Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)I

iggy

@ iggy @lemmy.world

Posts
0
Comments
28
Joined
3 yr. ago

  • How do I access my services from outside?

    Jump

  • I do the port knocking at the firewall level (it's a pretty simple nft chain setup). Caddy isn't involved at all. I was thinking about integrating that into my caddy config using something akin to an operator, but I haven't needed any extra functionality yet.

  • How do I access my services from outside?

    Jump

  • I went a different path than the VPN route that seems popular in the other comments...

    I use a reverse proxy (caddy) with wildcard SSL (so all my hostnames aren't in the public cert registry) plus port knocking. So normally no outside IPs are allowed to access my internal services, but I can knock and then access anything for a while. Working well so far.

  • Old Thin Clients - Which CPU is fine?

    Jump

  • Containers don't need VT/SVM (unless you're doing something weird like Kata Containers)

  • California’s New Bill Requires DOJ-Approved 3D Printers That Report on Themselves

    Jump

  • To be fair, California has some of the strictest gun laws in the US. That's a low bar though.

  • California’s New Bill Requires DOJ-Approved 3D Printers That Report on Themselves

    Jump

  • This law is stupid, but it's coming from some nobody in the bay area trying to get her name out there, not Newsom

  • Kubernetes for beginers?

    Jump

  • I would also suggest looking into k0s/k0sctl for deploying k8s. I think it's probably the easiest deployment method I've personally used. It also makes updates dead simple.

    For deploying things to k8s, these days LLMs can write the k8s manifests pretty easy if there isn't already helm or kustomize files available.

  • Trump says U.S. shouldn't have midterm elections

    Jump

  • You are wrong. ~23% of Americans voted for Trump. The problem is that a shit ton of people sat out.

  • What's it going to take to truly stop the US?

    Jump

  • We haven't been dealing with Trump for as long as Venezuela has been dealing with Maduro (and Chavez before him). Give us a couple more decades and I'm sure you'd see more people happy to see him "arrested" by a foreign power. Fwiw, I'd be happy to see it tomorrow, but I know a lot of my fellow USians wouldn't take so kindly. Not because they actually like Trump, but because it'd be a sobering reminder that we're no longer top of the food chain

  • What's it going to take to truly stop the US?

    Jump

  • We must be looking at different polls, because the ones I've looked at clearly show him having terrible approval ratings. Definitely not even close to a simple majority or "wide, perhaps perfect, acceptance".

  • My kitten loves his hammock in the bathroom window, but my neighbor's trash pile ruins pictures

    Jump

  • Not where I thought that was going...

  • Self hosting Sunday! What's up, selfhosters?

    Jump

  • PCPartPicker is your best bet (hint: sort by price/gb), but they don't really track shucking prices

  • Self hosting Sunday! What's up, selfhosters?

    Jump

  • I'm pretty sure they're referring to hdmi-cec, nothing to do with a phone.

  • Removed

    Troubleshooting TrueNAS CE Failure

    Jump

  • I had to disable d3cold on my nvme. Same symptoms. Would work fine on boot and then after some time fail.

  • Caddy + DeSEC.io + DNS Challenge [Solved]

    Jump

  • Just as an aside, you're half way to being able to use wildcard certs, you might as well just do the last bit of work so the domain names you're using are a little less public. Let's Encrypt puts every domain name on every cert in a public database. I've seen much less random probing of my services since moving to wildcards

  • Homarr - A modern and easy to use dashboard. 30+ integrations. 10K+ icons built in. Authentication out of the box. No YAML, drag and drop configuration.

    Jump

  • No support for comments? Hard pass

  • Friendly reminder that Tailscale is VC-funded and driving towards IPO

    Jump

  • That's a basic requirement for almost any company. If you're into hard coding credentials just use wireguard directly.

  • Removed

    Cloudflare LE certificate management?

    Jump

  • I'm not familiar enough with cloudflare proxy stuff. I just have my DNS pointed at my router external IP (and luckily my ISP doesn't reset my IP ever.) It sounds like CF has designed this intentionally as a profit center. Sorry couldn't be more help

  • Removed

    Cloudflare LE certificate management?

    Jump

  • This isn't a cloudflare limitation. It's a TLS limitation. It was a conscious decision not to support multi-level wildcards. You won't find a service that supports it. Most people get around this by just not using TLS certs like this. You can encode your multi-level name spacing in 1 level So instead of something like svc1.svcgroup.dev.domain.org You can do it like svcgroup-svc1.dev.domain.org

    Never heard of a tool to get around this TLS limitation. There are tools that manage lots of certs (cert-manager in k8s comes to mind). If you had a more concrete example it might help people to suggest solutions.

  • ARM SBC Replacement for my k3s cluster

    Jump

  • The only Radxa I'd bother with is the Rock 5 and for the price, I'd probably just go with rpi5 (unless you like to tinker... a lot). That's coming from someone that owns 3 Rock5's. The new Orion board looks interesting, but if it's like any other Radxa products it'll be 2+ years before it gets decent software support.