2025¶
Pangolin Identity Providers
Even though I would recommend just setting up Authentik as an identity provider, I'll go over how to do Google as well.
Frameo with ImmichFrame, an amazing gift
When giving the gift of a digital frame, we want to make sure we are retaining our privacy by using our own self hosted Immich server to serve up the photos for that digital frame. If you aren't currently self-hosting, I would stick with a digital frame that at least gives you the ability to use a local usb storage, but of course this is not as flexible as fetching photos from the internet.
Notes on setting up Proxmox
I got proxmox up and running the way I want, so now I just want to record my notes.
Pangolin Proxy Protocol
This post shows you how to set up a fully encrypted pangolin proxy that does not get decrypted in the VPS. There are some pros and cons so choose wisely!
Jellyfin - Setting up the entire stack
This post will guide you to setting up your own Jellyfin *arr stack with VPN. That means an automated pipeline and the privacy of proton vpn. If you want the full Proton experience, check out Proton Pass.
mTLS
This post is all about requiring mTLS through a CloudFlare proxy. It's actually not very difficult to set up and is a great alternative to using zero trust.
CrowdSec CloudFlare Worker Bouncer.
Having CrowdSec installed on your local reverse proxy is vital for security. But if you have just having repeated attempts after repeated attempts through a tunnel such as CloudFlare tunnel, you're still going to get all of that traffic to your reverse proxy and see all of the 403 forbiddens in your logs. We can fix that with a CloudFlare Worker Bouncer.
Setting up Pangolin Passthrough
A couple of people expressed concerns about Oracle snooping in on their unecrypted traffic between SSL termination on pangolin and the Gerbil tunnel to their home server. In this post I will explore the prox and cons of using a Raw TCP tunnel to pass encrypted traffic through the tunnel without decrypting it.