1·
13 hours agoFor now yes but the very specifics of DNS over https make that impossible if enforced one day.
Shimitar
- 0 Posts
- 6 Comments
Joined 1 year ago
Cake day: January 28th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I removed health checks because o think they don’t work properly with podman how I use it, but I might be wrong.
Anyway, glad it helped! That’s the spirit why I wrote it.
Actually I am behind CGNAT so when away I connect to my VPS that has a nginx pointing to a wireguard endpoint to the internal server. Wireguard is also managed by opnSense but that’s a choice, not mandatory.
When home, my VPS ip gets rerouted on port 443 (and 80, mandatory for let’s encrypt) to the internal ip of my server.
Going the split DNS way is doable but had other issues (android devices bypassing local DNS for example or DNS over HTTPS issues)
I set up my opnSense to redorect all internal traffic to the external IP on port 443 to my internal server ip.
Works fine, it’s transparent, and doesn’t mess with DNS.
I run TA with success since many months. It’s fast and responsive, so I guess it’s an issue with your setup?
The metadata bridge to jellyfin alfo works pretty nice, I have no complaints…
You can check my notes at https://wiki.gardiol.org/doku.php?id=services%3Atubearchivist
But be advised I am on rootless podman with docker compose
DOH goes over port 443 using https, impossible to block (unless you want to blacklist all possible URLs that might serve DNS) so cannot be redirected at network level, like with classic DNS, and uses SSL encryption so cannot be “sniffed” and redirected.
In other words: say goodbye to ad blockers based on DNS like pihole or adguard
While it seems good for your privacy, it’s a dream for Google and such, where PiHoles and such DNS blockers will be useless…