iggy

@iggy@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Caddy + DeSEC.io + DNS Challenge⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Just as an aside, you’re half way to being able to use wildcard certs, you might as well just do the last bit of work so the domain names you’re using are a little less public. Let’s Encrypt puts every domain name on every cert in a public database. I’ve seen much less random probing of my services since moving to wildcards
⁨Comment⁩ on ⁨Homarr - A modern and easy to use dashboard. 30+ integrations. 10K+ icons built in. Authentication out of the box. No YAML, drag and drop configuration.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
No support for comments? Hard pass
⁨Comment⁩ on ⁨Friendly reminder that Tailscale is VC-funded and driving towards IPO⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That’s a basic requirement for almost any company. If you’re into hard coding credentials just use wireguard directly.
⁨Comment⁩ on ⁨Cloudflare LE certificate management?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I’m not familiar enough with cloudflare proxy stuff. I just have my DNS pointed at my router external IP (and luckily my ISP doesn’t reset my IP ever.) It sounds like CF has designed this intentionally as a profit center. Sorry couldn’t be no6w help
⁨Comment⁩ on ⁨Cloudflare LE certificate management?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
This isn’t a cloudflare limitation. It’s a TLS limitation. It was a conscious decision not to support multi-level wildcards. You won’t find a service that supports it. Most people get around this by just not using TLS certs like this. You can encode your multi-level name spacing in 1 level So instead of something like svc1.svcgroup.dev.domain.org You can do it like svcgroup-svc1.dev.domain.org

Never heard of a tool to get around this TLS limitation. There are tools that manage lots of certs (cert-manager in k8s comes to mind). If you had a more concrete example it might help people to suggest solutions.
⁨Comment⁩ on ⁨ARM SBC Replacement for my k3s cluster⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
The only Radxa I’d bother with is the Rock 5 and for the price, I’d probably just go with rpi5 (unless you like to tinker… a lot). That’s coming from someone that owns 3 Rock5’s. The new Orion board looks interesting, but if it’s like any other Radxa products it’ll be 2+ years before it gets decent software support.