git clone https://github.com/certbot/certbot /opt/letsencrypt
ln -s /opt/letsencrypt/certbot-auto /usr/bin/certbot
certbot certonly --expand --agree-tos --text --non-interactive \
--standalone \
############ WordPress #################### | |
# Disable logging for favicon and robots.txt | |
location = /favicon.ico { | |
try_files /favicon.ico @empty; | |
access_log off; | |
log_not_found off; | |
expires max; | |
} |
# wp-secure.conf | |
# | |
# | |
# This file includes common security considerations for wordpress using nginx. | |
# | |
# The goal is to block actions which are usually dangerous to wordpress. | |
# Additionally, we block direct access to PHP files and folders which should not | |
# be accessed directly from a browser. | |
# | |
# Also have included exceptions for plugins that are known to require this access. |
git clone https://github.com/certbot/certbot /opt/letsencrypt
ln -s /opt/letsencrypt/certbot-auto /usr/bin/certbot
certbot certonly --expand --agree-tos --text --non-interactive \
--standalone \
# for ISAKMP (handling of security associations) | |
iptables -A INPUT -p udp --dport 500 --j ACCEPT | |
# for NAT-T (handling of IPsec between natted devices) | |
iptables -A INPUT -p udp --dport 4500 --j ACCEPT | |
# for ESP payload (the encrypted data packets) | |
iptables -A INPUT -p esp -j ACCEPT | |
# for the routing of packets on the server | |
iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0 | |
# internet access | |
iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT |
ℹ️ Please note this research is from 2016 when Opera has first added their browser "VPN", even before the "Chinese deal" was closed. They have since introduced some real VPN apps but this below is not about them.
🕵️ Some folks also like to use this article to show a proof that the Opera browser is a spyware or that Opera sells all your data to 3rd parties or something like that. This article here doesn't say anything like that.
When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.
The browser then talks to a proxy de0.opera-proxy.net
(when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42
(or similar, see below). It's an HTTP/S proxy which requires auth.
With the scarecity of IPv4 addresses, and IPv6 still not available at large, NAT traversal is becoming a necessity. Especially with the generalisation of Carrier-grade NATs that you can find on mobile connections. Even with IPv6 you may suffer NAT66. Imagine your mobile device that gets only a single Ipv6 address, and you want to share it on your computer.
The solution might be in a decentralized protocol for address attribution such
<html> | |
<head> | |
<title>WebSocket demo</title> | |
</head> | |
<body> | |
<div> | |
<form> | |
<label for="numberfield">Number</label> | |
<input type="text" id="numberfield" placeholder="12"/><br /> |
package main | |
import ( | |
"crypto/tls" | |
"crypto/x509" | |
"fmt" | |
"io" | |
"log" | |
) |
// node.js 0.5 Diffie-Hellman example | |
var assert = require("assert"); | |
var crypto = require("crypto"); | |
// the prime is shared by everyone | |
var server = crypto.createDiffieHellman(512); | |
var prime = server.getPrime(); | |
// sharing secret key on a pair |