Yeah I had SearXNG running via a Docker container and it was pretty good. I didn’t like having to use a domain name and expose it over the internet though, because Docker is running on my NAS. I guess I could give it another try using Cloudflare tunnels so I don’t have to open anything up.

Or else go back to Startpage.

My 100-search trial expired this week and I was literally planning on subscribing later tonight. This has made me think twice.

But it takes me back to why I tried Kagi in the first place: What else can I use that respects privacy?

I don’t think any of them do completely. DuckDuckGo uses Bing, so is Microsoft; Google is… well, Google; Brave is apparently really shady; I’ve never thought much of the results from Bing directly. Startpage seemed ok but apparently uses Google.

What else?

I also like something to be integrated into the browser. As a Mac user, I can’t add new search engines to Safari (and have actually switched to Orion, but may now switch to Firefox or back to Safari).

Exactly! I saw the App Store version was ripped of a few features and subscription-based so was a no-no. Hence trying to get it from Panic.

When I traded in the MBA I had the option of bank transfer or Apple credit and I (foolishly) chose credit because, at the time, my wife was going to trade her iPad and get a new one, so figured the credit would come in handy. She then changed her mind. So at the moment it’s just paying my subscriptions (Apple One, etc.) I guess until it runs out or I buy something.

Sorry, I wasn’t classing Chrome and Chromium as the same thing. I’m a software developer of 20 years so I understand they’re not the same thing. I guess I just took that opportunity to state that I don’t use Google services/products if I can help it.

In work we’re a Windows house, but I’ve managed to get my hands on an M2 MacBook Pro. For now I’m still using Edge but would like to get my iCloud exemption so I can use some of the apps on my personal MBP for work, and I’m wondering whether I should continue using Edge for work and A. N. Other browser for personal (and mirror this on my iPhone); or whether to use profiles, for example, on Safari and split it that way. I might be limited to what I can download on the work machine, but I’d like to synergies everything as much as I can where possible rather than having two completely different Mac experiences with my iPhone sort of thrown in the middle of both.

Which browser do you prefer? I assume a Chromium-based derivative?

I have/had a ProtonMail account, and whilst it was great, I believe it was only end-to-end encrypted when sending emails to other people using ProtonMail…? Or at least that was my understanding at the time.

The apps back then weren’t particularly polished, so I ended up migrating everything back to iCloud.

To be honest, I don’t seem to have any issues with iCloud and everything just works. But that’s the problem with Apple, and how they “get” you.

Yeah figured as much. Thanks anyway.

No, we don’t have Apple Cash here in the UK for some reason.

If I go to the App Store on either my iPhone or Mac and click on my profile pic, I can see I have a balance. Because I selected Apple Store credit when I traded in my Mac it just credited my Apple ID with money.

If possible I’d like to transfer it out of there, to buy software directly from the respective websites for Swish and Transmit.

And this, my friend, is exactly what I came here for. Very insightful, informative and measured answer. Thank you for taking the time 👍🏻

Fair enough 👍🏻

Tried it, kinda liked it, but then read a lot of shady stuff about them not being as privacy-focused as they’re made out to be.

I might give Arc a go, not sure how good/popular it is though. But I think anything other than Safari will be a compromise because of the Apple Pay/Touch ID/Face ID integration.

Yeah I know they’re all based on one of three, but they are all subtly different in what they offer.

So whilst there are three main engines, there are definitely more than three choices.

Bottom of the pile for me is Chrome - I don’t use anything Google knowingly/willingly.

The Apple integration is probably the main reason I use Safari I think; the likes of Apple Pay, Touch ID/Face ID all just works. I’d love that ability in Firefox and then I’d probably use it exclusively.

That wasn’t the OP 😂

I didn’t know they stored local copies — had a very, VERY quick skim through their privacy policy on their website and couldn’t see any reference to that (sure it’s there but I didn’t see it).

I’m not a Spark user btw, was just following the conversation. I use plain ol’ Apple Mail.

I could be misinformed, but this isn’t just limited to Spark as I understand it, I believe a lot (maybe all?) third-party clients do the same thing. They act as an intermediary between you and the server so they can deliver push notifications.

However, as I understand it, Spark’s privacy policy outlines that they don’t read/scan the contents of your emails, and the use of app-specific passwords rather than your email password ensures they only have access to emails and nothing else.

Pretty sure others such as Canary, Airmail, Edison, etc. all do/did the same thing, but it was the lack of clarity in Spark’s privacy policy that made them the main target for scrutiny. I think they’ve since cleared that up.

I could be mistaken, though.

Will definitely let you know if I figure it out, for sure.

Before putting Pi-hole behind Traefik, it worked perfectly via :/admin. And the logs for Pi-hole now in Traefik show that it is up and working, and I get the login page. But just can’t get beyond it.

The guides I’ve seen show how to structure the Traefik labels with and without the addprefix middleware, and both apparently work. So I’m wondering if by following several guides and taking bits from each, I’ve ended up overlooking something.

I’ll try and expose 80 and see if it makes a difference, but like I say everything is up and running in the backend, I just can’t get past the login screen on the frontend.

Thanks. Yeah it’s really frustrating. There are guides out there that show that it’s possible, but I think I’m missing something somewhere. I’m combining guides together so more than likely I’ve missed a step somewhere.

Just a quick update on where I’m up to…

I’ve managed to get all my containers working behind the Traefik reverse proxy with SSL. I’ve also deployed a Cloudflare DDNS container in Docker and have linked the external IP address of my Synology NAS to Cloudflare. I haven’t port forwarded 80 and 443, though, so it’s not accessible over the internet. So I’ve added local DNS into Pi-hole so I can access all the containers using subdomains.

I’ve also deployed an Authelia container and have started running through my containers adding 2FA in front of them all.

I should probably point out at this juncture, that if I encounter any errors, the HTTP 404 page that I get is a Cloudflare one - I assume that’s expected behaviour?

So, the final three bits I’m struggling with now are:

• Pi-hole behind the reverse proxy
• Portainer behind the reverse proxy
• Accessing Vaultwarden over the internet (because as soon as I leave my house, if the vault hasn’t synced then I don’t have access to all my passwords) - unless anybody has a better suggestion?

Portainer - I have no idea how I do it, because I use it to manage my containers, so don’t have the config for Portainer in Portainer (obviously). So if I screw up the config, how am I getting back in to Portainer to fix it?

And the far more troubling one is Pi-hole. I just cannot get that thing working behind the reverse proxy.

I’ve followed a few different guides (though none of them are recent), and the below is the latest docker-compose I have. It will bring up the login page, but when I login it keeps returning me back to the login page - it won’t go to the main admin page.

version: "3.7"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    ports:
      - 8008:80
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=Europe/London
      - WEBPASSWORD=xxxxxxxxxx
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=http
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.pihole.middlewares=pihole-https-redirect
      - traefik.http.middlewares.pihole-addprefix.addprefix.prefix=/admin
      - traefik.http.routers.pihole.middlewares=pihole-addprefix
      - traefik.http.routers.pihole-secure.entrypoints=https
      - traefik.http.routers.pihole-secure.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole-secure.tls=true
      - traefik.http.routers.pihole-secure.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80

networks:
  medianet:
    external: true
  npm_network:
    external: true

No problem, I appreciate the help!

So I’ve made a fair bit of progress now - I’ve managed to get all my containers working behind the Traefik reverse proxy with SSL. I’ve also deployed a Cloudflare DDNS container in Docker and have linked the external IP address of my Synology NAS to Cloudflare. I haven’t port forwarded 80 and 443, though, so it’s not accessible over the internet. So I’ve added local DNS into Pi-hole so I can access all the containers using subdomains.

I’ve also deployed an Authelia container and have started running through my containers adding 2FA in front of them all.

I should probably point out at this juncture, that if I encounter any errors, the HTTP 404 page that I get is a Cloudflare one - I assume that’s expected behaviour?

So, the final three bits I’m struggling with now are:

• Pi-hole behind the reverse proxy
• Portainer behind the reverse proxy
• Accessing Vaultwarden over the internet (because as soon as I leave my house, if the vault hasn’t synced then I don’t have access to all my passwords) - unless anybody has a better suggestion?

Portainer - I have no idea how I do it, because I use it to manage my containers, so don’t have the config for Portainer in Portainer (obviously). So if I screw up the config, how am I getting back in to Portainer to fix it?

And the far more troubling one is Pi-hole. I just cannot get that thing working behind the reverse proxy.

I’ve followed a few different guides (though none of them are recent), and the below is the latest docker-compose I have. It will bring up the login page, but when I login it keeps returning me back to the login page - it won’t go to the main admin page.

version: "3.7"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    ports:
      - 8008:80
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=Europe/London
      - WEBPASSWORD=xxxxxxxxxx
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=http
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.pihole.middlewares=pihole-https-redirect
      - traefik.http.middlewares.pihole-addprefix.addprefix.prefix=/admin
      - traefik.http.routers.pihole.middlewares=pihole-addprefix
      - traefik.http.routers.pihole-secure.entrypoints=https
      - traefik.http.routers.pihole-secure.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole-secure.tls=true
      - traefik.http.routers.pihole-secure.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80

networks:
  medianet:
    external: true
  npm_network:
    external: true