kbin.life

pyrosis , 2 months ago to selfhosted in Many Network Interfaces per VM/CT - Good Practice?

I use using docker networks but that’s me. They are created for every service and it’s easy to target the gateway. Just make sure DNS is correct for your hostnames.

Lately I’ve been optimizing remote services for reverse proxy passthru. Did you know that it can break streams momentarily and make your proxy work a little harder if your host names don’t match outside and in?

So in other words if you want full passthru of a tcp or udp stream to your server without the proxy breaking it then opening a new stream you would have to make sure the internal network and external network are using the same fqdn for the service you are targeting.

It actually can break passthru via sni if they don’t use the same hostname and cause a slight delay. Kinda matters for things like streaming videos. Especially if you are using a reverse proxy and the service supports quic or http2.

So a reverse proxy entry that simply passes without breaking the stream and resending it might ook like…

Obviously you would need to get the http port working on jellyfin and have ipv6 working with internal DNS in this example.

<span style="color:#323232;">server {
</span><span style="color:#323232;">    listen 443 ssl;
</span><span style="color:#323232;">    listen [::]:443 ssl;  # Listen on IPv6 address
</span><span style="color:#323232;">
</span><span style="color:#323232;">    server_name jellyfin.example.net;
</span><span style="color:#323232;">
</span><span style="color:#323232;">    ssl_certificate /path/to/ssl_certificate.crt;
</span><span style="color:#323232;">    ssl_certificate_key /path/to/ssl_certificate.key;
</span><span style="color:#323232;">
</span><span style="color:#323232;">    location / {
</span><span style="color:#323232;">        proxy_pass https://jellyfin.example.net:8920;  # Use FQDN
</span><span style="color:#323232;">        ...
</span><span style="color:#323232;">    }
</span><span style="color:#323232;">}
</span>

raldone01 , 13 days ago

Full pass through has no advantage when my reverse proxy terminates ssl and internal services are http only right?

Regardless of fqdn nginx has to decrypt and restream anyways.

pyrosis , 3 days ago

This would be correct if you are terminating ssl at the proxy and it’s just passing it to http. However, if you can enable SSL on the service it’s possible to take advantage of full passthru if you care about such things.

raldone01 , 2 days ago

Ahh nice good to know. For my use case I’d rather not distribute the certificates to all my services.

pyrosis , 1 day ago

When I was experimenting with this it didn’t seem like you had to distribute the cert to the service itself. As long as the internal service was an https port. The certificate management was still happening on the proxy.

The trick was more getting the host names right and targeting the proxy for the hostname resolution.

Either way IP addresses are much easier but it is nice to observe a stream being completely passed through. I’m sure it takes a load off the proxy and stabilizes connections.

DLSantini , 1 day ago to asklemmy in The specific thing you spend the most time doing instead of the actual job you're being paid to do is your new profession. What's your new job title?

I watch anime professionally? I guess I’m writing anime reviews now, or something?

prettybunnys , 1 day ago to mildlyinfuriating in I started to get these daily at random hours, even when I'm sleeping. Someone's trying to hack me?

I started getting these after the lastpass hack.

snail , 1 day ago to games in What are some good games worth buying on play store?

King of Dragon Pass is ancient but worth picking up on mobile

Matriks404 , 1 day ago to asklemmy in The specific thing you spend the most time doing instead of the actual job you're being paid to do is your new profession. What's your new job title?

Professional YouTube Watcher or Professional Hobbyist Language Learner.

OhmsLawn , 1 day ago to asklemmy in It's Sunday night, how do you beat the Sunday Night Blues?

Get to bed on time so I can face the Monday blues on 8 hours sleep.

astanix , 1 day ago

Hmmm my alarm is 7 hours from now I can’t do this one tonight :/

SidewaysHighways , 1 day ago

Good morning! (7 hours later)

spacemanspiffy , 2 days ago to nostupidquestions in what is with child names like Aiden, Braiden etc?

Ashleigh, Raileigh, Kaileigh

BruceTwarzen , 1 day ago

When i read that i imagined that scene i. Fear and loathing in las vegas when they sniffed ether.

bionicjoey , 1 day ago to games in What are some good games worth buying on play store?

sh.itjust.works/post/22476834

RandomLegend , 4 days ago to linux in What is something you want to use, yet are NOT using?

NixOS

cizra , 4 days ago

Nix flakes, me.

leastprivilege , 4 days ago

I just started yesterday in a VM. It’s no stress and you can easily put your configuration on metal after. Pretty fun stuff.

RandomLegend , 4 days ago

I have my garuda installation just where and how i want it to be. NixOS just always seemed very interesting, but i don’t want to run it on my daily machine.

tux7350 , 2 days ago

Don’t, you can still install nix into Garuda. Works great as a separate package manager that won’t get in the way.

gramgan OP , 3 days ago

The most satisfying part of the NixOS process is deploying to bare metal and watching it work exactly as you intend it to

theshatterstone54 , 3 days ago

Agreed, but I found getting NixOS the way I want it, to be super overwhelming, and documentation simply sucks. I’ve been thinking of forking ZaneyOS (Link: gitlab.com/Zaney/zaneyos) and basing my NixOS config on it. Otherwise, it’s just too much.

Nibodhika , 2 days ago

I tried it a while back, thought it would be good for my servers, but at the end of the day I found that it was a lot of learning for a very small benefit that could be achieved differently. Instead I focused on learning Ansible which also allowed me to write configs to deploy lots of services to my servers. I still want to learn Nix at some point, but I feel it’s a lot less important if you have an Ansible playbook that does the same thing and even more for any distro you might care to install.

tux7350 , 2 days ago

I think the problem is that most people dive right in and go to NixOS which has its quirks as a linux OS (see FHS). The Nix language is great at building and moving source code between computers, really any big collection of binaries. If you don’t do that, try just using the nix-shell command to instantly run a piece of software without installing it. You can write a shell.nix file to hop into and out of an environment with whatever software you need. Once you can write a couple .nix files then move onto NixOS; which after all is just a big collection of binaries.

rutrum , 1 day ago

My drive to nix was so I could simply manage what packages I had installed with a text file. If I removed something from the file, I expect it to be uninstalled. I never found a tool/wrapper for apt to do this.

If you want to start with nixos, I would take whatever distro you are on and install nix and then home manager. Then, you can slowly migrate your user configuration over without starting from scratch. That worked really well for me going from ubuntu to nixos.

owenfromcanada , 2 days ago to nostupidquestions in what is with child names like Aiden, Braiden etc?

1000004150

negativenull , 2 days ago

The Karen haircut makes that picture

Rhynoplaz , 2 days ago

That’s a Super Saiyan Karen!

thermal_shock , 2 days ago

she’s got over 9000 posts on Facebook!

MajorHavoc , 2 days ago (edited 2 days ago)

I would feel bad for Zayden, except that in an alternate timeline where his father was named Brad, Zayden would have been banned named Hunter. So it could be worse. I would rather be Zayden than Hunter.

azulavoir , 2 days ago

I work with two guys named Hunter and they’re very cool

Thassodar , 2 days ago

Most Hunters I’ve met are pretty cool. Can’t say the same about Drew’s, Brock’s, or Clayton’s, but I feel like those are becoming more uncommon as I get older.

ArcaneSlime , 2 days ago

The only Clayton I know is Clayton Bigsby.

werefreeatlast , 2 days ago

She’s a chicken! Run!

HootinNHollerin , 2 days ago

https://lemmy.world/pictrs/image/5fae3140-1f4b-434a-8cab-cbfdd0821700.jpeg

rand_alpha19 , 2 days ago

Wow, and the kids are in Thin Blue Line shirts. What a weird family.

frunch , 2 days ago

In a few years, they’ll all be posing with AK-47s or similar

Caligvla , 1 day ago

The names, the Karen haircut, the shirts…

Chef’s kiss, all that was left were some MAGA hats, maybe a confederate flag.

BruceTwarzen , 1 day ago

This looks like a parody. It’s just too perfect.

EveryMuffinIsNowEncrypted , 1 day ago

Jesus Christ on a motorbike, that picture just SCREAMS “upper middle class 2008 suburban white family”.

I bet they have a large wooden deck out back, an above-ground pool, and a trampoline with one of those safety net cages.

Blxter , 1 day ago to games in What are some good games worth buying on play store?

Not gonna lie only game I play on mobile is clash of clans. I don’t play mobile often and don’t spend money on it either. Been playing since middle school though off and on.

sleepmode , 2 days ago to mildlyinfuriating in I started to get these daily at random hours, even when I'm sleeping. Someone's trying to hack me?

If this isn’t a phishing email itself, your email address was probably harvested from a compromised site you used it to sign up with. There are sites where you can check to see if it’s compromised. This is why I started using email aliases when signing up for any site or service. It shows where it was compromised or you’ll find some companies will share it with partners or sell your info sometimes.

Vorticity , 2 days ago

When you say email aliases, what do you mean? A lot of services strip plusses from emails now, right?

sleepmode , 1 day ago (edited 1 day ago)

Not sure. But Proton, Apple, passmail SimpleLogin (got names mixed up) and some other providers have a way you can create email aliases on the fly that forward to your real address. I think Microsoft does too but it was limited last time I looked at it.

Vorticity , 1 day ago

Thank you, I’ll look into options.

NeatNit , 1 day ago

You can use something like SimpleLogin to create email aliases that can’t be traced back to your real email address.

Edit: other options are available, such as Firefox Relay which does exactly the same thing.

Vorticity , 1 day ago

Thank you, this is really helpful!

denkrishna , 1 day ago

I used to use Relay but they had gotten added to a couple of disposable email block lists and because of that started having issues with my accounts…

Idk if SimpleLogin has that same issue or if there’s a way around the problem entirely

mrvictory1 , 1 day ago to linux in I wonder if its possible to pass a already existing windows install into qemu (fedora 40 kde)

Possible. Disable bitlocker if you have it enabled, create a recovery disc from Windows, pass through your recovery disc and SSD to QEMU, boot from the recovery disc, run automatic startup repair. Ensure you use the correct firmware type in QEMU: If your SSD is GPT then use UEFI. If it is MBR then use BIOS.

Mwa OP , 1 day ago

Sorry i was confused by your reply but i need a 16gb usb to make a recovery disk so am prob trying hirens bootcd

bionicjoey , 1 day ago to asklemmy in The specific thing you spend the most time doing instead of the actual job you're being paid to do is your new profession. What's your new job title?

I’m a pro TTRPG think-abouter… Or a pro Pathfinder prepper.

AmosBurton_ThatGuy , 4 days ago (edited 3 days ago) to asklemmy in What things would you standardize globally if you were the Supreme Leader? All violations punishable by death.

I would outlaw starting work before 12pm. I’m 30 and I still absolutely hate mornings just as much as I did when I was 10. I’m naturally a night person but working graveyards has more problems than dealing with early mornings IMO. Let all the morning people feel the pain of having to be productive during your least productive hours for a change.

tallricefarmer , 1 day ago

you sick bastard