10:15 AM 11/26/2025 ========================= [x] use cdn. R2 bucket for the WSL front page image 9:20 AM 11/24/2025 ========================= [x] migrate gcp. & wsl. to Cloudflare Zero Trust for tunnel management, replacing old method of shell use through cloudflared. (warning! irreversible) on existing config.yml choices both in editing or adding new proxy rows [x] move apex webhosting data back to Cloudflare R2 buckets with index.html index cludge rule re-enabled 11:49 AM 11/22/2025 ========================= [ ] figure out why tmux attach doesn't work on WSL sometimes [ ] UI suggestion to qbittorrent: The "fire" icon - which looks like "hell yeah, my torrents are blazing fast" - is actually qBittorrent’s way of saying "buddy, no incoming connections, you're ghost-seeding." [ ] Windscribe UI suggestion for desktop app: Separate app lists for Inclusive and Exclusive Split‑Tunneling modes Currently, the Inclusive and Exclusive split‑tunnel modes share the same application list. This increases the risk of accidental leaks when switching modes, since the same entries invert their behavior. Each mode should maintain its own independent list and clearly indicate active apps per mode. By having this in your codebase, you're just asking for some smug pro-hax0r guy to get bitten, and post a nasty Reddit thread about why Windscribe is a terrible choice for a VPN! 8:16 PM 11/21/2025 ========================= [x] migrate from static R2 "web" hosting for apex to nginx on GCP 5:00 AM 11/21/2025 ========================= [x] set up cloudflared WSL tunnel 7:46 PM 11/20/2025 ========================= [x] set up rclone interface for Cloudflare R2 buckets (using S3 interface) [x] install WinFsp for FUSE mounting (required for rclone on Windows) [x] figure out Windows Terminal profiles for icon changing, background colours for stuff easier on the eyes, etc. 11:42 PM 11/19/2025 ========================= Some notes about locking things down on GCP [x] restrict SSH from IP ranges. [x] reserved IPv6 [...] waiting for a reply from Google about not being able to add an address for an existing VM [x] use cloudflared tunnel to handle everything. - no need for static IPv4 - can completely block all public http and https traffic, both GCP and OS firewalls. - no longer needs Lets Encrypt 8:10 AM 11/19/2025 ========================= CentOS Stream (RHEL-ish) commands for basic nginx support with TLS # 1. Set the default zone to public sudo firewall-cmd --set-default-zone=public # Allow HTTP (port 80) sudo firewall-cmd --permanent --add-service=http # Allow HTTPS (port 443) sudo firewall-cmd --permanent --add-service=https # Reload firewall to apply changes sudo firewall-cmd --reload # Verify rules sudo firewall-cmd --list-all ---------------------- # Start Nginx immediately sudo systemctl start nginx # Enable Nginx to start on boot sudo systemctl enable nginx # Check status sudo systemctl status nginx ----------------- # As root - dnf install certbot python3-certbot-nginx # will add the other shit it uses too - edit the nginx.conf, change the server name from _ to your domain (if applicable) - certbot --nginx - if you made changes and want to test renewal, use: certbot renew --dry-run 7:42 PM 11/4/2025 ========================= When compiling Rust on Windows, x86_64-pc-windows-msvc target will 1) impose and carry over the Visual Studio "Community" license terms, even if you're just using the linker and not a C/C++ compiler 2) require VC++ 14's runtime (which comes with Windows 11) You can use the x86_64-pc-windows-gnu or x86_64-pc-windows-gnullvm target instead to remove both of these caveats. The latter doesn't require any installs like MinGW does apparently but I have yet to try it.