NPM - What services need what toggled?

Submitted ⁨⁨7⁩ ⁨months⁩ ago⁩ by ⁨Sunny@slrpnk.net⁩ to ⁨selfhosted@lemmy.world⁩

https://slrpnk.net/pictrs/image/caa31cff-0de2-4977-aab8-45bf3ea45296.webp

Hiya, just got NPM installed and working, very happy to finally have SSL certs on all of my serivces and proper URLs to navigate to them, what a breeze! However, as I am still in the learning process: I am curious to know when to enable these three toggles and for what services. I assume the “Block Common Exploits”, can always be turned on. But unsure about the two others. Some applications have not worked until I turned on the Websockets Support, but I dont really know what it does, nor do I know what applications need this in order to fully work. Are there any thumb rules for these things?

Appriciate any pointers! 🌻

source

Comments

Sort:hotnew top

taaz@biglemmowski.win ⁨7⁩ ⁨months⁩ ago
I don’t use nginx proxy manager but websocket has to be enabled for apps that use websockets (duh) - you would have to dive into docs or example infra configs to check if the service uses it.
Rule of thumb here would be to enable it for everything. Optionally you could check if the service works with/without it.

source
- Sunny@slrpnk.net ⁨7⁩ ⁨months⁩ ago
  I see, thanks for the clarification!
  
  source
biscoot@lemmy.getmeotter.work ⁨7⁩ ⁨months⁩ ago
Probably not best practice, but I automatically check Block Common Exploits and Web Sockets every time because I’m lazy. Works every time.

Not sure what Cache Asset does, but I can guess from the name. I leave this one off because my NPM runs on a VM with not much storage

source
chiisana@lemmy.chiisana.net ⁨7⁩ ⁨months⁩ ago
I don’t use NPM but if “Cache Assets” means what it means in the traditional sense, it wouldn’t affect most home deployments.

Historically, resources are limited and getting Apache to load images/javascript/CSS files from disk each time they’re requested, even if the OS kernel eventually caches them to RAM, was a resources intensive process. Reverse proxies stepped up and identifies assets (images, JS and CSS), and stores them in memory for subsequent requests. This reduces the load on the Apache web server and reduces the hops required to serve the request. Thereby making everything faster.

For homelabs, and single user systems, this is essentially irrelevant, as you’re not going to be putting so much load on the back end system to notice the difference. May be good to still turn it on, but if you’re noticing odd behaviors (ie updates to CSS or images not taking), it may be a good idea to turn it off to see if that’s the culprit.

source