Limit @ Limit @lemm.ee

Posts

1

Comments

63

Joined

2 yr. ago

here is a good video on how to do it: https://piped.video/watch?v=qlcVx-k-02E

pretty much exactly what you're trying to do.

How is that currently plugged in to your odroid? You'll face similar limitations with beelink or intel nucs. Those small form factor pcs generally don't support 3.5inch hdds. Most can fit a single 2.5incch ssd.

So the opening of ports works, but it's not the most secure or best way to do it imo.. what happens is the certbot registers with letsencrypts api and attempts to request a cert via http challenge, it then hosts a small website with a code from letsencrypt to prove that you do in fact own the domain and are who you say you are. Let's encrypt then goes to the url, verifies it sees the text, and issues a cert to the certbot. The problem here is you have to open these ports to the internet, and they need to be open when certificates are renewed (let's encrypt only issues a 90 day cert).. if you want to leave those ports open that's not exactly a safe practice, and manually doing it every 3 months is less than ideal..

With dns challenge, the certbot uses the api of your dns provider (cloudflare or porkbun), the process is similar, it talks with letsencrypt, let's encrypt gives it a string and a dns record it expects to see, then certbot talks to your dns, makes a txt record with the string provided, then let's encrypt checks for that dns record, if it finds it, it issues a cert to the certbot. In this scenario, certbot is connecting out to your dns provider and making the record for you, no opening of ports. And if you leave the api key active, it will auto renew on a schedule so you don't have to really worry about it.

I highly recommend looking into dns challenge some more, watch some videos on it there are lots on YouTube.

As for the dns record, not sure if it's not allowing the wildcard record or what but I wouldn't use *.example.com, make an entry for the actual host/service you are hosting, like portainer.example.com.

I needed something for compute not really storage, regardless these hp's have two nvme slots, and an optional ssd tray (lower modules come with the ssd, these did not have the tray but can buy separately if needed) so the storage upgradeability is pretty good.

I like the "1 liter PCs/home servers" for this kind of stuff. I have a 3 node proxmox cluster running on hp elitebook mini 800 g4's. I got them for around $120 each on ebay (prices vary). Other big manufacturers have their own mini modules (hp, lenovo, dell) Generally these have a lower price tag than something like a similar generation intel nuc because it's less of a niche market, these are used in business office environments and usually sold used pretty cheap when hardware is refreshed or businesses are closed. You can find replacement parts easily also. Just make sure they include a power adapter if you do search for one.

Mine are running i5-8500t processor which supports Intel quicksync and performs very well for video transcoding in plex. Should easily be able to do a couple of 4k transcodes easily. If you're not interested in running proxmox, this would run OMV easily and have plenty of power to run lots of containers.

This is exactly right, the big traditional auto makers were watching tesla,using them as a research experiment, and now are starting to build out their own EVs. Once it becomes viable for these automakers to produce many modules we will see lots of competition in the market, tesla will be completely overrun. There's no way tesla can keep up with production powerhouses like Ford, and Toyota.

I use nginx proxy manager with dns challenge to get a *.example.com cert that I then use to host services internally. I just checked, it supports dns challenge for porkbun, you may want to give it a try again. Also, you shouldn't really need to forward dns to duckdns. You can have public dns records point to an internal ip.

This is what I do, I have example.com (dns registered with cloudflare but should work the same with porkbun) I then create an a record for portainer.example.com to 192.168.0.5.

Internally my nginxproxymanager is running at 192.168.0.5 and portainer is running at https://192.168.0.6:9443

Then in nginxproxymanager I create a dns challenge (you'll have to look up some videos on how to do this, it's not very difficult it usually just takes a api key and secret key) then I create a new proxy host for portainer.example.com pointing to https://192.168.0.6:9443 and you select the *.example.com as your ssl cert for the proxy host

Now internally go to https://portainer.example.com and it should work.

I use it to send backups to backblaze b2 also, it works very well for me.

That's fair, we should all test our backups from time to time. I haven't had any issues over the years with it though i've never had to rely on it for a full restore.

I'm a big fan of duplicati. You can install it on Linux, windows, (not sure about mac) and use it to send backups anywhere. Backup to your nas, to s3, smb share, whatever.

I agree but you could easily fool me with the amount of brand new trucks and suvs I see driving around. Prices will not go down if everyone keeps paying them. And then there are people that can't afford to buy groceries but they have their brand new jeep wagoneer that cost like $80k... that just further drives up prices because you have people that can't afford it still paying the premium, still driving the demand, so the dealers can get away with charging whatever they want.

Don't know about beehaw but lemmy.world was really getting on my nerves with how slow it was and how often it was down. Lemm.ee has been a much better experience for me.

But what happens if someone has a savings and happens to have say $50k in there and then they're hit with a health issue that incurs a $25k hospital bill? Can they then come after you for payment if you have the money in savings?

I get it for personal or even business use on a small scale is great. I use Linux daily, I'm a sysadmin and manage windows and Linux servers. My main desktop is windows. I'm considering switching my home pc over to Linux again since generally (from what I hear) gaming works mostly and that was what used to always bring me back to windows. Now I don't really game that much anymore anyway so it may not even really matter that much for me.

But for a business that has hundreds or thousands of user devices that they need to secure, configure, meet compliance, etc, how would they do that with a Linux distribution? Microsoft has active directory and group policy to manage this kind of thing (and now moving toward AAD and intune to manage device configuration) but I have yet to see any kind of Linux desktop distribution that has a central configuration management, patch management and security management. Sure you can configure it to auto update and send it out hoping for the best, but what happens when a device stops checking in, or the VPN client breaks, or there is some software we need to push out to all our users immediately? What choice do we have?

It's not very effective.

I've had bad luck with all the name brand router wifi combos. I've tried several high end models, from tplink to linksys to net gear. I've finally built a pfsense box as a router/firewall (qotom mini pc) and I've switched to ubiquity ap6 in my house. Finally something that works well for me.

Granted it depends on what you're comfortable with and what you use your devices for. I'm using vlans and vpns and different interfaces for various different things so I need the extra functionality pfsense offers.

Same, I never liked his content. He's so "hype guy" cringy to me. I have friends that are somewhat techie that love him and think I'm just hating on him but he's always been very annoying and came off as fake, like the fake persona that a cars salesman has. I've never watched a whole one of his videos, just can't stand them.

You can "game the system" by picking credit cards that offer some kind of cash back incentive, and don't carry balances month to month. For example the chase freedom card does 1% on all purchases and 5% on specific categories that change every quarter. I've had this card for like 9 years, I've never paid any interest because I pay it off monthly , and we make lots of "free" cash back. The key here is don't go get a credit card and buy stuff you can't afford, that should be hammered into youth from the beginning, just buy what you can afford, and if you're disciplined enough you can put all of your purchases on the card and benefit from the card incentives for basically free.

Bruh... this made me laugh so hard.

I feel like that's the problem in almost any political debate among people in the US. Everything is so polarizing. It always seems like it's a "you're either with us or against us". And you can't even discuss something you're unaware of without some know-it-all jackals jumping down your throat with political rage.