Inhuman.
Formerly know as u/Arjab.
Anarchist | Antifascist | Anticapitalist.
Arch Linux | FOSS | Piracy | Security & Privacy
Looking for a Mastodon instance?
Check out @[email protected].
Inhuman.
Thanks, but I’m looking for a Desktop Linux client.
The devs have some problematic views, mainly transphobic and misogynistic.
Interesting, because Tailacale doesn’t use any special ports. How would that be detected? And could you maybe use Headscale on a dynamic port to circumvent that?
How can something like Tailscale be blocked?
I should have added that I am also using Pi-hole and Unbound. This seems to be the issue. I now added the following to my unbound.conf but it’s still not working unfortunately. Where domain.duckdns.org is my domain by DuckDNS and the IP points to the Nginx Proxy Manager.
local-zone: "domain.duckdns.org." static
local-data: "domain.duckdns.org. IN A 192.168.178.123"
Thanks but no local proxy host is working.
Ah I see. As I’ve said the proxy is working for my domain and is available from the internet. So that shouldn’t be an issue…
This is the output of the openssl command:
# openssl s_client -connect 127.0.0.1:443 -showcerts
CONNECTED(00000003)
80DB1D0BDC7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1586:SSL alert number 112
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
# openssl s_client -connect 127.0.0.1:80 -showcerts
CONNECTED(00000003)
809B89C5DB7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
NPM should serve as both, but only issuing SSL certificates for my local network is the issue. Have you taken a look at the tutorial I’ve linked in the original post?
And what do you mean with the port I’ve exposed? Exposed where? NPM uses port 81.
See this answer.
So I’ve followed the tutorial, added a wildcard certificate and tried to add a proxy host using the DuckDNS domain to point to NPM itself. When I open the mydomain.duckdns.org I get an error that I can’t connect to the site.
Besides that NPM is working and I easily set up my actual domain and it’s resolving to devices in my home network. For example cloud.myactualdomain.com is resolving to my Nextcloud running on a Raspi with a local IP with a valid SSL certificate. So NPM and the WireGuard tunnel are generally working as intended.
On which system should I try the openssl command and what’s the port?
KMag doesn’t work on Wayland.
It’s not only software vendors but Wayland itself lacks some crucial features. For me it’s auto-type and screen magnification - both are showstoppers for me.
BackInTime or Borg
BackInTime should be easier to set up, Borg is more feature-rich and flexible. If you have any questions, feel free to ask. I use both for local and remote backup for years.
Oh the FUD-blog again.
Yes, that’s known and studied.
rsync also gives you two bootable copies of your system. Even better, it gives you a checksum based copy of your files including permissions.
Safe/unsafe might be the wrong word, but rsync is resumable and also copies permissions for example. dd is more like the brute force method of data transfer.
Deezloader and MusicHunter.