tmo1

VPN bypass via a SOCKS proxy and SO_BINDTODEVICE

The problem

On a desktop system configured to pass all traffic through a VPN (for privacy or other reasons), it is often necessary or desirable to route some traffic directly, avoiding the VPN, for a variety of reasons, including the following:

• Some websites will not accept connections coming through a VPN
• The VPN may reduce throughput or add latency, which may be unacceptable or undesirable in some circumstances.

Bypassing the VPN as an ordinary user is surprisingly difficult to do, for at least two reasons:

tmo1

Introduction

This is a guide to deploying Synapse behind a Caddy reverse proxy, both running in Docker containers (an official Synapse one and a caddy-docker-proxy one), with the goal of implementing as much as possible via docker-compose files.

This guide will frequently refer to aspects of my similar guide for deploying Nextcloud behind a Caddy reverse proxy.

Domain Name

Obtain a domain name as per the instructions in the Nextcloud guide. For some Synapse specific considerations, see the official documentation here and here. The remainder of this guide will assume the use of the domain name example.duckdns.org.

tmo1

Introduction

This is a guide to deploying Nextcloud behind a Caddy reverse proxy, both running in Docker containers (an official Nextcloud one and a caddy-docker-proxy one), with the goal of implementing as much as possible via docker-compose files. This is much more difficult than it should be, for a variety of reasons:

• As with Docker versions of software in general, documentation of the software does not always apply to the Docker versions, and the Docker documentation does not always include the Docker equivalent ways of doing things.

• Docker images do not always expose the desired configuration knobs of the underlying software.

• Nextcloud requires special configuration to run correctly behind a reverse proxy (and again, some of the instructions for this configuration requires modification for