Prerequisites

• A Laravel 12 application

• A Hetzner Cloud account with Object Storage enabled

• Composer installed on your development machine

Step 1: Install the AWS SDK for PHP

Laravel uses the AWS SDK for PHP to interact with S3-compatible storage services. Install it using Composer:

composer require league/flysystem-aws-s3-v3 "^3.0" --with-all-dependencies

Step 2: Create Hetzner S3 bucket and generate credentials

Create new bucket via interface on hetzner.com and remember your bucket name:

Than generate your credentials:

Step 3: Configure Hetzner S3 Credentials

Add your Hetzner S3 credentials to your Laravel application's .env file:

HETZNER_S3_ACCESS_KEY_ID=your_access_key
HETZNER_S3_SECRET_ACCESS_KEY=your_secret_key
HETZNER_S3_BUCKET=your_bucket_name
HETZNER_S3_ENDPOINT=https://fsn1.your-objectstorage.com

Replace your_access_key, your_secret_key, and your_bucket_name with your actual Hetzner S3 credentials and bucket name.

Step 4: Update Filesystem Configuration

Open config/filesystems.php and add a new disk configuration for Hetzner S3:

'hetzner' => [
    'driver' => 's3',
    'key' => env('HETZNER_S3_ACCESS_KEY_ID'),
    'secret' => env('HETZNER_S3_SECRET_ACCESS_KEY'),
    'region' => 'us-east-1',
    'bucket' => env('HETZNER_S3_BUCKET'),
    'endpoint' => env('HETZNER_S3_ENDPOINT'),
    'use_path_style_endpoint' => true,
    'throw' => false,
    'visibility' => 'private',
],

Step 5: Use Hetzner S3 in Your Application

Now you can use Laravel's Storage facade to interact with your Hetzner S3 bucket. Here are some examples:

Uploading a File

use Illuminate\Support\Facades\Storage;

$file = $request->file('avatar');
$path = Storage::disk('hetzner')->put('avatars', $file);

Retrieving a File

use Illuminate\Support\Facades\Storage;

$url = Storage::disk('hetzner')->url('avatars/filename.jpg');

Deleting a File

use Illuminate\Support\Facades\Storage;

Storage::disk('hetzner')->delete('avatars/filename.jpg');

Step 6: Handle File URLs

If you have private bucket (you should) - you can generate URLs of file when needed with temporaryUrl

use Illuminate\Support\Facades\Storage;

Storage::disk('hetzner')->temporaryUrl('avatars/filename.jpg', now()->addMinutes(5));

Price

Hetzner's Object Storage pricing structure is designed to be both flexible and cost-effective. The service operates on a base price of €0.0081 per hour for Object Storage runtime, with a monthly cap of €4.99 for all Buckets under a project owner's account. This base price includes a generous allocation of 1 TB of storage (up to 744 TB-hours) and 1 TB of traffic across all Buckets in your account. Should you exceed these included quotas, additional storage is billed at €0.0067 per TB-hour, while extra traffic incurs a cost of €1.00 per TB. It's worth noting that all prices quoted exclude VAT, providing transparency in the cost structure. This pricing model allows users to start small and scale as needed, with the monthly cap offering predictability for budgeting purposes.

Conclusion

You've successfully integrated Hetzner S3 Object Storage with your Laravel 12 application. This setup allows you to leverage Hetzner's robust and scalable storage solution while using Laravel's familiar Storage facade. Remember to handle your S3 credentials securely and consider using Laravel's built-in configuration caching for production environments.

For more advanced usage, refer to Laravel's official documentation on file storage and the AWS SDK for PHP documentation.

Hetzner Docs are available here: https://docs.hetzner.com/storage/object-storage/

Welcome to register on Hetzner with my referrer link: https://hetzner.cloud/?ref=jjQEPZtflL9T

A self-employed person (osek murshe or osek patur) must independently deposit sums of money for pension savings, at the rates detailed in this article, until the end of the tax year

A self-employed worker is entitled to tax benefits for self-employed deposits for pension insurance

A self-employed person may deposit additional amounts for pension insurance beyond the amounts set by law, thus increasing his pension savings and pension allowance as well as benefiting from additional tax benefits

The minimum deposit rate for pension insurance

• For a part of the income that is up to half of the average salary in the economy (i.e. for the first NIS 71,220 in the tax year) 4.45% of the income must be deposited.

• For the rest of the income up to the average salary in the economy (i.e. up to NIS 142,440 per year) - 12.55% must be deposited.

• For the part of the income above the average salary (i.e. for every shekel above NIS 142,440 per year) - there is no obligation to deposit for pension insurance. Self-employed persons who wish to increase their pension savings may set aside this part of their salary for pension insurance as well.

• These rates will be calculated from the self-employed person's income after deducting from it the deductions permitted by law, and before deducting from it the deductions due to a deposit to a training fund, pension insurance or another provident fund for annuity.

Examples of the amount of deposits for pension insurance

• A self-employed person whose annual income is NIS 96,000 (an average of NIS 8,000 per month) (after deductions for recognized expenses and before deductions for contributions to provident funds and education funds):

• A self-employed person whose annual income is NIS 180,000 (an average of NIS 15,000 per month) (after deductions for recognized expenses and before deductions for contributions to provident funds and education funds):

• A self-employed person whose annual income is NIS 180,000 (an average of NIS 15,000 per month) (after deductions for recognized expenses and before deductions for contributions to provident funds and education funds) and who wants to receive maximum tax benefits for deposits (of a maximum of 16.5% of income up to the ceiling set by law)

Self-employed who is also an employee at the same time

• A self-employed person who is employed at the same time as an employee at a certain workplace must contribute to the pension insurance himself, only if the amount set aside for him as an employee (the employer's contributions and the employee's contributions) is lower than the amount he must set aside as a self-employed person for his income from the business, and up to this amount.

Example

If the income of a self-employed person from the business requires a provision of NIS 5,000 for the pension insurance, and as part of his work as an employee the employer's contributions and the employee's contributions amount to NIS 4,000, he must deposit another NIS 1,000 as a self-employed person. If, as part of his work as an employee, the contributions of the employee and the employer exceed NIS 5,000, he is not required to deposit any amount for the pension insurance as a self-employed person.

Target population and prerequisites

• An independent worker who meets the following two conditions:

  1. He is between the ages of 21-60.

  2. He is registered as a value-added tax practitioner for at least 6 months.

• Despite this, a self-employed worker whose age on 01.01.2017 was 55 years or older is exempt from pension savings deposits.

The steps of the procedure

• You must contact one of the pension entities (pension funds, insurance companies or provident funds) where you can manage your pension savings, to open a savings account.

• You must choose the type of pension insurance ( pension fund, executive insurance or provident fund ) as well as the savings route in which the funds will be invested.

• Several forms must be filled out, which mainly include the insured's personal details as well as a letter of authorization to deduct the funds from the bank account.

• The insured may be required to provide medical information about his condition and even provide the pension body with medical documents ( underwriting procedure ).

• The deposits can be made at any time during the year. You can make multiple deposits or a one-time deposit. (Since in many cases self-employed workers can only verify the amount of their annual income near the end of the tax year, they may prefer to make a one-time deposit at the end of the year, then they will be able to know the amount of the required deposit).

• The contributions to the pension insurance must be made by the end of the tax year in which the payments are made.

• For information on the deposit procedure and the method of deposits, see independent deposits for pension insurance.

Violation of the obligation to deposit funds for pension insurance

• Beginning with the 2018 tax year, fines can be imposed on self-employed individuals whose income exceeds NIS 66,861 per year (as of 2023) and who have not deposited the amounts and rates stipulated by law into the pension insurance.

• Before imposing the fine, the centre for the collection of fines will send a notice to those self-employed included in the list, according to which if they do not deposit within 90 days the legally deficient contributions to the pension insurance, they will be fined.

• A fine of 500 NIS will be imposed on self-employed persons who received a warning and nevertheless did not deposit the amounts required for the pension insurance (the amount will be updated annually according to the index change rate).

• The fines will be imposed as of December 1, 2019, due to the 2018 tax year.

Tax benefits for the self-employed who deposited funds for pension insurance

• A self-employed person is entitled to tax benefits on pension insurance deposits.

• Tax benefits are also given for deposits in amounts and rates higher than the minimum deposit rates listed above.

• You can receive tax benefits for deposits of a maximum of 16.5% of income up to the ceiling set by law.

• The benefits will be given only for the year in which the funds were actually deposited for the pension insurance. That is why it is important to make sure that the funds reach the pension body where the pension savings are conducted before the end of December.

• For more information, see income tax benefits for independent deposits for pension insurance.

pay attention

The deposit for pension insurance does not affect eligibility for a work grant

• The deposit does not reduce the amount of income for eligibility for the grant.

  • Those whose income before the pension insurance deposit was too high and therefore were not entitled to the grant, will not be able to benefit from the grant by making a pension insurance deposit.

  • For more information, see Work grant (income grant, negative income tax) (in the paragraph "Incomes that affect eligibility for the grant").

The reduction of payments to the National Insurance due to independent deposits for the pension insurance

• Independent deposits for pension insurance may reduce the amount of "taxable income" for payments to the National Insurance Institute.

• A self-employed person who deposited sums for pension insurance and chose to receive a "deduction" benefit for them (up to the qualifying ceiling), will also benefit from a reduction in the amount of the National Insurance premiums and health insurance premiums at a rate that can reach 17.83% of the amount deposited for the pension insurance and recognized for the income tax deduction benefit.

• For more information, see income tax benefits for self-employed deposits for pension insurance (in the paragraph "The effect of the deposit for pension insurance on the payments to the National Insurance").

Withdrawal of funds in unemployment situations

• During the year 2021, a self-employed person who deposited funds for pension savings by the law, could withdraw certain amounts from the pension savings, in any of the following situations:

  • The independent closed the business.

  • The self-employed person has reached retirement age and has no income that is required to contribute to pension insurance.

  • The self-employed person stopped practicing his profession.

  • The self-employed person closed his business for a cumulative period of at least one month during the years 2020-2021 due to restrictions placed on opening businesses during the corona crisis (according to the law on special powers to deal with the corona virus ).

• For more information, see withdrawing funds from the pension insurance or provident fund for a self-employed person who has closed his business or stopped practicing his profession .

Important Information

• A self-employed person may deposit additional amounts for pension insurance beyond the amounts stipulated by law, and thus increase his pension savings (and the pension allowance ) and enjoy additional tax benefits.

• It is important to find out the terms of the pension insurance, including the amount of the management fees that the pension body collects from the savers. In some cases, it is possible to negotiate the amount of the management fee.

• It is important to choose the investment channel in which the funds that the saver deposits into the fund will be invested. For more information, see the selection of the investment route of the pension insurance funds .

• In addition, a self-employed person may deposit payments to a training fund for the self-employed, and enjoy additional tax benefits. For more information, see the Self-Employed Training Fund.

What is the most popular pension fund in Israel?

Some popular pension funds in Israel include:

• Altshuler Shaham

• Migdal Makefet

• Meitav

• Phoenix

If you are in Altshuler Shaham, they will provide you with details on how to send money and after every transfer, you need to send an email to sherut@altshul.co.il with this information:

• Screenshot of transfer from your bank

• and email like this:

  ```plaintext היי!

אני, [NAME SURNAME]:

תז: [ID]

סכום: [SUM[ שקלים

לשנת [YEAR] כולה, ב-[sum per month] שקלים לחודש

תודה ```

As I know now, LinkedIn has the option to control who can see your email address on your profile and in this small guide I will show you how.

To open this section, on the desktop version of their site click "Me":

Click "Settings & Privacy":

Click "Visibility":

And only now you can change your email visibility and hide it from robots and spammers:

Click "Only visible to me" and you are done.

There is another option, that works for any website – you can also generate an email alias with my HideMail.app or its browser extension (Chrome, Firefox). In case of email leaks leading to spam or unwanted messages, you have the option to switch to a new email alias and deactivate forwarding for the previous one.

It means you need to renew your app Push Notification Certificate. Here are the steps:

1. Login to Developers account -> Certificates, IDs & Profiles and verify the expiring certificate.

2. Go to Identifiers -> App IDs -> Click on the AppId -> Scroll down to Push Notifications -> Edit -> Click "Create Certificate" under "Production SSL Certificate".

3. Create certificate signing request from Keychain Access on your Mac:

   1. Launch Keychain Access -> Choose Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority.

   2. In the Certificate Assistant dialogue, enter an email address in the User Email Address field.

   3. In the Common Name field, enter a name for the key

   4. Leave the CA Email Address field empty.

   5. Choose “Saved to disk”, click Continue and save it in the computer.

4. Go back to the Apple developer site and upload the CSR created in the above step -> Continue -> Download the certificate on your Mac.

5. Double-click on the downloaded cert to install it in Keychain on your Mac.
   Open Keychain Access -> Certificates -> The new cert and its private key should be listed there.

6. Export the certificate for your push notification client: Right-click on the cert in the Keychain Access-> select "Export Apple Push Certificate: " -> leave the password empty -> save as a P12 file.

7. Login to Firebase -> Project settings -> Cloud Messaging -> APNs Certificates -> Upload your P12 file (Could be you use any other third-party instead of Firebase, find out yourself)

First, you need to open the Prometheus dashboard.

1. Connect to your server and forward port 9090:

ssh ${YUOR_USERNAME}@${YOUR_SERVER} -L 9090:localhost:9090

1. Open https://localhost:9090/graph on your browser

2. Write the PromQL query you need. See the examples below.

Example Queries

Usage

Data Bytes

By access key, protocol and direction

increase(shadowsocks_data_bytes[1d])

To aggregate by access key only:

sum(increase(shadowsocks_data_bytes[1d])) by (access_key)

This is the query used to calculate the usage for data limits (from manager_metrics.ts):

sum(increase(shadowsocks_data_bytes{dir=~"c<p|p>t"}[30d])) by (access_key)

By location, protocol and direction

increase(shadowsocks_data_bytes_per_location[1d])

Active Access Keys

sum(max(max_over_time(shadowsocks_data_bytes{access_key!=""} [1h])) by (access_key) > bool 0)

TCP connections

By access key, location and status

increase(shadowsocks_tcp_connections_closed[1d])

By location

increase(shadowsocks_tcp_connections_opened[1d])

UDP

Packets by location and status:

increase(shadowsocks_udp_packets_from_client_per_location[1d])

Associations (no breakdown):

increase(shadowsocks_udp_nat_entries_added[1d])

Performance

CPU usage by process:

rate(process_cpu_seconds_total[10m])

Memory by process:

process_virtual_memory_bytes

Reference

The full list of metrics provided by outline-ss-server can be found in its source code from line 61.

As curl GET request

If you want, you also can get the same data with CURL (GET request), for example, to get data usage (in bytes) by specific access key (1) for the last day:

curl -g 'http://127.0.0.1:9090/api/v1/query?query=sum(increase(shadowsocks_data_bytes{access_key="1"}[1d]))by(access_key)'

I decided to share what I have for my own Outline VPN Server - it simple bot where you can generate a new personal key to access this VPN server.

In the end, you will have Telegram chat id and @nickname of a user (if exist) inside a list of your outline VPN keys, like on cover for this post

Here is all code with a few comments, in general, you only need to create a telegram bot and put a token there, your chat id and outline server URL and Port.

<?php

const TELEGRAM_BOT_TOKEN = 'XXXXX:XXXXX'; // you can create new bot and generate this token with @BotFather bot - write there /newbot command
const TELEGRAM_BOT_ADMIN_CHAT_ID = 'XXXXX'; // your chat id, you can find it with @cid_bot bot

const API_PORT = 'PORT';
const API_URL = 'https://XXXXX:PORT/SOMEKEYFROMOUTLINE/';

function sendToTelegram(array $args, $url): void
{

    $curl = curl_init();

    $urlWithName = $url . urlencode('Name of your server for Outline VPN Client');

    $id = $args['message']['chat']['id'];
    $lang = $args['message']['from']['language_code'] ?? 'en';

    //if ($lang === 'en') {
    $message = 'Hello! I invite you to connect to my VPN (Outline) serverm so you will get access to the free Internet, wherever you are. Follow the instructions on the link provided in the invitation to download the app and set up your connection.

https://s3.amazonaws.com/outline-vpn/invite.html#' . $url . ' 

Have problems accessing the invitation link? Write to: @flatroy


Click and copy an access key: `' . $urlWithName . '`
';
//    } else {
    // with this IF you can add some message in different language if you want
    //  }

    $message = urlencode($message);
    curl_setopt_array($curl, [
        CURLOPT_URL => 'https://api.telegram.org/bot'.TELEGRAM_BOT_TOKEN.'/sendMessage?chat_id=' . $id . '&parse_mode=Markdown&text=' . $message,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 30,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => "GET",
        CURLOPT_POSTFIELDS => "",
    ]);

    $response = curl_exec($curl);
    $err = curl_error($curl);

    curl_close($curl);

    // send message to admin
    $curl = curl_init();

    $id = $args['message']['chat']['id'];


    // notify admin of bot
    $message = 'new user message: ' . $args['message']['text'] . " from @" . $args['message']['chat']['username'] . ' ' . $args['message']['chat']['id'] . ' ' . $args['message']['chat']['first_name'] . ' - lang: ' . $args['message']['from']['language_code'];

    curl_setopt_array($curl, [
        CURLOPT_URL => 'https://api.telegram.org/bot'.TELEGRAM_BOT_TOKEN.'/sendMessage?chat_id='.TELEGRAM_BOT_ADMIN_CHAT_ID.'&text=' . $message,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 30,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => "GET",
        CURLOPT_POSTFIELDS => "",
    ]);

    $response = curl_exec($curl);
    $err = curl_error($curl);

    curl_close($curl);
}


function main(array $args): array
{
    $API_PORT = API_PORT;
    $API_URL = API_URL;


    if ($args['message']['text'] === '/create' || $args['message']['text'] === '/start') {

        //check that if we already have key
        $name = "@" . $args['message']['chat']['username'] . ' ' . $args['message']['chat']['id'] . ' ' . $args['message']['chat']['first_name'] . ' - from My Bot';

        $curl = curl_init();

        curl_setopt_array($curl, [
            CURLOPT_PORT => $API_PORT,
            CURLOPT_URL => $API_URL . '/access-keys/',
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_POSTFIELDS => "",
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_SSL_VERIFYPEER => false,
        ]);

        $response = curl_exec($curl);
        $err = curl_error($curl);
        curl_close($curl);

        if ($err) {
            return ["body" => "cURL Error #:" . $err];
        } else {

            $keys = json_decode($response, true);
            foreach ($keys['accessKeys'] as $key) {

                if ($key['name'] === $name) {
                    //return ["body" => 'ok exists'];

                    sendToTelegram($args, $key['accessUrl']);
                    return ["body" => 'ok'];
                }
            }
        }

        $curl = curl_init();

        curl_setopt_array($curl, [
            CURLOPT_PORT => $API_PORT,
            CURLOPT_URL => $API_URL . '/access-keys/',
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "POST",
            CURLOPT_POSTFIELDS => "",
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_SSL_VERIFYPEER => false,
        ]);

        $response = curl_exec($curl);
        $err = curl_error($curl);
        curl_close($curl);

        if ($err) {
            return ["body" => "cURL Error #:" . $err];

        }

        echo $response;
        $data = json_decode($response, true);
        sendToTelegram($args, $data['accessUrl']);

        $curl = curl_init();

        curl_setopt_array($curl, [
            CURLOPT_PORT => $API_PORT,
            CURLOPT_URL => $API_URL . '/access-keys/' . $data['id'] . '/name',
            CURLOPT_CUSTOMREQUEST => "PUT",
            CURLOPT_POSTFIELDS => "name=" . $name,
            CURLOPT_HTTPHEADER => [
                "Content-Type: application/x-www-form-urlencoded"
            ],
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 30,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_SSL_VERIFYPEER => false,
        ]);

        $response = curl_exec($curl);
        $err = curl_error($curl);
        curl_close($curl);


        // limit traffic

        $curl = curl_init();

        curl_setopt_array($curl, [
            CURLOPT_PORT => $API_PORT,
            CURLOPT_URL => $API_URL . '/access-keys/' . $data['id'] . '/data-limit',
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "PUT",
            CURLOPT_POSTFIELDS => "{\"limit\":{\n\t\"bytes\": 200000000\n}}",
            CURLOPT_HTTPHEADER => [
                "Content-Type: application/json"
            ],
        ]);

        $response = curl_exec($curl);
        $err = curl_error($curl);

        curl_close($curl);

        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $response;
        }

    }
    return ["body" => 'ok'];
}

This code is done only to use on DigitalOcean (serverless) functions: you can read about it here - https://www.digitalocean.com/products/functions

Hope it will help anyone, cheers!