Perhyte
@Perhyte@lemmy.world
- Comment on Forgot to pay my domain for a year and now I have to spend £2200 ($3000) if I want to get it back 3 months ago:
If you don’t mind using a gibberish .xyz domain, why not an 1.111B class? ([6-9 digits].xyz for $0.99/year)
- Comment on Docker network internet access 3 months ago:
Any chance you’ve defined the new networks as “internal”? (using
docker network create --internalon the CLI orinternal: truein your docker-compose.yaml).Because the symptoms you’re describing (no connectivity to stuff outside the new network, including the wider Internet) sound exactly like you did, but didn’t realize what that option does…
- Comment on Cloudflare is bad. Youre right. 4 months ago:
It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware.
For TLS-based protocols like HTTPS you can run a reverse proxy on the VPS that only looks at the SNI (server name indication) which does not require the private key to be present on the VPS. That way you can run all your HTTPS endpoints on the same port without issue even if the backend server depends on the host name.
This StackOverflow thread shows how to set that up for a few different proxy setups.
- Comment on Popular git config options 8 months ago:
Somehow my
.gitignoreseems to have grown by about 20 lines after reading this article. How mysterious… - Comment on Player Character builder 8 months ago:
Aurora is no longer maintained, but it still works just fine. It’s a Windows app, so not web-accessible or anything, but it’s free. It only contains the SRD content by default (probably for legal reasons), but there’s at least one publicly-accessible elements repository for it that you can find using your favorite search engine.
- Comment on In search for free domain I got one but some questions 9 months ago:
That domain currently hosts a “this domain may be for sale” page, but it’s been registered since 2005 so it’s definitely not because of this post.
- Comment on Google admits it's making YouTube worse for ad block users 10 months ago:
Is that why I haven’t had any problems? I thought it was either Google A/B testing again or uBlock updating often enough to keep up, but I do have a user-agent changer installed in Firefox that’s configured to tell YouTube I’m on Chrome…
- Comment on ASD jab: Chinese scientists reach milestone in revolutionary gene therapy for autism 11 months ago:
If a deaf person decides to get an implant, or their (hearing?) parents decide for them, and later decides they no longer want it then it’s pretty much reversible, right? They can just not turn it on, or perhaps even have it removed again?
This article is talking about gene therapy, not an assistive device. It’s probably a much more permanent decision.
- Comment on US joins in other nations in swearing off coal power to clean the climate 11 months ago:
Given the state of US politics, what are the odds a “commitment” like this will survive the next election cycle?
- Comment on New Drug Could Extend the Lifespans of Giant Dog Breeds 11 months ago:
According to Halioua’s post, breeding large dogs for their size caused elevated levels of IGF-1, a hormone that promotes cell growth. Though this hormone contributes to the animals’ great size, it also hastens their aging. LOY-001 reduces the levels of IGF-1 in large and giant dog breeds, extending healthy life spans.
Would that also cause them to grow to smaller sizes? (I suppose that may depend on whether this drug is administered before or after the dog is full-grown though)
- Comment on Need help: accessing all my containers by name 11 months ago:
AFAIK docker-compose only puts the container names in DNS for other containers in the same stack (or in the same configured network, if applicable), not for the host system and not for other systems on the local LAN.
- Comment on domain name with your own name? 11 months ago:
I have a similar setup.
Getting the DNS to return the right addresses is easy enough: you just set your records for subdomain
*instead a specific subdomain, and then any subdomain that’s not explicitly configured will default to using the records for*.Assuming you want to use Let’s Encrypt (or another ACME CA) you’ll probably want to make sure you use an ACME client that supports your DNS provider’s API (or switch DNS provider to one that has an API your client supports). That way you can get wildcard TLS certificates (so individual subdomains won’t still leak via Certificate Transparency logs). Configure your ACME client to use the Let’s Encrypt staging server until you see a wildcard certificate on your domains.
Some other stuff you’ll probably want:
- A reverse proxy to handle requests for those subdomains. I use Caddy, but basically any reverse proxy will do. The reason I like Caddy is that it has a built-in ACME client as well as a bunch of plugins for DNS providers including my preferred one. It’s a bit tricky to set this up with wildcard certificates (by default it likes to request individual subdomain certificates), but I got it working and it’s been running very smoothly since.
- To put a login screen before each service I’ve configured Caddy to only let visitors through to the real pages (or the error page, for unconfigured domains) if Authelia agrees.
- Comment on FBI says North Korea deployed thousands of IT workers to get remote jobs in US with fake IDs 1 year ago:
According to the article, the companies didn’t know that’s what they were doing in this case. They thought they were hiring people living in the US:
Greenberg said the workers used various techniques to make it look like they were working in the US, including paying Americans to use their home Wi-Fi connections.
- Comment on CGNAT blocking external access to NAS. Looking to address this plus more. 1 year ago:
For the ARM instances they’re a gigabit per OCPU, which you can get 4 of for free (assuming you’re lucky enough with availability), so you can theoretically get 4Gbps for free.
- Comment on This war shows just how broken social media has become — The global town square is in ruins 1 year ago:
This War […]
Unfortunately you’ll have to be a bit more specific than that, too many wars going on at the moment…
- Comment on "ActivityPub not suitable for implementation as the base federation layer in diaspora" 1 year ago:
We did build stuff on ActivityPub: Lemmy, Kbin, Mastodon etc. are all based on that underlying protocol.
- Comment on 1 year ago:
Because you need a way to be reachable over HTTPS for other instances to be able to securely send you updates (new posts/comments/votes etc.), so you need a trusted certificate. While HTTPS does not strictly require a domain name^1^ it vastly simplifies the process.
^1^: It’s possible to get a trusted certificate for an IP address, but not nearly as easy as getting one for a domain. And it’s probably also more expensive than just getting a domain and using Let’s Encrypt to get a certificate.
- Comment on 1 year ago:
You can only federate via tor or i2p if both sides support those protocols, because for federation to work between two nodes both nodes need to be able to initiate connections to the other. That means one-way bridges like tor exit nodes are not sufficient.
I’d guess most Fediverse servers don’t support either of those protocols, so any new server trying to federate solely through them would have an extremely limited view of the Fediverse.
Though I suppose theoretically nothing is really preventing a motivated group of server admins from set up a parallel “dark Fediverse” containing only onion sites.
- Comment on Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon. 1 year ago:
To be fair, those first three points fall squarely under that “charging cable/accessory situations” exception. With Apple, it turns out that’s a pretty broad exception.