a.x61.sh

[Guide] Increase privacy by using nginx as a caching proxy in front of a map tile server (pierre-couy.dev)
from pcouy@lemmy.pierre-couy.fr to privacy@lemmy.ml on 31 Aug 09:56
https://lemmy.pierre-couy.fr/post/653426

This is a guide I wrote for Immich’s documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases.

It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can’t spare right now). The main advantages of this guide over hosting a full tile server are :

it’s a single nginx config file to deploy
it saves you some storage space since you’re only hosting tiles you’ve previously viewed. You can also tweak the maximum cache size to your needs
it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay

If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

#privacy

threaded - newest

sorter_plainview@lemmy.today on 31 Aug 11:33 next collapse

Great to see you in the wild again! Any update from Immich devs?

pcouy@lemmy.pierre-couy.fr on 31 Aug 13:00 collapse

There have been some changes in a few recent releases related to the concerns I raised :

the default tile provider is now hosted by the Immich’s team using protomaps (still uses vloudflare though)
a new onboarding step providing the option to disable the map feature and clarifying the implications of leaving it enabled has been added
the documentation has been updated to clarify how to change the map provider, and includes this guide as a community guide

GolfNovemberUniform@lemmy.ml on 31 Aug 12:06 next collapse

Didn’t official nginx go proprietary or something a few months ago?

pcouy@lemmy.pierre-couy.fr on 31 Aug 13:01 next collapse

It’s still available in Debian’s default repositories, so it must still be open source (at least the version that’s packaged for Debian)

GolfNovemberUniform@lemmy.ml on 31 Aug 13:10 collapse

I think the changes happened after Debian 12 was released so it might just have the last open-source version in the repo. And someone made a fork immediately so it could be that too.

pcouy@lemmy.pierre-couy.fr on 31 Aug 13:26 collapse

According to the Wikipedia article, “Nginx is free and open-source software, released under the terms of the 2-clause BSD license”

Do you have any source about it going proprietary ?

GolfNovemberUniform@lemmy.ml on 31 Aug 13:43 collapse

Maybe it added telemetry instead of going proprietary. I don’t exactly remember what happened. I saw news about it on Lemmy but my client doesn’t support search so I can’t find it now easily.

curbstickle@lemmy.dbzer0.com on 31 Aug 15:04 next collapse

A core developer quit and forked it to make freenginx, based on a claim of corporate interference in security practices.

This was about 6 months ago and probably what you are thinking of. Its still open source, there doesn’t seem to be anything that’s come of the issue that was the cause of the split, and nginx is still actively developed.

pcouy@lemmy.pierre-couy.fr on 31 Aug 16:16 collapse

Are you talking about Nginx Plus ? It seems to be a commercial product built on top of Nginx

friend_of_satan@lemmy.world on 31 Aug 14:54 collapse

I don’t think so. I’m sure I would have heard something about that for work related reasons. That would be quite a problem for the kubernetes ecosystem since nginx is so widely used there as an ingress controller.

The nginx website still lists a “bsd-like license” as what the source code is released under: nginx.org/LICENSE

MonkderVierte@lemmy.ml on 31 Aug 19:26 collapse

What is a map tile server?

pcouy@lemmy.pierre-couy.fr on 31 Aug 19:32 collapse

It’s a server that hosts map data for the whole world, and sends map fragments (tiles)as pictures for the coordinates and zoom levels that clients request from them

MonkderVierte@lemmy.ml on 31 Aug 19:34 collapse

Ah, thanks. Brain in weekend already.