I’d really like to get started with this stuff but finding the technical requirement exhausting.

Trying to install privoxyvpn- “simply add the proxy to your browser and ensure the configuration is correct” (no help as to what this means, or how to do it and following the basic instructions just renders my browser unable to connect - googling the error message gives me replies like “simply make sure you read the logs” (no description of how to get to the logs or how to read them)

hearing I need a proxy and a reverse proxy, install SWAG — “first, point the A name at your server and the CNAME at the A and then install the SSL certificate - but be sure to pick between directories and subdomains if you have fewer than 20 domains in your account.”

Like what the fuck does any of this mean?

Then I hear if I have a proxy it might interfere with the reverse proxy and both might interfere with the VPN and vice versa.

How does one even get started?

  • funkless_eck@sh.itjust.worksOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    11 months ago

    Forgive my ignorance, but doesn’t the mullvad need to run through gluetun, or at least in its own docker container to be secure?

    Or to put it another way, whats the benefit/cost of installing it via dpkg as opposed to running it in a container, as opposed to running it in in gluetun (in a container)?

    i thought everything was supposed to run in a container if it’s touching the web

    • DominusOfMegadeus@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Your question touches on some advanced concepts in networking and system security, specifically around the use of VPNs and Docker containers. Let’s break down the differences and implications of running Mullvad VPN through various methods:

      1. Mullvad via DPKG Installation (Direct Install on OS):

        • Benefits:
          • Simplicity: Easy to set up for beginners.
          • System-wide VPN Coverage: All internet traffic from your computer is routed through the VPN, enhancing privacy and security.
        • Costs:
          • Less Flexibility: Harder to isolate specific applications or services.
          • Potential for IP Leaks: If the VPN disconnects, your real IP address might be exposed unless the VPN client has a kill switch.
      2. Mullvad in a Docker Container:

        • Benefits:
          • Isolation: The VPN connection is isolated to the container, enhancing security for containerized applications.
          • Flexibility: Different containers can use different network settings, allowing for complex configurations.
        • Costs:
          • Complexity: Requires understanding of Docker and networking.
          • Limited Scope: Only affects network traffic from services running within the container.
      3. Mullvad with Gluetun (VPN in a Container):

        • Benefits:
          • Enhanced Security and Isolation: Gluetun provides a VPN client in a Docker container, offering both the security benefits of a VPN and the isolation of Docker.
          • Flexibility and Control: Allows for selective routing of traffic through the VPN.
        • Costs:
          • Increased Complexity: Requires more technical know-how to set up and manage.
          • Specific to Containerized Services: Only affects traffic from applications running in Docker.

      In essence, the choice depends on your technical expertise, specific needs, and the level of security and flexibility you desire:

      • For Beginners: Direct installation of Mullvad (via DPKG) is straightforward and provides system-wide VPN coverage, suitable for everyday use.
      • For Advanced Users with Specific Needs: Running Mullvad in a Docker container or with Gluetun offers more control and isolation, which is beneficial for complex setups, such as when running multiple services with different networking requirements.

      The idea that “everything touching the web should run in a container” is more of a best practice in professional IT environments, especially for server deployments, rather than a strict rule for personal use. It offers advantages in security and manageability but comes with a learning curve and complexity that might not be necessary for simpler or personal setups.

      • funkless_eck@sh.itjust.worksOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Thank you - that is helpful.

        So the Gluetun part is really only for if I want to get into my jellyfin when away from home?