DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol, which prevents eavesdropping and manipulation of DNS data by man-in-the-middle attacks by employing HTTPS encryptions between the DoH client and the DoH-based DNS resolver. At the time of writing, the official guide at Cloudflare is broken,… Continue reading Setting up Cloudflared, the DNS-over-HTTPS client, the correct way
HAProxy is an excellent tool for forwarding or load-balancing TCP traffic. It is far more memory-efficient than socat and offers a persistent configuration between reboots, but without requiring net.ipv4.ip_forward to be enabled. Compared to NGINX, HAProxy offers a more comprehensive and user-friendly status page with far more metrics, which can be easily integrated with third-party… Continue reading HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing
I have been using this simple bash script for a while for my DDNS needs. It is simple enough for quick deployment, and gets the job done. That is until Caddy2’s Cloudflare DNS provider moves away from Global API Key to API Token for the API access. This prompted me to rethink the security implications… Continue reading A Cloudflare DDNS script that uses an API Token instead of your Global API Key
If for whatever reason you have the need to reroute or block Telegram Messenger traffic, at some point, you would have come across an ASN list with a list of /22 IPv4 blocks and one or two /48 IPv6 blocks. If you’ve hastily based your firewall rules on that list, you’ll notice it works only… Continue reading The official Telegram CIDR list
Traceroute helps you quickly find out the network path and measure the transit delays of packets across the internet. The standard implementation displays only the IP or rDNS entries, which may not allow you to identify the geographic path at first glance.
We love to use Cloudflare CDN because it improves latency and uptime, and the price is just right (free) for the starter pack. Normally, a web server’s ports 80 and 443 would be opened to the public internet, with access restricted by selected IP ranges by either ASN or country, depending on what the administrator… Continue reading Allow only Cloudflare CDN servers to your web servers
Let’s say you have a Cloud VM lying around with, it is entirely possible to turn it into a personal proxy for your internet traffic. It is probably not going to help you unlock region-protected content since services like Netflix and Hulu would probably have blocked the IP range operated by hosting service providers, but… Continue reading Using your cloud instance as a proxy with Dante server