Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Perhyte

@Perhyte@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Perhyte , (edited )

It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware.

For TLS-based protocols like HTTPS you can run a reverse proxy on the VPS that only looks at the SNI (server name indication) which does not require the private key to be present on the VPS. That way you can run all your HTTPS endpoints on the same port without issue even if the backend server depends on the host name.

This StackOverflow thread shows how to set that up for a few different reverse proxies.

Perhyte ,

If there happens to be some mental TLS handshake RCE that comes up, chances are they are all using the same underlying TLS library so all will be susceptible…

Among common reverse proxies, I know of at least two underlying TLS stacks being used:

  • Nginx uses OpenSSL.
    • This is probably the one you thought everyone was using, as it's essentially considered to be the "default" TLS stack.
  • Caddy uses crypto/tls from the Go standard library (which has its own implementation, it's not just a wrapper around OpenSSL).
    • This is in all likelihood also the case for Traefik (and any other Go-based reverse proxies), though I did not check.

5E Player Character builder

As far as I’m aware, the only self hosted player character builder is the charactermancer in plutonium, the patreon-accessible Foundry VTT plugin made by the 5e.tools folks — but man. My kingdom for a dndbeyond alternative, something self hosted that can take open 5th edition content and allow my players to build and save...

Perhyte ,

Aurora is no longer maintained, but it still works just fine. It's a Windows app, so not web-accessible or anything, but it's free. It only contains the SRD content by default (probably for legal reasons), but there's at least one publicly-accessible elements repository for it that you can find using your favorite search engine.

Perhyte ,

If they have the root access typically needed to reboot a server^1^ they could also just wipe the logs without rebooting.

^1^: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •