@viktor#PiHole . I use it not only to block ads and malware network wide, but to place content restrictions on all my kids' devices. I've added lists for social media, pornography, gambling, etc. that only apply to my childrens' devices. When there's no school the next day, re-enabling YouTube is as easy as hitting a toggle in the interface.
@kuketzblog
Erkennt ein #pihole auch Geräte im sogenannten Gastnetz der #FritzBox, wenn ich ihn genau nach der aktuellen Anleitung in Deinem Blog aufgesetzt habe?
Vous la voyez l'augmentation du trafic sur le réseau de la maison de famille ?
Le #PiHole sur un #Rasbperry Pi 1 n'a pas bronché et a bien fait son boulot !
What rabbit holes I go down sometimes.
I found a folder on one of my drives full of .au and .mp2 files, most dating back to 1995. I looked up the creator of said folder and found this website, which in itself looks super-90s and it's such a throwback.
Twisted Helices: http://www.ram.org/ram.html
Today's quest, try to put together a PiHole. A little computer that sits next to the router and stops ads entering your home, including on your TV etc.
The blocklists that come with Pi-Hole by default are fairly conservative: they're most unlikely to break any functionality you care about or visit any sites you'd want to visit. (For example, they don't block porn.) You can get more lists in places like the Blocklist Project:
Because our WiFi is used by children, I've installed several lists from there, including the one for porn. Someone with a little technical knowledge could easily work round it, especially on a PC rather than a phone, but at least people are unlikely to stumble across anything unsavoury by accident.
A thing that I would love to get across about unpaid tech work, rolling your own [x], and running only the purest and most secure technical systems, is that if you add up enough factors like:
raising kids;
chronic illness or disability;
caring for sick, disabled, or dying family members;
community service;
a non-technical job
…just for starters, the tech stuff is going to get triaged way down the list. And a lot of those factors are not evenly distributed, demographically!
today a #pihole installation moved into one of my home servers. I'm running adblockers in all browsers, but this is a test if iPad/iPhone will get less ads, too...
Ein Let's Encrypt Zertifikat für die Nextcloud im eigenen Netzwerk
In diesem Beitrag geht es darum eine Nextcloud im eigenen Netzwerk mit einem offiziellen Let's Encrypt Zertifikat auszustatten, die eigentlich NICHT über das Internet erreichbar ist.
Mal wieder ne Frage an die #IT / #Linux crowd:
Auf meinem #RaspberryPi laufen verschiedene Dienste, die per Weboberfläche erreichbar sind. Die IP des Servers hab ich im Kopf, aber nicht immer sofort den korrekten Port, wenn ich mal nen Dienst aufrufen will ...
Kann ich irgendwie sowas wie URLs vergeben, damit ich schlicht über Server.local/Dienst1 an die Sachen ran komme? Als DNS-Server dient n #PiHole im Netzwerk
I recently installed #PiHole on my home network to get more familiar with open source tools for analyzing my network traffic (and ad blocking). What other tools should I be looking at (RaspberryPi preferred)?
UPDATE: The service is accessible by its domain (#Ingress) as soon as I set the DNS server of my client machine to my PiHole. For other systems not using my local DNS (so outside my network), the domain remains unreachable. My suspicion is an issue with the Port Forwards, but idk what's wrong w em as it is.
Note: this may not be in the exact order. If the order to any of this is important, feel free to point that out.
I've added to #Cloudflare, to my zone (domain), the hostname foo pointing to my network's public IP.
I've deployed everything you'd need including #MetalLB (which determines the dedicated Ingress private IP), #nginx-ingress (type set to LoadBalancer instead of NodePort), and #cert-manager (with both HTTP/DNS clusterissuers). If you want to take a peek at how I've deployed/configured them, more details are on here: https://github.com/irfanhakim-as/orked.
I've added foo.domain to the closest thing resembling to a DNS server that I have, #PiHole, pointing to the dedicated Ingress private IP.
I've set my router's only DNS server to the PiHole's IP.
I've set all my Kubernetes nodes' (Masters and Workers) DNS1 to the Router's IP (DNS2 set to Cloudflare's, 1.1.1.1).
I've created a port forwarding rule for HTTP on my router with 1) WAN Start/End ports set to 80, 2) Virtual Host port set to its nodePort (acquired from kubectl get svc -n ingress-nginx ingress-nginx-controller -o=jsonpath='{.spec.ports[0].nodePort}' i.e. 3XXXX), 3) Protocol set to TCP, and 4) LAN Host address set to the dedicated Ingress private IP.
I've created a port forwarding rule for HTTPS on my router with 1) WAN Start/End ports set to 443, 2) Virtual Host port set to its nodePort (acquired from kubectl get svc -n ingress-nginx ingress-nginx-controller -o=jsonpath='{.spec.ports[1].nodePort}' i.e. 3XXXX), 3) Protocol set to TCP, and 4) LAN Host address set to the dedicated Ingress private IP.
I've deployed a container service, and an Ingress for it, using #LetsEncrypt's DNS validation clusterissuer.
Current result:
Cert-manager creates a certificate automatically and is in a Ready: True state as expected.
The subdomain (foo.domain) however remains unreachable, no 404 errors, no nothing. Just "The connection has timed out" error.
Describing the container service's ingress (foo.domain), shows that it's stuck at "Scheduled for sync".
#Kubernetes and #Networking experts - please tell me what I've done in any of this that were either wrong or unnecessary, or what I'm currently missing here for me to reach my goal of being able to get my container accessible via foo.domain through that Ingress. I suspect that I might be doing something wrong with this whole DNS mess I literally cannot fathom. I feel like I'm insanely close to getting this thing to work, but I fear I'm also insanely close of blowing up my brain.
cc: @telnetlocalhost (thanks for bearing w me and getting me this far)
Running a single Pi-hole to protect a combination of public and private addresses can be done. What with eIDAS and rumors about changes to the Chrome browser, maybe we all should look for ways to regain a bit of control.