tubbadu

joined 2 years ago
sorted by: new top controversial old
How to enhance Caddy's basic_auth? in c/selfhosted@lemmy.world
[–] tubbadu@lemmy.kde.social 1 points 4 days ago

This was actually pretty interesting until I found out that Caddy is not yet supported :(

Thank you anyway!

How to enhance Caddy's basic_auth? in c/selfhosted@lemmy.world
[–] tubbadu@lemmy.kde.social 2 points 4 days ago (1 children)

I already looked into Authelia, and the "problem" I encountered is that it does not support "named policies" (I don't know the actual name): what I mean is to be able to create "only_admin_policy", "only_registered_users_policy" etc, and then in Caddy to be able to say something like this

service1.website.com {
    reverse_proxy container1:1234
    apply_policy only_admin_policy
}
service2.website.com {
    reverse_proxy container2:1234
    apply_policy only_registered_users_policy
}
service3.website.com {
    reverse_proxy container3:1234
}

Instead if I understood correctly (and I would gladly be proved wrong) this is not possible with Authelia, as these policies have to be specified inside Authelia, so I would have two different configurations in two different places instead of having everything in the Caddyfile

I hope I explained well what I mean

thanks for the help!

How to enhance Caddy's basic_auth? in c/selfhosted@lemmy.world
[–] tubbadu@lemmy.kde.social 2 points 5 days ago (1 children)

How does programmatic access tie into the desire for a login form?

I would like to keep files with "private" information protected from public access, but I would like to access them from a script. An example: i wrote a karaoke application to use with my friends, they have to go to a webpage and select the songs they like, and then the karaoke app connects to the server to get the updated preference file. I would like that the users had a "nice login form" to select their songs, and then I'd like my karaoke app to easily download the file while still keeping it password-protected

How to enhance Caddy's basic_auth? in c/selfhosted@lemmy.world
[–] tubbadu@lemmy.kde.social 2 points 5 days ago (1 children)

This looks very interesting! I see that it supports users groups, would it be possible to create "named access policies" (like "admin_only_policy", "group_XXX_policy" ecc) and then assign them to the various services directly in the Caddyfile? thank you very much!

25
How to enhance Caddy's basic_auth? (lemmy.kde.social)
 

Hello fellow selfhoster! on my debian server I use Caddy as reverse proxy, and would like to protect some services and files with a password. I would like, however, to be able to access some protected files programmatically, from a script. using Caddy's built-in basic_auth works as intended, but I'd like to be able to use a login form instead of just a browser prompt. This is AFAIK not possible, so I'm looking for alternatives. Any idea?

1
[docker compose help] Is it possible to map ports when using network_mode? (lemmy.kde.social)
 

Hello everybody! I have the following issue: I have two countainers, let's call them C1 and C2, and they both expose the same port, let's say 1234. I want to route both of them through a gluetun container. to do this, I added

network_mode: container:gluetun

at each container. But they both expose the same port, so there's a conflict. Without routing them though gluetun I can just

ports:
  - 1235:1234

but using network_mode this cannot be done. What can I do? The only thing that comes to my mind is to use two gluetun containers, but I'd rather use a single one

thanks in advance!

****** in c/memes@lemmy.ml
[–] tubbadu@lemmy.kde.social 1 points 10 months ago

Thanks for sharing this kind stranger, I really needed this

1
Doubts over Gluetun + QBitTorrent setup (lemmy.kde.social)
 

Hello! I'm trying to set up qbittorrent and gluetun using docker compose on my home server, using the free account of ProtonVPN.

on some posts I see that ports 8080, 6881 and 6881/UDP are open in gluetun. in the guide I followed instead only port 8080 is exposed. So I exposed port 8080 and it is not working. I launched the torrent of endeavourOS iso image (that my laptop (with the same vpn) downloads in a few minutes with plenty of peers and seeds at about 4Mb/s), and it downloaded at an EXTREME low speed (a few B/s) for a few seconds, and then got stuck at stalled. When it is stalled, the qbittorrent container has no internet access (ping linux.org fails).

So my questions are:

  1. Which ports do I need to open on gluetun? if I open 6881 wouldn't my IP be exposed bypassing gluetun?
  2. What's wrong with my setup? Why is internet connection so slow when there is, and why does it go away so often?
  3. Is this configuration secure? in case of gluetun fail, would my IP be leaked?

here's the two docker-compose.yml files:

version: "3"

services:
    gluetun:
        image: qmcgaw/gluetun
        container_name: gluetun
        cap_add:
            - NET_ADMIN
        environment:
            - VPN_SERVICE_PROVIDER=protonvpn
            - OPENVPN_USER=MYUSERHERE
            - OPENVPN_PASSWORD=MYPASSWORDHERE
            - SERVER_COUNTRIES=Netherlands
            - FREE_ONLY=on
        volumes:
            - ~/docker/gluetun/gluetun:/gluetun
        ports:
            - 8080:8080 # qBittorrent
        restart: unless-stopped

and

version: "3"
services:
  qbittorrent:
    image: linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Rome
      - WEBUI_PORT=8080
    volumes:
      - ~/docker/qbittorrent/config:/config
      - ~/docker/qbittorrent/downloads:/downloads
    network_mode: "container:gluetun"
    #ports:
    #  - 8080:8080
    #  - 6881:6881
    #  - 6881:6881/udp
    restart: unless-stopped

and here's some logs:

024-01-22T19:07:15Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Countries: netherlands
|   |       ├── Free only servers: yes
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: fL...BK
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
└── Enabled: yes
2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-01-22T19:07:15Z INFO [routing] adding route for 0.0.0.0/0
2024-01-22T19:07:15Z INFO [firewall] setting allowed subnets...
2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-01-22T19:07:15Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-01-22T19:07:15Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-01-22T19:07:15Z INFO [http server] http server listening on [::]:8000
2024-01-22T19:07:15Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-01-22T19:07:15Z INFO [firewall] allowing VPN connection...
2024-01-22T19:07:15Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-01-22T19:07:15Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-22T19:07:15Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.40.57.231:1194
2024-01-22T19:07:15Z INFO [openvpn] UDP link local: (not bound)
2024-01-22T19:07:15Z INFO [openvpn] UDP link remote: [AF_INET]192.40.57.231:1194
2024-01-22T19:07:21Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-22T19:07:21Z INFO [vpn] stopping
2024-01-22T19:07:21Z INFO [vpn] starting
2024-01-22T19:07:21Z INFO [firewall] allowing VPN connection...
2024-01-22T19:07:21Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-01-22T19:07:21Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-22T19:07:21Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.56.235:1194
2024-01-22T19:07:21Z INFO [openvpn] UDP link local: (not bound)
2024-01-22T19:07:21Z INFO [openvpn] UDP link remote: [AF_INET]185.107.56.235:1194
2024-01-22T19:07:22Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
2024-01-22T19:07:22Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-01-22T19:07:22Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-01-22T19:07:22Z INFO [openvpn] [node-nl-164.protonvpn.net] Peer Connection Initiated with [AF_INET]185.107.56.235:1194
2024-01-22T19:07:23Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-01-22T19:07:23Z INFO [openvpn] TUN/TAP device tun0 opened
2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up
2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip addr add dev tun0 10.25.0.5/16
2024-01-22T19:07:23Z INFO [openvpn] UID set to nonrootuser
2024-01-22T19:07:23Z INFO [openvpn] Initialization Sequence Completed
2024-01-22T19:07:23Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-22T19:07:24Z INFO [healthcheck] healthy!
2024-01-22T19:07:24Z INFO [dns] downloading hostnames and IP block lists
2024-01-22T19:07:32Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-01-22T19:07:32Z INFO [dns] init module 0: validator
2024-01-22T19:07:32Z INFO [dns] init module 1: iterator
2024-01-22T19:07:32Z INFO [dns] start of service (unbound 1.17.1).
2024-01-22T19:07:33Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-22T19:07:33Z INFO [healthcheck] healthy!
2024-01-22T19:07:33Z INFO [dns] ready
2024-01-22T19:07:33Z INFO [vpn] You are running on the bleeding edge of latest!
2024-01-22T19:07:33Z INFO [ip getter] Public IP address is 185.107.56.251 (Netherlands, North Holland, Amsterdam)
1
Hate when it happens (lemmy.kde.social)
 
The worst part about Lemmy is having to scroll past the same article dozens of times when browsing All. in c/asklemmy@lemmy.world
[–] tubbadu@lemmy.kde.social 1 points 2 years ago

It would be cool if crossposted posts would have like a common comment thread or something like this: a crosspost does not copy the post to another community, it creates a "softlink" to the original post. This way, everything done to any of the crossposted post (vote, comment, mark as viewed) would be also applied to other crossposted posts. This way, we would only see a single post instead of 15 posts, and we wouldn't miss any comment from any of the communities it is crossposted. Obviously, users may wish to just copy the post to another community. What do you think about this? Should we open an issue on github about this?