Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

IHawkMike

@IHawkMike@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

IHawkMike , to Selfhosted in Traefik and external services

If you're sure you've got a DNS entry for the Pihole FQDN pointing at Traefik, open the dev panel in your browser (F12), switch it to the Network tab, and visit the pihole URL.

See if you get anything back and especially take note of the HTTP status codes.

IHawkMike , to Selfhosted in Traefik and external services

Can you see the router and service in the Traefik dashboard and do they show any errors there?

IHawkMike , to Selfhosted in Traefik and external services

I think you're close.

You need to change service: pihole-rtr to service: pihole-svc.

Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?

No, you just need to reference it like you have. Define once, reference many.

IHawkMike , to Selfhosted in Traefik and external services

No worries for the question. It's not terribly intuitive.

The configs live on the Traefik server. In my static traefik.yml config I have the following providers section, which adds the file provider in addition to the docker provider which you likely already have:

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /config
    watch: true

And in the /config folder mapped into the Traefik container I have several files for services external to docker. You can combine them or keep them separate since the watch: true setting tells it to read in all files (and it's near instant when you create them, no need to restart Traefik).

Here is my homeassistant.yml in that folder (I have a separate VM running HASS outside of Docker/Traefik):

http:
  routers:
    homeassistant-rtr:
      entryPoints:
      - https
      service: homeassistant-svc
      rule: "Host(`home.example.com`)"
      tls:
        certResolver: examplecom-dns

  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://hass1.internal.local:8123"

Hope this helps!

IHawkMike , to Selfhosted in Traefik and external services

I use the Traefik file provider for this.

https://doc.traefik.io/traefik/providers/file/

It picks up all my .yml configs in the watched folder which define the routers and services external to Docker.

IHawkMike , to Selfhosted in Cloudflare is bad. Youre right.

I know plenty account SNI already, but thanks. You might want to study more yourself, since we're being condescending.

https://blog.cloudflare.com/encrypted-sni/

IHawkMike , to Selfhosted in Cloudflare is bad. Youre right.

So now your ISP sees all of your queries instead of CF. (Assuming the cloudflared option is using DoH)

I'll trust Cloudflare over Comcast/AT&T/etc. any day of the week.

IHawkMike , to Technology in Just got an operating system update for my Galaxy S10 phone

Yeah, but that security patch level.

IHawkMike , to Selfhosted in Networking Gear Recommendations? (starting from scratch)

I believe you. I'm just saying their non-firewalls (i.e., switches and APs) don't have that limitation.

IHawkMike , to Selfhosted in Networking Gear Recommendations? (starting from scratch)

My firewall is a Fortigate 60F.

IHawkMike , to Selfhosted in Networking Gear Recommendations? (starting from scratch)

I would never use their firewalls/gateways, but their switches are pretty good for the price and their APs are decent (although tbh after 3 generations my next AP will likely be an enterprise Aruba).

That said, I still use Unifi in docker, everything is up to date, and nothing is requiring a sign-in to the cloud. Am I missing something? If it's just the firewalls, then I'm not surprised since I've never been remotely tempted to use them, but it sure isn't all of their devices.

IHawkMike , to Mildly Infuriating in Usernames in the Fedivers 😫

And what's wrong with asking that? Plenty of email platforms let you change your primary SMTP address and/or add/remove aliases.

It's a legitimate question. And it could be that the lack of ability to change it has a perfectly logical answer. It still wouldn't invalidate the question.

IHawkMike , to Technology in what if the hacker provided the public key for https connection?

In Chromium browsers you can simply type "thisisunsafe" to bypass even HSTS failures.

IHawkMike , to Technology in what if the hacker provided the public key for https connection?

They mean CAA records:

https://developers.cloudflare.com/ssl/edge-certificates/caa-records/

IHawkMike , to Technology in Ordered back to the office, top tech talent left instead, study finds

You need to demand a raise. And keep working from home.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •