New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[FOSSVPS - OnlyServers] Free London VPS with a pretty good network!
This discussion has been closed.
Comments
Thanks @Not_Oles for sharing this Machine!!
I've installed the RIPE Software Probe, here's a link to it : https://atlas.ripe.net/probes/1012091/overview
More information about RIPE Atlas : https://www.ripe.net/analyse/internet-measurements/ripe-atlas/
@Starnberg Thanks for your helpful comment!
This is what I imagined to be the case.
Yes.
I don't know much about tinyproxy, but I've used it successfully for some years with both http and https. It's easy to understand the configuration file. If I can do it, anyone can.
May I please ask what it is you don't like about Apache?
Why not allow each user the opportunity to set up what he needs in the way he wants?
Just to be clear, I am glad for the discussion and I am glad to hear opposing opinions. Thanks for contributing generously to our discussion!
Looks like we might have only one more static IPv4 VPS, and there are several more NAT IPV6 VPSes available in London.
Thanks to @dan_onlyservers for his generous donation and to @netixen for facilitating the donation.
I meant HTTPS in the server role of a reverse proxy. In forward mode, it certainly can pass HTTPS traffic. But for reverse mode, it would need to be configured with certificates and a key for the TLS termination, and at least in the man page for my distribution-provided
tinyproxypackage, I can't find any options as to how to set those.Mainly just the config files (the structure and how they work). And afaik, nginx is faster than apache too!
Yeah, but I assume not everyone will be able to get a dedicated IP?
I got my vps today.
What I've done:
While hetrixtools itself is not open source, the agent is.
I will probably switch to uptime kuma or the resource monitor that @lukast__ made.
Todo for tomorrow:
I wish every client / member of FOSSVPS posted about what they are doing! Thank you!
Thi is what I love to see! 
Sure, but can you please add some specifics? For example, this is the configuration structure for an Apache which I have installed on a Debian VPS:
Basically there is an overall conf (apache2.conf) and "available" and "enabled" for conf, mods, and sites. The "enabled" directories contain symlinks to the "available" directories.
When I first looked at all this it seemed crazy complicated. I didn't find an easy and super simplified high-level view of the configuration structure.
I've only configured Apache a few times. I haven't done anything complicated with it. I don't know much about Apache.
Nevertheless, one thing I especially like about Apache is that they seem pretty open about vulnerability reports: https://httpd.apache.org/security/vulnerabilities_24.html
I don't remember ever trying to configure Nginx. Maybe somebody could post about the overall configuration difference between Nginx and Apache? And between Debian's Apache and other distros' https?
Thanks!
Right!
So, besides a reverse proxy on the node, how else could a NAT VPS user set up a WAN https server with a trusted certificate?
Thanks!
Re reverse proxy / npm discussion.
As we are talking about a single machine with not that many NAT users on it, I feel that there is no point complicating things. Use either nginx or apache to check the domain name used and send it to the required NAT port. This would then be easily scripted.
With (admittedly older) trafficserver, essentially the following config changes/additions with respect to Debian 11 default are needed across three files:
records.config (the main configuration file):
CONFIG proxy.config.http.server_ports STRING 443:ssl 443:ipv6:ssl 80 80:ipv6The default is to listen on plain HTTP on 8080 only for forward mode.
ssl_multicert.config (I think newer versions have migrated to YAML format for this and other config files):
ssl_cert_name=/etc/trafficserver/my-domain.net/fullchain.pem ssl_key_name=/etc/trafficserver/my-domain.net/privkey.pemIf desired, trafficserver can also directly read from privileged locations such as /etc/letsencrypt/live, but needs a setting in records.config to do the reading in elevated mode (
CONFIG proxy.config.ssl.cert.load_elevated INT 1). One can have one cert/key for multiple domains, or multiple certs/keys each with an entry here.remap.config for the actual reverse proxy configuration:
As the name
redirectimplies, this is for redirects, e.g., to enforce https, as above, or to redirect to some other location (site and/or path).mapis for the actual mapping of the name + path to the actual destination aka origin.reverse_mapis for undoing the mapping in response headers (not body) sent by the origin, e.g., when the origin sends a redirect to some other path within its own tree.haproxy can do that easy
nginx can do that too. So many options ๐
That was my point: With trafficserver, it is essentially just three changes/additions with respect to the default configuration (on Debian).
Might be possible with other proxy servers as well, but when I started with that topic, all the others seemed much more complex to start with because one had to tweak so many options/synthesize a config pretty much from scratch just for a really basic setup. Even to figure out those three options for trafficserver among the hundreds of knobs that are available took some time, but now, it essentially boils down to those three.
Not unlikely that I might have missed approaches for other implementations that might have made it easier than it appeared at the time.
And as always, YMMV.
Computer says NO to nginx!
provide a config 
Reading nginx manual tells me nginx can't do that because it only passes tcp to a backend without any inspection but to get people proper 443 routed for their domains:
haproxy must detect SNI and do backend selection via SNI.
nginx can't do that or I don't know how
If you use this routing via haproxy every vm can have own letsencrypt certificates.
If you put nginx on the host, the admin has to configure your certificates for letsencrypt and communication from nginx to your webserver would most likely be unencrypted via pure http because you can't have a valid certificate in your vm if nginx is doing ssl on the front...
Every domain/subdomain needs an ACL line for detecting SNI hdr(host) and a use_backend line, additionally the vm ssl backend:443 must be defined.
Port 80 needs ACL too but simpler, only detect if it's an acme-challange request from letsencrypt for the sub/domain and route to the desired vm:80 else redirect to :443
I say: that's too much work for the admin to maintain the config for a free server/service.
The question should be: Why do you have a domain if you can't pay for a server??
Hi,
Not sure the free server ended yet, I want a small server with some NAT ports on IPv4 and an dedicate IPv6, below is applications I'll using:
Thank you so much.
Hi @vuanhson!
Thanks for your request!
I will PM you login info in an hour or two. I will post again here when the PM is sent.
There might be one more dedicated IPv4 VPS available in London and several more with NAT IPv4.
Thanks to @dan_onlyservers for this nice server!
Best!
Tom
@Starnberg @BasToTheMax @devjorge
Wow! Thanks for the fun discussion!
It's nice for me to work, especially if I get to learn something new.
My hesitation stems mostly from wanting to offer a good service, and from feeling that I ought to offer services with which I have a reasonable degree of confidence in configuration, among other things.
Best wishes, and I hope the discussion continues!
Ooh I didn't know HA proxy used SNI. I thought it used the Host header (like a lot of webservers do.!
So technically HA proxy could also be used for other protocols/things as long as the first packet contains a hostname?
I know next to nothing about nginx, but isn't this what you are looking for?
https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html
@vuanhson Thanks again for your request! Login info sent by PM. Welcome to the server!
Thanks again to OnlyServers for providing this great server node in London!
other protocols and first packet?: i think not.
haproxy can do tcp or http and detect ssl in tcp streams, maybe more. read the docs
thanks yes that looks like it
Hi, old Linux nerd here. Been using Linux since 1994 Slackware times. If you still have would like to try small vps. Docker, wireguard + unbound. Etc small testing. Thank you.
Hi @Tandoor!
Nice to meet you! Thanks for your request! Welcome to LET!
Since you have a new LET account, and since you haven't provided any additional links about your community contributions, probably we have to wait until you add more information to your request or until we get to know you from your friendly and helpful post history here.
Best wishes and thanks again!
Tom
Hello,
I just opened a new FOSSVPS thread at
https://lowendtalk.com/discussion/208497/new-free-vps-location-alexhost-chisinau-moldova-via-fossvps/p1
May we please continue this thread's fun discussions in the new thread?
May we please close this thread as well as all the other, earlier FOSSVPS threads?
Thank you!
Tom