bigdickdonkey

joined 7 months ago
sorted by: new top controversial old
Speed limit to increase in nearly 200 school zones in Mississauga in c/canada@lemmy.ca
[–] bigdickdonkey@lemmy.ca 12 points 2 months ago* (last edited 2 months ago) (2 children)

Isn’t that normal that school zone speeds are only in effect during and around schooltime?

New community board for CF Montréal in c/canada@lemmy.ca
[–] bigdickdonkey@lemmy.ca 5 points 2 months ago (1 children)

communauté francophone?

Has anyone noticed that 4Chan's rules have changed (somewhat drastically)? in c/4chan@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 2 months ago (1 children)

Can’t say ive ever had a post removed. i mostly use /g/ though

Authors Seek Meta’s Torrent Client Logs and Seeding Data in AI Piracy Probe * TorrentFreak in c/piracy@lemmy.dbzer0.com
[–] bigdickdonkey@lemmy.ca 24 points 4 months ago

would be crazy to see those logs. hopefully my employer will follow suit and let me set up a seedbox in our azure instance

Need some advice on caddy + podman + preserving source IPs in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 5 months ago* (last edited 5 months ago) (1 children)

Yeah the remote ip is always local. This comes from a podman configuration, not a caddy one. Setting the podman network mode to pasta or slirp4netns will show the proper remote ips

23
Need some advice on caddy + podman + preserving source IPs (lemmy.ca)
submitted 5 months ago* (last edited 4 months ago) by bigdickdonkey@lemmy.ca to c/selfhosted@lemmy.world
4 comments fedilink
 

Edit: If anyone comes across this post, use the built-in socket activation provided in caddy 2.9+ https://github.com/eriksjolund/podman-caddy-socket-activation/

I have rootless podman containers all connected a network with caddy that proxies them by their hostname. It seems that the default networking mode doesn't preserve the source ip and instead shows all traffic coming internally from 10.89.1.98. Preserving that ip requires pasta/slirp4netns which is incompatible with adding the container to a network. I've found a few solutions but I'm having trouble deciding what is the right way to move forward.

Using the host network or running caddy with host loopback abilites

Would require exposing all the ports on all my containers which means I would lost the ability to access containers by the DNS inside the podman network. I have a lot of containers and manually managing ports is not something I want to do again.

socket activation + libsdsock with caddy

Socket forwarding done using systemd. I've tested it and it works but it requires systemd on the container, and caddy is built on alpine which uses a different boot system. There are ways to get the systemd libs on alpine but it would be quite hacky.

socket activation + libsdsock with another os

Caddy provides ways to build with extensions on debian but it seems tricky to do in a Containerfile because systemd init issues.

Has anyone experienced this issue before? What direction did you take?

How to get local SSL and use your public domain for local internal subdomains? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 5 months ago (1 children)

I’m using this right now but I’m switching to having all my services under one domain and blocking non internal ips. Technically someone can access your site by providing the host manually, althought it’s unlikely since they would need to know it

How do you solve dynamic DNS? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 12 points 5 months ago

I use ddclient but in a docker container. Works great with minimal config

Why don't I show up in shodan? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 6 months ago (2 children)

Interesting my ip shows up with a plex logo and a port that I've never opened. I have never used any plex services

21
Why don't I show up in shodan? (lemmy.ca)
 

I noticed nothing I have setup shows up in shodan by ip or domain. I'm not complaining, I'd rather not have it show up but I'm curious why. Could it be because of hosting behind a reverse proxy?

Linux Patches Add Support For New "Phone Link" Hotkey On Latest ThinkPads in c/linux@programming.dev
[–] bigdickdonkey@lemmy.ca 3 points 6 months ago

keep up the good work boys

Podman or rootless docker? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 6 months ago

Thanks for sharing this! It also took me a while to understand the difference between the Expose dockerfile command and the --publish cli command

Podman or rootless docker? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 1 points 6 months ago

Do you run anything like fail2ban with that compatibility?

Podman or rootless docker? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 1 points 6 months ago* (last edited 6 months ago) (1 children)

Can you expand on why you chose uCore? I was considering CoreOS until just now ~~and the idea of setting up ignition config serving seems overkill for running only one server at home.~~ ignition is still required the same way as CoreOS

61
Podman or rootless docker? (lemmy.ca)
 

I’m moving to a new machine soon and want to re-evaluate some security practices while I’m doing it. My current server is debian with all apps containerized in docker with root. I’d like to harden some stuff, especially vaultwarden but I’m concerned about transitioning to podman while using complex docker setups like nextcloud-aio. Do you have experience hardening your containers by switching? Is it worth it? How long is a piece of string?

7
Path to TVV? (lemmy.ca)
 

Nothing on the vinnie site. IIRC it has one or two sister sites?

35
The president's doctor: Why your projects take forever (thoughtbot.com)
view more: next ›