bigdickdonkey

joined 2 months ago
sorted by: new top controversial old
Need some advice on caddy + podman + preserving source IPs in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 6 days ago* (last edited 6 days ago) (1 children)

Yeah the remote ip is always local. This comes from a podman configuration, not a caddy one. Setting the podman network mode to pasta or slirp4netns will show the proper remote ips

23
Need some advice on caddy + podman + preserving source IPs (lemmy.ca)
 

I have rootless podman containers all connected a network with caddy that proxies them by their hostname. It seems that the default networking mode doesn't preserve the source ip and instead shows all traffic coming internally from 10.89.1.98. Preserving that ip requires pasta/slirp4netns which is incompatible with adding the container to a network. I've found a few solutions but I'm having trouble deciding what is the right way to move forward.

Using the host network or running caddy with host loopback abilites

Would require exposing all the ports on all my containers which means I would lost the ability to access containers by the DNS inside the podman network. I have a lot of containers and manually managing ports is not something I want to do again.

socket activation + libsdsock with caddy

Socket forwarding done using systemd. I've tested it and it works but it requires systemd on the container, and caddy is built on alpine which uses a different boot system. There are ways to get the systemd libs on alpine but it would be quite hacky.

socket activation + libsdsock with another os

Caddy provides ways to build with extensions on debian but it seems tricky to do in a Containerfile because systemd init issues.

Has anyone experienced this issue before? What direction did you take?

How to get local SSL and use your public domain for local internal subdomains? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 6 days ago (1 children)

I’m using this right now but I’m switching to having all my services under one domain and blocking non internal ips. Technically someone can access your site by providing the host manually, althought it’s unlikely since they would need to know it

How do you solve dynamic DNS? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 12 points 1 week ago

I use ddclient but in a docker container. Works great with minimal config

High frame times after around 30 minutes in every game in c/linux_gaming@lemmy.ml
[–] bigdickdonkey@lemmy.ca 3 points 2 weeks ago

This was the fix! Thank you so much

High frame times after around 30 minutes in every game in c/linux_gaming@lemmy.ml
[–] bigdickdonkey@lemmy.ca 1 points 2 weeks ago

It seems like those posts are about freezing or crashes. This is more of a degradation I would say.

High frame times after around 30 minutes in every game in c/linux_gaming@lemmy.ml
[–] bigdickdonkey@lemmy.ca 1 points 2 weeks ago (3 children)

I've got 565.77 so I think it can't be that

24
High frame times after around 30 minutes in every game (lemmy.ca)
 

I play a few native games and ones using proton. After playing for about 30 minutes in any of them suddenly my frame times skyrocket from 6ms to ~60ms. Restarting the game always fixes this. Any ideas what to look for? nvtop seems to show normal usage and I don't see anything abnormal in journald.

Some info about my setup: Arch/endeavourOS, KDE wayland, nvidia 3060ti with proprietary drivers, 3 monitors (1440 165hz, 1080 165hz, 1080 75hz). Games I play are CS2, Marvel Rivals, Overwatch 2, Lethal Company.

Backup solution for docker volumes in c/linux@lemmy.ml
[–] bigdickdonkey@lemmy.ca 3 points 3 weeks ago

I just bind mount volumes I want to keep and use duplicati to backup the contents of my containers folder. Another idea if you are committed to docker volumes, is to also mount them to your backup solution.

Why don't I show up in shodan? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 3 points 1 month ago (2 children)

Interesting my ip shows up with a plex logo and a port that I've never opened. I have never used any plex services

22
Why don't I show up in shodan? (lemmy.ca)
 

I noticed nothing I have setup shows up in shodan by ip or domain. I'm not complaining, I'd rather not have it show up but I'm curious why. Could it be because of hosting behind a reverse proxy?

Linux Patches Add Support For New "Phone Link" Hotkey On Latest ThinkPads in c/linux@programming.dev
[–] bigdickdonkey@lemmy.ca 4 points 1 month ago

keep up the good work boys

Podman or rootless docker? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 2 points 1 month ago

Thanks for sharing this! It also took me a while to understand the difference between the Expose dockerfile command and the --publish cli command

Podman or rootless docker? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 1 points 1 month ago

Do you run anything like fail2ban with that compatibility?

Podman or rootless docker? in c/selfhosted@lemmy.world
[–] bigdickdonkey@lemmy.ca 1 points 1 month ago* (last edited 1 month ago) (1 children)

Can you expand on why you chose uCore? I was considering CoreOS until just now ~~and the idea of setting up ignition config serving seems overkill for running only one server at home.~~ ignition is still required the same way as CoreOS

63
Podman or rootless docker? (lemmy.ca)
 

I’m moving to a new machine soon and want to re-evaluate some security practices while I’m doing it. My current server is debian with all apps containerized in docker with root. I’d like to harden some stuff, especially vaultwarden but I’m concerned about transitioning to podman while using complex docker setups like nextcloud-aio. Do you have experience hardening your containers by switching? Is it worth it? How long is a piece of string?

7
Path to TVV? (lemmy.ca)
 

Nothing on the vinnie site. IIRC it has one or two sister sites?

35
The president's doctor: Why your projects take forever (thoughtbot.com)
view more: next ›