Below is the docker compose file just to get CouchDB up and running:

version: "3.8"

services:
  couchdb-obsidian-livesync:
    container_name: obsidian-livesync #shortened name
    image: couchdb:3.3.3
    environment:
      - PUID=99
      - PGID=100
      - UMASK=0022
      - TZ=Asia/Ho_Chi_Minh
      - COUCHDB_USER=obsidian_user # optionally change me
      - COUCHDB_PASSWORD=obsidian_password # definitely change me
    volumes:
      - ./data:/opt/couchdb/data
      - ./etc/local.d:/opt/couchdb/etc/local.d
      - ./log:/opt/couchdb/var/log/couchdb # Added log volume
    ports:
      - "5984:5984"
    restart: unless-stopped
    labels:
      - net.unraid.docker.webui=http://[IP]:[PORT:5984]/_utils # This might need to be manually adjusted for the web UI
      - net.unraid.docker.icon=https://couchdb.apache.org/image/couch@2x.png
      - net.unraid.docker.shell=bash
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5984/_up"] # Healthcheck for CouchDB
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s

CouchDB – Initial Configuration

1. Go to the CouchDB admin page by going here: http://10.10.10.13:5984/_utils make sure to use your server’s IP address.

2. Login using the credentials you set in the Docker compose file.

3. Click on the <-> icon on the top left, it will expand the menu from simple icons to icons with text which will make following this guide easier.

4. Click on Setup on the left menu.

5. Click on Configure as Single Node and enter the same credentials from the Docker compose file into the Specify your Admin credentials fields.

6. Leave everything else the same and click Configure Node.

CouchDB – Verify Installation

1. Let’s verify the CouchDB installation by clicking Verify on the left menu.

2. Click Verify Installation and if everything is good, a popup banner should popup saying Success! Your CouchDB installation is working. Time to Relax. along with 6 check marks next to each item in the table.

CouchDB – Create Database

1. Click on the Databases on the left menu.

2. Click on Create Database on the top right.

3. Under Database Name enter obsidiandb, or whatever you like. Advice: if you intend to use this setup for multiple users, each user will need their own database, so I recommend naming the database to include the user’s first name like: obsidiandb_john or obsidiandb_jane just to make it easier in the future.

4. Under Partitioning select Non-partitioned - recommended for most workloads. Once the database is created, you should be redirected to the new database’s config page. You don’t have to do anything here.

CouchDB – Configuration

1. Click on Configuration on the left main menu. The following 9 config entries are what the script was intended to do automatically but I wanted to do it manually. Click on + Add Option on the top right for each entry:

2. Section: chttpd Name: require_valid_user Value: true

3. Section: chttpd_auth Name: require_valid_user Value: true

4. Section: httpd Name: WWW-Authenticate Value: Basic realm="couchdb"

5. Section: httpd Name: enable_cors Value: true

6. Section: chttpd Name: enable_cors Value: true

7. Section: chttpd Name: max_http_request_size Value: 4294967296

8. Section: couchdb Name: max_document_size Value: 50000000

9. Section: cors Name: credentials Value: true

10. Section: cors Name: origins Value: `app://obsidian.md,capacitor://localhost,http://localhost

Obsidian – Windows 11 Client

1. Download and install the Windows 11 Obsidian client from here.

2. Once installed, open Obsidian.

3. Next to Create new vault click the Create button next.

4. In the Vault name field, name your Vault whatever you like, I simply named mine Vault. You can think of a vault as a "master folder" that contains all your folders and notes. Some users have different vaults for different aspects of their lives, such as Work or Personal but I keep everything under one vault for ease of use.

5. Next setting is Location, click Browse. This is where your vault will be locally saved. I created an Obsidian folder in the Documents folder but you can put it anywhere you like.

6. Click Create and Obsidian should open up to your newly created vault with 3 window panes. Next step is to setup the LiveSync plugin.

Obsidian – LiveSync Plugin

1. Click on options button (sprocket icon) on the bottom left area.

2. Click Community plugins and click on the Turn on community plugins button after reading the risk disclosure.

3. Next to Community plugins click on the Browse button.

4. Search for Self-hosted LiveSync.

5. Only 1 plugin should show up and that’s the one by voratamoroz, click on it.

6. Click the Install button and let it install.

7. Click the Enable button.

8. Click Open setting dialog button.

9. Click Options button.

10. Under Settings for Self-hosted LiveSync. you should see a row of 8 buttons, click on the 4th button with the satellite icon.

11. This is where we will enter the self-hosted CouchDB details. Next to Remote Type make sure CouchDB is selected from the drop down menu.

12. In the URI field type http://10.10.10.13:5984 make sure to change to your server IP and port. (Open the container online with HAProxy)

13. In the Username field type osidian_user or whatever you used in the docker compose.

14. Same for Password field.

15. In the Database name field type obsidiandb or whatever you named your database earlier in CouchDB.

16. Click the Test button to test the connection to the CouchDB database. Assuming everything is working properly a text popup should say Connected to obsidiandb successfully.

17. Click the Check button to confirm the database was configured properly, there should be a purple checkmark next to each line item. If not, there should be a Fix button next to the item that you can click for it to either create or correct for you, but I prefer to manually do it myself.

18. Assuming everything is good up to this point, click the Apply button next to Apply Settings.

19. Optional but recommended: scroll down to the End-to-end encryption and toggle it on and set a passphrase. Please remember this passphrase as all your other devices must have matching passphrases for it to be able to decrypt your notes. Click the red button Just apply.

20. On the top menu, under Settings for Self-hosted LiveSync. you should see a row of 8 buttons, click on the 5th button with the refresh icon.

21. Next to Sync mode select LiveSync from the drop down menu.

22. You can close the settings windows out, on the top right of the notes you should see Sync: zZz which means everything is working properly and the sync is in standby mode until you start typing something.

23. Repeat the above instructions for all other devices.

Reverse Proxy

I highly recommend putting this behind at least a reverse proxy, I use Nginx Proxy Manager in conjunction with Cloudflare Tunnels. You will definitely need to if you plan on using mobile devices as they require HTTPS.

Vim modes

Vim has several operating modes. The main ones are :

• Normal mode: The default mode for navigating and executing commands.
• Insert mode: To insert text.
• Visual mode: To select text.
• Command mode: To execute specific commands.
  

Switching between modes

• Esc: Return to Normal mode.
• i: Switch to Insert mode to the left of the cursor.
• a: Switch to Insert mode to the right of the cursor.
• v: Switch to Visual mode.
• (colon): Switch to Command mode from Normal mode.
  

Navigation

Navigating efficiently is crucial in Vim. Here are some basic commands:

• h: Move the cursor to the left.
• j: Move the cursor down.
• k: Move the cursor upwards.
• l: Move the cursor to the right.
• w: Go to the beginning of the next word.
• b: Go to the beginning of the previous word.
• 0: Go to the beginning of the line.
• $ : Go to the end of the line.
• gg: Go to the beginning of the file.
• G: Go to the end of the file.
  

Text Editing

Vim offers a host of commands for editing text efficiently.

Insert text

• i: Insert before the cursor.
• I: Insert at the beginning of the line.
• a: Insert after the cursor.
• A: Insert at the end of the line.
• o: Insert a new line underneath.
• O: Insert a new line above.
  

Delete from text

• x: Delete the character below the cursor.
• dd: Delete the entire line.
• dw: Delete to the beginning of the next word.
• D: Delete to the end of the line.
  

Copy and Paste

• yy: Copy (yank) the entire line.
• yw: Copy the next word.
• p: Paste after the cursor.
• P: Paste before the cursor.
  

Undo and Redo

• u: Cancel the last order.
• Ctrl + r: Restore a cancelled command.
  

Search and replacement

Searching for and replacing text are common operations in file editing.

Search

• /: Search forwards in the file.
• ?: Search backwards in the file.
• n: Go to the next occurrence.
• N: Go to the previous occurrence.
  

Replacement

• :s/old/new: Replace the first occurrence on the current line.
• :s/old/new/g: Replace all occurrences on the current line.
• :%s/old/new/g: Replace all occurrences in the entire file.
  

File Management

File management commands are essential for opening, saving and closing files.

• :e file_name: Open a file.
• :w: Save the current file.
• :w filename: Save under another name.
• :q: Exit Vim.
• :q! Quit without saving.
• :wq: Save and exit.
  

Conclusion

Vim is a powerful tool that can dramatically improve your workflow. Start with these basic commands and explore the many advanced features Vim has to offer. With practice, you’ll find that Vim becomes an indispensable tool in your development arsenal.

Why choose Bitwarden?

1. High-level safety

Security is Bitwarden’s top priority. Here are some of the security features that make Bitwarden a first choice option:

• End-to-endencryption: All passwords and sensitive data are encrypted locally on your device before being sent to Bitwarden’s servers. This means that only you can decrypt your data.
• Open Source: Bitwarden’s source code is open and available for public review on GitHub. This allows the community to check the integrity of the code and contribute to its improvement.
• Two-factor authentication (2FA): Bitwarden supports a variety of two-factor authentication methods to add an extra layer of security to your account.
  

2. Ease of use

Bitwarden is designed to be intuitive and easy to use. Whether you are a beginner or an experienced user, you will find Bitwarden’s interface simple and user-friendly.

• Browser extensions: Bitwarden offers extensions for all popular browsers, allowing you to automatically fill in your passwords and save them directly from your browser.
• Mobile applications: Bitwarden applications for iOS and Android allow you to manage your passwords on the move.
• Desktop Application and Web Interface: You can access your passwords from any device thanks to Bitwarden’s desktop applications and web interface.
  

3. Multi-device synchronisation

Bitwarden synchronises your passwords and other sensitive data on all your devices in real time. Whether you add a new password on your phone or computer, it will be immediately available on all your other devices.

4. Advanced features

Bitwarden offers a range of advanced features that make it more than just a password manager:

• Password Generator: Bitwarden can generate strong, unique passwords for each account, minimising security risks.
• Secure Sharing: You can share passwords and other sensitive information securely with other Bitwarden users.
• Secure Note Storage: In addition to passwords, Bitwarden allows you to store secure notes, credit card information and other sensitive data.
  

5. Affordable and flexible plans

Bitwarden offers a feature-rich free version, as well as affordable premium plans that add extra functionality:

• Free Plan: Includes most of the basic functions, sufficient for personal use.
• Premium Plan: For a small fee, you get advanced features such as two-factor authentication with U2F keys, 1GB of encrypted file storage, and password health reports.
• Family and business plans: Bitwarden also offers plans for families and businesses, facilitating the shared management of passwords and sensitive information.
  

Conclusion

Bitwarden stands out as one of the best password management solutions thanks to its robust security, ease of use and flexibility. Whether you are looking to secure your personal accounts or manage your corporate passwords, Bitwarden offers a complete and reliable solution.

Useful links

• Official website of Bitwarden
• Bitwarden documentation
• Bitwarden GitHub repository
  

Share your experiences with Bitwarden and ask your questions in the comments section!

Why choose UniFi Express for your home ?

1. Simple and intuitive installation

UniFi Express is designed to be easy to install and configure, even for non-technical users. You can manage your entire network via an intuitive web interface or a dedicated mobile app. This ease of use is ideal for homes where network management is not a daily task.

2. Reliable Network Performance

One of the main advantages of UniFi Express is its ability to offer fast, stable connectivity. With high speeds and extensive coverage, it meets the needs of modern households that use multiple devices simultaneously for streaming, online gaming and teleworking.

• High-speed Wi-Fi: enjoy a fast, reliable wireless connection thanks to the latest Wi-Fi technology.
• Extensive coverage: UniFi Express access points provide complete coverage in your home, reducing dead zones and connection interruptions.
  

3. Centralised management

UniFi Express lets you manage your entire network from a single interface. You can monitor network usage, configure security settings and control connected devices with ease. This centralised management makes it easy to troubleshoot and optimise your home network.

4. Advanced Security

Security is a priority for UniFi Express. The solution offers robust security features to protect your network against external threats:

• WPA3 encryption: Ensure a high level of security for your wireless connections.
• Access Control: Configure rules and access controls to manage the devices that connect to your network.
  

5. Scalability

While UniFi Express is perfectly suited to residential needs, it’s also designed to grow with your future needs. If your home grows or your network requirements increase, you can easily add additional access points or switches to expand your network.

Comparison with Professional Models

1. Advanced Business Solutions

For businesses, Ubiquiti offers more advanced UniFi solutions, such as the UniFi Dream Machine and UniFi Pro models. These models offer additional features such as :

• Advanced Network Management: more detailed configuration options and complex network management.
• Increased performance: Processing capacity and connection speeds adapted to professional environments.
• Comprehensive features: Integration with enterprise network management systems, advanced security features and extensive customisation options.
  

2. Adaptability

Professional models are designed for large-scale enterprise environments, with increased scalability and flexibility to meet the specific needs of organisations.

Conclusion

UniFi Express is an ideal solution for homes looking for reliable, secure and easy-to-manage network connectivity. With features tailored to home needs and an intuitive user interface, UniFi Express simplifies network management at home. For businesses, Ubiquiti offers more advanced models that meet the more complex requirements of professional environments.

Useful links

• UniFi Express official website
• UniFi documentation
  

Share your experiences with UniFi Express and ask your questions in the comments section!

Domain management with Cloudflare

1. Domain Registration and Transfer

Cloudflare allows you to register domains directly via its platform, but you can also use Cloudflare to manage domains that you have purchased elsewhere. Here’s how to do it:

• Add a Domain: Log in to your Cloudflare account and go to Add a Site. Enter your domain name to begin the configuration process.
• Changing Nameservers: Once you have added your domain, Cloudflare will provide nameservers for you to configure with your current registrar. This allows Cloudflare to manage your domain’s DNS traffic.
• Domain Transfer: To transfer a domain to Cloudflare, go to Domain Registration and follow the instructions to initiate the transfer.
  

2. DNS management

DNS management on Cloudflare is intuitive and offers a number of advantages:

• Simplified management interface: The platform offers a clear interface for adding, modifying or deleting DNS records.
• DNS Record Types: You can manage various record types, including A, CNAME, MX, TXT, and more.
• Fast DNS propagation: DNS changes propagate quickly thanks to Cloudflare’s global infrastructure.
  

3. Security with DNSSEC

Cloudflare supports DNSSEC (Domain Name System Security Extensions) to protect your domain against cache poisoning attacks. You can activate DNSSEC in the DNS section of your Cloudflare dashboard.

Turnstile: An alternative CAPTCHA solution

1. What is Turnstile?

Turnstile is an alternative to traditional CAPTCHAs, designed to offer a smoother user experience while providing protection against bots. Unlike traditional CAPTCHAs, Turnstile does not require complex user interaction.

2. Turnstile configuration

To configure Turnstile :

• Activate Turnstile: Go to Firewall > Tools in your Cloudflare dashboard.
• Configure Settings: You can adjust the settings to tailor the level of security to the needs of your site.
  

CDN (Content Delivery Network): Speed up your website

1. Cloudflare CDN features

Cloudflare offers an integrated CDN that improves website loading speed and reduces latency:

• Content Distribution: Cloudflare’s CDN distributes your content across a global network of servers to deliver faster load times to visitors, regardless of their geographic location.
• Dynamic and static caching: Cloudflare caches both static content (such as images and CSS/JS files) and dynamic content (such as HTML pages) to optimise performance.
• Content compression: Cloudflare’s compression features reduce the size of transferred files, improving loading times.
  

2. Performance optimisation

• Minification: Cloudflare offers minification tools to reduce the size of CSS, JavaScript and HTML files.
• Argo Smart Routing: Although this feature is only available on paid plans, the free version already offers a significant performance improvement thanks to Cloudflare’s CDN infrastructure.
  

Conclusion

The free version of Cloudflare offers an impressive suite of features to improve your domain management, optimise performance with a CDN, and secure your site with Turnstile. Whether you’re an individual or a small business, Cloudflare allows you to benefit from increased protection and better performance at no extra cost.

Useful links

• Official Cloudflare website
• Cloudflare documentation
• Cloudflare DNS Configuration Guide
• Information about Turnstile
  

Share your experiences with Cloudflare and ask your questions in the comments section!

Why use HAProxy with pfSense?

1. Efficient Load Distribution

HAProxy is designed to balance traffic between multiple servers using sophisticated load balancing algorithms. By integrating it with pfSense, you can ensure fair distribution of traffic and avoid overloading your servers.

2. High availability

HAProxy offers high-availability features that enable you to maintain access to your services even in the event of a server failure. Coupled with pfSense, it ensures increased resilience and service continuity.

3. Flexibility and Advanced Configuration

With HAProxy, you can configure complex rules to direct traffic based on criteria you define, such as IP addresses, ports or HTTP headers. This flexibility is amplified by the capabilities of pfSense.

4. Monitoring and Management

HAProxy provides monitoring and management tools to track the performance of your servers and optimise traffic distribution. pfSense also offers integrated monitoring tools for a complete overview of your network.

Installing and configuring HAProxy on pfSense

Prerequisites

Before you start, make sure you :

• Have a pfSense system installed and operational.
• Have servers to balance.
• Internet access to download the necessary packages.
  

Step 1: Installing the HAProxy package

1. Access the pfSense Web Interface
   

Connect to the pfSense web interface via the IP address of your firewall.

2. Install the HAProxy package
   

• Go to System > Package Manager > Available Packages.
• Search for HAProxy in the list of available packages.
• Click Install to add the HAProxy package to pfSense.
  

Step 2: Configuring HAProxy

1. Configuring the Backend Servers
   

• Go to Services > HAProxy > Backend.
• Click Add to create a new backend.
• Enter the information for the backend servers, including their IP address and the port on which they are listening.
• Configure the load balancing options to suit your needs.
  

2. Configuring the Frontend
   

• Go to Services > HAProxy > Frontend.
• Click Add to create a new frontend.
• Define the frontend parameters, including the IP address and listening port (for example, port 80 for HTTP or 443 for HTTPS).
• Link the frontend to the backend you created earlier.
  

3. Configuring Rules and Advanced Options
   

• In the frontend configuration, you can add rules to direct traffic based on HTTP headers, URL paths or other criteria.
• Configure advanced options such as session parameters, server health options and SSL parameters if necessary.
  

Step 3: Checking and Troubleshooting

1. Check the Configuration
   

• Access the pfSense web interface and ensure that HAProxy is running without errors.
• Test traffic distribution by accessing your services via the configured IP address or domain name.
  

2. Consult the Logs
   

• If you encounter any problems, check the HAProxy logs in Status > System Logs > System > Services to identify any errors.
  

Stage 4: Monitoring and maintenance

1. Monitor Performance
   

• Use pfSense monitoring tools to track the performance of your servers and network traffic.
• Consult the HAProxy statistics for detailed information on server traffic and performance.
  

2. Hold down the Configuration
   

• Update the HAProxy configuration to reflect changes in your infrastructure or your load balancing requirements.
• Make sure that pfSense and HAProxy are regularly updated to take advantage of the latest features and security patches.
  

Conclusion

HAProxy’s integration with pfSense enables you to effectively manage load balancing and improve the high availability of your network services. Thanks to its flexibility and advanced features, HAProxy is a powerful solution for optimising the performance and resilience of your network infrastructure.

Useful links

• Official website of HAProxy
• Official HAProxy documentation
• HAProxy GitHub Repository
• Official website of pfSense
• Official pfSense documentation
  

Share your experiences with HAProxy on pfSense and ask your questions in the comments section!

Why choose WireGuard?

1. Exceptional Performance

WireGuard is designed to deliver high performance thanks to its minimalist architecture. The protocol uses modern, efficient encryption algorithms to guarantee fast connection speeds while maintaining a low impact on system resources.

2. Easy to configure

With WireGuard, configuration is simplified thanks to a clear user interface and a reduced number of options. This makes VPN installation and management easier, even for users who are not network experts. WireGuard’s source code is also much shorter and easier to audit, which contributes to better security.

3. Advanced Security

WireGuard uses modern, proven encryption algorithms, such as ChaCha20 for data encryption and Curve25519 for key exchange. This advanced level of security helps protect your communications against attacks and intrusions.

4. Multi-platform support

WireGuard is compatible with a variety of operating systems, including Linux, Windows, macOS, iOS, and Android. So you can deploy WireGuard on a variety of devices to secure your network consistently, whether on servers or personal devices.

5. Ease of integration

WireGuard can be easily integrated with existing network configurations. It can be used to establish point-to-point VPN connections or to create complete virtual private networks. Its integration with modern operating systems makes it ideal for use in a variety of environments.

WireGuard Installation and Configuration

Installing WireGuard is quick and easy. Here is a step-by-step guide to configuring WireGuard on different operating systems.

Prerequisites

Before you start, make sure you have :

• A server to run WireGuard.
• One or more clients to connect to the VPN.
• Internet access to download the necessary software.
  

Installation on Linux

1. Install WireGuard
   

On a Debian or Ubuntu system, you can install WireGuard using the following commands:

sudo apt update
sudo apt install wireguard

On CentOS or RHEL, you can use :

sudo yum install epel-release
sudo yum install wireguard-tools

2. Configuring the WireGuard Server
   

Create a private key and a public key for the server :

umask 077
wg genkey | tee server.key | wg pubkey > server.pub

Configure the /etc/wireguard/wg0.conf file with the server parameters :

[Interface]
PrivateKey = <clé-privée-du-serveur>
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = <clé-publique-du-client>
AllowedIPs = 10.0.0.2/32

3. Start and Activate WireGuard
   

Start WireGuard with the following command:

sudo wg-quick up wg0

To activate WireGuard at start-up, use :

sudo systemctl enable wg-quick@wg0

Installation on Windows

1. Download and install WireGuard
   

Download the WireGuard client for Windows from the official WireGuard website. Run the installation file and follow the instructions.

2. Configuring the Client
   

Open the WireGuard application, click on Add Tunnel and choose Add empty tunnel. Enter the client configuration information, including the private key and server parameters.

3. Connect to VPN
   

Click Activate to establish the VPN connection.

Installation on macOS

1. Download and install WireGuard
   

Download the WireGuard client for macOS from the official WireGuard website. Open the .dmg file and drag the application into the Applications folder.

2. Configuring the Client
   

Launch the WireGuard application and click on Add Tunnel. Enter the client configuration information.

3. Connect to VPN
   

Click Activate to establish the VPN connection.

Installation on iOS and Android

1. Download the Application
   

Download the WireGuard application from the App Store (iOS) or Google Play Store (Android).

2. Configuring the Client
   

Open the application and add a new tunnel by entering the client’s configuration information.

3. Connect to VPN
   

Activate the tunnel to establish the VPN connection.

Advanced use of WireGuard

Once WireGuard is installed and configured, you can explore advanced features:

• Configure Advanced Routing: Configure specific routes to route VPN traffic according to your needs.
• Manage Multiple Connections: Manage multiple VPN connections by creating additional configurations for different clients or servers.
• Integrate with Security Tools: Use WireGuard with monitoring tools to ensure increased security and better network management.
  

Conclusion

WireGuard is a modern VPN solution that offers an exceptional combination of performance, simplicity and security. With easy installation and simplified configuration, WireGuard is ideal for individuals and organisations looking to protect their network communications. Whether you deploy WireGuard on a server or across multiple devices, it provides you with an effective and reliable VPN solution.

Useful links

• WireGuard official website
• Official WireGuard documentation
• WireGuard GitHub Repository
  

Share your experiences with WireGuard and ask your questions in the comments section!

Why choose pfSense?

1. Advanced Security Features

pfSense offers a full range of security features, including packet filtering, intrusion prevention and VPN. You can configure sophisticated firewall rules to protect your network from external and internal threats. What’s more, pfSense offers integration with intrusion detection and prevention tools (IDS/IPS) such as Snort or Suricata.

2. Easy Network Management

With pfSense, you can manage multiple networks and VLANs from a single interface. This allows you to segment your network for greater security and simplified management. You can also configure VPNs for secure remote access to your network.

3. Extendable with Plugins

pfSense is highly extensible thanks to a vast collection of packages available in the pfSense Package Repository. These plugins add extra functionality such as monitoring tools, web cache servers and more.

4. Intuitive web interface

The pfSense web interface is designed to be easy to use, even for those who are not experts in network administration. You can configure and monitor your network from an intuitive graphical interface, without having to interact with the command line.

5. Active Community and Documentation

pfSense has an active community offering valuable support and resources to help you get the most out of your installation. You can access comprehensive documentation and discussion forums to get answers to your questions and solve problems.

Installing and configuring pfSense

Installing pfSense is simple and straightforward. Here’s a step-by-step guide to installing pfSense and configuring the basic features.

Prerequisites

Before you start, make sure you have :

• Installation media for pfSense (USB key or CD/DVD).
• A compatible server or PC to run pfSense.
• An Internet connection to download updates and packages.
  

Download pfSense

1. Download ISO Image
   

Go to the official pfSense website and download the ISO image for your hardware (installer for USB or CD/DVD).

2. Creating installation media
   

Use a tool such as Rufus (for Windows) or dd (for Linux) to create bootable installation media from the ISO image.

Installing pfSense

1. Start Server
   

Insert the installation media into the server and boot it. Access the BIOS/UEFI to select the installation media as the boot device.

2. Install pfSense
   

Follow the on-screen instructions to install pfSense. You will need to configure basic settings such as the destination disk and partitions. The installer will guide you through the initial configuration process.

Initial configuration

1. Access the Web Interface
   

After installation, connect to the pfSense web interface using the default IP address (usually 192.168.1.1). Log in with the default credentials (usually admin / pfsense).

2. Configuring Network Interfaces
   

Configure your network interfaces by following the initial configuration wizard. Ensure that your WAN and LAN interfaces are correctly configured for Internet and LAN connectivity.

3. Configuring Firewall Rules
   

Configure firewall rules to control incoming and outgoing traffic. You can add rules to allow or block connections according to your security needs.

4. Configuring VPNs
   

If you want to configure VPNs, go to the VPN tab and follow the instructions for configuring VPN connections (OpenVPN, IPsec, etc.).

5. Update pfSense
   

Make sure your pfSense installation is up to date by going to the System > Firmware tab and checking for available updates.

Advanced use of pfSense

Once pfSense is installed and configured, you can explore advanced features to improve the security and management of your network:

• Configure VLANs: Use VLANs to segment the network and improve security.
• Network monitoring: Install plugins like ntopng to monitor network traffic in real time.
• Setting up an IDS/IPS: Configure Snort or Suricata to detect and prevent intrusions.
  

Conclusion

pfSense is a powerful and flexible solution for firewall management and routing. With its advanced features, ease of configuration and scalability, pfSense is ideal for businesses and home users alike looking to secure and optimise their network. With an active community and rich documentation, pfSense gives you all the tools you need to create a secure, high-performance network.

Useful links

• Official website of pfSense
• Official pfSense documentation
• pfSense GitHub Repository
  

Share your experiences with pfSense and ask your questions in the comments section!

Why choose Tailscale?

1. Easy to install and configure

Tailscale is designed to be easy to install and configure. Unlike traditional VPNs that require complex configurations, Tailscale lets you create a virtual private network in minutes. Thanks to its peer-based configuration model, there’s no need to configure complex VPN servers or routes.

2. Zero-Trust model

Tailscale adopts a Zero-Trust security model, which means that no user or device is assumed to be trusted by default. Each connection is authenticated and authorised individually, offering increased security over traditional VPN models. This reduces the risk of network compromise by limiting access to critical resources.

3. Secure access to resources

With Tailscale, you can securely access your network resources, such as internal servers, applications and services, even when you’re on the move. You can also configure specific access for different users and groups, ensuring that only authorised users can access sensitive resources.

4. Easy integration with existing tools

Tailscale integrates easily with your existing tools and services. It runs on a variety of operating systems, including Windows, macOS, Linux, iOS and Android. You can also use Tailscale with your identity management tools to simplify user and permission management.

5. Simplified Remote Access

For remote teams or users who need to access internal resources from different locations, Tailscale offers a simple and secure solution. You can establish VPN connections between your devices without the need for complicated configuration, making it easier to work remotely.

Installing and configuring Tailscale

Installing Tailscale is quick and easy. Here’s a step-by-step guide to setting up Tailscale on different operating systems.

Prerequisites

Before you start, make sure you have the following items:

• A Tailscale account. You can register for a free account on the Tailscale website.
• A Tailscale-compatible device (Windows, macOS, Linux, iOS or Android).
  

Installation on Linux

1. Add the Tailscale Depot
   

Add the Tailscale repository to your system with the following commands:

curl -fsSL https://tailscale.com/install.sh | sh

2. Start Tailscale
   

Once the repository has been added, start Tailscale :

sudo tailscale up

You will be asked to log in with your Tailscale account. Follow the on-screen instructions to authorise the device.

3. Check Connection
   

Check that Tailscale is correctly installed and connected with :

tailscale status

Installation on Windows

1. Download and install Tailscale
   

Download the installation programme from the official Tailscale website. Run the installer and follow the instructions.

2. Connect
   

After installation, open the Tailscale application and log in with your Tailscale account. You may need to allow the application to make changes to your device.

3. Check Connection
   

You can check the connection status using the Tailscale application interface.

Installation on macOS

1. Download and install Tailscale
   

Download the Tailscale application from the official Tailscale website and drag it into the Applications folder.

2. Connect
   

Open the Tailscale application, log in with your Tailscale account and follow the on-screen instructions.

3. Check Connection
   

Check that Tailscale is connected by looking at the icon in the menu bar.

Installation on iOS and Android

1. Download the Application
   

Download the Tailscale application from the App Store (iOS) or Google Play Store (Android).

2. Connect
   

Open the application, log in with your Tailscale account and follow the on-screen instructions.

3. Check Connection
   

You can check the connection status directly from the Tailscale application.

Using Tailscale

Once Tailscale has been installed and configured, you can start using your virtual private network. Here are some tips on how to get the most out of Tailscale:

• Access Internal Resources: Use the IP addresses provided by Tailscale to access internal servers and applications.
• Manage Users and Permissions: Access the Tailscale dashboard to manage users and define security policies.
• Use Groups: Create groups to organise users and make access management easier.
  

Conclusion

Tailscale is a modern VPN solution that simplifies the management of virtual private networks thanks to its Zero-Trust approach. With easy installation, enhanced security and seamless integration with your existing tools, Tailscale is ideal for individuals and teams looking to secure and simplify their network connectivity. Whether you work remotely or manage multiple internal resources, Tailscale offers an efficient and flexible solution to meet your network needs.

Useful links

• Official website of Tailscale
• Official Tailscale documentation
  

Share your experiences with Tailscale and ask your questions in the comments section!

Why choose Nginx-Proxy and Nginx-Proxy-Acme?

1. Simplified management of Reverse Proxies

nginx-proxy makes it easy to manage multiple Docker applications using an Nginx reverse proxy. It automatically detects Docker containers and configures Nginx to redirect them according to domain headers.

2. Automatic SSL Certificates with LetsEncrypt

nginx-proxy-acme is an add-on to nginx-proxy that automates SSL certificate management with Let’s Encrypt. It automatically generates and renews SSL certificates, guaranteeing greater security without manual intervention.

3. Dynamic Configuration

Both tools use dynamic configuration to simplify the management of virtual hosts and SSL certificates. You don’t need to modify the Nginx configuration files manually every time you add or remove a container.

4. Open Source and Free

Both tools are open source and free, allowing you to use them, modify them and adapt them to your needs at no cost.

Installing Nginx-Proxy and Nginx-Proxy-Acme with Docker Compose

Installing nginx-proxy and nginx-proxy-acme via Docker Compose is simple. Here’s a step-by-step guide to configuring these tools on your server.

Prerequisites

Before you start, make sure that Docker and Docker Compose are installed on your server. You can install them using the following commands:

sudo apt update
sudo apt install docker.io docker-compose -y

Creating the Docker Compose file

Create a docker-compose.yml file in a directory of your choice. This file will contain the configuration required to deploy nginx-proxy and nginx-proxy-acme. Use the following code to configure the services:

version: '3'

services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx-proxy_conf:/etc/nginx/conf.d
      - ./nginx-proxy_vhosts:/etc/nginx/vhost.d
      - ./nginx-proxy_certs:/etc/nginx/certs
      - /var/run/docker.sock:/tmp/docker.sock
    restart: always

  nginx-proxy-acme:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    volumes:
      - ./nginx-proxy_certs:/etc/nginx/certs
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DEFAULT_EMAIL=your-email@example.com
    depends_on:
      - nginx-proxy
    restart: always

Explanations

• nginx-proxy:
• image: Indicates the official Docker image for nginx-proxy.
• container_name: Name of the container for easy identification.
• ports: Maps container ports 80 and 443 to host ports 80 and 443 to manage HTTP and HTTPS traffic.
• volumes: Mounts the directories needed to store the Nginx configuration, certificate files and communication with the Docker socket.
• restart: Ensures that the container restarts automatically in the event of failure.
  
• nginx-proxy-acme:
• image: Indicates the official Docker image for nginx-proxy-acme.
• container_name: Name of the container for easy identification.
• volumes: Mounts the directories needed to store SSL certificates and communication with the Docker socket.
• environment: Defines the email address for certificate renewal notifications.
• depends_on: Ensures that nginx-proxy-acme starts after nginx-proxy.
  

Launch Services

Once you have created the docker-compose.yml file, start the services with the following command:

sudo docker-compose up -d

This command downloads the Docker images, creates the containers, and starts nginx-proxy and nginx-proxy-acme in the background. The services will be automatically configured to handle HTTP and HTTPS requests for your Docker applications.

Configuring Docker Containers

For nginx-proxy to manage Docker containers, you need to set the VIRTUAL_HOST and LETSENCRYPT_HOST environment variables in your other Docker services. Here is an example configuration for a Docker container:

version: '3'

services:
  web:
    image: your-web-app
    environment:
      - VIRTUAL_HOST=yourdomain.com
      - LETSENCRYPT_HOST=yourdomain.com
      - LETSENCRYPT_EMAIL=your-email@example.com

Conclusion

nginx-proxy and nginx-proxy-acme are powerful tools for managing reverse proxies and SSL certificates for your Docker applications. Thanks to their simple installation via Docker Compose and their ability to automate the management of SSL certificates, these tools make it much easier to administer your web services while ensuring greater security.

Useful links

• Official Nginx-Proxy website
• Nginx-Proxy GitHub repository
• Official website of Nginx-Proxy-Acme
• Nginx-Proxy-Acme GitHub repository
  

Share your experiences with nginx-proxy and nginx-proxy-acme and ask your questions in the comments section!