Author: Keith Tysinger

When we think of IP addresses, they are the familiar xxx.xxx.xxx addresses. These are IPv4 addresses and are now in short supply. The scarcity is driving up the prices of IPv4 addresses. To remedy this, IPv6 was introduced in 1995. These new addresses will never run out. In fact, my dedicated server came with a free subnet of IPv6s — that’s 18.4 quintillion free IPs! This is in contrast to the $3 per IPv4 that they charge me! I can only afford 5 old-school IPs Wait a second, did you know that my free IPv6 subnet has 2.3 billion IPs per man, woman, and child alive today? Gosh, I wish I had that many customers. This figure just shows, in dramatic terms, how scarce IPv4s are now compared to the newer IPv6s. IPv4s are exhausted.

Some websites are already IPv6 only, while some residential ISPs do not yet support IPv6. Customer using an IPv4 only ISP can not directly reach an IPv6-only website.

Thankfully, there is a quick and free solution. Cloudflare offers the free Warp app. It’s really an underrated app. Not only does it add IPV6 to your devices, but it also has a built-in VPN to make your communication more private. Last but not least, it does what it is advertised to do… encrypts your DNS queries for extra privacy. This app should cost $5 a month but is absolutely free for basic functionality. They have a version of WARP for every OS out there, including mobile versions.

Maybe it’s not a secret that Cloudflare is one of my favorite tech companies. I will warn you; if you owe them a dollar, they will cut off all your services. It happened to me since I was using the Google login. I use Google login but never use Gmail; therefore, I didn’t get an invoice. My Gmail literally has 10 thousand spammy emails. I don’t even bother deleting them. I just let them accumulate.

For developers, you can use a Cloudflare tunnel via IPV6 to connect to your server (orange cloud magic). Your customers can connect to Cloudflare with IPv4 or v6, as always, and reach your IPv6-only website. Google informs me that outbound traffic from your IPv6-only server can use a NAT64 gateway, if available, or by using Cloudflare WARP. I didn’t know Warp could be installed on a server. So all outbound IPV6 traffic can go to any IPv4 or IPv6 device through WARP. I will check into that instead of purchasing any additional IPv4s. Who knew?

I would love to hear about other ways to move away from IPv4s. WARP may be one way, and it’s better than creating a reverse proxy on your server with only one outbound IPv4, which I’ve done before. I like to keep things simple. Routing 8 VM’s through one reverse proxy is networking gymnastics. Paying $3 per month for an IPv4 is — well it’s market value, what can I say except get ready to move to IPv6 only asap. Do it before $3/mo turns into $25/mo. If the adoption of IPv6 stays very slow, the price of an IPv4 may very well skyrocket.

Furthermore, for the nerds out there, every DNS IPv4 entry needs a corresponding AAA (IPv6) entry, yes, even your MX record. Request that IPv6 subnet be installed on your server and get ready for the future!

Trying to find the cheapest SMTP and POP/IMAP email service? Here is my top 5 list!

There is a certain satisfaction from hosting your mail server. Over the past 15 years or so, hosting an email server has gone from trivial to very complex. It’s nearly always better to use a cheap email service rather than to host yourself. I have a short list of some of my favorite low-cost email providers.

If your website only needs to send outbound email, you really only need an SMTP provider. Many of the big bulk-email providers offer free outgoing email for up to thousands of emails per month. Check out Brevo or Maileroo and you are done. Both companies make it easy to set up outgoing email.

But this article is about full-featured email providers. Most websites need to send AND receive emails. At Maganda, we want cheap! Here are some of our favorite cheap email providers, in order, from worst to best:

Top Five

ZoHo Email: ZoHo creates beautiful, impressive, and well-thought-out apps. I can’t think of anything that ZoHo doesn’t offer. It offers business email for around $1/mo. It’s also excellent! However, I do not recommend this company at all. Take, for example, their email system. It’s so over-engineered that figuring out how to use it may drive users to tears. Even if you correctly set up SMTP, their finicky system may still not work for you. One pro: This provider is also the only company on the list with its own mobile email app.

Openprovider: Offers business email for less than $1/month; however, it tries to upsell something called “EASYDMARC” for nearly $7 a month. That looks like a scam. In any case, I couldn’t get their product to work at the time of writing; it appears to be buggy. But for only 70 pennies a month, you might want to give it a try. The UI seemed to be somewhat buggy. I didn’t bother trying to test if their email system actually worked. It probably does.

Namecheap is known for their low-margin products and services. Their business email starts around $15/yr. It is worth checking out. It’s been a few years since I tried their email service, but I can vouch that it is legit, and I had no problems with it.

Purelymail: If you need unlimited everything (especially domains), then give them a try. The UI isn’t fancy, but I had no problems setting up working email with them. Their service is really only for experts/developers for now—until they offer a more polished UI. This service is a winner for their honest pricing and unlimited domains. At $10/yr, it outshines all of its competitors.

Mailafiniti: I’m actually using this service now. For $15/yr, they offer a very polished interface. The one problem I see with them is they aren’t completely clear about the terms. Before I purchased a plan, their chatbox told me that I could host as many domains as I wanted. Indeed I can, but each additional domain is $15. After fighting with ZoHo mail for days, I will just feel relieved if their service works well for me. If not, I will check out Purelymail again.

Update: Mailafiniti replied gracefully to this article:

“

I’d love to clear up the pricing: Mailafiniti does not charge per domain. You can connect as many domains as you like at no extra cost. Our pricing is based purely on the number of email accounts (mailboxes) you create, nothing else.

So if you connect 5 domains but only create 2 mailboxes, you only pay for those 2 mailboxes. That’s it. Plans start at $1.25/user/month (billed annually) with 10GB storage per mailbox.

It sounds like our chatbot communicated this poorly, that’s on us, and something we’re fixing. I’m sorry it caused frustration before you purchased.

”

Conclusion

I requested a refund from Mailafiniti because of the misunderstanding about the number of domains supported. I have a lot of domains. At this time, you can add 100+ domains, but they all forward to the same main mailbox email address. Therefore, you need a new “mailbox” ($15/yr) for each domain if you need full customization for any specific domain. So I went back to Purelymail and to my delight, they had revamped their UI just last week! The UI is now effortless to use and polished, and everything just works. My emails are going out without any fuss at all (i.e., auth errors).

I’m trying to run a business here. I don’t have time to fight with or debug other people’s email systems, nor do I want to be taken advantage of due to misleading or missing terms of service. Purelymail clearly wins here with its generous $10/yr tier. If you only have one domain to deal with, you should not overlook Mailafiniti’s superior UI.

PS: I do not get a commission from any links within this article.

SantoHost.com just introduced WordPress One, a no-limits WordPress hosting plan with Cloudflare’s CDN integration. So, it’s a good time to touch on how to speed up your WordPress website.

The biggest problem with WordPress is that it requires more resources than a static website — a lot more! When one first installs WP, it may seem fairly fast. As you add more and more pages, plugins, or change the theme, WordPress literally becomes bogged down over time. This scenario is acceptable if your server can handle the additional stress; however, most servers cannot, resulting in a significant slowdown.

If you are a professional who depends on your online presence, you need a specialized hosting service that can maintain the computing resources that lend themselves to a speedy website.

So, if your website is too slow, you should consider moving it to a faster hosting service. SantoHost.com offers free WordPress migration. They will move your website to their speedy servers for free, do a malware scan, and update your core files (and the theme if necessary). With managed hosting, you get a lot more for your money than just web hosting. The experts at SantoHost.com will keep your website updated and therefore safe from hackers.

DIY WordPress Tune-Up

I will list a few things the average website owner can do to speed up their WordPress website:

If your website is running slow and your hosting panel has a malware scanner, scan your files for malware. Malware has the potential to significantly slow down your website, as well as cause complete disruption or defacement.

You can replace all of your graphics with the newer Webp format. It will make your images 25% smaller with no degradation. This process can be a big job if you have many images. Major graphics apps like Affinity allow you to choose between lossless and lossy webp formats. Lossless means no degradation of the image, but it should generally not be used for the web. Use lossy; you can choose the amount of quality you are willing to sacrifice to have smaller images. I have found that using lossy compression at 75-85 percent quality is so effective that the webp format is indistinguishable from the original and reduces the image size to one third of its original size.

Use fewer plugins. Look for plugins that can perform multiple tasks. It’s usually best to use popular plugins, as they’re more likely to be updated and cause fewer issues.

I have spent hundreds of hours tweaking WordPress sites for speed. Although the process is never exhausted, adhering to these suggestions will yield the greatest return on your investment.

Finally, I have come to the conclusion that a CDN is essential for excellent pagespeed scores. A cheap and easy way to speed up your WordPress website is to use Cloudflare’s APO plugin. This service costs $5 per month but achieves full-page caching around the world (which is especially great if you have international clients).

Another factor is page-caching plugins. WordPress has dozens of them, some free of charge. I’m nearly ready to release my WordPress plugin, SantoCache (because, of course, we need yet another one). These types of plugins can significantly improve the load time of your website. But this is a topic for another day. After I release my plugin, I can explain how these types of plugins can speed up your website, which a typical WordPress user can’t do.

I have even more tips in my article, “Why is my WordPress website so slow?“

When you’re overseas and require access to your banking app, discovering you are blocked out can be quite distressing, if not traumatic.

Error:

Anonymous network For security reasons, we do not allow connections from a VPN or proxy. Please disable it and try again. If you are on WiFi, please switch to your mobile network and try again.

How to get Around your Bank’s VPN Block

I will offer three ways that you may access your account abroad.

1) First, contact your bank and tell them that you are abroad. They may be able to unblock access to your account. This step is crucial. If you try to log in using the methods below without first contacting your bank, you may lock yourself out.

2) If you have your SIM from your country, turn off Wi-Fi and try to use mobile data from your home-based mobile provider. You may have to turn on the roaming feature:

To use this feature, your carrier must allow international roaming, which is often an add-on with additional charges.

3) Use your favorite VPN and give it another shot! I often recommend NordVPN. Or you can try ProtonVPN for free.

Some banking apps are excellent at detecting VPNs and proxies. You can sometimes bypass their firewalls by using a residential proxy located in your home country. I would recommend such usage only for extreme emergencies. Today, I successfully used my banking app with this method. It works, but not 100 percent. I had to try three different IP addresses before I was able to log into my banking app. Third time’s the charm!

I don’t know of any VPSs that offer residential IP addresses, only dedicated IP addresses from a data center.

However, never fear. There are multiple websites that offer residential IPs for rent.

(I do not get a commission from the following links):

nodemaven.com

Node Maven is where I was able to obtain a residential IP for around $6. I then used an Android proxy client to establish a connection to the IP. The Android app was called Nore Proxy.

Best of luck with your endeavors! A few caveats : NEVER allow an app to install a certificate in order to use a proxy or VPN. Don’t change your email or phone number on your banking app while abroad. You may, and probably will, get your account frozen. This phenomenon actually happened to me once. I changed my phone number while in SE Asia, which resulted in an immediate lockout. I eventually had to fly back to the USA and go meet with a bank manager in person to get access to my money! I was flagged as a hacker, I guess.

Fun times. He who has the gold makes the rules!

VPN services offer a sense of security while being online, but are they worth the hassle and cost? My answer is yes! I find that my VPN is indispensable, especially living and traveling in other countries. For example, I can’t log in to my banking apps from the Philippines, and occasionally the bank even blocks my VPN connection (more about that later). Furthermore, I’m often getting blocked from my own servers because I may type in an incorrect password too many times. With a VPN I can change IP addresses in a second, and boom! I’m back in.

Let’s first make a distinction between proxies and VPNs. The chief difference between a proxy and a VPN is that proxies do not necessarily have encryption. Meanwhile, one expects robust encryption from a VPN provider. The way VPNs work is by encrypting your Internet connection before it leaves your computer. Your internet connection can then pass through your ISP and all sorts of Internet routers with strong encryption. Your data connection will end at a data center, where the VPN provider will decrypt your internet connection and send it back out to the original target.

The VPN data center can be anywhere in the world. Your IP address is swapped with one from the data center (the outgoing connection), so it seems you’re in the state or country of the new IP address. This feature allows you to, for example, “unblock” American Netflix from anywhere in the world.

There are many VPN companies competing for your business. Over and over, you will hear NordVPN is the best. I use it myself and can recommend their service with confidence. I am using their service with a residential IP address in the USA. Now, no company — not Netflix or my bank — can know that I am using a VPN. This is a very cool feature that NordVPN offers. Ultimately, VPNs serve no purpose if the service you are attempting to access blocks you. The big companies (like Netflix & HBO) have the big data center IPs blacklisted. A few companies can get you through without detection. NordVPN is one of the best, with or without the residential IP add-on.

Unblocking isn’t the best feature of VPNs. Privacy is the best part. Have you ever had your credit card number stolen? It literally happened to me three nights ago. That’s why I’m determined to always keep my VPN on. Some of the networks here and popular service apps may not be secure. Anywhere that offers free WiFi, including hotels, is another huge problem. A new trend at hotels is passwordless WiFi, which is unencrypted. A VPN is the best protection from your credit card numbers and other personal information being intercepted.

Finally, I’m not here to sell VPN services. Oh, who am I kidding? If you require a private VPN server, please feel free to send me an email. However, there is a safe and free option that most people are not aware of. Cloudflare offers a fantastic 1111 app that upgrades your DNS and data connections. They use the Wireguard protocol, so this is a legitimate free VPN service; however, you can’t change or choose your location like you can with a major VPN provider. The 1111 app is great for emergencies, like when you find yourself at a public WiFi spot with no data plan.

Lastly, if you want to stay safe on the Internet, never use a “free” VPN app. The reason is simple: no VPN company can offer free VPN services. Ad revenue isn’t nearly enough to support any kind of legitimate VPN service because running a VPN is an expensive endeavor. Many of the “free” VPN apps are known to only be scamware/malware. Good protection isn’t free, but you will find NordVPN to be an excellent value.

There are many topics I didn’t get to cover, like jurisdiction and the evolving politics surrounding VPNs and privacy in general. I fear what could happen if my technical writing crosses over into the political sphere.

First, you can verify whether HTTP/3 is working on your website by using these sites: Http3check or Http3checker. You can also do a simple:

curl -I --http3 https://your-website.com

curl -I --http3 https://your-website.com

You need five things to make HTTP/3 work. While my examples primarily focus on Nginx, they can aid you in troubleshooting any web server.

1) A web server that supports HTTP/3 (Nginx since version 1.25.0).

Check the Nginx version and double-check to make sure it was compiled with the HTTP/3 module.

#Verify the version is >= 1.25
nginx -v

#Next check if the http_v3_module was compiled 
nginx -V 2>&1 | grep --color http_v3_module

#Verify the version is >= 1.25
nginx -v

#Next check if the http_v3_module was compiled 
nginx -V 2>&1 | grep --color http_v3_module

2) Make sure your web server is configured for HTTP/3.

For Nginx, you must enable HTTP/3 in the Vhost file

server {
  listen 80;
  listen [::]:80;
  listen 443 quic;
  listen 443 ssl;
  listen [::]:443 quic;
  listen [::]:443 ssl;
  http2 on;
  http3 off;
  ssl_protocols TLSv1.3;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  ...

server {
  listen 80;
  listen [::]:80;
  listen 443 quic;
  listen 443 ssl;
  listen [::]:443 quic;
  listen [::]:443 ssl;
  http2 on;
  http3 off;
  ssl_protocols TLSv1.3;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  ...

change http3 to on; I understand that https/3 defaults to on when compiled with the http/3 module, but I always add it anyway. It lets you remember later on that this website is intended to be upgraded to http3.

You will also need an Http header to advertise your server’s support for http/3

add_header Alt-Svc 'h3=":443"; ma=2592000';

add_header Alt-Svc 'h3=":443"; ma=2592000';

This will go in your Vhost file, as above. For Nginx, it will either go in the Server block or the Location block if you are running a reverse proxy. You need to verify that this header is there, or you have to add it yourself.

A little trick I have learned if you are having trouble getting Http/3 to be stable is to add the directive reuseport to the quic listeners like so:

listen 443 quic reuseport;
listen [::]:443 quic reuseport;

listen 443 quic reuseport;
listen [::]:443 quic reuseport;

Of course “listen [::]” is the listener for 1Pv6 connections. If you are not using IPv6, you should just leave them in there for future upgrades — or delete them now for easier debugging. The choice is yours.

3) You will need a domain name and a valid, not self-signed, SSL certificate

4) You will need to use TLS 1.3. It’s sometimes beneficial to force TLS 1.3 as in the first example, adding ssl_protocols TLSv1.3. This is very appropriate, especially if only your own clients will be connecting to the instance, as opposed to a general website.

4) In your firewall, you need to open both TCP and UDP protocols for port 443

HTTP/3 uses UDP, unlike the previous versions of HTTP, which only used TCP. You will need to open TCP and UDP.

5) A modern web browser that supports Http/3 which is nearly all of them.

Also, TLS 1.3 was finalized in 2018. I do not even try to support older hardware. Requiring TLS 1.3 enhances security at the expense of a few older clients. If you do not explicitly require TLS 1.3, the client can then downgrade to HTTP/2 or HTTP/0.9, which may allow hackers to take advantage of the vulnerabilities in these older protocols. A good rule is to allow only TLSv1.2 and TLSv1.3 because TLSv1.1 is not only outmoded but also, according to Google.com, “… vulnerable to attacks, making it unsuitable for protecting sensitive data.”

ssl_protocols TLSv1.2 TLSv1.3;

ssl_protocols TLSv1.2 TLSv1.3;

If you are interested in this subject, you must check out “moz://a SSL Configuration Generator” that will generate all sorts of safer and more robust web server configs according to your preferences.

I hope my checklist was helpful!

If you’ve ever experienced frustration when attempting to configure a reverse proxy, CloudPanel will simplify your life. CloudPanel is a free, no-frills hosting panel that is surprisingly robust and satisfying to use. It uses the Nginx server, ready for HTTP/3.

The self-hosting movement is in full swing, and CloudPanel is a perfect remedy for those of us who prefer a GUI hosting panel rather than using only the CLI. It excels at reverse proxies, even if—especially if—your project is Dockerized.

The best thing about CloudPanel is its built-in reverse proxy feature. CloudPanel will even add an SSL (Let’s Encrypt) certificate automatically, or you may import your own cert.

CloudPanel is so easy, in fact, I’m only going to post a few screenshots to explain everything you need to know.

You are halfway there!

Finished!

One final thing, you may want to turn on HTTP/3. Check out my blog post on how to use HTTP/3 in CloudPanel and Nginx.