Things I did this week. (May 6-15)

What did Pablo do this week?

  • Took some pictures on my film camera.
  • Celebrated my birthday.
  • Went to San Francisco
  • Ate Pan Dulce
  • Packed my bags.
  • Wore Cool Sunglasses
  • Got film developed.
  • Added check-ins on my notes.
  • wrote 2 blog posts this week.

Not Smiling Every Single Moment

Image without description

Ever since I was young, I was the guy who always had a smile on his face. I mean like 90% of the time. Any where I went, any where I was spotted, any encounter. I, Pablo Morales was the smiling kid.


Smiling would help me put on a façade or a filter to mask the many emotions I feel at any given moment.


When I visit Mexico, I've learned not to smile as much. I just experience life differently. I try not to stand out. I am always happy to see the people I love.

When I was studying in Europe, I truly learned not to smile. Many Europeans don't smile when they are out and about with their day. During studying abroad, I made it a goal to not stand out as an "American", especially during the political turmoil happening in the United States.

Even when I reverted back to my "typical smiling," I never truly reverted back.

It's okay not to smile

By not smiling, I am learning to express myself more. I can be in a great mood but not smile? Yes, I can! By smiling all the time, it taught me I wasn't true to myself. I wasn't being fair to myself. I was defrauding myself. How can I be a real person if I can't express myself?

Am I happy?

You're asking yourself this question? Is Pablo Morales, actually happy with himself? Yes, I am happy.

Has it been hard to love myself? Yes. Overall, happiness does not fall into one size fits all scenario.

There is a side of me that I am afraid to explore. I have a battle ahead. I am still looking for this battle with a smile or frown.

Image without description

Image without description


My Favorite New York Times Interactives

Image without description Screenshot of 2021: The Year in Visual Stories and Graphics | Copyright The New York Times

Many people who know me personally, know that I love the New York Times. I'll get straight to the point... I love their Interactives. New York Times (NY Times) interactive articles allow me to visualize and get a deeper understanding of what is trying to be conveyed. Some interactives are very simple to very complex in nature. The interactive visuals are amazing.

Since I am really into photography, I really appreciate the the beautiful photography across the New York Times but the interactives take the cake! I will literally drool hours upon hours just reading and browsing the beautiful photography. The videography was amazing as well. I used some videos from the interactives as examples or inspiration. on how to become better at using the camera, and make better content, overall.

The New York Times is great at their web development. It really has helped me become better at designing on the web and becoming more visual. I am no where near any good web designer/web developer.

My first interactive, which I don't think they called interactive at the time, was Snow Fall back in 2012.

The categories of Interactives that I enjoy are (in no particular order):

  • Environment
  • Education
  • Latin America
  • Politics
  • Technology
  • Travel

Here is my top 5 6 New York Times Interactives. If you need access to an article, I can help you out. Just send me an email at


Podcasts I am currently listening

I remember when I was a kid in the early 2000s when iTunes was at the height of its popularity. I used to get a free song of the week, which was baller! Who doesn't like free music. Then one day I stumbled upon the podcast section of iTunes. I remember seeing lots of podcasts on there. If my memory recalls correctly, podcasts were not only audio but also certain podcasts were available as videos. Often these videos were extras, bloopers, behind the scences, interviews, etc. I've been enamored with podcast at an young age. For ten years or so, I remember simply falling off of podcasts. I regret that very much. Better late than never to jump back on. I wish I could remember the name of the podcasts I used to listen to.

I am sharing the podcasts I enjoy listening too. I am always looking for more. If you have any goodones to share, email me at I'd be happy to take with open arms any suggestions.

Listen wherever you get your podcasts.

New York Times

The Daily from the New York Times

First Person from the New York Times

Hardfork from the New York Times

The Ezra Klein Show

Gimlet Media/Spotify

Heavyweight from Gimlet Media

Science VS from Gimlet Media

Try Guys

The Try Pod by The Try Guys

World Languages


Reddit Based


Crooked Media

Offline with Jon Favreau


Setting Up Vouch Proxy using Nginx

Location: 38.581573, -121.494400

Blog Post on this using Indieauth coming soon!

Table of Contents

Image without description


Recently I have started experimenting with identity. An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once.

Today, I'll demonstrate how to setup Vouch Proxy on an nginx web server. In this example I will be using Google as our provider

This tutorial assumes you have prior knowledge of using a linux server such as Debian. Message me at if you need some help. I'd be happy to do so!

What Vouch Proxy Does?

According to the Repository, it states the following:

Vouch Proxy (VP) forces visitors to login and authenticate with an IdP (such as one of the services listed above) before allowing them access to a website.

Vouch Proxy protects websites

VP can also be used as a Single Sign On (SSO) solution to protect all web applications in the same domain.

Vouch Proxy is a Single Sign On solution

After a visitor logs in Vouch Proxy allows access to the protected websites for several hours. Every request is checked by VP to ensure that it is valid.

VP can send the visitor's email, name and other information which the IdP provides (including access tokens) to the web application as HTTP headers. VP can be used to replace application user management entirely.

Things you'll need/prepare:

  • A linux server with a public IP address with hosting and SSL
    • Debian will be used here but any of the common distros will work
    • Certbot is an easy solution to get SSL certifcate for https://
  • Go Language (to compile vouch-proxy)
  • Vouch Proxy

  • Nginx Web Server

    • Digital Ocean has a good guide if you need to learn how to setup virtual blocks in nginx.

Download/Install Vouch Proxy from Github

Make sure to have Go Lang installed

$ git clone
$ cd vouch-proxy
$ ./ goget
$ ./ build

Vouch Proxy Nginx Virtual Block

Let's go ahead and create a virtual block to proxy Vouch Proxy.

server {
        server_name;  # spoint this to a subdomain. You an call it whatever you wish.

  # Proxy to your Vouch instance
  location / {
    proxy_set_header  Host; # make sure this matches the server_name, above
    proxy_set_header  X-Forwarded-Proto https;

Let's go ahead and create a virtual block for a regular nginx website site or edit an existing virtual block. This is the website/service that you will protect with Vouch Proxy.

In this example I am using a php web app. If you a non php site site to work you can remove this location block and and edit it to your needs.

Google Cloud Console

Google Cloud Console API

Before we modify the config.yml, lets create an OAuth 2.0 Client ID and Client Secret which you will paste into the config.yml file.

You will have to do the following 1. Create a Project

  • Call it whatever you like.
  • I called it oauth
  1. Create Credentials
  • You'll create the client ID and client secret (don't worry if you do the following steps and forget to copy these down. They will be available for you to copy at any time.
  1. OAuth consent screen
  • App Name:
  • This is where you will need to setup where your redirect URL is Just like the server_name set in the nginx virtual block config above.
  • Authorized Domain: (just the base domain)
  • Fill out any other required fields

Modify your config.yml

# Vouch Proxy configuration
# bare minimum to get Vouch Proxy running with google

  - #optional unless you would like to use another domain that configured on the same server/machine

  # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate with Google
  # allowAllUsers: true

    # allow the jwt/cookie to be set into (defaults to true, requiring 
    secure: false
    # vouch.cookie.domain must be set when enabling allowAllUsers
    #  domain:

  provider: google
  # get credentials from...
  client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
  # Google may require callback_urls (redirect URIs) to be 'https'
    - #optional unless you would like to use another domain that configured on the same server/machine
  preferredDomain: # be careful with this option, it may conflict with chrome on Android 
  # endpoints are set from

Nginx Virtual block protected by Vouch Proxy

server {
        listen 80;
        listen [::]:80;
        root /root/to/web/directory;
        index index.php index.html;

location / {
        try_files $uri $uri/ /index.php$is_args$args;
    client_max_body_size 100m;

location ~* \.php$ {
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;# Adjust to your setup
  include fastcgi.conf;
        fastcgi_index yellow.php;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;


Eventually you will need to secure your site with SSL/TLS that makes your site use https://. Google will require that your traffic is secure with using it as 0auth as the method used to sign in to your protected website.

Do this after you have the survey blocks working in the following section.

Here is the link for Certbot for Debian. I have tested this on Debian 10 & 11. [](Link for Certbot)

Cert bot can do this for you as long as you have the subdomain in your DNS pointing to your machine and have cert bot installed. It'll add these blocks in your


server { 

   server_name  # or the domain of protected site will be in place of ** by certbot

                                .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80;
        listen [::]:80;

    return 404; # managed by Certbot


Let's check for errors in nginx. Type the following command.

nginx -t

You should see something similar to this:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Let's open a browser tab or window!

Note: I'm using firefox. (Preference). Any modern browser should work.

Type in the protected app' URL in the address bar

Image without description

Sign in to Google

Sign in with an email that is allowed to sign to access the website when you configured it in Google Cloud Console. Image without description

Voila, the protected page.

Here is the home page of a Bludit CMS on subdomain acting as "" 25%