Pete90

Pete90 OP , 3 months ago to Selfhosted in What's up with the prices of smaller used drives?

I didn't even think to look at Amazon, but for 12TB, that is an okay to good price. Too bad the 4TB is inappropriately expensive...

Pete90 OP , 3 months ago to Selfhosted in What's up with the prices of smaller used drives?

Yeah, that seems to be the case. I'll be on the lookout for official refurbished drives, thanks for your input!

Pete90 , 3 months ago (edited 3 months ago) to Selfhosted in After some trial and error, I've managed to successfully deploy public instances of privacy-respecting services!

Let me know if you need any help with that. I'm still a beginner, but have used the last few months to learn about cyber security. It can be a daunting subject, but if you get the basics right, you're probably good. I also hosted without a care for years and was never hacked, but it can/will happen. Here are some pointers!

Get or use a firewall. Iptables, UFW and such are probably good enough. I myself use OPNsense. It can be integrated with Crowdsec, a popular intrusion prevention system. This can be quite a rabbit whole. In the end, you should be able to control who goes where in your network.

Restrict ssh access or don't allow it at all via internet. Close port 22 and use a VPN, if needed. Don't allow root access via Ssh, use sudo. Use keys and passphrase login for best security.

Update your stuff regularly. Weekly or bi-weekly, if you can.

Use two factor authentication, where possible. It can be a bit annoying, but improves things dramatically. Long passwords help to, I use random-word-other-word combinations.

If you haven't, think of a backup strategy. 3 redundant copys on 2 media, one off site.

Pete90 , 3 months ago to Selfhosted in After some trial and error, I've managed to successfully deploy public instances of privacy-respecting services!

Cool idea. Just be aware, that there are a lot of shady people out there. I'm not sure I would publicly host services, which rely on tight security (like Vaultwarden). They will come and they will probe your system and it's security!

You might also want to remove Dockge from Uptime Kuma, no need to broadcast that publicly.

Pete90 , 3 months ago to linuxmemes in And that is why snapshots exist

I did, and it was fast. I was a complete noob, so I thought rm -rf /* would delete everything in the current folder. I hit Ctrl + C, but it was too late. Took a few seconds to wipe out the whole system.

Pete90 OP , 3 months ago to Selfhosted in Traefik Docker Lables: Common Practice

Thanks, I'll let you know, once/if I figure it out!

Pete90 OP , 3 months ago to Selfhosted in Traefik Docker Lables: Common Practice

I did what you suggested and reduced (1) the number of running services to a minimum and (2) the networks traefik is a member of to a minmum. It didn't change a thing. Then I opened a private browser window and saw much faster loading times. Great. I then set everything back and refreshed the private browser window: still fast. Okay. Guess it's not Traefik after all. The final nail in the coffin for my theory: I uses two traefik instances. Homepage still loads its widgets left to right, top to bottom (the order from the yaml file). The order doesn't correspond to the instances, it's more or less random. So I'm assuming the slowdown has something to do with (a) either caching from traefik or (b) the way Homepage handels the API request: http://IP:PORT (fast) or https://subdomain.domain.de. Anyway, thanks for your help!

Pete90 OP , 3 months ago to Selfhosted in Traefik Docker Lables: Common Practice

Thank you so much for your thorough answer, this is very much a topic that needs some reading/watching for me. I've checked and I already use all of those headers. So in the end, from a security standpoint, not even having port 80 open would be best. Then, no one could connect unencrypted. I'll just have to drill into my family to just use HTTPS if they have any problems.

It was interesting to see, how the hole process between browser and server works, thanks for clearing that up for me!

Pete90 OP , 3 months ago to Selfhosted in Traefik Docker Lables: Common Practice

Thank you for your answer. If I do that, can I still connect via HTTP and the browser will then redirect? I don't think I have a problem with remembering HTTPs, but my family will...

Pete90 OP , 3 months ago to Selfhosted in Traefik Docker Lables: Common Practice

That's a great idea, I'll give it a try tomorrow. The weird thing is, the webuis load just fine, at least 90+ of the time is almost instant...

Pete90 OP , 3 months ago to Selfhosted in Traefik Docker Lables: Common Practice

Each service stack (e.g. media, iso downloading) has it's own network and traefik is in each of those networks as well. It works and seperates the stacks from each other (i don't want stack a to be able to access stack b, which would be the case with a single traefik network, I think.)

Pete90 , 3 months ago to Selfhosted in Resticity - a cross-platform frontend for restic

Awesome, I'm just getting into restic!

Pete90 , 4 months ago to Selfhosted in What does your current setup look like?

Great setup! Be careful with the SSD though, Proxmox likes to eat those for fun with all those small but numerous writes. A used, small capacity enterprise SSD can be had for cheap.

Pete90 , 5 months ago to Selfhosted in When Pi-hole is down?

I tried this. Put a DNS override for Google.com for one but not the other Adguard instance. Then did a DNS lookup and the answer (ip) changed randomly form the correct one to the one I used for the override.
I'm assuming the same goes for the scenario with the l public DNS as well. In any case, the response delay should be similar, since the local pi hole instance has to contact the upstream DNS server anyway.

Pete90 OP , 5 months ago to Selfhosted in Feedback on Network Design and Proxmox VM Isolation

I see, thanks for clearing that up.