Elvith Ma'for

Elvith Ma'for@feddit.org · edit-2 2 hours ago

If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.

But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)

Something like this should work:


admin off 

servers {
		client_ip_headers X-Forwarded-For X-Real-IP
}

app.example.com {
    reverse_proxy 127.0.0.1:8080
}

app2.example.com {
    reverse_proxy 127.0.0.1:8081
}

api.example.com {
    reverse_proxy 127.0.0.1:8082
    header {
        Access-Control-Allow-Methods "GET, OPTIONS"
        Access-Control-Allow-Origin "*"
    }
}

Elvith Ma'for@feddit.org · 6 days ago

Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)

It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.

Elvith Ma'for@feddit.org · 7 days ago

superver?

Elvith Ma'for@feddit.org · edit-2 7 days ago

I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 your registrar to find some documentation.

Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.

Elvith Ma'for@feddit.org · 11 days ago

In this case, she just wanted to make sure that everything is off and without current before the vacation and since I told her to not trip that one breaker, she unplugged some seemingly unrelated cables and just unplugged the wrong one

Elvith Ma'for@feddit.org · 11 days ago

My wife: accidentially unplugs homeservers (with PiHole running)

Also my wife: the internet is down?!

Elvith Ma'for@feddit.org · 14 days ago

Hey everyone has a learning opportunity. Some even have a separate production system!

Elvith Ma'for@feddit.org · 15 days ago

Client: “Hey can we have feature X?”

You (internally): I already implemented that last year for you…

You: “Sure!” makes button more obvious, bills 15h of work

Elvith Ma'for@feddit.org · 21 days ago

To escape this trap, you only need to press and hold the button on the left side on the room until the first light turns green and then go to the right side of the room and repeat the same procedure on the second button. If you get distracted at any point in the task, you’re dead.

Me: fuck.

Elvith Ma'for@feddit.org · 22 days ago

The code screenshot is pretty nice though. Actual grammar in there, full sentences that “Goethe would be proud of”.

The syntax and all these Wenn reminds me of Cucumber/Gherkin

Elvith Ma'for@feddit.org · 22 days ago

“we got a ransomware infection” vs. “Our data encryption got an upgrade”

Elvith Ma'for@feddit.org · 23 days ago

IIRC the screenshot in the tweet is from a shitpost in reddits r/badUIbattles

Elvith Ma'for@feddit.org · 25 days ago

They still have that motto:

Don’t be evil ^to the shareholders^

Elvith Ma'for@feddit.org · 27 days ago

@maki@discuss.tchncs.de - I finally got around to be on my PC, so… Maybe this helps? Thats basically my setup on podman. I hope I didn’t break anything, when I scrubbed the files from secrets and also removed everything related to all other deployments (especially the Caddyfile). See the included Instructions.md

https://gist.github.com/elvith-de/fecd13bb05209fb7abf5ae473483534b#file-instructions-md

Elvith Ma'for@feddit.org · edit-2 27 days ago

I’m also using podman to host SearXNG on a cloud vps. If you’d like, I can provide you my quadlet and config files to get it running with podman’s systemd generator.

With those you can just systemctl enable/disable/start/stop/restart searxng. Also my files do have podman’s auto update activated for the SearXNG stack.

Edit: There’s also a matrix room for SearXNG if you need help: https://matrix.to/#/#searxng:matrix.org

Elvith Ma'for@feddit.org · 27 days ago

uwsgi isn’t used anymore since a change from about 2 months ago IIRC, so this file will probably not be created.

Elvith Ma'for@feddit.org · 1 month ago

alias cd='echo "command not found"'

Elvith Ma'for@feddit.org · 1 month ago

My favorite part is, if you do some extensive analytics from time to time (e.g. to prepare an upgrade to a new major version) and as a side effect stumble upon some workflows/pipelines/scripts constantly failing (and alerting the process owner) every five minutes for… at least a few months already.

Then you go and ask the process owner and they’re just like “yeah, we were annoyed by the constant error notification mails, so we mad a filter that auto deletes them”…

Elvith Ma'for@feddit.org · 1 month ago

Elvith Ma'for@feddit.org · 1 month ago

Most importantly: Never ask them how they did solve their problems!