Xanza
@Xanza@lemm.ee
- Comment on How to harden against SSH brute-forcing? 2 days ago:
- Disable passwordless login.
- Disable password login.
- Require SSH keys
- Move SSH port to non-standard port
- Reject connections to port 22
- Install and enable fail2ban
About the best you can do.
- Comment on Having trouble with my caddy congif for my lemmy instance 4 days ago:
Caddy manages everything, including certs for both domains. So I guess my answer would be, you don’t.
- Comment on Having trouble with my caddy congif for my lemmy instance 4 days ago:
Caddy does not need 80 and 443.
By default and all measurable expectation it does. Unless you can’t use privileged HTTP/HTTPS ports, there’s no real reason to use unprivileged ports.
Besides, op doesn’t mention having problems with ports
OP said he was having issues, and this is a common issue I’ve had. Since he was non-descript as to what the issues were, it’s really not stupid to mention it.
- Comment on Having trouble with my caddy congif for my lemmy instance 4 days ago:
Well that’s dope… Didn’t know that was a thing.
- Comment on Having trouble with my caddy congif for my lemmy instance 5 days ago:
The biggest issue I have with Caddy and running ancillary services as some services attempt to utilize port 80 and/or 443 (and may not be configurable), which of course isn’t possible because Caddy monopolizes those ports. The best solution to this I’ve found is to migrate Caddy and my services to docker containers and adding them all to the same “caddy” network.
With your caddy instance still monopolizing port 80 and 443, you can use the Docker
exposeorportparameters to allow your containers to utilize port 80 and/or 443 from within the container, but proxify it on the host network. This is what my caddy config looks like;{ admin 127.0.0.1:2019 email {email} acme_dns cloudflare {token} } domain.dev, domain.one { encode zstd gzip redir https://google.com/ } *.domain.dev, *.domain.one { encode zstd gzip @book host bk.domain.dev bk.domain.one handle @book { reverse_proxy linkding:9090 } @git host git.domain.dev git.domain.one handle @git { reverse_proxy rgit:8000 } @jelly host jelly.domain.dev jelly.domain.one handle @jelly { reverse_proxy {ip}:8096 } @status host status.domain.dev status.domain.one handle @status { reverse_proxy status:3000 } @wg host wg.domain.dev wg.domain.one handle @wg { reverse_proxy wg:51820 } @ping host ping.domain.dev ping.domain.one handle @ping { respond "pong!" } }
It works very well.
- Comment on Would there be any potential problem of hosting public and/or private (vpn) services in a school office? 6 days ago:
It’s likely illegal. The administration would call it theft of service because it’s not authorized and they wouldn’t be wrong.
- Comment on Another 122.88TB SSD just launched and this one comes from an obscure Chinese startup you've probably never encountered 1 week ago:
I mean… It wouldn’t even be the first time, so 🤷♂️
- Comment on Apple Readies Its Biggest Push Into Health Yet With New AI Doctor. 1 week ago:
That’s the beauty of it! You can’t! AI can’t commit malpractice, because you have to prove professional negligence! /s
- Comment on From RSS to Bookmark Manager – how would you integrate? 1 week ago:
Because it has integrations for The Internet Archive: x0.at/Wny_.png
It says “local html” but I have a feeling it simply grabs a copy from the internet archive. I can’t even find where its storing these copies with it enabled.
- Comment on Interesting SSH Authentication Mechanism 1 week ago:
So does requiring all users to phone you ahead of time to get a temporary password that’s only alive for 20 minutes… But that’s also not done because it’s…stupid.
There are dozens of tools and methods (like jumpboxes) which facilitate the authorization and usage of currently available and time tested tools for usage with environments without reinventing the wheel. Stepping away from the unix philosophy is heresy of the highest degree.
It’s not a problem with the tool, only the plumber.
- Comment on Best web archiving software for complex sites and sites requiring logins? 1 week ago:
There is. wget doesn’t follow recursive links by default. If it is, you’re using an option which is telling it to…
- Comment on From RSS to Bookmark Manager – how would you integrate? 1 week ago:
It does neither. It doesn’t create snapshots of pages at all… It’s a bookmark manager.
- Comment on From RSS to Bookmark Manager – how would you integrate? 1 week ago:
linkding.link is what you’re looking for.
Use the bookmarklet or FF/Chrome extension on a page and it saves it to your server to look at later. Add tags, folders, whatever. You can setup newly added links to be un-archived, and old links to be archived, or basically however you want.
- Comment on Reddit’s 50% Plunge Fails to Entice Dip Buyers as Growth Slows. 1 week ago:
Huffman needs exactly 0 help to run reddit into the ground. He’s been doin’ it for years.
- Comment on Interesting SSH Authentication Mechanism 1 week ago:
I don’t understand the obsession in integrating everything with OID services, like Google. People already complain all the time about Google watch-dogging them and then integrate every single service imaginable with their Google account. Shit is just weird to me.
- Comment on Best web archiving software for complex sites and sites requiring logins? 1 week ago:
That’s not a bug. You literally told wget to follow links, so it did.
- Comment on The Great TikTok Migration: Western Extremists Flock to RedNote. 1 week ago:
Lol extremists. Get the fuck outta here with this shit.
- Comment on LibreOffice downloads on the rise as users look to avoid subscription costs | The free open-source Microsoft Office alternative is being downloaded by nearly 1 million users a week 1 week ago:
Hahahahaha nice
- Comment on You Need to Use Signal's Nickname Feature 1 week ago:
This is precisely why I have all contacts saved very specifically in my phone;
Company - Fname Lname (position)Looks like;
US Government - Pete Hegseth (Secretary of Defense)
Gives you all the information you could need.
- Comment on Making sure restic backups are right 2 weeks ago:
restic restore --dry-run - Comment on Best web archiving software for complex sites and sites requiring logins? 2 weeks ago:
wget is the most comprehensive site cloner there is. What exactly do you mean by complex? Because wget works for anything static and public… If you’re trying to clone compiled source files, like PHP or something, obviously that’s not going to work. If that’s what you mean by “complex” then just give up, because you can’t.
- Comment on Best web archiving software for complex sites and sites requiring logins? 2 weeks ago:
wget.
- Comment on Anyone else having linkding problems? 2 weeks ago:
Everything seems fine to me. What’s the docker log say?
- Comment on How best to store a media library in proxmox? 2 weeks ago:
Sure, you can also do this. But why not make it available to your network in addition to Jellyfin? What if you have a TV that doesn’t have access to the Jellyfin app? If it’s a private ZFS pool not on the network you’re fucked. If you share the media via a network share, you can always do any number of things to stream that media to your TV.
It gives you a ton more options up to and including just watching the media on your PC in your favorite media browser.
- Comment on How best to store a media library in proxmox? 2 weeks ago:
TrueNAS is not absolutely required.
It just seems to be the favorite. Anything would work. OMV, EasyNAS, OpenFiler, Rockstor, even just base *nix with the appropriate packages and config.
- Comment on How best to store a media library in proxmox? 2 weeks ago:
You’d create a ZFS pool for your shares, then a TrueNAS VM which serves your ZFS pool as NAS. Then setup your Jellyfin VM using your NAS as storage for your libraries. Ends up looking like this: x0.at/Gbqm.png
Your media is accessible via the network from any device because they’re SMB shares, and it works just fine in Jellyfin. If you only create a ZFS pool for Jellyfin, your media can then only be accessed through Jellyfin. It limits your future options.
- Comment on How best to store a media library in proxmox? 2 weeks ago:
You can do a share any number of ways. I simply banked on the fact that anyone willing to ask the question likely doesn’t know how to setup SMB shares without a GUI like TrueNAS.
- Comment on Justice Department asks judge to order Google the "immediate" sale of Chrome 2 weeks ago:
More like, if you sell a gun and follow the law, you’re not responsible if the person you sold the gun to murders someone…
They’re an ad agency. They sell ad space. If “anti-abortion” people buy ads, that doesn’t mean that Google is pushing anti-abortion. How anyone could think like that is frankly the epitome of stupidity.
- Comment on How best to store a media library in proxmox? 2 weeks ago:
It’s frankly exactly as complicated as his postulated setup, only provides more flexibility. It’s the best outcome.
- Comment on How best to store a media library in proxmox? 2 weeks ago:
So if you’re going through the trouble of setting up proxmox, I would setup the majority of the storage in a ZFS pool for a TrueNAS SMB share/NFS share. Then create a small container just to host jellyfin and jellyfin’s cache–maybe commit 10GB of storage to it.
Setting up your share is enough for jellyfin. Since the media and jellyfin are technically stored on the same metal, latency will be minimal. Create a library in Jellyfin and set it to the share;
Movies: \\nas\Movies,TV: \\nas\TV, etc.Works flawlessly and would have more utility than allocating the entirety of your storage to your jellyfin container because it functions as a normal NAS. I’ve been running with a setup like this for a while and it works great.
