My projects

Progress: Completed! 100% 100%

Introducing this hidden gem of search engines! While it may not be as widely recognized as other options, Searxng offers a unique opportunity to take control of your privacy. By hosting your own open-source search engine, you can rest assured that everything is in your hands – from the source code to logging settings and private data. No need to trust unknown administrators. The best part? With Searxng, you can customize the default settings and say goodbye to cookies resetting your preferences. Plus, as long as your endpoint remains uncompromised, your settings will stay securely stored and inaccessible to others. Embrace the power of Searxng and experience the privacy of a random profile per search. Give it a go on Roth The IT Guy’s hosted search engine by visiting https://search.rothitguy.pro you can also add my hosted search engine to your browser!

Why Supporting RothITguy Search Matters

True Privacy, No Compromises

RothITguy Search is built on SearXNG, an open-source meta-search engine designed to aggregate results from dozens of search providers—Google, Bing, DuckDuckGo, Startpage, Wikipedia, and more—without ever revealing your identity to them.

No tracking, profiling, or logging of personal data—your queries are stripped of IP addresses, cookies, and browser fingerprints before they leave the server.
Search queries are anonymized and proxied, so third-party search providers see RothITguy Search, not you.

Independence from Big Tech

Mainstream search engines shape what you see by ranking results to serve their business goals—ads, tracking, and content control. RothITguy Search doesn’t participate in algorithmic manipulation.

Search results are ranked transparently and locally, with your control over filtering, languages, and categories.
No bias toward corporate advertisers or paid placements—search results are based purely on content relevance.

Custom Enhancements

Unlike generic public SearXNG instances, RothITguy Search is tailored for performance, stability, and usability:

Tweaked search engine backends to improve relevancy and performance while avoiding unstable or tracking-prone sources.
Extra privacy hardening on the host system—hardened OS, network-level blocking of trackers, and monitoring for abuse.

Public Access Without Paywalls

Many private search instances are invite-only to avoid abuse, but RothITguy Search is open to the public. This increases privacy for everyone because:

The larger the user base, the harder it is for external parties to correlate or deanonymize search traffic.
It provides a trustworthy option for individuals who lack the skills, time, or resources to self-host SearXNG themselves.

RothITguy Search gives you private, unbiased search results—no tracking, no profiling, no ads. Every query is stripped of identifying data and anonymized before it leaves our server, keeping you invisible to Big Tech.

But running a fast, secure, and public SearXNG instance isn’t free. Your donation helps cover hosting, maintenance, and upgrades.

Configuring custom search engine in FireFox

We first enable a hidden Firefox feature that improves how custom engines behave.

Open Firefox.
In the address bar, type: about:config
Accept the warning: “Proceed with caution”
In the search box at the top, type: browser.urlbar.update2.engineAliasRefresh
Double-click the entry to set its value to True
Go to Firefox Settings
- Open Firefox.
- Click the menu icon (☰), then click Settings.
- Go to the Search tab.
Scroll to “Search Shortcuts”
- Click “Add”
- Fill in the fields:
  - Name: RothITguy Search
  - Search URL: https://search.rothitguy.pro/search?q=%s
  - Leave other fields default.
  - Click Add Search Engine.
Set It as Default
Go back to Firefox > Settings > Search and select RothITguy Search under the Default Search Engine dropdown.
You can optionally choose to “remove” the other search engines.

Configuring custom search engine in FireFox (Mobile)

Visit https://search.rothitguy.pro
Tap and hold the search bar on the site
Choose “Add Search Engine”
Go to Settings → Search and set it as default

Configuring custom search engine in Chome

Open Chrome
Go to Settings → Search engine → Manage search engines and site search
Under Site Search, click Add
- Search engine: RothITguy Search
- Shortcut: roth
- URL with %s: https://search.rothitguy.pro/search?q=%s
Click the three dots next to it → Set as default

Configuring custom search engine in Microsoft Edge (Chromium)

Open Edge
Go to Settings → Privacy, search, and services
Scroll to Services → Click Address bar and search
Click Manage search engines
Click Add
- Name: RothITguy Search
- Keyword: roth
- URL: https://search.rothitguy.pro/search?q=%s
Click the three dots next to the new engine → Make default

Configuring custom search engine in Brave

Go to Settings → Search engine
Click Manage search engines
Under Site Search, click Add
- Name: RothITguy Search
- Shortcut: roth
- URL: https://search.rothitguy.pro/search?q=%s
Use the menu to Set as default

Configuring custom search engine in Vivaldi

Go to Vivaldi Menu → Settings → Search
Click Add Search Engine
- Name: RothITguy Search
- Nickname: roth
- URL: https://search.rothitguy.pro/search?q=%s
Check Set as Default Search

Progress: Completed! 100% 100%

SimpleX Chat is a privacy-focused messaging platform that operates without any user identifiers, making it highly secure and private. Unlike traditional messaging services, SimpleX Chat does not store user accounts or personal data on servers. Instead, all user data is stored locally on client devices in an encrypted format, ensuring that only the intended recipients can access the messages.

The platform uses end-to-end encryption for all communications, including messages, images, videos, and files. It employs a double-ratchet encryption protocol and out-of-band key exchange to prevent man-in-the-middle attacks and ensure communication integrity. SimpleX Chat also features temporary anonymous pairwise identifiers for each user contact or group member, providing strong metadata privacy.

Additionally, SimpleX Chat supports decentralized groups, encrypted voice messages, disappearing messages, and audio and video calls.

The platform can be accessed via Tor for added anonymity. The combination of these features makes SimpleX Chat a robust choice for users seeking secure and private communication. I am now hosting my own services.

“Messages, files & calls are protected by quantum resistant e2e encryption with perfect forward secrecy, repudiation & break-in recovery.”

Progress: Completed! 100% 100%

Currently hosting my own email server using Mailcow. https://mail.rothitguy.pro

Mailcow is an all-in-one email server solution that leverages a variety of well-established and widely-used components to create a reliable, secure, and feature-rich email platform.

Each container represents a single application, connected in a bridged network.

Contact me to get an account!

Why Supporting RothITguy Mail Matters

Take Back Control of Email

RothITguy Mail runs on Mailcow, a powerful, open-source email suite that gives you full ownership of your inbox.

No Gmail-style scanning of messages for advertising or AI training.
No Microsoft or Yahoo “policy changes” suddenly locking you out of your own messages.
Every mailbox, alias, and domain is under your control—not a corporation’s.

End-to-End Privacy & Security

Your email is hosted on hardened, privacy-focused infrastructure with industry best practices:

TLS encryption for mail in transit.
SPF, DKIM, and DMARC for authentication—reducing spoofing and phishing.
Secure webmail and IMAP/SMTP access, with multi-device sync.
Optional encrypted mailbox storage to protect against server breaches.

Resilient, Spam-Resistant Email
RothITguy Mail is tuned for deliverability and spam filtering without selling out privacy:

Rspamd & ClamAV for spam and virus filtering.
Automatic TLS upgrades when available.
Blocklists that keep unwanted senders out while still allowing legitimate messages in.

Community Benefit
Many people want private, self-hosted email but don’t have the expertise to run it themselves. RothITguy Mail bridges that gap:

Offers a trusted, ad-free alternative to Big Tech email.
Grows a shared privacy network where more people benefit from stronger protections.
Reduces dependence on surveillance-driven communication platforms.

Funding Keeps It Running Smoothly
Maintaining a robust, public-facing mail system means:

High-uptime servers with redundancy and regular updates.
Security monitoring to prevent abuse or breaches.
Continuous tuning to ensure deliverability to major mail providers.

RothITguy Mail is your ad-free, surveillance-free email—no scanning, no profiling, no “free” service that sells your data. Every message is encrypted in transit and hosted on hardened infrastructure you can trust.

But privacy isn’t free to run. Your donation helps cover the servers, security monitoring, and maintenance that keep RothITguy Mail reliable and safe for everyone.

If you believe email should be yours—not theirs—support the cause.

Core Components and Their Functions

Component	Function
Postfix	Mail Transfer Agent (MTA) that handles sending and receiving emails via SMTP.
Dovecot	IMAP and POP3 server responsible for storing and retrieving email. It supports full-text search, Sieve filtering, and quota enforcement.
Rspamd	Spam filtering system with DKIM, DMARC, SPF, greylisting, and rate-limiting support. Learns from spam/ham feedback.
ClamAV	Antivirus scanner that scans incoming/outgoing mail for malware.
SOGo Groupware	Webmail interface with calendar, address book, and ActiveSync (mobile sync). Alternative front-ends like Roundcube are not included by default.
MariaDB	SQL database to store Mailcow configuration data like domains, mailboxes, aliases, etc.
Redis	In-memory key-value store used for caching and session management (e.g., for Rspamd and Dovecot).
PHP-FPM	Executes PHP scripts, required for the Mailcow admin panel and web interface.
Nginx	Reverse proxy and web server for the admin UI, webmail (SOGo), and ActiveSync.
ACME/Let’s Encrypt Companion	Automates SSL/TLS certificate generation and renewal.
Netfilter/Fail2Ban	Optional tools for blocking malicious IPs and brute-force attempts.
Watchdog	Mailcow’s custom watchdog script for container health checks and automatic restarts of failed services.
Dsync/Dovecot replication	Optional: for multi-node setups with email syncing across servers.

User Interface

There are two main user interfaces

1. Admin UI

Feature	Description
Dashboard	Overview of mail system health, queue size, spam/ham stats, watchdog status, and service uptime.
Domain Management	Add/remove email domains, configure limits (mailboxes, aliases, quota).
Mailbox Management	Create/edit/delete users, assign passwords, quota, send limits, Sieve scripts, etc.
Alias & Forwarding	Set up aliases and forwarders per user or domain.
DKIM Key Management	Generate and rotate DKIM keys. TXT records are shown for DNS configuration.
Relay Settings	Configure domain-wide or global SMTP relays (e.g., for SendGrid, SES, etc).
Blacklist/Whitelist	Rspamd integration for managing sender/recipient rules.
Quarantine Viewer	Manages spam/junk quarantines with preview and release functions.
Rspamd Charts	Real-time stats and analytics via Rspamd UI.
System Logs	Syslog, mail logs, dovecot logs, and postfix queue visibility.
TLS/SSL Settings	Status of Let’s Encrypt or manually managed TLS certs.
Configuration Export/Import	Backup settings and domain/mailbox configuration via JSON.
2FA for Admins	OTP-based two-factor login for the admin panel.

2. User UI (Self-Service Panel)

Feature	Description
Password Change	Users can securely change their mailbox password.
Sieve Filters	Create rules to sort, forward, reject, or auto-reply to mail.
Out-of-Office (Vacation)	Set start/end dates and auto-reply messages.
Alias Management	View aliases or redirect targets (if permitted by admin).
Spam Training	Some setups allow users to mark email as spam/ham, feeding Rspamd.
ActiveSync Device Control	Users can wipe or block connected mobile devices (via SOGo).

Advanced Features

Authentication & Security

2FA Support for admin panel (TOTP-based)
Fail2Ban and Netfilter rules to block brute force and spam bots
Per-user and per-domain TLS policy enforcement
Submission port 587 and SMTPS on port 465 with authentication
Mail rate limiting (outbound limits per mailbox/domain)

Mail Delivery Features

Sieve scripting for advanced mail filtering and actions
Greylisting to reduce spam by delaying first-time senders
Rspamd pre-filters with custom Lua rules
Sender reputation-based throttling

Relaying and Routing

Outbound relays: Configure SMTP relay per domain or globally (e.g., Gmail/SES integration)
Inbound filtering: Can route incoming mail through 3rd-party services before delivering
Recipient verification before relaying (anti-spam measure)

Backup & Restore

helper-scripts/backup_and_restore.sh: Easy full system and mailbox backup/restore
Works with rsync, rclone, or direct tarballs
Can exclude virus quarantine and logs to save space

Mail Sync and Replication

Dovecot dsync (experimental): Allows mailbox replication across nodes
Useful in HA or DR scenarios

Monitoring & Metrics

Rspamd Web UI: Live filtering stats, Bayesian database, reputation score, etc.
Netdata (optional): Real-time system resource monitoring
Prometheus/Grafana integration: Community-built exporters available

Mobile & Client Integration

Autodiscover/autoconfig for automatic email client setup (Outlook, Thunderbird, iOS)
ActiveSync via SOGo, including support for contacts and calendars
CalDAV/CardDAV support for cross-device syncing (Nextcloud, Thunderbird, iOS)

Developer/Automation Features

REST API: Manage domains, mailboxes, aliases, DKIM, etc.
- Swagger UI available under /api
Hooks: Execute scripts on specific mail actions (e.g., quarantine, delivery)
LDAP integration: (Experimental/community) for user management

Progress: Completed! 100% 100%

Currently hosting my own SIEM using Wazuh. https://sec.rothitguy.pro

RothITguy Security delivers enterprise-grade threat detection—without the corporate surveillance, vendor lock-in, or massive price tag. Every log, alert, and security event stays on privacy-focused, self-hosted infrastructure you can trust.

But defending against modern cyber threats takes serious resources. Your donation funds the servers, bandwidth, updates, and tuning that keep RothITguy Security running 24/7 for everyone—free, open, and independent.

If you value security without spying, help keep it alive.

Why Supporting RothITguy Security Matters

Security That Works for You, Not Against You
Wazuh is an open-source XDR (Extended Detection & Response) and SIEM (Security Information and Event Management) platform.

Unlike commercial systems that tie you to costly licenses, Wazuh is free and transparent—you can inspect every line of code.
No hidden “telemetry” sent back to a vendor; all data stays on infrastructure you trust.
You get enterprise-grade detection without corporate surveillance baked in.

Continuous Threat Detection
RothITguy Security monitors endpoints, servers, and cloud workloads in real time:

Log analysis: Correlates system, application, and network logs to detect unusual activity.
File integrity monitoring (FIM): Instantly alerts you to unauthorized changes in critical files.
Vulnerability detection: Identifies outdated or risky software before attackers exploit it.
Malware detection: Flags malicious behavior patterns across systems.

Incident Response & Automation
RothITguy Security doesn’t just detect problems—it can respond to them:

Automatic remediation scripts to isolate compromised systems.
Real-time alerts via email, messaging, or API integrations.
Custom rules to match your security needs (e.g., blocking repeated login failures).

Privacy-Conscious Security
Big-name monitoring tools often funnel data to centralized vendor servers. RothITguy Security doesn’t.

All logs and telemetry remain within self-hosted infrastructure.
No third-party analytics, tracking pixels, or “optional” data sharing.
Designed for compliance with privacy-focused standards and regulations.

Accessible Security for All
Most small teams and individuals can’t afford commercial SIEM/XDR licenses—often costing thousands per month.

RothITguy Security offers the same class of protection at no cost to users.
You don’t need a dedicated security engineer to benefit—users get a pre-configured, tuned system.
By keeping it public, more users benefit, which strengthens the entire privacy and security community.

Funding = Stability & Expansion
Keeping Wazuh running for the public requires:

High-availability servers to ensure uptime during attacks.
Regular rule updates to detect the latest threats.
Performance tuning so monitoring doesn’t slow systems down.
Continuous security hardening to keep the platform itself safe from compromise.

Donations directly pay for the hardware, bandwidth, and time required to keep RothITguy Security operating at a professional, trustworthy level.