diff --git a/tutorials/access-mac-mini-with-reemo/index.mdx b/tutorials/access-mac-mini-with-reemo/index.mdx
index 53fb1a8e95..b180e0f883 100644
--- a/tutorials/access-mac-mini-with-reemo/index.mdx
+++ b/tutorials/access-mac-mini-with-reemo/index.mdx
@@ -6,10 +6,10 @@ content:
h1: Accessing a remote Mac mini with Reemo
paragraph: This page explains how to access a remote Mac mini with Reemo
tags: mac m1 reemo remote desktop
-categories:
+categories:
- apple-silicon
dates:
- validation: 2024-07-24
+ validation: 2025-01-30
posted: 2022-02-18
---
diff --git a/tutorials/jitsi-docker/index.mdx b/tutorials/jitsi-docker/index.mdx
index 6123d6e641..f5e744ee6b 100644
--- a/tutorials/jitsi-docker/index.mdx
+++ b/tutorials/jitsi-docker/index.mdx
@@ -9,7 +9,7 @@ categories:
- compute
tags: media Jitsi-Meet videoconferencing Docker deployment
dates:
- validation: 2024-07-22
+ validation: 2025-01-30
posted: 2020-03-24
---
diff --git a/tutorials/pihole-vpn/index.mdx b/tutorials/pihole-vpn/index.mdx
index 370bbb791e..a18fba12ec 100644
--- a/tutorials/pihole-vpn/index.mdx
+++ b/tutorials/pihole-vpn/index.mdx
@@ -1,11 +1,11 @@
---
meta:
- title: Creating an ad-blocking VPN using Pi-hole and OpenVPN
- description: Learn how to create a secure, ad-blocking VPN using Pi-hole and OpenVPN on a Scaleway Instance. Follow our step-by-step guide for an effective Pi-hole VPN setup.
+ title: Creating an ad-blocking VPN using Pi-hole and OpenVPN/WireGuard
+ description: Learn how to create a secure, ad-blocking VPN using Pi-hole and OpenVPN or WireGuard on a Scaleway Instance. Follow our step-by-step guide for an effective Pi-hole VPN setup.
content:
- h1: Creating an ad-blocking VPN using Pi-hole and OpenVPN
- paragraph: Learn how to create a secure, ad-blocking VPN using Pi-hole and OpenVPN on a Scaleway Instance. Follow our step-by-step guide for an effective Pi-hole VPN setup.
-tags: firewall Pi-hole pihole vpn OpenVPN pivpn
+ h1: Creating an ad-blocking VPN using Pi-hole and OpenVPN/WireGuard
+ paragraph: Learn how to create a secure, ad-blocking VPN using Pi-hole and OpenVPN or WireGuard on a Scaleway Instance. Follow our step-by-step guide for an effective Pi-hole VPN setup.
+tags: firewall Pi-hole pihole vpn OpenVPN WireGuard pivpn security privacy
hero: assets/scaleway_pihole.webp
categories:
- instances
@@ -14,9 +14,12 @@ dates:
posted: 2020-12-09
---
-Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, such as advertisements, without installing any client-side software. It comes with an easy-to-use interactive installer and can block content in non-browser locations, such as mobile apps and smart TVs. This can help to reduce data consumption on mobile plans.
+Pi-hole is a DNS sinkhole that blocks unwanted ads and trackers at the network level. When combined with a VPN, it provides a secure and ad-free internet browsing experience.
-To secure the connection, we use the PiVPN tool to install an OpenVPN virtual Private Network that routes all traffic over a Scaleway Instance.
+This guide will show you how to:
+- Deploy a secure ad-blocking VPN using **Pi-hole**
+- Install either OpenVPN or WireGuard using **PiVPN**
+- Implement best security practices to protect your Instance
@@ -26,139 +29,111 @@ To secure the connection, we use the PiVPN tool to install an OpenVPN virtual Pr
## Deploying the Instance
-1. Log in to your Scaleway console and [create a new Instance](https://console.scaleway.com/instance/servers/create). For this tutorial, we use a [PLAY2-NANO](https://console.scaleway.com/instance/servers/create?imageKey=3f1b9623-71ba-4fe3-b994-27fcdaa850ba&offerName=PLAY2-NANO&zone=fr-par-1) Instance running on Ubuntu Focal Fossa (20.04 LTS).
-2. Log into the newly created Instance using [SSH](/instances/how-to/connect-to-instance/).
-3. Update the cache of the APT package manager and upgrade the software already installed on the server:
- ```
- apt update && apt upgrade -y
- ```
+1. Log in to the [Scaleway console](https://console.scaleway.com) and **create a new Instance**.
+2. Choose **Ubuntu 22.04 LTS** as the operating system.
+3. Once the Instance is created, connect to it via SSH:
+ ```sh
+ ssh root@your_instance_ip
+ ```
+4. Update and upgrade your system:
+ ```sh
+ apt update && apt upgrade -y
+ ```
## Installing Pi-hole
-1. Download the [Pi-hole](https://pi-hole.net) installer and run it:
- ```
- curl -sSL https://install.pi-hole.net | bash
- ```
- The installer does some checks and then gives you a series of prompt questions to answer. Choose OK or answer positively to all of them, until you are asked to choose an upstream DNS provider.
-2. Select one of the proposed upstream DNS servers from the list or specify a custom DNS server. Once selected, use the `TAB` key to move to the OK button and confirm by pressing `ENTER`.
-
-3. Pi-hole uses third-party filter lists. Select the list you want to use and confirm by pressing the OK button:
-
-4. Choose whether you want to filter both IPv6 and IPv4 traffic and confirm by pressing the OK button.
-5. Confirm the network settings by navigating to the YES button. You will be guided through two more network prompts. Confirm them by pressing the OK button.
-6. Choose whether you want to enter the Pi-hole web interface and confirm by pressing the OK button:
-
-7. The Pi-hole installer proposes the automatic installation of a web server and its dependencies. If you are not using another web server, select to install it and confirm by pressing the OK button:
-
-8. Choose whether you want to log queries and confirm by pressing the OK button:
-
-9. Select a privacy mode for FTL and confirm by pressing the OK button:
-
-
- The Pi-hole installer proceeds with the automatic installation of the required software. Once the installation is complete, the URL to the admin interface and your password are displayed in a prompt. Take note of the password and leave the prompt by pressing the OK button.
-10. Set the listener of the Pi-hole web interface to `local` to avoid it being accessible from the public Internet:
- ```
- pihole -a -i local
- ```
-11. Optionally, you can customize the password of your Pi-hole's web interface by running the following command:
- ```
- pihole -a -p
- ```
-
-## Installing PiVPN
-
-To direct internet traffic via our Pi-hole Instance, we install OpenVPN using the [PiVPN](https://pivpn.io/) project. It provides a very easy way to install OpenVPN and Wireguard on the Instance. In this tutorial, we are using OpenVPN.
-
-1. Create a new non-root user for OpenVPN:
- ```
- adduser openvpn
- ```
-2. Run the following command from an SSH shell on your Instance to download and launch the PiVPN installer:
- ```
- curl -L https://install.pivpn.io | bash
- ```
-3. A series of prompts displays. Validate them by pressing the OK button until you are asked under which user the OpenVPN application should run. Select the previously created `openvpn` user and validate by pressing the OK button:
-
-4. Choose the OpenVPN protocol in the prompt and validate by pressing the OK button:
-
-5. PiVPN provides a default configuration, accept it by pressing **Yes**:
-
-6. Keep the value for the UDP transport protocol unless you have specific requirements and validate by pressing the OK button:
-
-7. You can leave the default OpenVPN port `1194` unless your network configuration requires another port. Confirm by pressing the OK button:
-
-8. The PiVPN installer automatically detects the presence of Pi-hole and asks to use it. Validate the prompt by confirming with the **Yes** button:
-
-9. The Pi-hole installer asks you if you want to use a custom search domain. Keep the default value and press the **No** button unless you have specific requirements:
-
-10. The following prompt asks you if you want to use the Instance's IP address or a custom domain name to connect to your VPN. Keep the default setting, using the public IP address of your Instance and validate by pressing the OK button.
-11. During the installation, PiVPN prompts you if you want to use Elliptic Curves to provide higher connection speed and improved security over RSA. Confirm by pressing the **Yes** button. If you are using some devices using legacy OpenVPN clients that do not support this feature, select **No**.
-
-12. Select the desired key size for the certificate. In this tutorial, we use the recommended size of 256 bits. Confirm by pressing the OK button:
-
-13. The following prompt informs you that the server key and HMAC key are now being generated. Confirm by pressing the OK button.
-14. The installer now prompts you to enable unattended upgrades, which allow you to update the software on your server automatically to make sure it is using the latest version of the software available in the repository. Validate by pressing the **Yes** button.
-
-15. The installation of PiVPN is now complete. You can reboot your Instance as suggested by the installer by pressing the Yes button.
+1. Download and run the installer:
+ ```sh
+ wget -O basic-install.sh https://install.pi-hole.net
+ chmod +x basic-install.sh
+ ./basic-install.sh
+ ```
+2. Follow the on-screen prompts:
+ - Select an upstream DNS provider (Google, Cloudflare, Quad9, etc.)
+ - Choose **IPv4 + IPv6 filtering**
+ - Install the **Pi-hole Web Interface**
+ - Set a **strong password** using:
+ ```sh
+ pihole -a -p
+ ```
+3. Configure Pi-hole for local access only:
+ ```sh
+ pihole -a -i local
+ ```
+
+### Optimizing Pi-hole
+To enhance privacy, you can set up **Unbound**, a local recursive DNS resolver:
+```sh
+apt install unbound -y
+```
+Then, edit Pi-hole settings to use `127.0.0.1#5335` as your custom upstream DNS.
+
+## Installing PiVPN (OpenVPN or WireGuard)
+PiVPN allows us to configure a VPN server with either **OpenVPN** or **WireGuard**.
+
+Run the following commands to install PiVPN on your Instance.
+```sh
+wget -O pivpn-install.sh https://install.pivpn.io
+chmod +x pivpn-install.sh
+./pivpn-install.sh
+```
+
+During installation, you will be prompted to choose:
+- OpenVPN (wider compatibility with older devices, but slower)
+- WireGuard (faster, modern encryption, recommended)
+
+Follow the setup prompts and select:
+- A non-root user (`openvpn` or `wireguard`)
+- Default settings for encryption and networking
+- Custom port (e.g., `4343` or `23854` instead of the default 1194 to increase security)
+
+## Enhancing security
+
+### Firewall configuration
+Restrict access to only necessary services:
+```sh
+ufw allow 22/tcp
+ufw allow 53/udp
+ufw allow 4343/tcp # If using OpenVPN on port 4343
+ufw allow 23854/udp # If using WireGuard
+ufw enable
+```
+
+### Change OpenVPN default port
+Edit OpenVPN’s configuration file:
+```sh
+nano /etc/openvpn/server.conf
+```
+Change `port 1194` to `port 4343` (or another port of your choice), then restart OpenVPN:
+```sh
+systemctl restart openvpn
+```
+
+### Enable Fail2Ban
+Prevent brute-force attacks by installing Fail2Ban:
+```sh
+apt install fail2ban -y
+systemctl enable fail2ban --now
+```
## Adding VPN users
-
-You can now add users to your filtered VPN service. It is recommended to create a user profile for each device you want to connect to the VPN. Sharing profiles between devices is not recommended for security reasons.
-
-1. Run the `pivpn add` command to launch the interactive user creation wizard.
-2. Enter each parameter of the user and validate by pressing the Enter key on your keyboard:
- ```
- Enter a Name for the Client: client <- the identifier of your user
- How many days should the certificate last? 1080 <- the validity of the user's certificate. You can leave the default value
- Enter the password for the client: <- a secret password for your user (Note: the password is not shown when you type for security reasons)
- Enter
-
- the password again to verify: <- enter the password again to confirm it
- ```
-
- The certificate and user profile is now generated and once it is ready, the following message displays:
-
- ```
- ========================================================
- Done! client.ovpn successfully created!
- client.ovpn was copied to:
- /home/openvpn/ovpns
- for easy transfer. Please use this profile only on one
- device and create additional profiles for other devices.
- ========================================================
- ```
-3. Download the generated `*.ovpn` configuration file on your device and import it into your OpenVPN client.
-4. Connect to your VPN to use your secure and filtered internet connection.
-5. Open the following URL in your web browser to connect to the Pi-hole web interface: `http://10.8.0.1/admin/`. The web interface allows you to further configure Pi-hole and view statistics about your DNS requests:
-
-
-## Blocking unwanted traffic
-
-To avoid keeping an open DNS resolver on the Internet, we restrict the requests from outside our infrastructure. This is very important, as unprotected DNS servers can be abused and participate in [DNS Amplification attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack#Amplification).
-
-1. From your Scaleway console, click **Instances** in the **Compute** section of the side menu.
-2. Click the **Security groups** tab. A list of your existing security groups displays.
-3. Click **Create a security group** to go to the security group creation page:
-
-4. Enter the details for your new security group:
- - **Security group name:** a friendly name for your security group, (e.g. `block-remote-dns`)
- - **Description:** An optional description for your security group
- - **Available Zone:** Choose the geographic region in which your security group will be deployed. The region must match the region of your Instance.
- - **Rules:** Configure rules in your security group to block incoming traffic on Port 53 (DNS) to block external requests to your Pi-hole Instance:
- 1 . Click **Add inbound rule**
- 2 . Select the rule `Drop`, the Protocol `TCP`, untick the box `All Ports`, and enter the Port number `53`.
- 3 . Click **Add inbound rule**
- 4 . Select the rule `Drop`, the Protocol `UDP`, untick the box `All Ports`, and enter the Port number `53`.
-
- Your configuration should look like the following example:
-
-
-
- - Click **Add an Instance** and select your Pi-hole Instance from the drop-down list.
- - Click **Create a new security group** to launch the creation of the security group.
-
-Your Instance is now protected against requests to the DNS server running on it from external hosts. For more information about security groups, refer to our [dedicated documentation](/tutorials/installation-uncomplicated-firewall/).
+For OpenVPN:
+```sh
+pivpn add
+```
+For WireGuard:
+```sh
+pivpn wg add
+```
+Download the VPN configuration file securely using SCP or SFTP.
+
+## Testing your VPN
+- Connect your device using an OpenVPN or WireGuard client.
+- Verify that your IP has changed by visiting [whatismyip.com](https://www.whatismyip.com/)
+- Check if ads are blocked
## Conclusion
+You now have a secure, ad-blocking VPN setup using Pi-hole and OpenVPN/WireGuard. This setup ensures privacy, security, and a better browsing experience across all your devices.
+
+For further optimizations, consider adding a DNS-over-HTTPS setup or custom blocklists for Pi-hole.
-You now have configured a secure and filtered OpenVPN connection to the internet. Pi-hole automatically filters unwanted advertising and helps to save bandwidth on metered plans. The web interface allows you to view detailed statistics about the DNS requests made, and you can white or blacklist additional entries.
\ No newline at end of file
diff --git a/tutorials/prometheus-monitoring-grafana-dashboard/index.mdx b/tutorials/prometheus-monitoring-grafana-dashboard/index.mdx
index a259b1ea07..3c2d2297ac 100644
--- a/tutorials/prometheus-monitoring-grafana-dashboard/index.mdx
+++ b/tutorials/prometheus-monitoring-grafana-dashboard/index.mdx
@@ -10,7 +10,7 @@ hero: assets/scaleway-grafana-prometheus.webp
categories:
- instances
dates:
- validation: 2024-07-22
+ validation: 2025-01-30
posted: 2018-06-07
---
diff --git a/tutorials/traefik-v2-cert-manager/index.mdx b/tutorials/traefik-v2-cert-manager/index.mdx
index 5e6e328e4a..c1238bce6b 100644
--- a/tutorials/traefik-v2-cert-manager/index.mdx
+++ b/tutorials/traefik-v2-cert-manager/index.mdx
@@ -12,7 +12,7 @@ categories:
- domains-and-dns
- load-balancer
dates:
- validation: 2024-07-31
+ validation: 2025-01-30
posted: 2020-07-01
---
Traefik (pronounced traffic) is a modern HTTP reverse proxy and Load Balancer designed to make the deployment of microservices easy. Traefik integrates with any HTTP and TCP-based applications and every major cluster technology.