Oisteink

joined 1 year ago
sorted by: new top controversial old
coturn can't get access to certificates in c/[email protected]
[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (6 children)

either create a cert group and give that group permission to the certs, or add a handler to distribute the cert+key on renew to your service’s folder, and change owner/group to whats relevant to the service

Note: the “live” folder only contains links to the archive folder

Anyone knows of a good software for managing files for 3D printing? in c/[email protected]
[–] [email protected] 1 points 2 months ago

Are the links correct? @anoyongbot

How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results in c/[email protected]
[–] [email protected] 2 points 2 months ago

Msn is google?

Now I have 1 GBit fiber and can't benefit :-( in c/[email protected]
[–] [email protected] 3 points 2 months ago

Run iperf internally to see if your bottleneck is switch/ap or fw. I set up a j1900 pfsense for my sisters family a while back to do qos (gamer bois in the house) amd it had no problem staying at 500mbps. No ids or other stuff.

Not built any opn/pf-sense in a while, but i always use intel server-nic’s. Used to have way better support than other stuff on bsd

Is a cloud backup an acceptable backup for a home server? in c/[email protected]
[–] [email protected] 4 points 2 months ago

Yeah, but if your house burns down copies on different hdd wont matter much. Offsite like cloud will

Is it safe to automatically pull and update docker containers? in c/[email protected]
[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

Basically why i feel more comfortable with LXC than docker for my home lab services. It feels more like a VM in management.

We run a good mix of docker, vm’s and bare metal at work; no containers are auto-updated

What are your thoughts on exposing a tool like dockge to outside of your man? in c/[email protected]
[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

Stick to strong keys and keep it on 22 for ease of use

What are your thoughts on exposing a tool like dockge to outside of your man? in c/[email protected]
[–] [email protected] 1 points 2 months ago

No - ssh is very easy to secure, while an exposed web-service is very hard to secure. Theres no difference in the security of ssh without password and for example WireGuard.

Server for a boat in c/[email protected]
[–] [email protected] 3 points 2 months ago

Lolwut? Someone downvotes you for that?

Server for a boat in c/[email protected]
[–] [email protected] 4 points 2 months ago (3 children)

Yeah - industrial computers is the way. I would want something that can run at 60 c, and is water/dust proof. How to keep 20tb on a floating humidifier? Im not sure about this one, but swap drives often is probably a good idea.

Do you ride salt or sweet water?

Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked? in c/[email protected]
[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

A reverse proxy is used to expose services that don't run on exposed hosts. It does not add security but it keeps you from adding attack vectors.

They usually provide load balancing too, also not a security feature.

Edit: in other words what he’s saying is true and equal to “raid isn't baclup”

Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked? in c/[email protected]
[–] [email protected] 4 points 2 months ago

All reverse proxies i have used do rudimentary DDoS protection: rate limiting. Enough to keep your local script kiddy at bay - but not advanced stuff.

You can protect your ssh instance with rate limiting too but you'll likely do this in the firewall and not the proxy.

view more: next ›