Self Hosted¶
Pangolin Identity Providers
Even though I would recommend just setting up Authentik as an identity provider, I'll go over how to do Google as well.
Notes on setting up Proxmox
I got proxmox up and running the way I want, so now I just want to record my notes.
Pangolin Proxy Protocol
This post shows you how to set up a fully encrypted pangolin proxy that does not get decrypted in the VPS. There are some pros and cons so choose wisely!
Jellyfin - Setting up the entire stack
This post will guide you to setting up your own Jellyfin *arr stack with VPN. That means an automated pipeline and the privacy of proton vpn. If you want the full Proton experience, check out Proton Pass.
mTLS
This post is all about requiring mTLS through a CloudFlare proxy. It's actually not very difficult to set up and is a great alternative to using zero trust.
CrowdSec CloudFlare Worker Bouncer.
Having CrowdSec installed on your local reverse proxy is vital for security. But if you have just having repeated attempts after repeated attempts through a tunnel such as CloudFlare tunnel, you're still going to get all of that traffic to your reverse proxy and see all of the 403 forbiddens in your logs. We can fix that with a CloudFlare Worker Bouncer.
Setting up Pangolin Passthrough
A couple of people expressed concerns about Oracle snooping in on their unecrypted traffic between SSL termination on pangolin and the Gerbil tunnel to their home server. In this post I will explore the prox and cons of using a Raw TCP tunnel to pass encrypted traffic through the tunnel without decrypting it.