Do_TheEvolution

joined 1 year ago
[–] Do_TheEvolution@alien.top 2 points 11 months ago (1 children)

Can you post the compose?

Also I thought that frigate is only usable through home assistant, but that only means android app I guess.

Anyway, I am actually in process of picking few cameras, likely going with tplink vigi, like C340 and see if it will play nicely.

[–] Do_TheEvolution@alien.top 1 points 11 months ago

do I need reverse proxy or forward proxy?

forward proxy, look at this squid guide

I do not have SSH enabled, is it required?

nope, its for managment, to make changes

Could I use lightppd to achieve this?

dunno

What is the best way to secure this proxy connection?

Setup a VPN like wireguard-easy, so that you are not connecting to your forward proxy through open port to the world, but first through VPN and only then to the proxy.

I want to avoid installing 3rd party apps, but I am happy for inightful posts should these be beneficial

Your browser should have proxy settings, so not 3rd party app needed, though some browser extensions like foxyproxy are nice

[–] Do_TheEvolution@alien.top 1 points 11 months ago
  • install opnsense
  • set up geoip block where only IPs from your own country can ever initiate connection from the outside
  • keep your stuff up to date
  • enjoy security
[–] Do_TheEvolution@alien.top 1 points 1 year ago

Try it, heres a decent guide with lot of examples.

[–] Do_TheEvolution@alien.top 1 points 1 year ago

Strange, I never quite got why ever would i want to swtich to NPM, tried it and never liked it...

I ssh in and edit my caddyfile faster than I go to npm web interface and click through menus. I actually can just copy paste caddyfile config and have backup of it, while I am not even sure if npm has any backup solution by now, or you just suppose to backup on docker level.

And it is kinda in the way, a gui layer if you wanna do something more..

[–] Do_TheEvolution@alien.top 0 points 1 year ago (1 children)

It sits in charge of your ports 80/443 and decides to which webserver it sends traffic. If to your jellyfin, or your nextcloud, or your uptimekuma, or your vaultwarden or your mealie or your dashboard...

unlike others it automaticly do https certificate for you and its config is really clean and readable which is nice.

Heres how to set it up if you wanna try.

[–] Do_TheEvolution@alien.top 1 points 1 year ago

npm is nice for people who want easy web gui to configure stuff

caddy makes me feel more in control, its easier to backup too, since its all in one easy and readable config, and probably has more features as you go with your needs

There is also not that layer of which developer fucked up that you get when projects are projects of projects...

[–] Do_TheEvolution@alien.top 1 points 1 year ago (1 children)

Something I encountered last week.

  • wanted to test running caddy without https and without being open to the world, to turn off automatic https.
  • Googled and came up with auto_https off documentation that I read.
  • It did not work, http still did not work
  • Googled more and landed on forum page that explained why auto_https is not working and that it needs explicitly stated http:\\ or port :80 in the address. Otherwise caddy will listen by default for only https.

It was no biggie, that forum post is literally the second google result for auto_https and does good job, but you asked and I have it fresh in memory...

[–] Do_TheEvolution@alien.top 1 points 1 year ago

Heres a detailed guide for how to setup caddy reverse proxy. Includes many setups and even monitoring who connects from where to what, though to get that running is bit of work.

is it just the usual way of proxy passing to the http://IP.address:port?

for caddy it is, if it can ping the machine, it can send traffic its way

how do I migrate my current setup (i.e. keys and configs)?

what I like about caddy is that all that is needed is copy paste the simple caddy config file, that is thats needed to move setup from caddy to caddy

What is the best way to approach this mixed system?

I think every reverse proxy can do what you need, including your already running nginx, so you get answers based on personal preference of users. I run before trafik, got guide for that too... its too complex with lot of abstraction layers, and it polutes docker compose files with labels which I dont like, but it is powerful. I played bit with nginx but other than being kinda gold standard of reverse proxy it was ugly boilerplate config compared to caddy. Caddy was simple, clean, and really... just worked. Though you listed using authentification through reverse proxy and there caddy has a shortcoming where you need to do every user manually, instead of just telling here use this file of users/passwords like traefik can.

[–] Do_TheEvolution@alien.top 1 points 1 year ago (1 children)

Same here. Its my go-to for years.

Except I had encountered an issue relatively recently, where newest kernel had regression with virtual dvd under esxi hypervisor, causing higher cpu load than typical.

So I took time and switched all my shit to lts kernel, which I should have used from the get-go.

But other than that, which was solved easily by removing dvd or switching kernel, I had zero issues, and even had some deployments where i was updating ~2 years old arch install and it went smoothly...

[–] Do_TheEvolution@alien.top 1 points 1 year ago

is it worth learning docker and deploying all my services that way or should I just continue with the way i have been doing it for years now?

100% worth!

It is really amazing approach that eases so many aspects and makes you feel more in control and more willing to try stuff.

This repository should be helpful.

Examples of bunch of popular services running in docker and some other stuff like backups with borg or kopia.

using Arch for my home server

I too run Arch as my go-to linux server, usually docker host is being its main job. Sometimes wireguard node or NUT sever for UPS.

Reason being its a damn good OS and I am most comfortable with it since I am running it on my main desktop. But another thing is that I usually run under some hypervisor(hyper-v and esxi) as a virtual machine, not straight on metal. So taking snapshot of it is matter of second and reverting to that snapshot is a minute... so that is one aspect that lets me go with any linux I damn like without that much consideration for reputation of stability.

That repo that I linked has even notes on arch fresh install, but arch started to include archinstall script on ISO, i decided to rather use that.

I started to deploy Arch so much that I even have few ansible playbooks to get arch the way I like. Which mostly means some basic services and packages and workflow being about nnn file manager and micro text editor.

Also recommend you use lts kernel when installing arch, just for that extra stability.

Also it seem you were running xorg too, which I recommend abandoning. So much extra packages, so much more that can go wrong on update compared to bare arch with terminal and ssh.. but if it really ease your workflow then fine.

[–] Do_TheEvolution@alien.top 1 points 1 year ago

Would it be possible to use a DNS server and reverse proxy together?

Sure, reverse proxy is a web server whos job is to be in charge of ports 80 and 443 and decide to what other webservers send traffic based on request url

Can I have Internal and external DNS?

Probably, who knows what you really means. Split dns maybe?

Should I switch to running a bare-metal hypervisor?

If you need it. Seems your needs are met with just docker.

What should I use for a DNS Server?

dnsmasq works and I used it for a time, then I moved to having opnsense as my firewall and use its unbound service.

view more: next ›