a_fancy_kiwi

joined 2 years ago
sorted by: new top controversial old
Google is lobbying the Canadian senator who introduced a bill to restrict children’s ability to access sexually explicit material online in c/world@lemmy.world
[–] a_fancy_kiwi@lemmy.world 22 points 1 week ago* (last edited 1 week ago)

Agreed. They’ll erode everyone else’s right to privacy in order to “protect children”

Parents are free to restrict the content their children view. If the parents choose not to learn how to set up those restrictions, that’s on them.

China Now Faces 245% Trump Tariff in c/world@lemmy.world
[–] a_fancy_kiwi@lemmy.world 12 points 1 week ago (2 children)

Our government is broken. First the House of Representatives have to vote to impeach a president. Then the senate has to vote to remove the president from office.

Trump was impeached by the, at the time, left leaning house of representatives in his first term but the right leaning senate didn’t vote to impeach him so he stayed in office.

At the moment, both the house and senate lean right so they aren’t likely to do anything. The supreme court also basically said the president is above the law so they aren’t likely to do anything either.

*Permanently Deleted* in c/technology@lemmy.world
[–] a_fancy_kiwi@lemmy.world 8 points 3 weeks ago

To go along with that, Telegram doesn't make it easy to set up an encrypted chat. First, you have to set up a regular chat, then tap on the profile image of the person you are messaging, then tap the 3 dot menu, and finally tap "secret chat". It's there but they clearly don't want people using it.

Microsoft is killing OneNote for Windows 10 in c/technology@lemmy.world
[–] a_fancy_kiwi@lemmy.world 3 points 1 month ago

I don't know what the fuck is going on. The client app connects to all 4 servers it needs a connection to. I can create a user on the server and all clients can login using it, I just can't get notes to sync.

Official docs here

I found this tutorial1 and this tutorial2

Tutorial2 makes this one port change to the official docker compose file but otherwise is seemingly the same as tutorial1:

  notesnook-s3:
    image: minio/minio:RELEASE.2024-07-29T22-14-52Z
    ports:
      - 9009:9000
      - 9090:9090

With that change, and setting the port of the domain to 9090, I can access minio in the browser. But I don't know if that's necessary or not. I'm stumped.

Microsoft is killing OneNote for Windows 10 in c/technology@lemmy.world
[–] a_fancy_kiwi@lemmy.world 9 points 1 month ago* (last edited 1 month ago) (3 children)

Did you by chance self host the sync server using docker compose? Their instructions aren't great and I was hoping you had some tips.

For anyone else interested, if I figure it out, I'll post what I did here.

Edit 1: I finally got it all setup but syncing isn't working so I guess I did something wrong 🙄 . Troubleshooting now

0
How do you all handle security and monitoring for your publicly accessible services? (lemmy.world)
submitted 2 months ago* (last edited 2 months ago) by a_fancy_kiwi@lemmy.world to c/selfhosted@lemmy.world
2 comments fedilink
 

This is a continuation of my other post

I now have homeassistant, immich, and authentik docker containers exposed to the open internet. Homeassistant has built in 2FA and authentik is being used as the authentication for immich which supports 2FA. I went ahead and blocked connections from every country except for my own via cloudlfare (I'm aware this does almost nothing but I feel better about it).

At the moment, if my machine became compromised, I wouldn't know. How do I monitor these docker containers? What's a good way to block IPs based on failed login attempts? Is there a tool that could alert me if my machine was compromised? Any recommendations?

EDIT: Oh, and if you have any recommendations for settings I should change in the cloudflare dashboard, that would be great too; there's a ton of options in there and a lot of them are defaulted to "off"

How do you handle SSL certs and internet access in your setup? in c/selfhosted@lemmy.world
[–] a_fancy_kiwi@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

"NPM" node package manager?

  1. Yeah I've been playing around with docker and a domain to see how all that worked. Got the subdomains to work and everything, just don't have them pointing to services yet.
  2. I'm definitely interested in the authentication part here. Do you have an tutorials you could share?
  3. Will do, thanks
  4. ❤️

I don't know how markdown works. that should be 1,3,4,5

How do you handle SSL certs and internet access in your setup? in c/selfhosted@lemmy.world
[–] a_fancy_kiwi@lemmy.world 0 points 3 months ago (1 children)

Damn, I didn't realize they had public logs like that. Thanks for the heads up

1
How do you handle SSL certs and internet access in your setup? (lemmy.world)
submitted 3 months ago* (last edited 2 months ago) by a_fancy_kiwi@lemmy.world to c/selfhosted@lemmy.world
7 comments fedilink
 

tldr: I'd like to set up a reverse proxy with a domain and an SSL cert so my partner and I can access a few selfhosted services on the internet but I'm not sure what the best/safest way to do it is. Asking my partner to use tailscale or wireguard is asking too much unfortunately. I was curious to know what you all recommend.

I have some services running on my LAN that I currently access via tailscale. Some of these services would see some benefit from being accessible on the internet (ex. Immich sharing via a link, switching over from Plex to Jellyfin without requiring my family to learn how to use a VPN, homeassistant voice stuff, etc.) but I'm kind of unsure what the best approach is. Hosting services on the internet has risk and I'd like to reduce that risk as much as possible.

  1. I know a reverse proxy would be beneficial here so I can put all the services on one box and access them via subdomains but where should I host that proxy? On my LAN using a dynamic DNS service? In the cloud? If in the cloud, should I avoid a plan where you share cpu resources with other users and get a dedicated box?

  2. Should I purchase a memorable domain or a domain with a random string of characters so no one could reasonably guess it? Does it matter?

  3. What's the best way to geo-restrict access? Fail2ban? Realistically, the only people that I might give access to live within a couple hundred miles of me.

  4. Any other tips or info you care to share would be greatly appreciated.

  5. Feel free to talk me out of it as well.

EDIT:

If anyone comes across this and is interested, this is what I ended up going with. It took an evening to set all this up and was surprisingly easy.

  • domain from namecheap
  • cloudflare to handle DNS
  • Nginx Proxy Manager for reverse proxy (seemed easier than Traefik and I didn't get around to looking at Caddy)
  • Cloudflare-ddns docker container to update my A records in cloudflare
  • authentik for 2 factor authentication on my immich server