Matrix Server Logo

My Encrypted Matrix Server with Docker-Compose

Overview In this post, I will detail how I run my Matrix Server with Docker-Compose, how I use my Matrix Server as an encrypted notifications hub, and how I federate my Matrix Server over a Cloudflare tunnel (using Cloudflare’s Zero Trust interface). Short Cybersecurity Note Matrix Servers can be a part of your cybersecurity stack in your homelab or business. The component pertinent to cybersecurity related to Matrix Servers is encryption....

April 16, 2023 · 13 min · Robert D. White
pfSense, Unifi, & PIA Graphic

Policy Based Routing with Unifi, PIA, and pfSense: How I Route My IoT External Traffic through PIA VPN

Introduction In this post, I will show you how to use policy-based routing in Unifi to route specific traffic through a VPN client (I use Private Internet Access) on pfSense. This setup allows you to retain complete control of your devices and subnets via Unifi’s Network app while taking advantage of pfSense’s ability to host a VPN client. With this setup, I am getting my full ISP speeds on devices using a VPN for encryption....

November 7, 2022 · 6 min · Robert D. White
pfSense, Unifi, & PIA Graphic

How to Use pfSense and Unifi to Anonymize and Encrypt VLAN Tagged Traffic

#UPDATE 11/05/2022 Original post date: 2021-04-05 This update contains specific configuration options to use 4096 bit RSA keys, SHA256 Auth digest algorithm, and AES256 encryption. The original post used the default key length of 2048 from PIA, SHA1, and allowed for AES128. Throughout the post, I will tag updated information with #Update. Introduction This post aims to show you how to use pfSense within a Unifi network behind a Unifi Gateway [in my case, the gateway is the Unifi Dream Machine Pro (hereafter referred to as UDMP)]....

November 5, 2022 · 11 min · Robert D. White
Cloudflare Tunnel

Cloudflare Tunneling to Internal Resources with Cloudflared

Introduction This post will cover how to set up a Docker container of Cloudflared on your internal network to provide a private tunnel from Cloudflare to your internal resources. After setting up the Cloudflared tunnels, you will no longer need to expose ports 80 and 443. This post assumes you currently have a vibrant and functioning internal network with a reverse proxy (in my case, Nginx Proxy Manager) already configured....

June 27, 2022 · 5 min · Robert D. White
OSSIM Logo

'Split-Brain DNS' for Internal HTTPS with Let's Encrypt

Introduction In this previous post, I showed how to connect to a Unifi router with HTTPS, effectively ridding you of the tedious words, “Your connection is not private.” However, the method shown in that post directs your connection to an external DNS server (e.g., CloudFlare) in order to resolve your Unifi router. This adds some latency by requiring your traffic to flow out and in rather than staying local. Additionally, it requires opening some ports externally....

May 13, 2022 · 10 min · Robert D. White