@nutbutter
@discuss.tchncs.de*I am not referring to solo OnlyFans models.
I find almost every American porn video similar. They have a few plots which they keep repeating. 80℅ of those videos have similar looking women. I feel that they are not trying anything new. And personally, I do not find their accent as appealing as British accent.
European porn industry, on the other hand, feels like they are taking more courageous decisions. German and Russian femdom videos are so much better. British teacher-student videos actually make you learn a new English word or two. I find Spanish and Italian women much more appealing. One thing I really like is that they include a variety of body types in their videos.
This is just my take. I would really like to know what you all think.
PS - I am an Indian, and I like Indian and Japanese porn videos more than European ones.
Edit - How do I mark a post as NSFW on Voyager?
Websites like ipv6-test.com and test-ipv6.com say that my browser is using IPv4 by default.
This happens on Firefox and LibreWolf. I have tried creating a new profile without add-ons as well. Ungoogled Chromium uses IPv6 by default. If I go to ifconfig.io using Firefox, IPv4 is displayed. But if I use Ungoogled Chromium, IPv6 is displayed.
Is there a way to force IPv6?
I am not bothered by this, but using tools like ping6
and traceroute6
assures me that IPv6 routing is faster for, at least, one of my ISPs.
What are your favourite, or least favourite but necessary, cost-cutting methods?
I feel I am spending too many resources on unnecessary stuff.
Edit: I feel the need to reduce both – the resources, to host multiple things on one system, and cost, to buy/pay for multiple systems. Currently, I have 2 ARM VPSes and 1 old MacBook Air as a home server.
Currently, I am using Montserrat. Even though it is licensed under Open License Font, I do not feel comfortable using it anymore, probably because it is used in over 17 million websites and is considered overused.
Another reason is that I have to load multiple font weights, as bold tags do not work as intended. A single weight is over 20kb in size (after removing unused glyphs). I want to keep my site lightweight, and good looking.
Also, after looking at motherfuckingwebsite.com and perfectmotherfuckingwebsite.com, I feel sad about loading any external fonts.
I want a sans font, and I am also using -webkit-text-stroke
with transparent fill to give some text outline effect.
What are your suggestions, fellow lemmings? What is your favourite font? Should I just stick with Liberation Sans?
TL;DR - option forwardfor
and http-request set-header X-Real-IP %[src]
are not working.
My setup is slightly complicated. I have a homeserver, with HAProxy installed and some docker containers. My homeserver is, then, connected to a VPS via WireGuard which also has HAProxy installed. HAProxy on homeserver forwards the docker containers with an SSL certificate to the VPS. The VPS, then, just does TLS pass through to the clients.
The issue is, if I do not use option forwardfor
in either of the 2 HAProxy configurations, I get the internal IP address of the docker container (172.XX.XX.1). If I add option forwardfor
on the homeserver's HAProxy config, I get the internal IP of the WireGuard of the home server (10.0.0.2). And if I add option forwardfor
to the HAProxy config of the VPS as well, I get the internal IP of the WireGuard tunnel (10.0.0.1). And as far as I know, http-request set-header X-Real-IP %[src]
has no impact. I have also tried using send-proxy
and send-proxy-v2
, but then the whole setup stops working.
HAProxy config on home server:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20>
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen rp
bind *:443 ssl crt /path/to/cert.pem
acl service1 hdr_sub(host) -i service1.domain.me
acl service2 hdr_sub(host) -i service2.domain.me
use_backend service1_backend if service1
use_backend service2_backend if service2
backend service1_backend
server service1_server 127.0.0.1:8080
backend service2_backend
# option forwardfor
# http-request set-header X-Real-IP %[src]
server service2_server 127.0.0.1:9090
HAProxy config on VPS:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 4096
defaults
log global
mode tcp
# option forwardfor
timeout connect 5000
timeout client 50000
timeout server 50000
listen http
bind *:80
mode tcp
server default 10.0.0.2:80
listen https
bind *:443 alpn h2,http/1.1
mode tcp
# option forwardfor header X-Real-IP
# http-request set-header X-Real-IP %[src]
server main 10.0.0.2:443
I have to resort to this because I am behind CGNAT, and want TLS pass through on the VPS for privacy.
What am I doing wrong?
I am trying to set up a reverse proxy server, with TLS passthrough.
I am behind CGNAT, so I cannot forward any ports from my home server. So, my current workaround was that I connected my home server to a VPS via WireGuard and used Nginx Proxy Manager (NPM) to proxy services running on different docker containers to the VPS, so that they are accessible publicly. But now I want to use TLS passthrough for better privacy. But I cannot find any guides for my case.
I need help with 2 issues, basically. Let's take a look at my passthrough.conf
file, which I have included in nginx.conf
file.
stream {
# Listen for incoming TLS connections on service1.domain.me
server {
listen 443;
proxy_pass service1.domain.me;
proxy_ssl on;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_name $ssl_preread_server_name;
}
# Listen for incoming TLS connections on service2.domain.me
# server {
# listen 443;
# proxy_pass service2.domain.me;
# proxy_ssl on;
# proxy_ssl_protocols TLSv1.2 TLSv1.3;
# proxy_ssl_name $ssl_preread_server_name;
# }
# Define the backend server for service1.domain.me
upstream service1.domain.me {
server homeserverIP:port;
}
# Define the backend server for service2.domain.me
# upstream service2.domain.me {
# server homeserverIP:port;
# }
}
The services are running in docker containers on different ports. When I used two server blocks and two upstream blocks, I got this error while testing NGINX config: nginx: [emerg] duplicate "0.0.0.0:443" address and port pair in /etc/nginx/passthrough.conf:13
. So, I commented out the other server block and tested it again. The test was successful, but NGINX failed to restart. When I checked the systemctl status
I saw: nginx[2480644]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
. This is because I am already hosting multiple WordPress sites on this VPS.
Here's my nginx.conf
file:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
client_max_body_size 100M;
server_tokens off;
}
#include /etc/nginx/passthrough.conf;
I do not know much about NGINX configuration, any help or article links would help.