Kangie
@Kangie@lemmy.srcfiles.zip
- Comment on Extreme conditions for renters described as 'needle in a haystack type stuff' as housing crisis deepens 8 months ago:
Fascinating take on Mongolian basket weaving! Though I’m not sure how it relates to the price of tea in China…
- Comment on Intel accused of inflating CPU benchmark results 8 months ago:
There absolutely was. Intel got smacked on the wrist for doing their benchmarks using ICC… you know, the compiler that builds code that detects that it’s not running on an Intel CPU and disables all optimisations and extended instruction sets (like say MMX/SSE).
- Comment on Chrome updates Incognito warning to admit Google tracks users in “private” mode 9 months ago:
It’s saying that incognito mode doesn’t prevent people on the web from tracking you, that’s all.
I.e. enabling incognito mode could still have an entity profile you, etc. like your ISP, government, or any corporation that you visit the website for.
This is a nothingburger.
- Comment on Are MRNA vaccines any riskier than other vaccines? 10 months ago:
That’s the point.
- Comment on Improved dGPU performance on Windows 11 laptops (CASO) 1 year ago:
Huh, sounds like PRIME render offload with the serial numbers filed off.
- Comment on What do y'all think about mailing lists and IRC as sole communication channels? 1 year ago:
IRC is fine, so are mailing lists; I use both, plus various git forges, to contribute to open source projects.
IRC is still going strong on OFTC and Libera.chat
I get that the younger folks like discord, but seriously it’s a proprietary mess that locks everything behind a wall and tries to extract payment from each and every user.
- Comment on Larion Studios forum stores your passwords in unhashed plaintext. 1 year ago:
And at least for LastPass no passwords were compromised
I’m just going to leave this here:
- Comment on Can I/Should I upgrade RAM past my machine's recommended specs? 1 year ago:
It may or may not work, unfortunately.
I successfully ran 2x32GB in a Dell XPS 15 that “didn’t support” it, because the larger DIMMs didn’t exist at the time it was designed and documentation was done up.
It’s not going to hurt to try, but if you have two DIMM slots it’s worth a shot; the slots are already wired up to address lines! Maybe try with one first?
- Comment on Having separate dongles for network, audio, video etc. is even worse than just having specific cables for each 1 year ago:
Booting up a laptop … that doesn’t have wpa_supplicant etc
If you french fry when you pizza you’re gonna have a bad time.
Seriously though, if you want to use wifi without some sort of supplicant you’ve fucked up.
- Comment on Selfhosted backup solution with GUI 1 year ago:
BareOS is a great open source option. The GUI is a webUI but you also have a powerful console on the shell if you need to script.
- Comment on This should be illegal 1 year ago:
It’s still on your YouTube Music account.
- Comment on What is your contingency for when the ISP goes down? 1 year ago:
I have a multi-WAN configuration on my router, with ipv6 VDSL then ipv4 VDSL then a prepaid 4G modem as the backup link. I rarely fail over but it’s been fantastic watching traffic stats when it does.
My only downside is the CGNAT on that connection that prevents things like a backup VPN gateway…
- Comment on Alternative to ClamAV? 1 year ago:
Simply refuting the BS claim that there are no Linux viruses.
This one existed, therefore the claim is false.
- Comment on Alternative to ClamAV? 1 year ago:
There are still no viruses for Linux … because it’s not possible.
Here is just one example that proves your assertion wrong.
- Comment on Alternative to ClamAV? 1 year ago:
- Comment on Are metric measurements like decameters and hectometers ever used? 1 year ago:
for everyday use … hektograms and the like are more common
[citation needed]
- Comment on Critical vulnerability in WebP Codec has browser vendors scrambling for updates 1 year ago:
Ah, I had to update the chromium and libwebp packages for Gentoo. The latter twice!
- Comment on TikTok is blocking searches for WGA amid the ongoing writers strike 1 year ago:
I still know my old XP VLK.
CM3HY-26VYW-…
- Comment on Keeping cats indoors is a rare solution where everybody wins 1 year ago:
Time, in my experience.
I’ve rehabilitated several feral cats, each older than 2 years. It just takes a few weeks to adjust.
- Comment on Vaultwarden using Docker Compose with existing Certificates 1 year ago:
It’s fine with Let’sEncrypt via the DNS01 challenge; my lab typically only uses one wildcard certificate for all the services there unless I have a specific need to generate an indovidual cert for a service.
- Comment on Vaultwarden using Docker Compose with existing Certificates 1 year ago:
At the end of the day Traefik isn’t that hard, especially if you know the core concepts; if you know both and have a need for Traefik I’d just use that everywhere.
- Comment on Vaultwarden using Docker Compose with existing Certificates 1 year ago:
Here’s the secret to stuff like this:
Run a single reverse proxy / edge router for all of your containerised services.
I recommend Traefik - gitlab.com/…/traefik-grafana-prometheus-docker
You can configure services with labels attached to the container and (almost) never expose ports directly. It also lets you host an arbitrary number of services listening on 80/443.
An example config might look like this:
# docker-compose.yml version: '3.9' services: bitwarden: image: vaultwarden/server:latest restart: always volumes: - /data/vaultwarden/:/data environment: # - ADMIN_TOKEN= - WEBSOCKET_ENABLED=true networks: - proxy labels: - traefik.enable=true - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencrypt - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true - traefik.http.routers.bitwarden-ui-https.rule=Host(`my.domain.com`) - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure - traefik.http.routers.bitwarden-ui-https.tls=true - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui - traefik.http.routers.bitwarden-ui-http.rule=Host(`my.domain.com`) - traefik.http.routers.bitwarden-ui-http.entrypoints=web - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80 - traefik.http.routers.bitwarden-websocket-https.rule=Host(`my.domain.com) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure - traefik.http.routers.bitwarden-websocket-https.tls=true - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket - traefik.http.routers.bitwarden-websocket-http.rule=Host(`my.domain.com`) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket-http.entrypoints=web - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
- Comment on Certbot is great. Let's Encrypt is great. 1 year ago:
Here’s my config to get you started, I’ve got a bunch of services configured to work with it on my GitLab, too!
- Comment on Certbot is great. Let's Encrypt is great. 1 year ago:
I run all of my containerised services behind Traefik which does LetsEncrypt for me as well as handles fun stuff like routing to different containers / reverse proxy. It’s fantastic if you want to take your new knowledge to the next level!
- Comment on Selfhosted private/secure blog/journal 1 year ago:
Elog is fantastic for this. I did up a Gentoo package.
Single binary and lightweight, backend is all text files.
- Comment on What is your favorite domain name provider, and why? 1 year ago:
Same. Their API is now too slow for LetsEncrypt DNS challenges. :(
CloudFlare is great though.
- Comment on This should be a pinned post as it really captures the essence of my experience so far. 1 year ago:
IMO opinion
You know what ‘IMO’ is an acronym for, right?
- Comment on Family rescued in Maui thanks to iPhone's satellite feature 1 year ago:
It’s a sat phone, just a somewhat limited one.
- Comment on Route domain name to Docker containers on Synology NAS? 1 year ago:
Ideally I don’t want to port forward, so would I need to rely on Traefik to redirect the traffic from port 80 to port 443, and then proxy from port 443 to the required container? How do I therefore stop traffic from hitting the DSM admin on ports 5000/5001 for example?
That’s not quite how it works - the port forwarding is on your internet gateway to allow traffic on those ports to a specific host internal to your network. That’s your only option if you want these services to be available on the wider web.
My recommendation around using 80 to redirect to 443 is because in 2023 there’s no reason for that traffic to be unencrypted - just listen on 80 and say "Hey, go to example.com" instead.
If you don’t care about that you can do internal only DNS + VPN into the network and still get the benefits of free SSL certificates via the LetsEncrypt DNS01 challenge.
- Comment on Route domain name to Docker containers on Synology NAS? 1 year ago:
You’re on the right track. I’m on mobile so will be brief, edit from a laptop in a while.
You can use subdomains, which is my preferred way if making services work with traefik, but you could also look for, say,
example.com/potatoto get to the potato service; this may work better with DDNS.You’re correct in your assessment that you only expose 80 and 443 for the Traefik container and access everything else through that. Also only use 80 to redirect to 443.
Don’t expose the NAS directly to the web, instrad look at port forwarding on your router, it should be able to forward requests received on only 80 and 443 to the NAS while still blocking everything else.
My only complaint about Synology stuff is that I couldn’t get Traefik in swarm mode going!
Any questions reach out.