@muntedcrocodile

muntedcrocodile@lemmy.world · 3 hours ago

How are u running it? Bare metal? Docker?

So nginx, traffic, and cloudflare are both reverse proxies that can do SSL termination. Now cloudflare hijacks all SSL connection it proxies (essentially a mitm) and has configuration for if u would like SSL connection from cloudflare to ur own server.

All reverse proxies pass along headers to backend services indicating all sorts of things most importantly the remote client IP, and info about if the service is behind an ssl proxy.

I use client -> cloudflare -> nginx -> my services. The client makes an encrypted pipe between itself and cloudflare, cloudflare then terminates SSL does some scanning on the raw unencrypted packet makes an encrypted connection to nginx and attaches headers about the client. I have a SSL cert on my server where nginx does SSL termination of the cloudflare connection. Nginx then attaches more headers and does routing to passes it back to a backend service ie searxng (the service itself) the docker compose for searxng comes with a packaged traffic reverse proxie its not necessary here and will in fact cause all sorts of problems.

Here is the service in my docker compose for searxng:

searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    networks:
      - local_bridge
      - proxy
    volumes:
      - ./data/searxng:/etc/searxng
    environment:
      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
      - SEARXNG_SECRET=${SEARXNG_SECRET}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID

Here is the docker compose for my nginx config

  certbot:
    image: certbot/dns-cloudflare
    # Command to obtain certificates (run once manually or integrate with a web server's startup)
    # Replace 'yourdomain.com' and '*.yourdomain.com' with your actual domain(s)
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot # A dummy webroot, not strictly necessary for DNS challenge but good practice
      - ./data/certbot/secrets:/etc/letsencrypt/secrets:ro # Mount secrets read-only
    command: certonly
      --dns-cloudflare
      --dns-cloudflare-credentials /etc/letsencrypt/secrets/cloudflare.ini
      --non-interactive
      --agree-tos
      --email ${LETS_ENCRYPT_EMAIL}
      --dns-cloudflare-propagation-seconds 60
      -d example.com
      -d *.example.com
    environment:
      - TERM=xterm # Required for certbot to run in non-interactive mode gracefully

  nginx:
    image: nginx:latest
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./data/nginx/cache:/var/cache

      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/nginx.conf:/etc/nginx/nginx.conf
      
      - ./data/sites-enabled:/etc/nginx/sites-enabled
      - ./data/sites-available:/etc/nginx/sites-available
      - ./data/snippets:/config/nginx/snippets
      - ./data/www:/var/www/html

    depends_on:
      - certbot
    extra_hosts:
      - "example.com:127.0.0.1"
      - "*.example.com:127.0.0.1"

I use certbot to issue SSL certs for my domain locally this is the cert that do SSL connection between nginx and cloudflare.

Then nginx can route connection to the searxng instance (ur gonna need a bunch of nginx config and I couldn’t be bothered copy pasting that when an LLM can gen that it can probably gen all this tbh).

Also how u doing auth for searxng? Cos if ur opening it to the internet as a whole u might end up with lots of traffic from randos.

muntedcrocodile@lemmy.world · 5 days ago

It has nothing to do with electricity. It actually has everything to do with the unites states, the CIA, and a country it is now illegal for me to criticise.

Essentially Ukraine surrendered their nuclear weapons and received a treaty from Russia, UK, and USA all promising to Ukraine it would be protected by their nuclear umbrella.

Well Russia invaded Ukraine. Ukraine called the Wests bluff and thus got military backing under the gambit that if the treaty is broken by someone other than themselves they are all well good and free to go make nukes and not be in violation of said treaty thus forcing the west to give them military backing else risk a nuclear rearmed Ukraine (if Kyiv falls to Russia they are gonna take Moscow with them)

Then Donald Trump cut em off and now they are being slowly crushed by the Russia meatgrinder.

Australia has “assurances” that we will be backed by the united states up to and including US solders and deployment of US nuclear weapons. Ukraine his proven that these “assurances” are a load of shit. Also we are essentially a vassal state of the US. The CIA couped us cos our prime minister threatened to not renew the lease for pine gap (a US military base on Australian soil). He wanted to impose a clause where the Australia government could inspect said base to ensure no war crime where happening (we have since learned that war crimes where almost certainly happening). The unites states military base which proxed every single drone used by the unites states in every war in the middle east. And the rely station used by redacted nation as part of their intelligence sharing agreement used for guiding missiles.

The assurances we where given are very similar to those that where given to Ukraine and thus the Australian defence force has realised we need nukes to ensure our sovereignty is maintained if the unites states stops backing us or becomes actively hostile to us.

Technologically the tech and expertise for nuclear reactors are highly applicable for the manufacture of nuclear weapons. Defence has advised the government that we need nuclear reactors so we can make nuclear weapons and remove the blanket nuclear ban (the ban that doesn’t apply to the unites states base on ur soil that they couped our government to keep, commit war crimes at, and most likely hold some of the units states nuclear arsenal itself thus making Australia a target if anyone wants to nuke the unites states).

Ohh and also the politicians got given a shitonne of money from the fossil fuel mogals who want to delay renewables. The fossil fuel mogals that wouldn’t exist if the government hadn’t been couped while in the process of nationalising all of Australia’s resources thus robbing every single Australian citizen of $130,000 USD

tldr it’s the unites states fault.

muntedcrocodile@lemmy.world · 2 years ago

Well it doesnt help that studies post covid restrictions found many of said restrictions where ineffective. Masks tho we have good evidance they work at least.