Search
git SSH through Tailscale sidecar container?
Hey all!
I posted this to /c/tailscale yesterday and I figured I'd post it here to get some more visibility.
I'm trying to ssh into my tailnet-hosted (through tailscale serve) gogs instance and I can't seem to figure out how. Has anyone tried doing this? Will I need to add a user to the sidecar container and add a shim like they do in the regular gogs setup? I appreciate any insight.
Edit: Added tag and modified title for clarity.
Migrating and Upgrading Proxmox to New SSDs on Poweredge Safely
With the EOL of PVEv7 and my need for more storage space, I've decided to migrate my VMs to a larger set of drives.
I have PVE installed baremetal on a dell r720 RAID1 SSDs. I'm a bit nervous about the migration.
I plan on swapping the SSDs, installing PVE8 from scratch, then restoring VMs from backup.
Should I encounter an issue, am I able to swap the old RAID1 SSDs back in, or once I configure the new ones are the old drives done for? I'm managing RAID on a dell RAID controller.
I also have my data hard drives passed directly into a TrueNAS VM which supplies other VMs via NFS. Is there anything I should be concerned about when I've migrated, such as errors re-passing the data drives to the TrueNAS VM. Or should everything just work again?
Is there a master PVE config file I can download before swapping drives that I can reference when configuring the new PVE install?
Translating public DNS to internal DNS without revealing the internal DNS
So I've got a Consul cluster running for service discovery on a set of servers, some of which have public IP addresses. On some of these nodes I want to run Traefik (dynamically registered), which are registered on tfk.service.consul
which holds a number of A and AAAA records. I want my address tfk.example.com
to point at those A-records without revealing the consul address.
How would I do this?
Example:
Some application maps internal A-records to public A-records.
public | internal / xxx.xxx.xxx.xxx tfk.example.com -- | -- tfk.service.consul -- yyy.yyy.yyy.yyy | \ zzz.zzz.zzz.zzz
Expected result:
Public DNS resolvers never see the consul query.
public / xxx.xxx.xxx.xxx tfk.example.com -- yyy.yyy.yyy.yyy \ zzz.zzz.zzz.zzz
I know I could use consul-template
for this purpose by rendering config files to bind or similar, but I was wondering if there was some way to do this via DNS like some kind of bridge application.
When using the WiFi at a couple of nearby hospitals, I can't connect to my self hosted stuff.
I have multiple things running through a reverse proxy and I've never had trouble accessing them until now. The two hospitals are part of the same company, so their network setup is probably identical.
Curiously, it's not that the sites can't be found, but instead my browser complains that it's not secure.
So I don't think it's a DNS problem, but I wonder what the hospital is doing to the data.
All I could come up with in my research is this article about various methods of intercepting traffic. https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/
Since my domain name is one that requires https (.app), the browser doesn't allow me to bypass the warning.
Is this just some sort of super strict security rules at the hospital? I doubt they're doing anything malicious, but it makes me wonder.
Thanks!
Also, if you know of any good networking Lemmy communities, feel free to share them.
anyone used eu.org subdomain
Hi guys I recently stumbled upon this website where you can get a eu.org sub domain (example.eu.org for instance).
I noticed though that domains aren't created instantly. I'm curious if there is human review to get domians processed and if it generally takes a long time to make domains using them.
Network-Wide Resolution & Routing of Non-Standard Traffic?
TL; DR: Is it possible (and if so, desirable) to configure my OPNsense router to handle non-standard traffic instead of needing to configure each client device manually? Examples of what I mean by 'non-standard traffic' include Handshake, I2P, ZeroNet, and Tor.
Seafile android file browser integration issue
Edit 2: Fdroid Version 3.0 allows read only acess to files writing to files seems to not work
Edit: Tldr install version 3.0 from fdroid or github. Plastered version out of date.
Hi guys not sure if this is the right place to ask, but anyone having issues using the file browser integration for seafile?
The android app by itself seems to work but the files integration only seems to be broken.
By contrast the ios version of seafile the app and its files app integration both work with no issue. Additionally the webdav, browser, and mac apps (seadrive) have no issues.
Other context:
- Running Seafile server 11.0.9 on Ubuntu 22.04.4 LTS using tailscale
- Seafile android app version 2.3.7 running on Android 14
Alternative to NFS for Proxmox Backup Server
I have a backup server running Proxmox Backup and OMV in separate VMs. OMV provides the storage as an NFS to the proxmox backup server VM.
I have multiple remote servers that connect to the proxmox backup server but recently I keep having issues with backups. Something about file lock estale.
Is there an alternative to NFS I can use in OMV to provide the storage for the proxmox backup server?
I know there are vastly different configuration options, but I have some other things set up with OMV so I’m kinda stuck on that.
Self hosted setup for monitoring Self-hosted services?
Hi all. I just set-up my first self-hosting server with NextCloud, Immich and a VPN server. I was wondering if there is a tool or layer of tools which would help me monitor my server and the services including running stats, resource usage stats, system logs, access logs, etc?
I read that Grafana Loki along with Prometheus could possibly help me with this. I just wanted to ask that - should I explore these two tools or do we have some other and better(suiting to my needs) tools? Please recommend Open Source tools only. Preferably Docker, or Linux based otherwise. Thank you :))
If I selfhost a privacy frontend on cloud, wouldn't the original service get my server IP and track back to me?
Does cloud providers share the IP addresses and the alloted users to these big corps and defect the whole purpose of a privacy frontend? Are there any service (FOSS) that could randomise my servers IP?
Might be a noob question but I want to start self hosting.
RaspPi5 with Pi-Hole, Tailscale and Traefik
Hi all,
I just got a Raspberry Pi 5 and I'm about to do my first setup, but it's a jungle to understand everything as a 'noob'.
My plan is to install the following:
- Pi-hole
- Tailscale
- Traefik
I want to achieve DNS ad blocking and access to all my services on my laptop and phone.
Would these services achieve this? Do they work together? And am I missing something to make it work?
Sorry if this is plain stupid to ask, but I can't seem to find anything where all 3 is used together.
Rate my upgrade!
Per my previous post, I’m working on updating my server that’s running a J3455 Celeron with 16gigs of ram.
Goals:
- Support at least six hard drives (currently have six drives in software RAID 6). Can move 7th main drive to nvme.
- Be faster at transcoding video. This is primarily so I can use PhotoPrism for video clips. Real-time transcoding 4K 80mbps video down to something streamabke would be nice. Despite getting QuickSync to work on the Celeron, I can’t pull more than 20fps unless I drop the output to like 640x480. Current build has no PCIe x16 slot.
- Energy efficiency. Trying to avoid a dedicated video card.
- Support more RAM. Currently maxed at 16gb.
- Price: around $500
- Server-grade hardware would be nice, but I want newer versions of quicksync and can’t afford newer server hardware. Motherboard choice is selected primarily because of chipset, number of SATA ports, and I found one open box.
https://pcpartpicker.com/list/JX2gHG
Hoping to move my main drive to the NVME and keep the other six drives as-is without needing a reinstall.
Thoughts?
Unbound and AdGuard Home with OpenWrt?
Hello. I just upgraded my ramips router (ipTIME A3004NS-dual, 256mb ram, 64GB USB) to OpenWrt 23.05, so far it's working well. I'd like some extra privacy (my country is known to do some internet censoring) and filter connections to sites I do not want (advertisements, telemetry) and AdGuard Home paired with Unbound seems perfect for this.
Before upgrading I used to run a DoH setup on OpenWrt with CloudFlare's DNS, but I now want to remove dependencies to these public 'private' DNS servers.
I did try searching a lot, but unfortunately as I'm pretty new to networking and hosting things I'm not quite able to understand what I read. Some guides mention using Unbound but still does setup Google/CloudFlare DNS, is that used as a fallback of some sort?
If someone has already done something similar I'd very much appreciate some guidance on how this should be done.. Thanks!
EDIT: I think I got it working.. but I'd be glad if someone can please tell me a way to test it. dnsleaktest.com shows "None" for hostname..
I followed [1] to install unbound, then changed unbound's port to 5353, set AdGuardHome's port to 53 and set AdGuardHome's DNS settings (Upstream, Bootstrap, Private reverse) to 127.0.0.1:5353. After a reboot it seems to work properly, except that I can no longer connect to other machines using their hostnames. (Previously I could just ssh the machine darkstar using ssh hexagonwin@darkstar
, now I need to ssh [email protected]
)
[1]: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#replacing_dnsmasq_with_odhcpd_and_unbound
How to isolate my TV from the network?
Hi Guys,
Need your help. I have a router to which all th devices are connected. Mostly wireless but the TV is connected via LAN cable. I have installed few apps on the TV from not trusted sources and I dont want the TV on the same network. How do I isolate the TV from the network so that it can still access the internet but cannot see anything on the network. Hope it makes sense.
does anybody know CalDAV+CardDAV server with multiuser LDAP support?
hello everynody, Right now i am selfhosting several services for my family in an effort to de-google all our services.
Right now i am facing difficulties to host a server that can be use to sync smartphone contacts from diffurent users (my family) and keeping them separated.
does anybody recommend any server able to serve this goal? and if the auth backend can be connected to an LDAP server even better.
regards and thanks
about the security basics
Hi there, I've been reading up on selfhosting for a couple of weeks now and I got my feet wet with a couple of things.
However, before really getting serious with it, I feel I need to get down the basics and make sure that my server will not end up a security hazard. My final goal would be to self-host my socials (Mastodon, Lemmy, Matrix) - just for myself.
What basic security do I need to have in place, considering these services? I'll be running this on a VPS and so far I consider the following: disable password login (login with ssh key only) then set up nginx, fail2ban, and a basic firewall. I'd try to close all ports that are not required for the services I run. I'll also change ssh port from 22 to something else and close port 22 as well.
Would this be a sufficient basis, or am I missing something crucial?
Bonus question: do you know of good tutorials to learn the above stuff? I've been following the guides on DigitalOcean (e.g. https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-20-04) and they seem decent enough - but I think I'll need to get into more depth than that :)
hosting lemmy on ubuntu server - firewall configuration
Hi, this is a follow-up on the 502 question earlier, which I think I got a step closer to solving. However, if I try to connect to my lemmy instance now, it results in a time out. Now, I have set up the ufw firewall to allow nginx http - do I need to allow anything else to get to connect? Or is my timeout error something else?
Installing Lemmy instance from docker -> 502 bad gateway
Hi, does anybody have an idea what the reason could be? I installed a lemmy instance on a VPS using the docker images. Beforehand I installed nginx and got a letsencrypt - certificate (which seems to have worked). I downloaded the nginx.conf file from github and made the configurations, also in the lemmy.config and docker-compose.yml files. However, I'm unsure if there's anything else I should look at. Any tips are welcome :)
Synapse administration and othe Matrix related questions
Hi, I'm trying to set up a self hosted messenger and tried Synapse on a Yunohost server. As of now, I can't log into the admin interface as I'm getting a variety of "forbidden" and "not found" errors. I tried with the "synapse" user as well as with the Yunohost admin user to no avail. Does anybody have an idea what could be wrong?
Dendrite seems to be a common alternative and I could get it to work on my machine. I would want a bridge to Signal, though - is there a solution available? All bridges I could find where for Synapse.
Disk Space for Lemmy and Mastodon instances
Hi, I'm new with self-hosting but managed to set up my own Lemmy and Mastodon instances on a VPS recently. However, I ran into an issue with disk space quite rapidly (which I had way too few, because I started with the cheapest, smallest package for my VPS).
Now I prepare a new setup, where I'll be able to dynamically scale disk space as needed, but this can get expensive quickly. Therefor my question: How much disk space do I typically need for private (1-3 user) instances of Lemmy and Mastodon? Are there settings, where I can limit the disk space utilization (at the cost of older stored content being overwritten)?
I would be fine with needing up to like 30-40 GB, but any more than that would be getting kinda expensive ....