Server

Misc

  • Resources

    • Heiss guide on setting up a caddy server on a Digital Ocean droplet with Docker and {plumber}
    • hrbrmstr thread on scanning your network for compromised IPs and other assets
      • greynoise tool checks to see if your IP is being used by botnets
      • runZero
        • Scans your local networks and profiles your external IP.
        • You start w/a free trial, but get moved to a free community edition for small businesses and personal use after the trial ends.
        • You login using your email. Then just follow the Getting Started steps
        • Notes
          • Downloaded an “explorer”
          • Scan
            • Ran an initial scan on my home network.
            • The default was to send a 1000 packets/sec which (when I started it) said that it could take 4 hrs. I decided to try 3000 packets. This made my internet unusable, caused my VPN to restart (and not with the right settings). Going to try a 1000 and shutdown everything VPN related and see if that works.
      • ShieldsUp
        • Provides internet security vulnerability profiling services (seems similar to runZero).
    • Hosting files with basic security (Thread)
      • Host a http server and use randomized path for hosting things you want to not make completely public.
      • Turn off directory listings for the directory with the randomized paths
        • They’re secure until someone shares a link outside of the group you want to have it.
      • If you want to set up “basic auth” you can have a slightly awkward username/password setup.

Proxies

  • Notes from What is a reverse proxy?

  • Forward Proxies

    • AKA a proxy, proxy server, or web proxy, is a server that sits in front of a group of client machines.
    • When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman.
    • Basic Flow (See pic)
      • A: This is a user’s home computer
      • B: This is a forward proxy server
      • C: This is a website’s origin server (where the website data is stored)
    • Use Cases
      • To avoid state or institutional browsing restrictions - Some governments, schools, and other organizations use firewalls to give their users access to a limited version of the Internet. A forward proxy can be used to get around these restrictions, as they let the user connect to the proxy rather than directly to the sites they are visiting.
      • To block access to certain content - For example, a school network might be configured to connect to the web through a proxy which enables content filtering rules, refusing to forward responses from Facebook and other social media sites.
      • To protect their identity online - For example, if political dissidents uses a forward proxy to connect to a website where they post politically sensitive comments, the IP address used to post the comments will be harder to trace back to the dissident. Only the IP address of the proxy server will be visible.

  • Reverse Proxies

    • A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers
    • Implemented to help increase security, performance, and reliability
      • Typically the most common way of adding https to a website
    • Basic Flow (See pic)
      • D: Any number of users’ home computers
      • E: This is a reverse proxy server
      • F: One or more origin servers
    • Use Cases
      • Load Balancing - Instead of a single site, the site can be distributed among a pool of different (origin) servers, all handling requests for the same site.
        • A reverse proxy (load balancer) will distribute the incoming traffic evenly among the different servers to prevent any single server from becoming overloaded. In the event that a server fails completely, other servers can step up to handle the traffic.
        • Global server load balancing (GSLB) - A website can be distributed on several servers around the globe and the reverse proxy will send clients to the server that’s geographically closest to them which minimizes load times.
      • Protection from attacks - With a reverse proxy in place, a web site or service never needs to reveal the IP address of their origin server(s).
        • This makes it much harder for attackers to leverage a targeted attack against them, such as a DDoS attack. Instead the attackers will only be able to target the reverse proxy, such as Cloudflare’s Content Delivery Network (CDN), which will have tighter security and more resources to fend off a cyber attack
      • Caching - A reverse proxy can also cache content, resulting in faster performance.
        • For example, if a user in Paris visits a reverse-proxied website with web servers in Los Angeles, the user might actually connect to a local reverse proxy server in Paris, which will then have to communicate with an origin server in L.A. The proxy server can then cache (or temporarily save) the response data. Subsequent Parisian users who browse the site will then get the locally cached version from the Parisian reverse proxy server, resulting in much faster performance.
      • SSL encryption - Encrypting and decrypting SSL (or TLS) communications for each client can be computationally expensive for an origin server. A reverse proxy can be configured to decrypt all incoming requests and encrypt all outgoing responses, freeing up valuable resources on the origin server.
    • Example: Plumber API and Caddy (source)

      • If you have your own server, you can set up Caddy, which comes with https, to act as a reverse proxy for your API.

      • Create plumber.R file

        ibrary(plumber)

pr() |>
  pr_get("/echo", function(msg = "") {
    list(msg = paste0("The message is: '", msg, "'"))
  }) |>
  pr_get("/sum", function(a, b) {
    as.numeric(a) + as.numeric(b)
  }) |>
  pr_run(port = 8888)

      • Create Caddy file

        # serve the plumber API over HTTPS
localhost:443 {
    reverse_proxy localhost:8888
}
        • It takes any requests to localhost and passes the request to the plumber API on port 8888, captures the response and sends it back to the client.
        • The https protocol requires binding to port 443.

      • Start both processes

        (R -f plumber.R) & caddy run
        • This will run the plumber API in the background and then the caddy process.

Brands

  • Differences between caddy and nginx (ChatGPT 3.5)

    • Configuration:
      • Nginx uses a complex, block-based configuration language, which can be challenging for beginners.
      • Caddy uses a simpler, declarative configuration file called the Caddyfile.
    • Automatic HTTPS:
      • Nginx requires manual configuration for HTTPS and certificate management.
      • Caddy automatically obtains and manages TLS certificates, making it easier to secure your website.
    • Plugins:
      • Nginx has a vast ecosystem of third-party modules, but adding these can increase complexity.
      • Caddy has built-in modules for common tasks like logging, rate limiting, and authentication, reducing reliance on external tools.
    • Performance:
      • Both are performant, but benchmarks often show Caddy with a slight edge in low-resource situations.
    • Ease of use:
      • Caddy is generally considered easier to learn and use due to its simpler configuration and focus on automation.
      • Nginx has a steeper learning curve but offers more control for experienced users.

  • Harrell on the benefits of Netlify vs AWS (source)

    • “… when you have to support your own Linux or Windows web server such as an AWS Lightsail instance, the time spent in keeping the site secure and software updated is significant, and doing updates to web pages is not as easy as the local ~/web Netlify mirroring approach. It is far easier to host a static web site where Netlify takes care of 100% of system and web server software issues. There is nothing to update on your site other than the actual web content.”

  • Comparison of Cloud Providers (Jan 2025, source)

    Service Free Bandwidth Limit/Mo Notes
    Cloudflare Pages Unlimited Just don’t host Netflix
    GitHub Pages Soft 100 GBs “Soft” = probably fine if you go viral on reddit sometimes
    GitLab Pages X,000 requests/min Lots of nuances, somewhat confusing
    Netlify 100GB Pay for more
    AWS S3 100 GB Credit card required, just in case… but apparently Amazon is very forgiving of accidental overages