tux7350
@tux7350@lemmy.world
- Comment on Horror 4 weeks ago:
Windsurfing? 🏄♀️
- Comment on Help with 504 Error and UFW+NPM Setup on AlphaVPS 5 weeks ago:
The rules still apply to the host, just not inside the container. Docker is just ignoring the rules. If you block all ports but then have port 81 open like you do in that section of docker compose, you would think that UFW would block docker but thats not the case. Going to yourip:81 will show then NPM gui, even if you specifically use ufw to block 81. If you only expose port 80 and 443, you should be fine. Your NPM container would have to be compromised then they would have to break out of the container.
Also I think your issue is with your DNS. You should have an A record for the IP pointing to example.com and then a CNAME record pointing to sub.example.com
- Comment on Help with 504 Error and UFW+NPM Setup on AlphaVPS 5 weeks ago:
Docker completely ignores UFW rules. If you check your ip tables you’ll see docker rules are put in before UFW. For the 504 though, it sounds like traffic is not getting to NPM. Have you routed ports 80 and 443 to the docker container?
- Comment on Security of running Headscale on a VPS 5 weeks ago:
I use headscale on a VPS as an ingress point into my network and I love it. On top of headscale, I use two instances of traefik to make my network. I have one instance of traefik running on the vps which runs a couple of services that I want running 24/7(headscale-ui is nice). It pulls a subdomain certificate for TLS. So any services under say *.vps.example.com get routed to the VPS.
Then I have a wildcard TCP rule pointing the rest of the network traffic to my home server through headscale. My home server is running another instance of traefik where all my services are running. This pulls another wildcard cert for the rest of the *.example.com subdomains.
Cool thing about this setup is I can now have my DNS server rewrite *.example.com to my servers LAN IP. Now when my device is home, it works even when WAN is out. But when I’m out and about, it hits the public DNS and goes through my VPS. With traefik I can write a not !ClientIP rule and essentially block the VPS. Now I can host a service at home but also block it from being accessed from the public. But if I need access to the LAN remotely, I can just use a tailsacale client and get into headscale and see everything.
Its an odd network, but it’s super flexible and works very well for my use case. If you have any questions I’d love to help you set something like this up :D
- Comment on I present: Managarr - A TUI and CLI to help you manage your Servarr instances 5 months ago:
Lol how funny. I was also very into modding the PSP growing up. I had a couple of Pandora batteries. The only reason I caught onto it was because my name is also Alex haha hello fellow Alex!
- Comment on I present: Managarr - A TUI and CLI to help you manage your Servarr instances 5 months ago:
… are you the DaX from the PSP modding scene?!
- Comment on Docker firewall question 5 months ago:
Oh boy I went down this same rabbit hole awhile ago. Here is a git repository that will explain why this happens and also offers a fix on how to modify your IP tables to ensure that docker respects the UFW.
- Comment on Why do all languages share the same intonation for questions? 6 months ago:
Can you tell me more?
- Comment on Nintendo Targets YouTube Accounts Showing Emulated Games 6 months ago:
Which switch emulator do you use? I’m pretty savy with Linux and run it on my desktop but haven’t really taken the dive to set any of them up. Metroid has been calling my name lately and I’m thinking it’s now or never. Got any suggestions?
- Comment on [deleted] 6 months ago:
35k for a base Kia? Hell naw, I bought a fully loaded 2024 hyundai elentra hybrid for 34k out the door. Base Kia K4 is 22k plus tax title and reg. That’s like almost a third less than what I paid lol