There are a few things I don’t like about this scoring system :

• Why is there a “Top Provider Content Share” metric if its gonna score the same as the “Top Provider User Share” every time ?
• Why is the Top Provider Content Share not higher than the user share ? For instance, emails usually have at least one sender and one recipient, making it twice as likely that at least one of them is using gmail. If an email has 10 recipients across 10 different providers, each provider has a copy of the data
• Why is ease of hosting a mail server rated so well ? How is “leveraging email hosting services” decentralized in any way ?
• Why are we using a random repo created a few hours ago by a random github user as a reference ?

If you are interested in web technologies, you can turn your python program into a local API using something like Flask, then make a web interface using HTML/JS.

Alternatively, if your databases are on a filesystem that supports snapshots (LVM, btrfs or ZFS for instance), you can make a snapshot of the filesystem, mount the snapshot and backup thame database from it. This will ensure the backup is consistent with itself (the backed up directory was not written to between the beginning and the end of the backup)

Enabling multi DC redundancy is really easy though. The other providers you mentioned may have it by default, but they’re also a lot more expensive.

I love that they let me pick my own redundancy strategy, without forcing me to pay for theirs

ENS stands for Ethereum Name Service

I’m personally using Docker MailServer. It’s been working great for over a year now, but mailu seems to have some interesting features (I’m especially interested in the admin panel)

You’re probably behind a CGNAT, check out the other comments

Glad I could help :)

Your ISP might make you go through another layer of NAT. Can you find the WAN IP address of your router and compare it to your public IP address from a website such as ipinfo.io ?

If they do not match, you’re probably out of luck and will need to forward your port from an actually public IP in order to achieve what you want

More details : CGNAT (Carrier Grade Network Address Translation) is basically a second router between your router and the public internet. This second router is configured in the same way as your personal one, the main difference being that your ISP fully manages it. From the viewpoint of this second router, your WAN IP is a private IP, and you share one actual public IP with several other customers (the same way all devices on you LAN share one single WAN IP)

Performing port forwarding from the public internet to your LAN, when behind a CGNAT, would require you to be able to configure a forwarding rule in the ISP’s NAT, which you usually cannot do.

Something’s odd with the numbers from fediverse observer. Numbers shown in monthly graphs should be about 30 times higher than numbers shown in daily graphs, but they are about the same

I can recommend some stuff I’ve been using myself :

• Dolibarr as an ERP + CRM : requires some work to configure initially. As most (if not all) features are disabled by default, it requires enabling them based on what you need. It also has a marketplace with a bunch of modules you can buy
• Gitea to manage codebases for customer projects. It can also do CI but I’ve not looked into it yet
• Prometheus and its ecosystem (mostly promtail and grafana) for monitoring and alerting
• docker mail server : makes it quite easy to self host a full mail server. The guides in their doc made it painless for me to configure dmarc/SPF/other stuff that make e-mail notoriously hard to host
• Cal.com as a self hostable alternative to calendly
• Authentik for single sign-on and centralized permission management
• plausible for lightweight analytics
• a mix of wireguard, iptables and nginx to basically achieve the same as cloudflare proxying and tunnels

I design, deploy and maintain such infrastructures for my own customers, so feel free to DM me with more details about your business if you need help with this

I’m pretty sure they are actually hosting it. The tech is quite different (cofractal uses urls ending with {z}/{x}/{y}, while their tile sever uses this stuff that works quite differently)

They told me about hosting their own tile server earlier today. I’m really impressed by how fast they moved !

A pull request for a privacy page during the onboarding is in the works, and I’ve been working with them to update the settings page and documentation (with the goal of providing an easy way to switch map providers). They are also working on a privacy policy, and want to ship all of this in a few weeks as part of a single release.

Once again, I’m really impressed with how well they’re handling this

never stopped POSTing, even though I configured nginx to always respond 403 to anything from them for about a year now.

Lol, there are definitely some stubborn user agents out there. I’ve been serving 418 to a bunch of SEO crawlers - with fail2ban configured to drop all packets from their IPs/CIDR ranges after some attemps - for a few months now. They keep coming at the same rate as soon as they get unbanned. I guess they keep sending requests into the void for the whole ban duration.

Using 418 for undesirable requests instead of a more common status code (such as 403) lets me easily filter these blocks in fail2ban, which can help weed out a lot of noise in server logs.

Your sensitive data and logins are tied to email addresses, which are tied to domains. Lose your domain, someone can access everything.

I recently stumbled upon an article showing how bad this can be when the expired domains were used for important/serious stuff

I think they do get marked as dead after the Bodis subdomain does not act as a Lemmy instance. But I was wondering if a large number of instances “waking up from the dead” and acting maliciously could cause some trouble. Or would such “undead” instances pose no more threat to the fediverse than the same number of newly created malicious instances ? I’m mainly thinking about stuff like being in a privileged position to DoS most instances at once, or impersonation of accounts that used to actually exist on these “undead” instances

Is named actually running as the bind user inside the container ? Maybe a USER bind line below the RUN lines will help.

I’ll probably look into newer fancier options such as Caddy one day, but as far as I remember Nginx has never failed me : it’s stable, battle tested, and extremely mature. I can’t remember a single time when I’ve been affected by a breaking change (I could not even find one by searching changelogs) and the feature set makes it very versatile. Newer alternatives seem really interesting, but it seems to me they have quite frequent breaking changes and are not as feature rich.

That being said, I’d love to see side-by-side comparison of Nginx and Caddy configs (if anyone wants to translate to Caddy the Nginx caching proxy for OSM I shared earlier this week, that would make a good and useful example), as well as examples of features missing from Nginx. This may give me enough motivation to actually try Caddy :)

(edit : ad->and)

I don’t use nginx-proxy-manager, but if you want to share what you tried, I will try to help you figure what’s not working

It’s the clients (web/android app, probably iOS too) that are making these requests.

To the best of my knowledge, the Immich server inside the container is not making requests to the outside. It is merely sending a style.json to the client displaying a map, which then fetches tiles from the Cofractal URL inside this JSON.