🇨🇦
I really don’t like the idea of every device automatically having a publicly reachable IP.
There’s certainly situations where that would be nice; but I’m quite fond of most equipment and services being behind a router and it’s firewall, requiring explicit configuration to be exposed to the open net.
Nobody outside my home network ever needs access to my toaster… (btw, why tf is my toaster wifi enabled…?)
My ISP blocks the ports needed for mail hosting :/
Pretty sure I’d have to go through them to get the rdns PTR records pointed at my domain too. PITA
Actually it looks like Caddy is supposed to set those automatically (I’m used to Nginx which doesn’t).
You’ll have to look at why the upstream isn’t accepting them then. I’m not familiar with azuracast.
X-Forwarded-For
And
X-Real-IP
The application you’re proxying also has to listen to these headers. Some don’t, some need to be told they’re ok to use. (if you enable them, but don’t have a proxy in front, users can spoof their ip using them)
https://blog.cloudflare.com/updated-tos/
Finally, we made it clear that customers can serve video and other large files using the CDN so long as that content is hosted by a Cloudflare service like Stream, Images, or R2.
I will always recommend Borg backup just because of it’s compression+de-duplication algorithms:
550gb of raw data, 20 historical backups going back over a year (10.98tb of data total), only 400gb of disc space used to store them all…
You can backup directly to remote servers via ssh, nfs, or directly between two borg instances, optionally encrypted in transit and at rest.
Borg is a CLI tool normally, but there are a number of GUI frontends you can use if you really want: Vorta, BorgWeb, and BorgWarehouse for example. (I’ve not used any of these, just examples from a google search)
Create share links allowing anyone with the link (+ optional password) to browse and download individual files, or whole folder contents.
If someone needs to send me a file, I can create a user for them in a few seconds; so they can upload to that as well.
… Try ~12 million.
Its 2025, not 2023; your graph is old af.
/edit for some reason I completely skimmed the title and focused on the quoted text… Ocf it’s old, it’s talking about the most upvoted post on lemmy 🤦
I definitely recommend it, particularly using docker compose. It’s made it incredibly easy to add, remove, and modify software installs; keeping everything independent and isolated from each other.
This also makes backups and rolling back updates to individual projects much easier when you do run into problems.
Hmm, I wonder if the failed updates are only direct installs vs docker.
I run two piholes, a primary on a rpi 3b running pios, and a secondary on my main server. Both are installed via docker and both updated without issue (besides the password thing).
I like having the primary DNS on a separate machine; it’s kind of important and I like to mess with the main server a lot…
Interesting; I’ll definitely have to keep that in mind. Much cheaper than getting basically a whole new set of hdds at almost $30/tb (new nas-grade drives, not referbs).
Thanks!
What hardware are you using to read/write tape, and what does that cost you?
I’ve got around 30tb that I need to shift off of a Drobo at some point so I can repurpose the drives into a proper RAID setup that isn’t a closed source black-box from a dead company (that was a poor choice, 6 years ago 🙁). Keeping an eye out for solutions for when I get around to fixing that mess.
I wonder why so many people had issues with the v6 pihole update.
I pulled the new docker container and it ran overtop the previous version just fine. The only issue I had was I had the admin password set to empty via an env variable and that variable name changed. Took like 10 min to find and fix. The rest migrated perfectly.
Now I’m just waiting on orbital-sync to add v6 support, but that’s just around the corner and not that critical.
95% of things I just don’t expose to the net; so I don’t worry about them.
Most of what I do expose doesn’t really have access to any sensitive info; at most an attacker could delete some replaceable media. Big whoop.
The only thing I expose that has the potential for massive damage is OpenVPN, and there’s enough of a community and money invested in that protocol/project that I trust issues will be found and fixed promptly.
Overall I have very little available to attack, and a pretty low public presence. I don’t really host any services for public use, so there’s very little reason to even find my domain/ip, let alone attack it.
Looking at openspeedtests github page, this immediately sticks out to me:
Warning! If you run it behind a Reverse Proxy, you should increase the post-body content length to 35 megabytes.
/edit;
Decided to spin up this container and play with it a bit myself.
I just used my standard nginx proxy config which enables websockets and https, but I didn’t explicitly set the max_body_size like their example does. I don’t really notice a difference in speed, switching between the proxy and a direct connection.
So, That may be a bit of a red herring.
Should check which ports.
Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)
I only really want 443 for simplicity, everything else can be random ports.
Public IPV4 here. It’s not static, but very rarely rotates. DDNS ftw.
Telus Residential in Canada.
DoH on the lan between devices is completely pointless; I’m talking about DoH between the lan and external dns which unbound does NOT do.
This part always confuses me, so I won’t be able to give specifics; just a general direction. Most guides explain how to route traffic from a vpn client to the lan of the vpn host. You need to route traffic from the vpn host/lan to a client of the vpn.
You need to change the routing table on the VPS, adding a static route to route traffic heading for your VPNs subnet to the VPN host instead of out the default gateway.
How exactly to do that I’ll have to leave to someone else unfortunately. Network config confuses the hell out of me.
Where in the world did you get that idea?
VPNs serve three functions:
add a layer of encryption so your local network operator and ISP can’t inspect your traffic, its contents and its true destination. (this is what OP is looking for)
make it appear to the service you are connecting to, that you are connecting from a different location than where you actually are. (for example make Netflix think you’re in a different region to show you different content)
provide secure access to private services that are not exposed directly to the Internet. IE securely connecting devices on seprate LAN networks together over the Internet via an encrypted tunnel. This is a VPNs true purpose and how they are primarily used in Professional/Comercial settings. (pretty much every corporation you’ve ever interacted with runs a VPN that connects its stores/warehouses/offices together)