it up and running.

    • Next step I would suggest is to protect the /if/admin.

    • If you're using Cloudflare, you can setup the firewall to allow only your IP or select IP to have access to the admin portal. Otherwise, you can restrict it directly on NPM by going to the advanced tab and enter the following:

    • location /if/admin { return 404; }

    • You can always temporary remove the entry if you needed admin access to make changes or configuration.

    Cheers mate!

    1
  • Jump
    nginx and authelia or authentik working docker
  • Do followingg: (A better formatted VERSION on Pastebin: https://pastebin.com/hHuDnPn7)

    sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm

    • That would be for your Nguni Proxy Manager

    • Then:

    cd /opt/docker/npm

    • Then:

    nano docker-compose.yml Paste the following:

    version: '3.8' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' - '443:443' - '81:81' environment: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: “CHANGEME” DB_MYSQL_NAME: "npm" volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db networks: - npm-proxy

    db: image: 'jc21/mariadb-aria:latest' restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: ‘SAME AS CHANGEME’ MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'SAME AS CHANGEME' volumes: - ./mysql:/var/lib/mysql networks: - npm-proxy # Add the network here

    networks: npm-proxy: # Define the network external: true

    • THEN: docker-compose up -d

    • GO THROUGH NPM setup by GOING to http://YourIP:81

    • NOW FOR AUTHENTIK

    sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm

    • Then

    cd /opt/docker/npm

    • THEN

    nano docker-compose.yml

    • PASTE THE FOLLOWING AND SAVE

    version: "3.4"

    services: postgresql: image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} POSTGRES_DB: ${PG_DB:-authentik} env_file: - .env networks: - npm-proxy redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - redis:/data networks: - npm-proxy server: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3} container_name: authentik restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} volumes: - ./media:/media - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3} restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy

    volumes: database: driver: local redis: driver: local

    networks: proxy: npm-proxy: external: true

    • THEN RUN

    sudo apt-get install -y pwgen

    • Next, run the following commands to generate a password and secret key and write them to your .env file:

    echo "PG_PASS=$(pwgen -s 40 1)" >> .env echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env ———————

    • An .env file would have been created which you can access by typing:

    nano .env (you can configure other parameters here)

    Now go to NPM and forward your domain to: (authentik as IP and 9443 in port) https://authentik:9443 (remember to select https and NOT http on NPM)

    • To start the initial setup, navigate to https:///if/flow/initial-setup/
    1
  • Jump
    Need help to setup a kanban on a local network for a small business
  • Not a direct answer to the last question, but you can run OnlyOffice in LAN environment. You can even use a domain.tld add ssl certificate to it and make it accessible only within your LAN. I did this about 6 months ago. Just saying.

    1
  • Jump
    Replace all my search engine with SearxNG
  • I’m sure it’s same as in iOs. Are you able to locate the option for “Search Engines” under the settings? That where to change it.

    1
  • Jump
    Replace all my search engine with SearxNG
  • You need to specify what OS (iOs or Android) and the browsers you use. Without that, there’s no magic wand to figure out your specifics.

    1
  • Jump
    Sorry for the stupid question but how do I set up port forwarding for an SSH server?
  • Install Tailscale on the target PC or server, then enable ssh on your account at Tailscale website. Install Tailscale on the device you intend to use for accessing other devices. That’s it. You can now login to the device(s) via ssh.

    1