qjammer

@qjammer@lemmy.ml
0 Post – 5 Comments
Joined 1 years ago

You can install ufw and a frontend for it that lets you block specific processes. https://wiki.archlinux.org/title/Uncomplicated_Firewall#GUI_frontends It seems KDE already comes with a frontend in the system settings, and there's gufw for gnome/gtk.

I recently bought an x86 passive cooled box from Topton, an aliexpress merchant, that was recommended by ServeTheHome, a great youtube channel/blog that reviews all kinds of networking equipment for homelabs. Since it's x86, you can pretty much install anything on it, in my case OPNSense. I recommend you watch some of their videos/read their blogs and see what fits!

I am running a similar setup to yours. The issue is that only one server block can listen to an address+port pair. You ought to do something like this:

map $ssl_preread_server_name $proxy_backend_router {
        serviceA.example.com    upstreamA:12346;
        serviceB.example.com    upstreamB:12346;
        default $ssl_preread_server_name.invalid_proxy:443;
}


server {
        listen 443;
        ssl_preread on;
        proxy_pass $proxy_backend_router;
}
1 more...

The nginx documentation for the ssl preread module has an almost identical example.

I read you mentioned firefox. I had a similar experience a while ago, related to this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1704774#c13