Molecular0079

joined 1 year ago
sorted by: new top controversial old
Nextcloud Talk is so good in c/[email protected]
[–] [email protected] 1 points 6 months ago

I love Nextcloud Talk, but my biggest annoyance with it is that text chats don't properly scroll to the bottom when new messages come in.

What VPN are you using? in c/[email protected]
[–] [email protected] 5 points 6 months ago (1 children)

No port forwarding though :(

I used to use Mullvad but after they disabled port forwarding I switched over to Proton.

How do you guys handle reverse proxies in rootless containers? in c/[email protected]
[–] [email protected] 2 points 6 months ago (1 children)

Interesting solution! Thanks for the info. Seems like Nginx Proxy Manager doesn't support Proxy Protocol. Lmao, the world seems to be constantly pushing me towards Traefik all the time 🤣

Independent auditors confirm top VPN doesn't log your data in c/[email protected]
[–] [email protected] 34 points 6 months ago (4 children)

I think there was some bad vibes when they got bought by a less than reputable company a while back. I know a lot of people, myself included switched to Mullvad. I am on Proton now though for the port forwarding.

How do you guys handle reverse proxies in rootless containers? in c/[email protected]
[–] [email protected] 1 points 6 months ago (1 children)

I see. And the rest of your services are all exposed on localhost? Hmm, darn, it really looks like there's no way to use user-defined networks.

How do you guys handle reverse proxies in rootless containers? in c/[email protected]
[–] [email protected] 1 points 6 months ago (3 children)

I am guessing you're not running Caddy itself in a container? Otherwise you'll run into the same real IP issue.

How do you guys handle reverse proxies in rootless containers? in c/[email protected]
[–] [email protected] 1 points 6 months ago (1 children)

I see! So I am assuming you had to configure Nginx specifically to support this? Problem is I love using Nginx Proxy Manager and I am not sure how to change that to use socket activation. Thanks for the info though!

Man, I often wonder whether I should ditch docker-compose. Problem is there's just so many compose files out there and its super convenient to use those instead of converting them into systemd unit files every time.

How do you guys handle reverse proxies in rootless containers? in c/[email protected]
[–] [email protected] 1 points 6 months ago

Yeah, I thought about exposing ports on localhost for all my services just to get around this issue as well, but I lose the network separation, which I find incredibly useful. Thanks for chiming in though!

How do you guys handle reverse proxies in rootless containers? in c/[email protected]
[–] [email protected] 1 points 6 months ago

Pasta is the default, so I am already using it. It seems like for bridge networks, rootlesskit is always used alongside pasta and that's the source of the problem.

19
How do you guys handle reverse proxies in rootless containers? (lemmy.world)
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
18 comments fedilink
 

I've been trying to migrate my services over to rootless Podman containers for a while now and I keep running into weird issues that always make me go back to rootful. This past weekend I almost had it all working until I realized that my reverse proxy (Nginx Proxy Manager) wasn't passing the real source IP of client requests down to my other containers. This meant that all my containers were seeing requests coming solely from the IP address of the reverse proxy container, which breaks things like Nextcloud brute force protection, etc. It's apparently due to this Podman bug: https://github.com/containers/podman/issues/8193

This is the last step before I can finally switch to rootless, so it makes me wonder what all you self-hosters out there are doing with your rootless setups. I can't be the only one running into this issue right?

If anyone's curious, my setup consists of several docker-compose files, each handling a different service. Each service has its own dedicated Podman network, but only the proxy container connects to all of them to serve outside requests. This way each service is separated from each other and the only ingress from the outside is via the proxy container. I can also easily have duplicate instances of the same service without having to worry about port collisions, etc. Not being able to see real client IP really sucks in this situation.

Former Microsoft developer says Windows 11's performance is "comically bad," even with monster PC in c/[email protected]
[–] [email protected] 11 points 7 months ago

All of this is still irrelevant. If given the same hardware, one OS performs better than another, then one OS is obviously more optimized...

You're saying a lot of words but it all just boils down to "throw more hardware at the problem".

Former Microsoft developer says Windows 11's performance is "comically bad," even with monster PC in c/[email protected]
[–] [email protected] 10 points 7 months ago (2 children)

How is this relevant? If an OS performs better on old hardware, it's still an indication that it is more optimized.

What privacy friendly app/service/stuff makes your life simpler? in c/[email protected]
[–] [email protected] 3 points 7 months ago (3 children)

My biggest issue with Syncthing is that it becomes unusable for large amounts of data due to the lack of selective sync (ignore lists are cumbersome as hell) and lack of virtual file system support. I have about 8TB of data on my NAS that I want to access remotely and it is not feasible to have duplicate copies of that much data on all of my devices.

64
What are some KVM-over-IP or equivalent solutions you guys would recommend for guaranteed remote access and remote power cycle? (lemmy.world)
 

Currently, I have SSH, VNC, and Cockpit setup on my home NAS, but I have run into situations where I lose remote access because I did something stupid to the network connection or some update broke the boot process, causing it to get stuck in the BIOS or bootloader.

I am looking for a separate device that will allow me to not only access the NAS as if I had another keyboard, mouse, and monitor present, but also let's me power cycle in the case of extreme situations (hard freeze, etc.). Some googling has turned up the term KVM-over-IP, but I was wondering if any of you guys have any trustworthy recommendations.

15
[SOLVED] If I am using the SWAG proxy in front of a Nextcloud instance, is it safe to ignore some of the warnings in the admin page? (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
2 comments fedilink
 

I am using one of the official Nextcloud docker-compose files to setup an instance behind a SWAG reverse proxy. SWAG is handling SSL and forwarding requests to Nextcloud on port 80 over a Docker network. Whenever I go to the Overview tab in the Admin settings, I see this security warning:

    The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

I have X-Robots-Tag set in SWAG. Is it safe to ignore this warning? I am assuming that Nextcloud is complaining about this because it still thinks its communicating over an insecured port 80 and not aware of the fact that its only talking via SWAG. Maybe I am wrong though. I wanted to double check and see if there was anything else I needed to do to secure my instance.

SOLVED: Turns out Nextcloud is just picky with what's in X-Robots-Tag. I had set it to SWAG's recommended setting of noindex, nofollow, nosnippet, noarchive, but Nextcloud expects noindex, nofollow.

view more: next ›