I wonder how ungoogled-chromium is faring?
I believe the general population will have to become savvy enough to run their own VPNs from their personal VPSes. Also there are affordable seedbox providers which will let you have a decent amount of bandwidth for seeding, but yes I generally agree with your point. We need more upload bandwidth with seedboxes
Let's see them banning seedboxes LMAO
So, everybody uses IPSec now?
Use a VPN if you're in the West/Far East. That's it
TBH I don't even use awk that much, even that is plenty powerful for my needs. Perl absolutely blows my mind with how needlessly complex I can make stuff with it
Perl would be my candidate for more advanced text handling than what sh can do.
Never used Lua but I think it's fun.
If nothing else works, just learn C/Rust. There's plenty of that on Linux systems, I think you'll be able to manage. Yes, it doesn't meet a lot of your requirements.
The problem is the hardware not working because proprietary drivers aren't built into GSIs
At least you're not using Windows for work LMAO
If you can only use port 22 for multiple SSH endpoints (for example), then yes your going to need multiple IPs. Or Port-mapping as a compromise
In short, you need a reverse-proxy + traffic segregation with domain names (SNI).
I don't remember much about ingresses, but this can be super easy to set up with Gateway API (I'm looking at it right now).
Basically, you can set up sftp.my.domain/ssh to 192.168.1.40:22, sftp.my.domain/sftp to 192.168.1.40:121 (for example). Same with Forgejo, forgejo.my.domain/ssh will point to 192.168.1.50:22 and forgejo.my.domain/gui will point to 192.168.1.50:443.
The Gateway API will simply send it over to the right k8s service.
About your home network: I think you could in theory open up a DMZ and everything should work. I would personally use a cheap VPS as a VPN server and NAT all traffic through it. About traffic from your router maintaining the SNI, that's a different problem depending on your network setup. Yes, you'll have to deal with port-mapping because at the end of the day, even Gateway API is NodePort-esque when exposing traffic outside.
Needs to be compatible with said tablet, not always the case
Ah, I get it. Jabber/IRC over TOR for you
You'd receive traffic on IP:PORT, that's segregation right there. Slap on a DNS name for convenience.
I might have my MetalLB config lying around somewhere (it's super easy, I copied most of it from their website), I can probably paste it here if you'd like.
Exposing services publicly on the Internet is a L3-L4/L7 networking problem, unfortunately I don't know enough about your situation to comment.
Edit: the latter end of your post is correct. You could route to different end-points that way
Why do you need to self-host it if it's decentralized?
I find no motivation in working for myself
The title is really vague, so I'll try to clarify my intentions here:
I am an ardent supporter of FOSS. It will be greatly beneficial for my life and especially my privacy to self-host such software. Yet, I cannot find much motivation to do so.
However, when it comes to hosting software for public use, I can usually give my utmost concentration and dedication.
This is not how I want my life to be. I want to be motivated for myself as well as for the community. And if that's not possible, I need to trick my brain into bringing me into that kind of zone for myself.
What do I do? What would you do in this situation?
Why do so many people use NGINX?
I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.
If you're starting from scratch, why did you pick/are you picking NGINX over the others?
Unable to figure out directory permissions
cross-posted from: https://infosec.pub/post/15386345
> Hi everyone,
>
> This is my CONTAINERFILE for Bind9:
>
> > FROM debian > > ENV LC_ALL C.UTF-8 > > # Update and upgrade system > RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y > > # Install BIND 9 and sudo (for debugging if needed) > RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo > > # Configure permissions for BIND directories > RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind > RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind > > # Create and configure log files > RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log > RUN chown -R bind:bind /var/log/bind > RUN chmod 644 /var/log/bind/*.log > > # Define volumes > VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"] > > # Set the entrypoint to the named executable > ENTRYPOINT ["/usr/sbin/named"] > > # Set the default command arguments for the named executable > CMD ["-g"] >
>
> I keep getting this error when I run it with podman:
>
> > 26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' > 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable > 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied >
>
> As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.
>
> I have been at this for a while and I'm at my wits end. Your help is appreciated!
Unable to figure out directory permissions
cross-posted from: https://infosec.pub/post/15386345
> Hi everyone,
>
> This is my CONTAINERFILE for Bind9:
>
> > FROM debian > > ENV LC_ALL C.UTF-8 > > # Update and upgrade system > RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y > > # Install BIND 9 and sudo (for debugging if needed) > RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo > > # Configure permissions for BIND directories > RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind > RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind > > # Create and configure log files > RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log > RUN chown -R bind:bind /var/log/bind > RUN chmod 644 /var/log/bind/*.log > > # Define volumes > VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"] > > # Set the entrypoint to the named executable > ENTRYPOINT ["/usr/sbin/named"] > > # Set the default command arguments for the named executable > CMD ["-g"] >
>
> I keep getting this error when I run it with podman:
>
> > 26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' > 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable > 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied >
>
> As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.
>
> I have been at this for a while and I'm at my wits end. Your help is appreciated!
Unable to figure out directory permissions
Hi everyone,
This is my CONTAINERFILE for Bind9:
``` FROM debian
ENV LC_ALL C.UTF-8
Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo
Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind
Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log RUN chown -R bind:bind /var/log/bind RUN chmod 644 /var/log/bind/*.log
Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]
Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]
Set the default command arguments for the named executable
CMD ["-g"] ```
I keep getting this error when I run it with podman:
26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied
As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.
I have been at this for a while and I'm at my wits end. Your help is appreciated!
Somebody please explain PROXYv2 to me and the myriad of ways to do DoH?
I've been looking to implement DoH
- The first idea was to simply follow this - I do not understand the configuration fully but it looked fine.
- Then, I decided to use a proxy/Load balancer in front of BIND to deal with HTTPS.
However, I came across PROXYv2 (which is not even mentioned in the docs, just in a blog post) and the likes of DNSdist.
My questions:
- I can't find a detailed explanation of what I need to do about PROXYv2 - does my Reverse-proxy absolutely need to have it to be able to communicate with my DNS server?
- Why can't I just have any reverse-proxy that can handle HTTPS and put it in front of my DNS resolver? Does my proxy need to have a specific protocol to be able to talk DNS queries?
I am still confused, would really appreciate some help :)
Is Backblaze a reliable provider?
Hi everyone,
I've started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.
However, are they a reliable storage provider? I can't help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don't even bother.
What do you think? Yes, I've heard of 3-2-1, however for now I only have backblaze and a local backup. I'm trying not to spend too much on this.
Thanks!