IT nerd

  • 0 Posts
  • 36 Comments
Joined 3 years ago
Cake day: June 22nd, 2023
  • eli@lemmy.worldtoSelfhosted@lemmy.worldHow are people discovering random subdomains on my server?English
    3·
    1 hour ago

    I run my webservers behind a pfsense firewall with ssl offloading(using a wildcard cert) with a static IP and use Haproxy to have sub-domain’s go to individual servers. Even though I’ve seen my fair share of scans, I only ever expose port 443 and keep things updated.

    Recently though someone on here mentioned routing everything over Tailscale via a VPS. I didn’t want to pay for a VPS and frankly can’t even find one that is reasonably priced in the US(bandwidth limits mainly), so I threw Tailscale onto my pfsense, setup split-dns on Tailscale’s admin panel with my domain name, and then reconfigured Haproxy to listen on my Tailscale interface. Even got IPv6 working(huge pain due to a bug it seems). Oh and setup pfblocker.

    My current plan is I’m going to run my webservers behind Tailscale and keep my game servers public and probably segment those servers to a different vlan/subnet/dmz/whatever. And maybe just have a www/blog landing page that is read only on 443 and have it’s config/admin panel accessible via my tailscale only.

    Anyway, back on topic. I run my game servers and I don’t advertise them out anywhere(wildcard cert) and do whitelist only, yet I still see my minecraft servers get hit constantly on port 25565.

    So not much you can do except minimize exposure as much as possible.

  • eli@lemmy.worldtoWorld News@lemmy.worldTrump Accuses Colombian President of 'Making Cocaine,' Urges Him to Watch OutEnglish
    146·
    7 days ago

    Really trying not to sound pro-Trump or whatever this move is, but the US military certainly does not need to be boots on the ground and deal with “guerilla attacks”.

    We’ve seen with Ukraine that drone warfare is highly effective and if the US wants to clear a supposed guerilla location they’ll just carpet bomb it all.

    And if they establish FOBs then a few drone operators(based in the US still btw) with infrared and some dudes in outposts with thermals will do just fine against any guerilla tactics.

    We can compare this to Vietnam or whatever, but a lot has changed in 50 years and with Venezuela it’s clear that South America is not ready for this type of aggression.

    Again, not advocating for this and certainly this move against Venezuela is clearly illegal and warmongering, but saying this will collapse the “US empire” is beyond ignorant.

  • eli@lemmy.worldtoSelfhosted@lemmy.worldreverse proxy over vpn without docker?English
    3·
    10 days ago

    Could you explain your setup a bit more? Because my understanding is:

    Let’s say you have a blog website in your homelab. To access the blog you have to: you go to your VPS’s hostname/IP, from there the VPS forwards your request over tailscale to your homelab which then responds with your blog website?

    If that’s the case, why even have the VPS and instead just use tailscale to access your homelab directly?

    Unless you intend to have the VPS be a load balancer in some way? Or a filter/firewall? Or you can’t do a static IP for your homelab but you want it to be publicly accessible?

    Just trying to understand why you’re doing it this way. I love seeing all the crazy ways people can set things up like this lol

  • eli@lemmy.worldtoAsklemmy@lemmy.mlWhy isn't this website more popular?
    4·
    11 days ago

    In my experience, people will move with their interests.

    I’ve been using reddit for probably 10-15 years. I used to send links to my wife(then girlfriend), but she never used reddit.

    In the last year she made a reddit account after moving off of tiktok.

    Now I’m on Lemmy pretty much full time because I prefer smaller communities and more specific topics, also less normies.

    Trying to browse reddit is like talking with boomers and AI now. No thanks.

  • eli@lemmy.worldtoSelfhosted@lemmy.worldProxmox with arrEnglish
    1·
    13 days ago

    Proxmox recommends to not install anything directly on the proxmox host/baremetal.

    Personally I would set this up as:

    Proxmox installed on whatever single disk or raid 1 array.

    Create a TrueNAS(or whatever OS you want) VM inside Proxmox. Mount the rest of the drives directly to the TrueNAS VM via Proxmox’s interface.

    In the TrueNAS VM take the drives that were mounted directly to it and setup your array and pool(s) to your preference.

    Now, I’d say you have two paths from this point:

    • Inside the TrueNAS VM use their tools to create a VM within TrueNAS and use that for your arr stack.

    OR

    • Go back to Proxmox and create another VM or container and setup your arr stack in that container and point it to your TrueNAS via network mounts using internal networking from within proxmox(virtual bridge with a virtual LAN).

    Either option has pros and cons. Doing everything inside TrueNAS will be a bit more simple, but you do complicate your TrueNAS setup and you’re at the mercy of how TrueNAS manages VMs(backups, restores, etc.). On the reverse with Proxmox, setting up the vmbridge and doing the network mounts is more work initially, but keeping the arr stack in a Proxmox VM/container lets you do direct snapshots and backups of the arr stack, and if you ever need to rebuild it or change it to another arr style set of tools then you can blow away the Proxmox VM and start fresh and resetup the network mounts.

    Or don’t do any of the above and just install TrueNAS on the box directly as the baremetal OS and do everything inside TrueNAS.

  • eli@lemmy.worldtoSelfhosted@lemmy.worldHoliday Upgrade DisastersEnglish
    1·
    13 days ago

    0 bytes free is a broken environment. So that requires a fix during moratorium IMO.

    Mint 21 still has support until 2027, so not exactly needed…but I get it when you only see certain family members during specific times of the year.

    I’m just saying doing a full migration from ESXI to Proxmox and having to backup all VMs and import them or recreate and doing this during the holidays…I’d rather just sit on the couch and enjoy family time than be stuck in my garage or glued to my laptop.

    Upgrading a family member’s laptop while shooting the shit with everyone while drinking a beer or something is just fine. Don’t need 100% focus, you’re good there man.

  • eli@lemmy.worldtoSelfhosted@lemmy.worldHoliday Upgrade DisastersEnglish
    3·
    13 days ago

    At work we have a nearly 2 week moratorium that covers Christmas and New Years. We do zero changes unless something breaks on its own. So everyone can take time off without worrying too much.

    So I do the same for my homelab. I’ll spin up new stuff for fun(new docker containers to try out new apps), but I don’t touch my stable stuff. No reboots, no updates, no image pulls, nothing.

  • eli@lemmy.worldtoGames@lemmy.worldNvidia GeForce Now’s Time Limit Will Stop Gamers After 100 Hours Each MonthEnglish
    101·
    16 days ago

    I wonder where they got 100hr?

    I wonder if there’s some metric they’re going off of where the majority of the subscriber base only plays less than 100hrs and the “abusers” or whales play over the 100hr mark.

    100hr / 30 days is 3.3 hours a day. Which as a father of two… I’d be lucky to get that much in a day.

    100hr / 20 days(5 days a week) is 5 hours a day.

    100hr / 8 days (weekends only gaming) is 12.5 hours a day.

    None of these are outrageous and probably are the “average” user of the service.

    Now if you’re doing 8 or 12 hours a day for 30 days, that’s 240-360 hours a month. Which is pretty much gaming full time.

    I think 100 hours is a weird number to land on. I think 120 hours makes more sense (4 hours a day over 30 days).

    I do expect Nvidia to lower the hours over time. Expect to see 80 hours or 50 hours soon IMO.