This writeup uses AdGuard for ad blocking, specifically "AdGuard Home".
The "How to setup?" link from their homepage pointing to their github repo says that you accept a EULA[0] on clicking the link. The EULA seems to directly contradict their repo GPLv3 license. [1]
For people using network level ad blocking, do you ever run into annoyances where there's a site you want to access and just can't? Mostly links that route through an analytics network. First time you click on a twitter link for example, or some referrer store links. And once you're stuck, there's normally nothing you can do. At least on the browser I can temporary turn off an extension, but I've found that network level blockers get in the way sometimes.
This is why I don't run pihole or NextDNS at the network level anymore, my wife had too many annoyances with slick deals and other things. Whitelists covered most but not everything.
> my wife had too many annoyances with slick deals and other things.
Running the browser remotely is one way. I usually abuse archive.is or brow.sh or startpage's anonymous browsing to that affect. Cloudflare bought a startup in the space...let's see what they come up with for the consumers: https://techstartups.com/2020/01/07/cloudflare-buys-remote-b...
May be, NextDNS and others through their in-browser plugin can optionally follow the redirects (remotely) to find if the eventual destination is not blacklisted (but that's too much of an ask since following HTTP redirects is different from DNS CNAMEs).
NextDNS will soon have a solution to auto-follow tracking links and allow some blocked domains temporarily from the blockpage. Just make sure you install the root CA on all devices.
pihole has an API to disable adblocking, which is just an HTTP request so it's pretty easy to trigger. For example, on iOS, write a shortcut so that you can "Hey Siri, disable pihole".
I gave her a shortcut that disabled Pihole via ssh but it was still annoying for her. I don't mind just running it on my devices. I pay for YouTube premium and other things already anyway.
There's an android app I use, called FlutterHole that gives you a one click way to temporarily disable the PiHole block. Under the covers it's using an API call.
I believe that Kubernetes is artificially injected in your setup. You can just run your DNS server on the server and advertise it on the VPN address. You can still address it from anywhere in the VPN.
I did not downvote you but, serious question: is there a need for this kind of snark?
I understand the point that running a kubernetes cluster just for this would probably be hard to justify. But, if you deploy your services to kubernetes already, then this is a nice guide to do so, isn't it?
I find it hard to understand this attitude, especially in a forum dedicated to talk about technology.
But maybe, like in any social network, there is a bias on what is put in front page. And if you have an interesting project, you might want to add an extra layer of complexity and use Kubernetes in order to gain more visibility.
Well, making things intentionally difficult sounds really stupid, but you learn a whole lot in the process, and for a side project geared towards gaining knowledge, this seemed perfect :) And in the process of setting this up I figured a new way to debug my deployments for remote k8s clusters, using kilo. Also sidenote, yes I actually do host a couple other things on my cluster including my blog, so I didn't really want to spin up a new instance just for DNS and VPN
It's also a example of a project where you can learn more about a platform. Yes, it could be run outside of k8s, but perhaps the author wanted to add the extra layer of "difficulty".
Never thought of that. But OP maybe liked tinkering with k3s and kilo. But I believe kilo's best use is for cluster to cluster connection. This use case is a bit artificial in my opinion.
How do you run the server? Create a packer image? Init scripts (or something similar)? Keep track of whether it’s up or not?
For developers who have grown up with containers, kubernetes offers the simplest, most familiar way to deploy a service.
I recently had to setup a factorio server. The official guide mentions downloading the binary and using init scripts to get it running. I tried to debug obscure issues with the binary for a few hours before getting fed up and looking for a containerized image; once I found that, it was super easy to start one locally. GCP offers a “container on VM” feature which I then used to deploy the thing in minutes. The experience felt so easy.
Notice that I did not use kubernetes, just something that can run containers. But if I had more apps to run, most likely I would set up one.
Kubernetes is a godsend and it solves way more problems than it creates. But I just believe that this simple use case is an overkill. OP just wanted a remote DNS server that is addressable within the VPN. You don't really need Kubernetes or Kilo for that.
Sure you can write a lengthy article to describe how to configure all the apps and servers manually. But with Kubernetes, you only need to throw some YAMLs in there and call it a day.
I don't think "using Kubernetes for running VPN and adblocking servers" is overkill. With k3s, you can deploy a Kubernetes cluster on a raspberry pi in one command. Anything that can run on raspberry pi in one command just can't be overkill in my opinion.
It's not artificially injected into my setup. I already host my blog, and a couple other services on my k3s setup, and I didn't want to bootup another server just to sever as a VPN and DNS
Algo [1] is a great option for a personal VPN, and it supports WireGuard + ad blocking. I really don't understand why you would want to use k8s for something like this unless it is just a pet project.
I have a hard time understanding why people use these small script bundles on top of wireguard.
The VPN use case is the best documented one with a large amount of guides and the configuration is very simple.
I tried this setup for the first time recently (Algo and a Digital Ocean droplet) when traveling and can confirm it was excellent. In particular, you get a surprisingly polished UX for setting everything up in addition to all the usual benefits of WireGuard.
great unless you want to use it as a vpn to watch Hulu from abroad haha. They require you to use a set of specific providers, which are all blocked by Hulu.
I ended up using openVPN on a home raspberry pi, but I want to figure out how to deploy IPSec or ZeroTier rather than OpenVPN
Looks like the author is using Android. Why not just use AdGuard Home as a DNS-over-TLS server (which is supported on Android P and above)? What's the benefit of plaintext DNS over VPN compare to DNS-over-TLS?
[0] https://adguard.com/en/eula.html [1] https://github.com/AdguardTeam/AdGuardHome/blob/master/LICEN...