npub1tj54dz997wrdyqgf8sc36z3upy3ld0ujmwqyx42dtqxcwc7l68fqlx5ry2 (npub1tj5…5ry2) Wireguard is a lifesaver. Especially now that it's embedded in all modern Linux kernels and it runs on basically any OS.
I used OpenVPN for many years, it wasn't a big deal but it definitely was a bit cumbersome to install ad-hoc clients and move certificates around. With Wireguard adding a new client is almost as simple as copying an SSH keypair and specifying the address of the server. And it's even super easy to spawn a bunch of different servers, if you want isolated VPN networks.
Thanks to this configuration (HTTP nginx gateways and VPN servers run on Internet-facing Linode machines that do nothing other than proxying requests, and everything else runs in my home network where I have basically unlimited storage) I've easily managed to scale up a big infrastructure.
I think that exposing and hardening services one by one directly on your residential IP would probably take you more time on the long run, while setting up a VPN connection is something that you only have to do once.
Fabio Manganiello /
npub1v7…ukv0u
2023-08-03 00:47:05
in reply to nevent1q…kund
Author Public Key
npub1v78mmuz20p6qd6nve30axhqu74avwn4f6z4grhug7755rat7wh3syukv0uPublished at
2023-08-03 00:47:05Event JSON
{
"id": "dcd39d4777bbc04741418d6f4e87b11020851577c591fcdda4adf6c5f49f556a",
"pubkey": "678fbdf04a787406ea6ccc5fd35c1cf57ac74ea9d0aa81df88f7a941f57e75e3",
"created_at": 1691016425,
"kind": 1,
"tags": [
[
"p",
"5ca95688a5f386d201093c311d0a3c0923f6bf92db8043554d580d8763dfd1d2",
"wss://relay.mostr.pub"
],
[
"p",
"6bcc5d6c6c03ca87494130e65fd4db3e4b0dcd53b331d6bbf9ab538458caff34",
"wss://relay.mostr.pub"
],
[
"e",
"10e1e6bc35280a62a57683ae796d5b5f88ba2597984c239d0b7fda02eb6b5ac7",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://social.platypush.tech/users/blacklight/statuses/110822452441696687"
]
],
"content": "nostr:npub1tj54dz997wrdyqgf8sc36z3upy3ld0ujmwqyx42dtqxcwc7l68fqlx5ry2 Wireguard is a lifesaver. Especially now that it's embedded in all modern Linux kernels and it runs on basically any OS.\n\nI used OpenVPN for many years, it wasn't a big deal but it definitely was a bit cumbersome to install ad-hoc clients and move certificates around. With Wireguard adding a new client is almost as simple as copying an SSH keypair and specifying the address of the server. And it's even super easy to spawn a bunch of different servers, if you want isolated VPN networks.\n\nThanks to this configuration (HTTP nginx gateways and VPN servers run on Internet-facing Linode machines that do nothing other than proxying requests, and everything else runs in my home network where I have basically unlimited storage) I've easily managed to scale up a big infrastructure.\n\nI think that exposing and hardening services one by one directly on your residential IP would probably take you more time on the long run, while setting up a VPN connection is something that you only have to do once.",
"sig": "532197387916e1dfc0dc62bf8ee8d333ffe3e3aa505eee22866b7db56400ba5ef5c4ecf2471607421d96397d5bcf1e0549017b6fdf30f8bf1fefcab82bfb49f6"
}