I just did a proxmox update and reboot last week, but before that it was months of uptime.
Some networks block Wireguard connections.
Dollars to doughnuts they're blocking the default Wireguard port. Change your wireguard port to something like 8080 or 8443 and you'll almost certainly make it through
CF tunnels to access generic apps I want public.
I totally could move everything that's on CF tunnels over to Wireguard, but I see no need to do it
How would you keep the public apps public if you require a wireguard connection to access them?
Yes.
I use all three for different purposes.
It all depends on what my requirements for self hosting some are.
Tailscale has its use when you are behind CGNAT and don’t want to VPS a Wireguard server somewhere with a static IP, other than that, it has no use in my opinion. I’m fully aware that I get downvotes from people who praise the zero trust principals of Tailscale and all the rest, but they always forget that you can do zero trust since decades with any network equipment (VXLAN) and add Wireguard to the mix.
People just forget that all Tailscale is is a fancy GUI for managing Wireguard. That's it.
Wireguard lacks a lot of user management features so you need a service like Tailscale to handle that, but everything zerotier does is something you can already do in wireguard, just simplified.
How do you access those services from a public network?
With Wireguard?
I got 2x1000v/800w USPs for $145.
Some light strips to put in TM server rack for $9
A 24port patch panel and keystone Jacks for $35
A keyboard drawer for $50
And a rack mounted Fan for $100.
My 2024 New Years resolution is to make my server rack not look like a piece of shit.
disabling password login and use pubkey authentication will be safe enough?
Just make sure you actually disable password login. Simply enabling key doesn't disable password. So as long as the password is disabled then you're fine.
This is probably the optimist in me saying this, but I don't think the data is actually gone.
Its probably some misconfiguration that is locking people out of their data. That may not functionally be different but technically it's majorly different. My guess is there will be some announcement made in a few days that they fixed a permissions error and everyone's data is back.
There’s more than a decade worth of banking, spending, and investment information in there.
That's the real reason I would self host something like a budget app. I don't want a company like Mint to have (and sell) my purchasing and financial history.
"self hosted budget management app". Can't you just install this type of app to your phone or pc? What's the purpose here, will you host it and access it from a browser? Or do you only want to backup its data to your server?
I don't want some third party having access to all of my transaction history and knowing what I spend and where.
I hope I don't sound stupid please enlighten me.
Your question isn't stupid. There is an important decision you need to make on "is the juice worth the squeeze." While you can selfhost a lot of stuff sometimes there's better reasons not to. Email is primary example that gets brought up a lot. Sure you CAN self host it, but for a lot of people on this sub it's not worth the effort required to do so.
Each person has to make that decision for each of the things they choose to self host. Budget apps are no different.
Same. I ran OwnCloud and Nextcloud in parallel for a while until a Nextcloud update nuked it and my wife lost some of her college work.
After that I've appreciated the slower more deliberate pace of OwnCloud
Would that be better than just mounting the NFS on the host and assigning that directory as the Immich upload directory?
I'm trying to figure out how to configure Immich in the optimal way.
I have a Synology RS812 with 512MB of RAM so not enough to run Docker and Immich, but it has 10.7TBs of storage in SHR1.
I also have a VM farm with 256GBs of RAM and 3TB of usable storage with no RAID.
My initial thought was to host Immich on my VM farm (obviously) and store all the photos on the Synology. Then load the photos as an external library from the Synology. This works, but it means I need to set up an automatic upload to the Synology directory.
The second idea is to give Immich the 3TB on VM Farm, have it store photos locally, and then using Rsync to copy photos over to the Synology automatically. The concern here is if Rsync fails I might not notice for a while which runs the risk of data loss.
How would you configure this?
It's basically the same as any other time people expose something to the internet.
Most don't know what they're doing or how to do it safely so they put a vulnerable device out in a vulnerable state.
The only reason a NAS is worse is because it's more common for a home user to have a NAS then it is to do something like host a WordPress, and a NAS has more personal stuff than a WordPress does (usually)
I do. I monitor it in a lot of ways.
- IDS at the router
- Anomoli Detection at the router
- Host based agents on everything I can
- L7 Firewalls on everything I can
- DNS based monitoring for everything
Wireguard and Cloudflare Tunnels make network traffic monitoring difficult because it's all encrypted traffic.
MSDN used to be free so this was a common approach, but they re-org'ed all their programs so I think those keys are now hiding under the paid MSDN program...
You can still get Windows 11 Dev VMs for free;
https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/
And you can get Evaluation keys for 11 Enterprise, Server 2022, SQL Server 2022, and System Center 2022.
I don't even let my friends have unrestricted access to my server because I don't want the liability that could come with one of them searching for/downloading illegal content.
Sure I would technically fall under safe harbor laws but I don't want to spend the money on court/lawyer fees to prove that I'm not that one downloading shit.
It's bots trying to brute force your SSH login. It happens all the time.
Just change SSH to key based only (disable password login) and move on.
Cloudflare will host videos at $5 per 1000 minutes and an extra $1 per 1000 minutes watched per month.
https://www.cloudflare.com/products/cloudflare-stream/
That's the only Cloudflare approved way to do videos and images through the proxy
I've heard a lot of good things about Wasabi on this sub so I figured I'd give them a try. I made an account and did the trial then went to upgrade and that's when the issues started.
Wasabi for whatever reason could not authorize my card. They'd try but it always failed due to a technical issue. Each time however there'd be a $1 charge to my credit card.
I understand that vendors will do temporary charges to make sure the card is valid so I wasn't concerned with the 8 $1 charges to my account (yes I tried several times with different cards to just to make sure it wasn't an issue on my end). But 2 weeks later and the 8 $1 were still there.
So I emailed support asking for the charges to be reversed as I was never able to upgrade my account.
It took almost 3 weeks and me threatening to call my CC and reverse the charges before they finally managed to do something.
That was in February and I thought nothing of it. I left my account the way it was. I wasn't going to bother using Wasabi if they couldn't figure out billing or a refund, but I didn't close my account.
Mistake 2.
Yesterday I received a bill from Wasabi and another pending Credit Card charge for a month of Wasabi.
I immediately emailed them asking WTH. I haven't touched Wasabi since February. They emailed back a few hours later saying they'd look into it.
Today I emailed them again asking for an update, and to their credit they emailed me back in minutes saying it was a bug and they were canceling the bill.
I will be canceling me account as soon as I get home, and I will not be recommending Wasabi to anyone.
This is plainly rediculous and down right fraudulent.