Jitdor Tech Tips

Category: Networking

  • Setting up Cloudflared, the DNS-over-HTTPS client, the correct way

    Setting up Cloudflared, the DNS-over-HTTPS client, the correct way

    DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol, which prevents eavesdropping and manipulation of DNS data by man-in-the-middle attacks by employing HTTPS encryptions between the DoH client and the DoH-based DNS resolver. At the time of writing, the official guide at Cloudflare is broken,…

  • HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

    HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

    HAProxy is an excellent tool for forwarding or load-balancing TCP traffic. It is far more memory-efficient than socat and offers a persistent configuration between reboots, but without requiring net.ipv4.ip_forward to be enabled. Compared to NGINX, HAProxy offers a more comprehensive and user-friendly status page with far more metrics, which can be easily integrated with third-party…

  • A Cloudflare DDNS script that uses an API Token instead of your Global API Key

    A Cloudflare DDNS script that uses an API Token instead of your Global API Key

    I have been using this simple bash script for a while for my DDNS needs. It is simple enough for quick deployment, and gets the job done. That is until Caddy2’s Cloudflare DNS provider moves away from Global API Key to API Token for the API access. This prompted me to rethink the security implications…

  • The official Telegram CIDR list

    The official Telegram CIDR list

    If for whatever reason you have the need to reroute or block Telegram Messenger traffic, at some point, you would have come across an ASN list with a list of /22 IPv4 blocks and one or two /48 IPv6 blocks. If you’ve hastily based your firewall rules on that list, you’ll notice it works only…

  • My favorite Traceroute tool

    My favorite Traceroute tool

    Traceroute helps you quickly find out the network path and measure the transit delays of packets across the internet. The standard implementation displays only the IP or rDNS entries, which may not allow you to identify the geographic path at first glance.

  • Allow only Cloudflare CDN servers to your web servers

    Allow only Cloudflare CDN servers to your web servers

    We love to use Cloudflare CDN because it improves latency and uptime, and the price is just right (free) for the starter pack. Normally, a web server’s ports 80 and 443 would be opened to the public internet, with access restricted by selected IP ranges by either ASN or country, depending on what the administrator…

  • Using your cloud instance as a proxy with Dante server

    Using your cloud instance as a proxy with Dante server

    Let’s say you have a Cloud VM lying around with, it is entirely possible to turn it into a personal proxy for your internet traffic. It is probably not going to help you unlock region-protected content since services like Netflix and Hulu would probably have blocked the IP range operated by hosting service providers, but…