This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ------------------------------------------------ | |
# Config files are located in /etc/wireguard/wg0 | |
# ------------------------------------------------ | |
# ---------- Server Config ---------- | |
[Interface] | |
Address = 10.10.0.1/24 # IPV4 CIDR | |
Address = fd86:ea04:1111::1/64 # IPV6 CIDR | |
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Add forwarding when VPN is started | |
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # Remove forwarding when VPN is shutdown |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This guide will show you how to configure ddclient to dynamically update your DNS at Cloudflare. | |
# This cookbook makes use of a number of online guides - all of which I will reference at the end. | |
# Cloudflare requires ddclient to be version 3.8.2 or you will get a 'cloudflare protocol didn't exist'. | |
# Unfortunately, the package manager at this time makes use of 3.8.1 | |
# My suggestion is to follow the semi-autonomous process, by downloading the out of date package | |
# and then manually update a few files. If you prefer, you can go down the fully manual route manual route. | |
# Installation - Manual (Not Tested: https://www.cloudflare.com/technical-resources/#ddclient) | |
# Installation - Semi-Autonomous (Recommended, follow below) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nginx conf for proxying the FreeIPA UI. ipa.my.org is the proxy name, realipa.my.org is the master. | |
server { | |
listen 443 ssl; | |
server_name ipa.my.org; | |
ssl on; | |
ssl_certificate /etc/nginx/ssl/ipa.crt; | |
ssl_certificate_key /etc/nginx/ssl/ipa.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers AES256+EECDH:AES256+EDH:AES128+EECDH!aNULL; |