diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..eac9183 --- /dev/null +++ b/LICENSE @@ -0,0 +1,9 @@ +MIT License + +Copyright (c) 2023 aiquiral + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/animation.html b/animation.html new file mode 100644 index 0000000..6d824bc --- /dev/null +++ b/animation.html @@ -0,0 +1,55 @@ + + +
+Music – Other Projects – – Privacy Policy – About
26 April 2023 | Privacy, Self-hosting
+ + + +A list dedicated to providing the best tools and services to protect your online privacy. [UPDATED – 05 May 2023]
+ +Please keep in mind that the software programs and services listed below are based on my personal knowledge and experience. I have not received any payment to include any specific software program or service in this list, and there are no affiliate links. However, it’s important to do your own research and make your own informed decisions based on your unique needs and circumstances.
+ +This Awesome Privacy list has been inspired by privacytools.io, awesome-privacy.xyz, awesome-privacy by pluja and many others.
+ +People often mix the concepts of privacy and anonymity, and sometimes security too. Here is a table that provides a comparison of privacy, anonymity, and security to help clarify the distinctions between these related concepts.
+ +Concept | +Definition | +Example | +
---|---|---|
Privacy | +The ability to control access to personal information or actions. {:/} | +Using a VPN to browse the internet to prevent your ISP from spying on you. {:/} | +
Anonymity | +The state of being unknown or unidentifiable. {:/} | +Using a disposable email address when signing up for online services. {:/} | +
Security | +The protection of assets or resources from unauthorized access, use, disclosure, disruption, modification, or destruction. {:/} | +Using a firewall to prevent unauthorized access to a computer network. {:/} | +
Suppose you have a diary that you keep locked in a drawer in your bedroom. The diary is your personal possession, and you have the right to keep it private. The lock on the drawer provides a level of security that prevents others from accessing your diary without your permission. If you were to write in the diary using a pseudonym, you would be maintaining anonymity.
+ +So, in this example, privacy refers to the ability to keep personal information or possessions away from others. Security refers to the protection of personal possessions from unauthorized access or theft. Anonymity refers to the state of being unknown or unidentifiable.
+ +With this article, I hope to achieve the goal of helping you maintain all three of these.
+ +All the pieces of software and services mentioned in this article are open-source.
+ +Open source software is important for privacy because it enables greater transparency and accountability in the development of software. Since the source code is freely available for anyone to view, it can be inspected by security experts to identify any potential security vulnerabilities or backdoors that could be exploited by malicious actors. This means that security vulnerabilities can be identified and patched more quickly, reducing the risk of data breaches and other security incidents that could compromise personal information.
+ +Do you have curtains in your home? This is because you want to keep certain activities private and don’t want strangers to know what you do. But why would you want large companies such as Google, Apple, Microsoft, Oracle, and even smaller companies to collect your personal information? Your answer may be, “I like targeted ads as they help me find new products,” or, “I want those companies to improve their products to help me serve better.” But that is not all they use your data for. Take a look at these articles:
+ +Read this – https://thenextweb.com/news/read-this-if-youve-got-nothing-to-hide
+ +I can cite over a hundred articles like these, but it is up to you to understand why privacy matters.
+ +Apps that come preinstalled on phones, as well as those on the Google Play Store, often contain advertisements and tracking mechanisms. They may also request access to unnecessary information. Using open-source alternatives for basic apps can provide a more private and secure experience for users.
+ +Stay away from app stores like Google Play Store, Amazon App Store, Samsung App Store, GetApps etc., as they are known to collect user data, such as app usage and location information.
+ +Although, the best course of action is to download the source code and compile the application yourself, but the following alternates can also be helpful.
+ +Alternates | +Prospective Advantages | +Conservative Disadvantages | +
---|---|---|
F-Droid | +||
Aurora Droid | +||
SkyDroid | +||
Aurora Store | +
Other alternates are Obtanium and FossDroid.
+ +Stay away from preinstalled and third-party proprietary camera apps as they are known to collect user data.
+ +Following are some better alternates:
+ +Alternates | +Prospective Advantages | +Conservative Disadvantages | +
---|---|---|
Libre Camera | +||
OpenCamera Sensors | +
Another good alternate is AiCamera.
+ +Stay away from preinstalled and third-party proprietary keyboards like GBoard, SwiftKey Keyboard, Samsung Keyboard, Mint Keyboard etc., as they are known to collect user data, including usage and clipboard data.
+ +Following are some better alternates:
+ +Alternates | +Prospective Advantages | +Conservative Disadvantages | +
---|---|---|
OpenBoard | +||
FlorisBoard | +
Other alternates are Indic Keyboard and AnySoftKeyboard.
+ +Stay away from preinstalled and third-party proprietary File Manager apps like EZ Explorer, FK Commander etc., as they are known to collect user data, including usage data and metadata.
+ +Following are some better alternates:
+ +Alternates | +Features | +
---|---|
Material Files | +|
Ghost Commander | +
Other alternates are Simple File Manager and Amaze File Manager.
+ +The choice of your operating system is very important as it is the most important piece of software on your device. And since it pretty much controls all your device’s hardware and software, it can have a significant impact on your privacy.
+ +Choosing operating systems like Stock Android, iOS, Windows, and macOS can compromise privacy as these systems often come with pre-installed apps and services that collect user data. These systems also often rely on cloud-based services that store user data, increasing the risk of data breaches and privacy violations. In addition, these systems are closed-source, which means that their source code is not available to the public, making it difficult to identify potential security vulnerabilities. Finally, these systems are typically designed to work with proprietary hardware, which can limit the user’s ability to control their data and their device.
+ +Imagine you have a secret toy that you do not want anyone else to know about. Your toy is hidden in a special place in your room where nobody can see it or touch it. Now, imagine that your parents can see everything you do in your room, even your secret hiding place. They can also tell your friends and other people about your toy.
+ +Just like your secret toy, your personal information on your device is also private, and you do not want anyone else to know about it. If you choose a privacy-oriented operating system, it will help you keep your personal information safe and hidden from others, just like your secret toy. But if you pick an operating system that does not prioritise privacy, it might share your personal information with others, just like your parents sharing about your toy with your friends.
+ +It is important to recognise that when it comes to iOS, privacy may not be a top priority for Apple as a company. Read these articles: 1, 2, 3.
+ +Similar to Apple, Google also collects and tracks your data on Android devices. When using an Android device, Google’s apps and services are integrated deeply within the system, allowing them to collect a vast amount of user data. Read these articles: 1, 2, 3.
+ +However, there are several custom ROMs available that remove Google’s presence, and provide additional security and privacy features for users. Following are some options:
+ +ROMs | +Proactive Advantages | +Conservative Disadvantages | +
---|---|---|
LineageOS | +||
GrapheneOS | +||
/e/OS | +
Please note that it is advisable to avoid rooting or flashing a custom ROM onto your device unless you possess advanced technical knowledge. If you still need an alternate, you may follow this Lemmy post – 100% FOSS Smartphone Hardening non-root Guide 4.0.
+ +Avoid using proprietary operating systems like Windows and macOS. They are known to be closed-source, which means that their source code is not open to the public. This makes it difficult to know what kind of data is being collected and how it is being used. In addition, they are also known to have several security vulnerabilities that can be exploited by hackers to gain access to your personal information.
+Read these articles: 1, 2, 3, 4, 5.
Following are some good, beginner-friendly alternates:
+ +Operating Systems | +Proactive Advantages | +Conservative Disadvantages | +
---|---|---|
Linux Mint | +||
Manjaro | +||
Edubuntu | +
Following are some good alternative for advanced users:
+ +Operating Systems | +Proactive Advantages | +Conservative Disadvantages | +
---|---|---|
OpenBSD | +||
Arch Linux | +||
Tails | +||
Qubes OS | +
There are a lot more options to choose from. If you need help picking a Linux-based operating system, Distrochooser is a very helpful tool.
+If, for any reason, you have to rely on Microsoft Windows, you can debloat it and remove most of the telemetry using either AtlasOS or creating your own Tiny11 ISO using this guide, for a relatively safer experience.
Staying away from pre-installed OS on your Smart TV, like Google TV, WebOS etc., is a good idea. You can use the following for a safer experience:
+ +Health related data is the considered to be the most sensitive of all. Staying away from pre-installed OS on your smartwatches is a good idea. You can use the following for a safer experience:
+ +Download the operating systems from official sources only.
+ +A password manager is a tool that securely stores your login information for websites and applications. With the prevalence of online accounts, it’s common for individuals to have dozens or even hundreds of different usernames and passwords to remember. Password managers alleviate the need to memorise multiple login credentials by providing a secure digital vault for storing them. This not only makes it easier to manage passwords, but it also improves security by allowing users to generate and store strong, unique passwords for each account.
+ +Although, most password managers offer built-in 2FA features, it is not recommended to use it because it, kind of, defeats the purpose of “two-factors” as both, passwords and 2FA codes are available in one app.
+ +People should avoid closed-source password managers, like 1Password, Dashlane, LastPass etc., because they cannot be audited or verified by the public, leaving users to rely on the company’s word that their passwords are being stored and managed securely. Closed-source password managers may also have backdoors or vulnerabilities that can be exploited by hackers or government agencies. Additionally, closed-source password managers may collect and sell user data without their knowledge or consent. Read these articles – 1, 2.
+ +Following are some good alternates:
+ +Password Manager | +Proactive Advantages | +Conservative Disadvantages | +
---|---|---|
Bitwarden | +||
Vaultwarden | +||
KeePassXC (Linux/Windows/macOS) KeePassDX (Android) StrongBox (macOS/iOS) KeeWeb (WebApp) |
+ ||
LessPass (Android/iOS/Browser Add-On/CLI) | +
Some other good options are Padloc and Passbolt. For some users Proton Pass (Beta) may be a good option, but don’t keep all your apples in one basket.
+ +Privacy analysers are tools that scan applications on your device and identify privacy and security risks. They can help you identify apps that collect unnecessary data or have security vulnerabilities, giving you greater control over your online privacy. These tools are particularly important in today’s world, where many apps and services collect large amounts of user data without clear disclosure or user consent. By using a privacy analyser, you can identify problematic apps and take steps to protect your personal information.
+ +Following are some good analysers that you can use to aid your privacy:
+ +Application | +Features | +
---|---|
Exodus | +|
Pi-hole | +|
OpenWPM | +
Stay away from search engines made by Big Tech companies who do not respect your privacy, like Google, Microsoft Bing etc.
+Read these articles – 1, 2.
Consider using the following alternates:
+ +Application | +Features | +
---|---|
SearxNG | +|
DuckDuckGo | +
There are many other good options you may want to look into, like Startpage, Qwant and Whoogle.
+ +You should always turn on 2FA whenever it is possible. Stay from SMS based 2FA and authenticator apps like Authy and Google Authenticator, that do not give the utmost importance to your privacy.
+ +Instead, consider using any of the following as your preferred 2FA app:
+ +Application | +Features | +
---|---|
Aegis (Android) | +|
Tofu (iOS) | +|
Gnome Authenticator (Linux) | +
Some other good alternates are ente Auth, WinAuth, Authenticator Pro and Owky. Most password managers support generating 2FA codes, but it is not recommended to use a single app as both – a password manager and a 2FA code generator.
+ +While many people think of VPNs as tools for hiding their IP address and encrypting internet traffic, VPNs can also serve a variety of other purposes. For instance, businesses often use VPNs to connect remote employees to their company’s network securely. This allows employees to access important files and resources from anywhere in the world without compromising security. In addition, VPNs can be used to create mesh networks that allow multiple devices to connect and communicate directly with each other. This is especially useful in disaster relief scenarios, where traditional communication infrastructure may be damaged or destroyed. By using VPN technology to establish a mesh network, first responders are able to coordinate more effectively and respond to emergencies more efficiently.
+ +To put it simply, a VPN is much more than just an IP hiding app. It’s a powerful tool that can be used in a variety of settings to solve a wide range of problems. Whether you’re a remote worker who needs to connect to your company’s network securely, or a first responder who needs to communicate effectively in a disaster zone, a VPN can help you stay connected and protected.
+ +If you are using applications and protocols like Hamachi, NetCloud by Cradlepoint, Cisco’s L2F and L2TP, Apple’s SSTP etc., in your business environment or even at home, then shifting to an open source alternative is a good idea. Following are some good options:
+ +Application | +Features | +
---|---|
Tailscale | +|
Headscale | +|
strongSwan | +|
PiVPN | +
Some other solutions that you may want to look at are SoftEtherVPN and ZeroTier.
+ +As you already know, a VPN can also provide some form of online privacy and can help with geo-blocked content on the internet, but choosing a bad VPN provider can make things worse. For example, the free VPN apps on Google Play Store are a bad idea, as they make money by selling your data to third-parties.
+ +Following are some reputed VPN providers in the privacy community:
+ +Application | +Features | +
---|---|
Mullvad | +|
ProtonVPN | +|
IVPN | +|
Xeovo VPN | +
Some other privacy focused VPN providers are RiseupVPN, AirVPN and AzireVPN.
+ +Please note, that setting up your own VPN may not be a very good idea, especially if you are the only individual using it. A personal VPN server on a VPS can prevent your ISP from tracking and logging the sites you visit, and is a better option than using an untrustworthy VPN provider. But online service providers will be able to track you and make a detailed profile about you since you are the only one connecting to their servers using your VPS’s IP address.
+ +It is a good idea to avoid closed source, proprietary browsers, like Google Chrome, Microsoft Edge, Opera etc., as they tend to collect a lot of user data. Read this study. There are many good, privacy focused alternatives, that will provide you with a much better experience.
+ +Web Browsers | +Proactive Advantages | +Conservative Disadvantages | +
---|---|---|
Mozilla Firefox | +||
LibreWolf | +||
Brave | +||
Tor Browser | +
Other good options are Un-googled Chromium, Mullvad Browser and Privacy Browser.
+ +To harden Firefox and its forks, you can check out arkenfox/user.js, Firefox Profile Maker or ArchWiki Guide. There are plenty of other tutorials/guides as well.
+ +All third-party web browsers on iOS are just Safari in disguise. The following list contains browser suggestions for Android devices only.
+ +Web Browsers | +Features | +
---|---|
Mull | +|
Bromite | +|
Brave | +|
Tor Browser | +
Another good option is Privacy Browser.
+ +It is a good idea to keep JavaScript turned off in your browser, unless you really, really need it. NoScript is a browser add-on that lets you control it easily.
+ +Using proprietary apps and protocols for social media and communication/messaging can potentially harm users’ privacy in several ways. Data collection, lack of transparency, third-party sharing, invasive permissions, backdoors and vulnerabilities, lack of end-to-end encryption, vendor lock-in, monetisation of user data, limited user control, lack of accountability etc. are a few concerns.
+ +Dating apps often collect a wide range of personal information, including your location, age, gender, sexual orientation, and even your preferences. This data can be used to build detailed profiles of users, potentially revealing sensitive and private information. They share user data with third-party companies for advertising and marketing purposes. This can lead to the creation of comprehensive user profiles, which are then used for targeted ads or sold to other companies. They typically use location data to match users with potential partners. While this is essential for their functionality, it also means that your movements and routines can be tracked, potentially compromising your privacy. Dating apps use complex algorithms to recommend potential matches. These algorithms may take into account your behaviour on the app, preferences, and interactions. While they aim to improve user experiences, they can also be used to predict user behaviour and target them with specific content or ads.
+ +Like any online platform, dating apps are vulnerable to data breaches and cyberattacks. If these companies do not have robust security measures in place, user data could be exposed to hackers. In some cases, dating apps have faced legal action and investigations over their data practices. Users may not always be aware of how their data is being used or shared.
+ +Read these articles – 1, 2, 3.
+ +Consider avoiding proprietary apps like Tinder, OKCupid etc.
+ +Alovoa is a privacy respecting, free and open-source alternate to these services. As sensitive data is heavily encrypted, it will be safe even if a data breach were to occur.
+ +Bobby must be madd.
+ + + +Music – Other Projects – – Privacy Policy – About
07 October 2023 | Linux Guide, Privacy, Self-hosting
+ + + +Exposing your home server to the internet can be dangerous. Look up some online guides about securing your servers before you do anything stupid. You have been warned. Also, I have not included any instructions related to SELinux.
+ +You’ve set up a home server, and are hosting some services like Vaultwarden, or Jellyfin, or perhaps Nextcloud. But now, you want to share it with friends and family, or maybe you just need the ability to access it remotely. So, you decided to expose it to the internet, but your ISP does not let you do that. Issues like dynamic IP can be resolved using a service like Duck DNS or No-IP, but if your ISP does not let you forward your ports, then you have to rely on third-parties to forward your traffic.
+ +There are many easy solutions to this problem. Cloudflare Tunnel is a free and popular solution. And if you just want remote access, Tailscale is another good option. If Tailscale’s backend servers are not being open-source is an issue, people can rely on Headscale.
+ +But there is something you must know before considering these solutions. All these rely on TLS/SSL termination, which means your data is decrypted in the servers owned by these third parties.
+ +Let me explain this in detail with taking Cloudflare Tunnel as an example.
+ +One of the reasons we use SSL certificates on our websites to ensure that when the client requests data from the servers, or sends any data back to us, nobody else can look at that it, ensuring the client’s privacy. When we use Cloudflare Tunnel, the data may be encrypted on our server, but it is decrypted on Cloudflare’s servers, then re-encrypted and sent to the client. And when client enters any data like passwords, or upload any image, that data is, again, decrypted on Cloudflare’s servers (e2ee services are different, discussed below), then re-encrypted and sent back to us.
+ +If you set up a Let’s Encrypt certificate on your server and route your traffic through a Cloudflare Tunnel, your clients will see a Cloudflare certificate. If you want them to see your Let’s Encrypt certificate, you will have to subscribe to their Business or Enterprise plan.
+ +Take a look at this diagram for better understanding:
+ +Diag
+ +Let’s say you want to send your friend a message, but you don’t want anyone else to read it while in transit. So, you put the message in a locked box. So, if the box gets stolen on the way others won’t be able to read the message. That is what SSL certificates do.
+ +But, let’s say you cannot go out of your house to deliver the box yourself, because your parents, that is, your ISP, won’t let you. So, you hire someone else, say, Cloudflare. But what Cloudflare says, is that they will look inside the box before if you want them to deliver it for free, If you want the box locked, you will have to pay them money.
+ +There are some applications, like Vaultwarden, and Nextcloud with end-to-end encryption plugin, that are not affected with this because they encrypt the data themselves in the clients’ devices, using their own algorithms.
+ +Earlier, I used to do the same thing, but manually. I rented a VPS on Hetzner and connected it to my home server using WireGuard. But since, the certificate management was handled by the VPS using Nginx Proxy Manager my VPS provider, Hetzner, could look at the data. So, I decided to learn about implementing TLS passthrough.
+ +Now, my current setup is – I host services on my home server, manage certificates locally, and use the VPS to pass the data to the client without terminating the TLS/SSL connection.
+ +Here is a diagram to explain my setup:
+ +Diag
+ +If you have looked at the diagram above, you may have already understood what you need to replicate my setup. Here are the details:
+ +I am assuming you have already updated and secured both of your machines and have access to both using ssh
or dropbear
.
First, let’s install WireGuard on both.
+ +sudo apt install wireguard
+
sudo dnf install wireguard-tools
+
sudo pacman -S wireguard-tools
+
For instructions to install WireGuard on other distributions, visit the official documentation.
+ +On both servers, make sure forwarding is enabled. +Run
+sudo nano /etc/sysctl.conf
+
Make sure net.ipv4.ip_forward=1
is present. If it is not, type it at the end of the file. It might also be the case that it is present but has a pound sign (#) at the start of the line. This means that it is commented, and not enabled. Removing the sign will enable it.
Tip – If the file is too big, and you cannot find this line, you can press ctrl + w
to find it.
Save and close the file by pressing ctrl + x
, then y
, and then enter
. If you have not made any changes to the file, pressing ctrl + x
will simply close the file.
If you made any changes to the file, run the following command:
+sudo sysctl -p
+
On most distributions, iptables comes pre-installed. But if, for any reason, it is not, install it using your system’s default package manager.
+ +sudo apt install iptables
+
sudo dnf install iptables-services
+
sudo pacman -S iptables
+
For other distributions, a quick search on your favourite search engine will fetch you the instructions.
+ +You may have to start the iptables service.
+sudo systemctl enable iptables.service
+sudo systemctl start iptables.service
+
Now, let us set up WireGuard. The basic idea is, the both servers will generate a pair of private and public keys. The WireGuard configuration files on both servers will contain their own private key and each other’s public key. There are many ways of doing it, but I find this way to be the easiest.
+ +Run the following commands:
+wg genkey | sudo tee /etc/wireguard/private.key
+sudo chmod go= /etc/wireguard/private.key
+sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
+
The first command generates the private key of the VPS, and it will be saved in a specific location. The second command removes any permissions on the file for users and groups other than the root user to ensure that only it can access the private key. And the third command generates the public key of the VPS, and it will be saved in the same location as the private key.
+ +Now, create a new wireguard configuration file using
+sudo nano /etc/wireguard/wg0.conf
+
Insert these lines:
+[Interface]
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey =
+
+PostUp = iptables -t nat -A PREROUTING -p tcp -i eth0 '!' --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source SERVER-IP
+PostUp = iptables -t nat -A PREROUTING -p udp -i eth0 '!' --dport 55107 -j DNAT --to-destination 10.0.0.2;
+
+PostDown = iptables -t nat -D PREROUTING -p tcp -i eth0 '!' --dport 22 -j DNAT --to-destination 10.0.0.2; iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to-source SERVER-IP
+PostDown = iptables -t nat -D PREROUTING -p udp -i eth0 '!' --dport 55107 -j DNAT --to-destination 10.0.0.2;
+
+[Peer]
+PublicKey =
+AllowedIPs = 10.0.0.2/32
+
Replace the SERVER-IP
, at the end of those lines, with the public IP address of your VPS. For now, we will keep the PrivateKey and PublicKey empty.
Press ctrl +x
, then y
, and then enter
, to save the configuration file.
Run the same commands as we did on the VPS to generate public and private keys.
+wg genkey | sudo tee /etc/wireguard/private.key
+sudo chmod go= /etc/wireguard/private.key
+sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
+
Create a new wireguard configuration file using
+sudo nano /etc/wireguard/wg0.conf
+
Insert these lines:
+[Interface]
+Address = 10.0.0.2/24
+PrivateKey =
+
+[Peer]
+PublicKey =
+AllowedIPs = 0.0.0.0/0
+PersistentKeepalive = 25
+Endpoint = X.X.X.X:51820
+
Replace X.X.X.X with the public IP address of your VPS. So, the last line should look like this:
+Endpoint = 42.11.109.1:51820
+
Press ctrl +x
, then y
, and then enter
, to save the configuration file.
Now, we will insert the public and private keys in the config files. We will have to go back and forth in your home server and the VPS to print keys and change the configuration files.
+ +On your home server, run
+sudo cat /etc/wireguard/private.key
+
This will print out the private key. Copy it. Now open the config file using
+sudo nano /etc/wireguard/wg0.conf
+
Paste the copied key in front of the PrivateKey =
.
+The line should look like this:
PrivateKey = U9uE2kb/nrrzsEU58GD3pKFU3TLYDMCbetIsnV8eeFE=
+
Save and exit.
+ +Now, run
+sudo cat /etc/wireguard/public.key
+
This will print the public key of your home server. Copy it.
+ +Return to the VPS and run
+sudo nano /etc/wireguard/wg0.conf
+
Paste the copied key in front of the PublicKey =
. Then, save and exit.
Run
+sudo cat /etc/wireguard/private.key
+
This will print out the private key. Copy it. Now open the config file using
+sudo nano /etc/wireguard/wg0.conf
+
Paste the copied key in front of the PrivateKey =
. Now, save and exit.
Run
+sudo cat /etc/wireguard/public.key
+
This will print the public key of the VPS. Copy it.
+ +Go back to your home server and run
+sudo nano /etc/wireguard/wg0.conf
+
Paste the copied key in front of the PublicKey =
. Then, save and exit.
Finally, run the following command on both of the server to start WireGuard:
+sudo wg-quick up wg0
+
You can test the connection by pinging the WireGuard IP from either of the servers.
+ +On your VPS, run
+ping 10.0.0.2
+
Press ctrl + c
to stop.
+If what you see is something like in the following screenshot, then your configuration is okay and everything should be routed through the VPS.
screenshot
+ +If you have any issues, feel free to post a comment, below.
+ +To make sure that WireGuard is turned on automatically after reboot, run the following command on both the systems:
+sudo systemctl enable wg-quick@wg0
+
Now, you can point your domain(s) and/or subdomains to the public IP address of your VPS.
+ +For a reverse proxy, any solution would work. But personally, I shifted from Nginx Proxy Manager to HAProxy because, In my opinion, it is faster, lightweight and provides more control.
+ +To install HAProxy, use your default package manager.
+ +sudo apt install haproxy
+
sudo dnf install haproxy
+
sudo pacman -S haproxy
+
For instructions to install a more recent version, or to install on other distributions, use your favourite search engine.
+ +Start the HAProxy service, and enable it to ensure it is started after every boot, using the following command:
+sudo systemctl start haproxy
+sudo systemctl enable haproxy
+
To configure haproxy. Use
+sudo nano /etc/haproxy/haproxy.cfg
+
Here is what my configuration looks like.
+ +To enable the changes after editing the configuration file, we must restart the HAProxy service.
+sudo systemctl restart haproxy
+
If you are using my config file, you will see that I have added a location for an SSL certificate. If you restart the service without providing a valid SSL certificate, it will throw an error and the service will stop.
+ +Now, let us jump to generating an SSL certificate.
+ +The official documentation states that you must install certbot using Snap package manager. I do not like it at all due to its back-end being proprietary. I used my distibution’s (Fedora’s) package manager to install certbot and it works fine. So, I leave the installtion of certbot to you.
+ +There are many ways to generate a certbot certificate, depending upon your requirements. I recommend setting up a wildcard certificate. You will need your domain provider’s API key. A simple search on your search engine will help you find a decent guide. Generate a certificate using certbot certonly
command, as we are going to set up HAProxy with the certificate ourselves.
Certbot will generate a private key and a public key certificate in /etc/letsencrypt/live/YOURDOMAIN.COM
folder. We will have to pipe both of them into a single file.
Run the following commands, after replacing YOURDOMAIN.COM
with your actual domain and providing a proper path to certificate:
sudo cat /etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem /etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem | sudo tee /path/to/certificate.pem
+
After making sure that certbot will be autorenewing your certificate, you can add this command in your root user’s crontab. Run the following to create a new cronjob: +sudo crontab -e
+ +Add the above command with proper syntax. Add
+0 22 * * * sudo cat /etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem /etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem | sudo tee /path/to/certificate.pem
+
This will copy the generated keys into your single certificate file, everyday at 10 PM.
+ +Save the file and exit the editor.
+ +Confirm the certificate path in your haproxy.cfg, and restart HAProxy using
+sudo systemctl restart haproxy
+
That is it. You are done. Whenever you create new services, make sure you update your HAProxy configuration file and restart the HAProxy service.
+ +Although, you do not have to touch your VPS anymore, I still recommend loging into the machine updating and rebooting it regularly.
+ +If you have any questions, or suggestions, leave a comment down below, or reach out to me directly.
+ +Music – Other Projects – – Privacy Policy – About
Music – Other Projects – – Privacy Policy – About
Music – Other Projects – – Privacy Policy – About
Music – Other Projects – – Privacy Policy – About
19 May 2023 | Linux Guide, Privacy
+ + + +It is widely known that the Proton team does not focus on Linux users as much as they focus on Windows and macOS users. The official Proton VPN Linux client lacks a lot of features, like changing the connection protocol, quickly connecting to the fastest server of a specific country, enabling their VPN Accelerator etc.
+ +However, we can achieve a lot using their official CLI client. And yes, that is what we are going to use. No third-party applications.
+ +Get the Proton VPN repository setup DEB package:
+ +wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.3_all.deb
+
Install the Proton VPN repository:
+ +sudo apt-get install ./protonvpn-stable-release_1.0.3_all.deb
+
Update the apt-get package list:
+ +sudo apt-get update
+
Install the Proton VPN Linux CLI:
+ +sudo apt-get install protonvpn-cli
+
Get the Proton VPN repository setup RPM package:
+ +wget https://protonvpn.com/download/protonvpn-stable-release-1.0.1-1.noarch.rpm
+
Install the Proton VPN repository:
+ +sudo dnf install ./protonvpn-stable-release-1.0.1-1.noarch.rpm
+
Update the dnf package list:
+ +sudo dnf update
+
Install the Proton VPN Linux CLI:
+ +sudo dnf install protonvpn-cli
+
Install required dependencies for the alternative routing feature:
+ +sudo dnf install python3-pip
+pip3 install --user 'dnspython>=1.16.0
+
Update your local repository:
+ +pamac update --force-refresh
+
Verify that Proton VPN is now in your local repository:
+ +pamac search --aur protonvpn-cli
+
Build and install Proton VPN:
+ +pamac build protonvpn-cli
+
Note - Visit the Proton VPN’s official documentation page if you get any errors or need detailed instructions.
+ +To log in, use this command and follow the on-screen instructions:
+ +protonvpn-cli login
+
Turn on VPN Accelerator:
+ +protonvpn-cli config --vpn-accelerator enable
+
Turn on NetShield to block ads and malware:
+ +protonvpn-cli ns --ads-malware
+
Change default connection protocol to TCP:
+ +protonvpn-cli config -p tcp
+
Change DNS configuration:
+ +protonvpn-cli config --dns custom --ip 9.9.9.9
+
You can add upto 3 IPs, or leave it at automatic by using this command:
+ +protonvpn-cli config --dns automatic
+
Turn on alternative routing to circumvent censorship:
+ +protonvpn-cli config --alt-routing enable
+
Turn on the Kill Switch:
+ +protonvpn-cli ks --on
+
or
+protonvpn-cli ks --permanent
+
For more configuration options, use:
+ +protonvpn-cli --help
+
and
+protonvpn-cli config --help
+
To manually select the country and the server to connect to, use the following command and follow the on-screen instructions:
+ +protonvpn-cli c
+
To connect to the fastest Proton VPN server for your location, for example, enter:
+ +protonvpn-cli c -f
+
To connect to the fastest Tor server, enter:
+ +protonvpn-cli c --tor
+
To connect to the fastest server in a specific country, a country code can be used. For example, the following command connects to the fastest server in Germany using TCP:
+ +protonvpn-cli c --cc DE -p TCP
+
The following method is tested on Debian 11 with Xfce, Fedora 38 Workstation with Gnome and Manjaro 22.1.1 with KDE.
+ +Go to the autostart folder in your home directory which contains all your application shortcuts that start immediately after login:
+ +cd ~/.config/autostart
+
Create a new file:
+ +nano pvpn.desktop
+
Paste the following:
+ +[Desktop Entry]
+Exec=protonvpn-cli c -f
+Name=ProtonVPN Autoconnect
+Comment=Autoconnect to the fastest server
+Type=Application
+Icon=protonvpn-logo
+
Change the “Exec” value according to your needs. For example, use
+protonvpn-cli c --cc DE -p TCP
+
to connect to the fastest server in Germany using the TCP protocol. Save the file by hitting Ctrl + X, then Y, and then Enter.
+ +Test this by logging out and then logging back in. Or just restart the whole system. If everything went perfectly, you should be automatically connected to the VPN when you log in.
+ +If due to some reason you are not automatically connected, change the “Exec” value to:
+ +Exec=bash -c "sleep 10 && protonvpn-cli c -f"
+
This will delay the command execution by ten seconds.
+ +There are other options:
+ +Music – Other Projects – – Privacy Policy – About
21 May 2023 | Linux Guide
+ + + +Sometimes a key on your keyboard stops working, and you may not have the time or motivation to fix it or get it fixed. Or maybe you just want to change how your keyboard keys work to improve your workflow. All this, and more, can be done with the help of evremap
(github.com/wez/evremap).
It is a tool that can remap the keyboard inputs for Linux systems, made by Wez. And because evremap
targets the evdev
layer of libinput
, the remapping is effective system-wide – in Wayland, X11 and the Linux console.
Debian and its derivatives like Ubuntu require some prerequisites before we can build it. Use this command to install them:
+ +sudo apt install git cargo pkg-config libevdev-dev
+
RHEL and its derivates also require some prerequisites. Use the following command to install it:
+ +sudo dnf install git libevdev-devel
+
First, clone the repository to any folder of your choice. I recommend the Downloads folder, as after building it, you can safely delete it.
+ +cd ~/Downloads && git clone https://github.com/wez/evremap.git && cd evremap
+
Now, build the binary.
+ +cargo build --release
+
If everything went fine, the last lines of your terminal output should be something like the ones in the image below.
+ + + +Copy the binary file to the specified location using this command:
+ +sudo cp target/release/evremap /usr/bin/
+
Now create a config file in the specified location using this command:
+ +sudo touch /etc/evremap.toml
+
We will edit this file in the Usage section, below.To make your configured remapping active immediately after the system startup we need to create a systemd
service. Use the following commands to do so:
sudo cp evremap.service /usr/lib/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable evremap.service
+sudo systemctl start evremap.service
+
Now, you can safely delete the cloned repository.
+ +cd .. && rm -rf evremap
+
In the configuration file, we need to state two things, basically – name of the keyboard(s) and name of the keys you wish to remap.
+ +To find the name of all the connected keyboards use the following command:
+sudo evremap list-devices
+
Usually, laptop keyboards will be named “AT Translated Set 2 keyboard”.
+ +To find the name of all the inputs use:
+ +sudo evremap list-keys
+
The grep
command can help you find the keyboards and the keys faster.
For example:
+ +sudo evremap list-devices | grep HOME
+
Now, let us modify the configuration file. Use the following command to edit it:
+ +sudo nano /etc/evremap.toml
+
Here is a template that you can copy and paste, and make te changes you need:
+ +device_name = "DEVICE NAME HERE"
+
+[[remap]]
+input = ["NAME_OF_THE_KEY_YOU_WILL_PRESS_ON_YOUR_KEYBOARD"]
+output = ["NAME_OF_THE_KEY_YOU_NEED_TO_BE_PRESS_AS_THE_OUTPUT"]
+
+[[remap]]
+input = ["KEY_COMBINATION_1", "KEY_COMBINATION_2"]
+output = ["OUTPUT_KEY"]
+
+[[dual_role]]
+input = "KEY_YOU_NEED_TO_CHANGE_THE_RESULT_FOR"
+hold = ["KEY_THAT_WILL_BE_PRESSED_WHEN_INPUT_KEY_IS_HELD"]
+tap = ["KEY_THAT_WILL_BE_PRESSED_WHEN_INPUT_KEY_IS_TAPPED"]
+
Here is the configuration file that I use for my laptop, as my Tab and Number 2 keys do not work.
+ +device_name = "AT Translated Set 2 keyboard"
+
+[[remap]]
+input = ["KEY_END"] output = ["KEY_2"]
+
+[[remap]]
+input = ["KEY_HOME"]
+output = ["KEY_TAB"]
+
You can save the file by hitting CTRL + X, then Y and then Enter.
+ +Now, you can log out and log back in and test your new configuration. If everything went perfectly, your remapped keys should work as expected.
+ +Please visit the official repository on GitHub if you have any questions or need a detailed documentation.
+ +There is a tool called xmodmap
, but it works only on X11.
Music – Other Projects – – Privacy Policy – About
Music – Other Projects – – Privacy Policy – About
+
Comments
+ + + +