Goodbye Reddit, Hello Lemmy

  • 0 Posts
  • 9 Comments
Joined 2 years ago
cake
Cake day: January 6th, 2024

help-circle
  • I do have both (VPN and Reverse Proxy) running. For VPN my router uses Wireguard and at work we use Wireguard as well. You can alter the config in such a way, that only internal traffic would get routed through your VPN. I love this, because for regular traffic, I’m not bound to the upload at my home network or with work, route my personal traffic through the company internet or lose access to my own network.

    Reverse proxy isn’t bad either. I have a DNS running at home, that redirects my domain used for home stuff, directly to the reverse proxy. This way I can block certain stuff, I want a fancy domain but not be accessed from the outside, because its not needed or not set up properly.

    With a VPN, you would be more secure, because its a single instance you need to keep safe. With regular updates and set up properly, this shouldn’t be an issue. But I would suggest reading tech news portals, that do cover security breaches of well known software.

    With a reverse proxy setup I use, I must trust so many things. I must trust my reverse proxy with the firewall and then each server I run.

    But keep one thing in mind. If you for example use stuff like Home Assistant, that you access in the background, it wouldn’t work if you connect via a VPN. With Wireguard I can be connected 24/7 to my VPN, even at home. With the previous VPN my router used (I guess it was OpenVPN), this wasn’t possible.


  • A coworker uses it as backup and he is happy about it. I have rented an auction server (a dedicated server) from them and on it is my Nextcloud and stuff and I backup my NAS to my Nextcloud and my Server to my NAS via WebDAV. Zero issues. I had once contact with their technical support, because a Harddrive failed. I was a low priority case but they handled my case exceptionally fast. Opened the ticket on a Friday after a holiday on 23:09 and at 23:51 the hard drive was changed.




  • ZeldaFreak@lemmy.worldtoSelfhosted@lemmy.worldQuestion About Watchtower
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    3 months ago

    To be more specific: Postgresql requires manual steps with major versions. Tutorials I found require you to dump the database in the old version first, then update and then import. You could use a tagged version of postgresql and just auto update there but the main container might require a newer version. I saw containers who try this but none looked production ready.


  • Yeah I expected that this would happen. They already did this with RAM. They just rebrand RAM, sell it for a way higher price and add a check. When they brought their own branded HDDs, I knew they will pull of the same scam.

    Building an own server isn’t that more expensive and you don’t have to deal with the whole lockout with Synology. For example I had quite the issue to access hardware. I wasn’t able to get Home Assistant running on my NAS. The issue was my Zigbee USB Stick. I got it running to the point where I was able to send commands (e.g. turn on or off lights) but the status didn’t came back. I threw it on my Pi3 (now Pi5) and zero issues.

    The next NAS is self build. Probably Proxmox as base, with truenas or so as main server and the rest depends on what I might need.


  • ZeldaFreak@lemmy.worldtoSelfhosted@lemmy.worldQuestion About Watchtower
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    3
    ·
    3 months ago

    Auto updates can cause problems. Some recommend it, some tell you to not do it. My standpoint is, when a container can’t work with auto updates, they suck. Sure there are containers who require some additional attention after an update, like gitea with some config changes but I use it in an environment where it can be offline of some time.

    If a container uses Postgresql, you can’t auto update. So far I didn’t found a well maintained container, that can do this. You also should keep an eye on your containers. As I mentioned, Gitea had some config changes, breaking the default theme (nothing major). They even screwed up their tags and I had 3 times an RC in a tag where no RC should get published. With Jellyfin I was on a tag that didn’t got any updates anymore and I needed to use a different one.


  • I don’t think there are people attempting to log into HA, because it has zero value to them. HA would log failed login attempts but not bots trying other stuff. When I look into my web statistics for my rented server for march with 404 errors, I got over 750 and they try to access wordpress, find old (and probably not updated) stuff and some config files, like .env files. This kinda makes sense and probably would find everybody in their access logs. Its just automated stuff and they probably run auto exploits. Wordpress sites are interesting and its worth just getting access to a kinda serious email sender or just other stuff. My ssh blocklist currently has 14000 banned IPs. Might not sure how I set it up, but it looks I picked 1 year ban time.

    If you know where to look, you would see bots trying to enter your system but you would see they aim big, not small. HA is small. Sure if HA has a serious hole, you would get attacks from pranksters. Still is always a good idea to have proper security procedures for all of your accounts and servers. Most interesting are targets where they could find value within these services or using the hardware but there are always people who just want to mess with someone. There are for example people who search the internet for Minecraft servers, that they can grieve the shit out of it. Doesn’t matter if its a big professional server or just a server from 2 kiddos, that play together after school.


  • ZeldaFreak@lemmy.worldtoSelfhosted@lemmy.worldLatest Watchtower fork?
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    4 months ago

    Auto update. Works like a charm, except PostgreSQL. For me it’s good enough and even though works with containers, where they don’t recommend it. I do have backups and for my private time, I don’t get paid, so it should be as maintenance as possible from my side.

    I do check from time to time if something is broken and I noticed a container where they removed a version tag, I was using. The “biggest” thing that was broken, was my gitea server where they changed the config for the default Theme.

    Also that’s why I hate PostgreSQL. It requires manual labor for updating. Had a recipe Docker and they cut support for previous major version quickly. Not good. That stuff could break, ist an option with every update. This is why backups exist. As a single user, it’s not a problem. For a big system, I wouldn’t do auto updates, so I can check if everything works.