atzanteol

atzanteol , 16 days ago to Selfhosted in Restart an OOM killed docker automatically

Sorry - was ambiguous and thought you were saying the "cron" thing sounded best.

atzanteol , 16 days ago (edited 11 days ago) to Selfhosted in Restart an OOM killed docker automatically

It's fairly obvious I feel.

You're saying rather than use a system tool that does the exact thing that you want you should bodge together a cron job that accomplishes your goal but doesn't actually do what you want.

Like say you want to stop the docker service for some reason? systemctl stop docker will do that. Then your cron job will restart it. That's not the desired outcome. You want the service running IF the service SHOULD be running. Which is a different thing than "always running". And its' exactly what you get for free with systemd without any silly custom BS.

atzanteol , 16 days ago to Selfhosted in Restart an OOM killed docker automatically

Seems like the best solution.

Over using a system tool designed to monitor and restart services that stop?

atzanteol , 16 days ago to Selfhosted in Restart an OOM killed docker automatically

I don't know the best way

Apparently...

Don't do this. Either don't go OOM to begin with (somebody else told you how to limit container memory usage} and/or configure systemd to restart docker if it quits. I'm surprised systemd isn't already.

atzanteol , 18 days ago to Selfhosted in Is it worth upgrading my PC for running LLMs?

VRAM. Not system RAM. LLMs run best entirely on the GPU.

atzanteol , 20 days ago (edited 17 days ago) to Selfhosted in Sharing music collection easily?

I was just about to reply that I liked supporting the developer of the original code and that it wasn't too expensive (I bought a "lifetime premium" for something like $30 USD I think) . But it seems the licensing has gotten ridiculous since then and is now a subscription. :-(

atzanteol , 20 days ago to Selfhosted in Sharing music collection easily?

Subsonic is perfect for this. Interface is a bit... dated, but the functionality is there.

atzanteol , 21 days ago to Selfhosted in Help setting up OpenWRT for extra router

If you want to use the PI as a router you'll probably end up with a double NAT situation which isn't ideal

Just don't do NAT on the Pi then...

atzanteol , 24 days ago to Selfhosted in Is it safe to automatically pull and update docker containers?

Depends on how you like to roll. If you enjoy waking up to a service not working then go for it.

But it very much depends on what containers you're using and what tags you're pulling.

atzanteol , 1 month ago to Selfhosted in Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?

No point talking to you then.

atzanteol , 1 month ago to Selfhosted in Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?

... You're joking right?

atzanteol , 1 month ago to Selfhosted in Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?

I'm positive that F5's marketing department knows more than me about security and has not ulterior motive in making you think you're more secure.

Snark aside, they may do some sort of WAF in addition to being a proxy. Just "adding a proxy" does very little.

atzanteol , 1 month ago to Selfhosted in Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?

They may offer some sort of WAF (web application firewall) that inspects traffic for potentially malicious intent. Things like SQL injection. That's more than just a proxy though.

Otherwise, they really don't.

atzanteol , 1 month ago to Selfhosted in Server for a boat

HDDs don't do well when rotated

The original iPod had an HDD in it. You can rotate HDDs. Sharp impacts may be risky though, especially for a non-laptop drive.

atzanteol , 1 month ago to Selfhosted in Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?

Put your reverse proxy in a DMZ, so that only it is directly facing the intergoogles

So what? I can still access your application through the rproxy. You're not protecting the application by doing that.

Install a single wildcard cert and easily cover any subdomains you set up

This is a way to do it but not a necessary way to do it. The rproxy has not improved security here. It's just convenient to have a single SSL endpoint.

There’s even nginx configuration files out there that will block URL’s based on regex pattern matches for suspicious strings. All of this (probably a lot more I’m missing) adds some level of layered security.

If you do that, sure. But that's not the advice given in this forum is it? It's "install an rproxy!" as though that alone has done anything useful.

For the most part people in this form seem to think that "direct access to my server" is unsafe but if you simply put a second hop in the chain that now you can sleep easily at night. And bonus points if that rproxy is a VPS or in a separate subnet!

The web browser doesn't care if the application is behind one, two or three rproxies. If I can still get to your application and guess your password or exploit a known vulnerability in your application then it's game over.