[-] schmurnan@lemmy.world 14 points 7 months ago* (last edited 7 months ago)

My 100-search trial expired this week and I was literally planning on subscribing later tonight. This has made me think twice.

But it takes me back to why I tried Kagi in the first place: What else can I use that respects privacy?

I don’t think any of them do completely. DuckDuckGo uses Bing, so is Microsoft; Google is… well, Google; Brave is apparently really shady; I’ve never thought much of the results from Bing directly. Startpage seemed ok but apparently uses Google.

What else?

I also like something to be integrated into the browser. As a Mac user, I can’t add new search engines to Safari (and have actually switched to Orion, but may now switch to Firefox or back to Safari).

[-] schmurnan@lemmy.world 9 points 8 months ago

Yeah I know they’re all based on one of three, but they are all subtly different in what they offer.

So whilst there are three main engines, there are definitely more than three choices.

Bottom of the pile for me is Chrome - I don’t use anything Google knowingly/willingly.

[-] schmurnan@lemmy.world 6 points 8 months ago

The Apple integration is probably the main reason I use Safari I think; the likes of Apple Pay, Touch ID/Face ID all just works. I’d love that ability in Firefox and then I’d probably use it exclusively.

43

I know “best” is subjective, but as someone who’s entrenched in the Apple ecosystem I always used to use the stock apps: Reminders, Calendar, Mail, Podcasts and, of course, Safari.

But over time I’ve moved away from some of those apps, towards things that work better than the stock apps but also still sync with my other Apple devices (iPhone, iPad, Watch): Things and Todoist (because I can’t decide on one over the other), Fantastical, Mail (still), Overcast… but I tend to hover between browsers.

I mainly use Safari, and try to use profiles to separate personal and work stuff. But over the years I’ve also tried Firefox, I’ve tried Brave and more recently I’ve tried Arc. But I just can’t make my mind up.

So I was curious what your browser of choice is (and also, if you have any other views on the best stock app replacements - including alternatives to the ones I listed above for GTD, calendars, email and podcasts (don’t get me started on the “best” search engine!), I’d be interested to get your opinions.

9

This probably isn’t possible, but I traded in an old MacBook Air and chose to get the cash added to my Apple account. However, at the minute it just pays some of my subscriptions automatically, and I was wondering if I can withdraw it somehow?

I was looking to buy a few apps (Swish, Transmit) and figured I could get them off the Mac App Store. But Swish isn’t on there and the App Store version of Transmit doesn’t seem worth it compared to getting it directly from their website.

So wondered if I could somehow transfer the cash from my Apple account but guessing the answer is “no”?

17

Pretty much as the title says, just wondered if it was possible for me to stop listening to a playlist on my Mac and seamlessly pick it up on my iPhone, rather than starting the playlist again?

[-] schmurnan@lemmy.world 4 points 1 year ago

Pro models actually got a price decrease in the UK, unless I’m missing something.

Now I just need to decide whether to match my phone to my watch and get the natural titanium, or whether to go for the blue.

Oh, and, Pro (like usual) or Pro Max (seems a bit big!).

[-] schmurnan@lemmy.world 9 points 1 year ago

I’m seeing a lot of love for Kagi as well. Not sure I’m quite ready to have to pay for search results, but I fully appreciate people that do. I have lots of subscriptions already and am trying to reduce them (i.e. self-hosting Vaultwarden as a replacement for 1Password).

[-] schmurnan@lemmy.world 4 points 1 year ago

I’ve always just used Safari as my browser on iOS and macOS so have never paid attention to reviews/opinions on the newer browsers such as Brave. Before I switched to Mac I always used Firefox on my Windows machines so know how privacy focused they’ve always been. But I’m hearing a lot of positives about Brave, and so far it seems pretty decent.

I’ve tried Arc but wasn’t entirely convinced. And in work I have a Windows machine so have been tied to Edge (although I’ve recently put in a request for Firefox and had it approved).

I guess it’d be nice to have a consistent search experience across the board, which the likes of DDG would give me. But definitely seeing good things about Brave and Brave Search.

143
submitted 1 year ago* (last edited 1 year ago) by schmurnan@lemmy.world to c/technology@lemmy.world

TL;DR - which privacy-focused search engine do people recommend, preferably one that can also easily be used as a default option in Safari?

I ditched Google in about 2016ish I would guess, and since then have used DDG as my default search engine.

As someone entrenched in the Apple ecosystem, it’s always seemed like a sound choice, as it’s one of the search engines built in to Safari on both iOS and macOS.

After spending a bit more time recently playing around with and updating my Docker containers, I started hosting a Whoogle container, which seemed to work pretty well, but I don’t see many out there talking about it, so not sure how good it actually is. I then tried a SearXNG container, but either had it misconfigured or just wasn’t getting many search results back.

At the moment I’m trying out Startpage, but I know there are potential privacy concerns since they were part-bought in 2019 by a US ad-tech company.

I’m also playing around with different browsers at the moment, flicking between Safari, Firefox and Brave. At which point I stumbled across Brave Search, which seems pretty promising.

So, which search engines do you all recommend?

UPDATE: Probably should’ve done a poll! But latest (if I’ve captured everything correctly) is:

  • DuckDuckGo - 10
  • Qwant / SearXNG / Kagi / Brave - 4
  • Startpage / Ecosia - 2
  • Google - 1

As to my other questions around browsers:

  • Majority seem to use Firefox
  • Some mentions of Brave
  • One mention of Arc
26
submitted 1 year ago* (last edited 1 year ago) by schmurnan@lemmy.world to c/selfhosted@lemmy.world

I'm trying to access my Pi-hole container from pihole.mydomain.com without any ports or /admin, and I swear the multitude of posts on the internet make this seem really straightforward. Perhaps it is and I'm being dumb, but I cannot get it to work.

Below is my current docker-compose for both Traefik and Pi-hole:

version: "3.7"

services:
  traefik:
    container_name: traefik
    image: traefik:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - medianet
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /path/to/traefik:/etc/traefik
      - /path/to/shared:/shared
      - /path/to/traefik/logs/traefik.log:/etc/traefik/logs/traefik.log
      - /path/to/traefik/logs/access.log:/etc/traefik/logs/access.log
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USER_PASS}
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.routers.traefik-secure.middlewares=traefik-auth
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${TRAEFIK_BASE_DNS}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${TRAEFIK_BASE_DNS}
      - traefik.http.routers.traefik-secure.service=api@internal

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    domainname: mydomain.com
    hostname: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole.entrypoints=https
      - traefik.http.routers.pihole.tls=true
      - traefik.http.routers.pihole.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80

The Pi-hole one will load the login page and, upon entering the password and logging in, it will simply bring me back to the login page. So just keeps looping around.

The Traefik config is working with lots of other containers, all of which are using SSL certificates, so I'm pretty sure my Traefik config is okay.

I've tried middlewares to addprefix=/admin, which just ends up looping round with multiple /admin prefixes and also doesn't work.

Anybody got any ideas?

I'm aware I don't have to put Pi-hole behind SSL as I'm not exposing any of this stuff to the open internet (ports 80 and 443 are not forwarded on my router, and I'm using local DNS records in Pi-hole to access via subdomains).

Happy to post my traefik.yml and config.yml files if needed.

UPDATE: I seem to have figured it out! Below is my final Pi-hole docker-compose - the Traefik one remains unchanged from the original post:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    domainname: mydomain.com
    hostname: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=http
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.pihole.middlewares=pihole-https-redirect
      - traefik.http.routers.pihole.service=pihole
      - traefik.http.routers.pihole-secure.entrypoints=https
      - traefik.http.routers.pihole-secure.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole-secure.tls=true
      - traefik.http.routers.pihole-secure.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80
23

I'm sure I'm massively overthinking this, but any help would be greatly appreciated.

I have a domain name that I bought through NameCheap and I've pointed it to Cloudflare (i.e. updated the name servers). I have a Synology NAS on which I run Docker and a few containers. Up until now I've done this using IP addresses and ports to access everything (I have a Homepage container running and just link to everything from there).

But I want to setup SSL and start running Vaultwarden, hence purchasing a domain name to make it all easier.

I tried creating an A record in Cloudflare to point to the internal IP of my NAS (and obviously, this couldn't be orange-clouded through CF because it's internal to my LAN). I'm very reluctant to point the A record to the external IP of my NAS (which, for added headache is dynamic, so I'd need to get some kind of DDNS) because I don't want to expose everything on my NAS to the Internet. In actual fact, I'm not precious about accessing any of this stuff over the internet - if I need remote access I have a Tailscale container running that I can connect to (more on that later in the post). The domain name was purely for ease of setting up SSL and Vaultwarden.

So I guess my questions are:

  • What is the best way to go about this - do I create a DDNS on the NAS and point that external IP address to my domain in Cloudflare, then use Traefik to just expose the containers I want to have access to using subdomains?
  • If so, then how do I know that all other ports aren't accessible (I assume because I'm only going to expose ports 80 and 443 in Traefik?)
  • What do other people see (i.e. outside my network) if they go to my domain? How do I ensure they can't access my NAS and see some kind of page?
  • Is there a benefit to using Cloudflare?
  • How would Pi-hole and local DNS fit into this? I guess I could point my router at Pi-hole for DNS and create my A records on Pi-hole for all my subdomains - but what do I need to setup initially in Cloudflare?
  • I also have a RPi that has a (very basic) website on it - how do I setup an A record to have Cloudflare point a sub-domain to the Pi's IP address?
  • Going back to the Tailscale thing - is it possible to point the domain to the IP address of the Tailscale container, so that the domain is only accessible when I switch on the Tailscale VPN? Is this a good idea/bad idea? Is there a better way to do it?

I'm sure these are all noob-type questions, but for the past 6-7 years I've purely used this internally using IP:port combinations, so never had to worry about domain names and external exposure, etc.

Many thanks in advance!

[-] schmurnan@lemmy.world 5 points 1 year ago

You’re all awesome. So much feedback for me to work with.

I’d say the vast majority are recommending Bitwarden (or Vaultwarden should I want to self host), with lots of shoutouts for 1Password as well. Honourable mentions for KeePass as well as a few others.

I’ll continue to run Bitwarden in parallel to 1Password for a little while longer to see if I prefer one over the other. I’ll definitely look into self hosting it as well, although I don’t currently have a domain name so would either have to get one or do the slightly more convoluted method of getting self-signed certificates.

Thanks all for taking the time to indulge me — very much appreciated.

[-] schmurnan@lemmy.world 13 points 1 year ago

And this is why I love places like Lemmy. Balanced, different opinions 🙂

I personally have no issues with 1Password (except that v8 is Electron), but just tempted to try the alternatives given how strong a following Bitwarden appears to have.

Either way… it’s good to have options.

[-] schmurnan@lemmy.world 4 points 1 year ago

Now you may have me there. Visual Studio Code is certainly an exception, I’d be willing to admit.

[-] schmurnan@lemmy.world 4 points 1 year ago

Because it’s now an Electron app on macOS and — in my personal view — Electron apps suck. Much prefer native apps.

Functionality-wise it’s the same, but just doesn’t feel as nice to use, if that makes sense.

[-] schmurnan@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

Haha I hear you re: the old people. My parents use a notepad, and they scribble out old passwords and write down the new ones. It’s beyond archaic. And my dad has dementia which is just a recipe for disaster.

I’ve added them to my 1Password family and setup a separate vault for them to use, and I have a few of their key passwords shared with my vault in case they lock themselves out of important accounts.

But I’m sure if I did decide to switch to Bitwarden I could move them over pretty easily.

[-] schmurnan@lemmy.world 7 points 1 year ago

Thanks. I’m tech savvy so that’s not a problem. Just always used 1Password based on recommendations. More than happy to go open source, and 1Password 8 feels like a step backwards from 1Password 7.

181

Just wondered what people are using for their password management.

I’m currently using 1Password on a family subscription for both password management and 2FA (and then Authy for the 1Password 2FA). But I’m seeing a lot more posters — particularly since joining Lemmy — championing BitWarden (either cloud or self hosted) and Raivo OTP as a cheaper, almost-as-functional alternative.

So is it worth the switch? Will I lose out on anything by doing so?

I’m currently running BitWarden with a free account to see if I can live with it. But I must admit, 1Password is a staple app for me and one that I would say is priceless to my workflow and setup.

Just interested in your thoughts and trying to stimulate conversation!

2

Hey all,

I'm sure I'm massively overlooking something, but wondered if someone could help me out, please?

I'm trying to switch from Traefik to Nginx Proxy Manager on my Synology NAS, and I've opted to run NPM via a bridge network and a macvlan, so as to not have to mess around with ports 80 and 443 on the NAS (usually reserved for Synology services).

I've got the following:

Bridge network (npm_bridge):

  • Subnet = 192.168.10.0/24
  • IP range = 192.168.10.2/32
  • Gateway of 192.168.10.1.

Macvlan network (npm_network):

  • Subnet = 192.168.1.0/24 (same as my LAN)
  • IP range = 192.168.1.216/32
  • Gateway = 192.168.1.1 (same as my LAN).

NPM is connected to these two networks, and I have a MariaDB container connected to the host - everything works great with NPM and MariaDB - no issues.

However, I have a third network, medianet:

  • Subnet = 192.168.96.0/24
  • Gateway = 192.168.96.1.

Connected to that network I have a Gluetun container (via docker-compose).

I then have multiple other containers that run through the Gluetun container (several "arrs" and Portainer) using network_mode: service:gluetun.

What I used to have via Traefik was a local hostname I created (let's say, nas.local for posting's sake) and I could simply create labels in my docker-compose for each service to assign ports. I could then access all of these containers via nas.local/portainer, nas.local/sonarr, etc. and they would be accessible via the VPN container.

However, I'm completely stuck on how to do this via NPM. I've tried all kinds of combinations via the Proxy Host configuration, but I don't know how to set it up.

  • Do I need an overarching nas.local entry as the top level? If so, what hostname/IP and port combination do I use?
  • Do I think setup Custom Locations behind it, one for each service, i.e. Portainer? If so, what is the hostname/IP and port for this?
  • Or do I create a new Proxy Host per entry, i.e. portainer.nas.local?
  • Do I even need to have Portainer behind the VPN as well, or do I add that direct to the medianet network, and then somehow link NPM to the medianet network as well?

I'm really at a loss, and as it stands all my containers are offline at the moment because I can't figure out how to connect them (except Homebridge and MariaDB - they're both up as they're connected to the host network).

Any help would be very, very much appreciated.

view more: next ›

schmurnan

joined 1 year ago