𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶 @ SeeJayEmm @lemmy.procrastinati.org

Mastodon: [@SeeJayEmm@noc.social](https://noc.social/users/SeeJayEmm)

---

Read more

Posts

20

Comments

545

Joined

2 yr. ago

Racknerd. They're currently running a new year's promotion. They're reliable and inexpensive.

Another option is to use the free tier of Oracle cloud.

https://lowendbox.com/blog/new-year-2024-deals-by-voted-1-top-provider-racknerd-intel-kvm-vps-ryzen-kvm-vps-from-11-49-year/

So much this. People seem to generally be fine here (I never found the reddit communities I interacted with to be toxic) but heaven forbid you purposefully use Windows or pay for software.

Yeah. I have a couple of those. I'll admit it's a little bit of a hassle but if you're using something like let's encrypt you could have a Cron job sync the cert.

What has become our holiday tradition is Jackbox.

Libre Computer "Le Potatoe" is a inexpensive solid performing SBC.

I can't say I have your usecase but I've been happy with RackNerd. Support has been top notch.

Going to second the restic recommendation. I'm using it for most of my backup needs and find it easy, fast, and reliable.

What I do is have NGINX proxy manager running in the VPS with ACLs defined there and then forwarding traffic over the WG tunnel.

Alternatively you could treat the vps like a full VPN endpoint. Route all traffic over the tunnel and nat/masquerade on the vps.

Having done both. Option 1 is cleaner and you're not routing unnecessary traffic over what is likely a metered link.

I'll throw my hat in the ring for Marvel's Spider-Man Remastered.

Things that made me happy this year? I started a new job in Jan that has been great. Company treats it's employees like people the work is enjoyable.

Thanks for doing this and happy holidays.

A few things.

1. On mine there's a little guard around the sprayer and it peeks down under it when in use. There's also a cleaning mode.
2. I do use a some toilet paper to dry. Less than I would if I wiped. One day I'll upgrade to one of the fancy units with a dryer.
3. I don't know about other people but I move around a bit to make sure that the spray gets everything, including "in there a bit". If you dab to dry and your tp has anything other than water on it you didn't do a good enough job spraying.

Since you mention nginx, I assume you’re talking about proxying HTTP and not SMTP/IMAP… For that, you have the X-Forwarded-For header which is exactly for that, retaining the real source IP through a reverse proxy.

I was using NGINX streams feature to proxy the various mail components (smtp, imap, etc...) but that was setting the source IP to the VPS.

I was told in another comment that Mailu can handle being proxied behind traffik. I'm not sure if NGINX has similar support for the "PROXY" protocol. I need to dig into that.

I guess your OPNSense rule from Edit3 is not working because the source is not your mailu instance, because connections are initiated from the outside and mailu only answers (TCP ACK). So you have asynchronous routing.

Ohhhh. Well this is just my ignorance then. I was attacking it like the rules applied to the packet not the conversation. Thanks! I really got lost down the rabbit hole of "why is my routing not working the way I want" and lost sight of the problem I was originally try to solve.

Once I got masquerading configured it was preserving the public IP. I tcpdumped every interface in the path and watched the traffic. When it hit opnsense instead of respecting the policy based routing it was routing the traffic out the WAN.

What baffles me is if I initiated traffic from the mailu server (ping, wget, etc...) I could see that opnsense was routing all traffic in that conversation out the WG interface, none of it hitting the way.

I need to update the post because after fighting with it all day, I realized I was being stubborn (I have a need to solve the problem). I configured a direct WG tunnel between the VPS and the mailu VM and routed the traffic that way. It's all working exactly as I need it to now.

I'd still like to know if opn has a bug or if I was missing some setting as I'd rather not be littering my network with tunnels when I shouldn't need to and I can leverage some smarts in opn (i.e. if the tunnel is down, the gateway would get marked down in opn and it would ignore the policy route).

Yeah, my "monster" comment was sarcasm. I'm in the same boat. I've been in IT for just as long and most places are Microsoft shops, with a little linux sprinkled in for flavor. I refuse to engage in the holy war. Msft, esp these days, makes decent tools and you can pry PowerShell from my cold dead hands. We use o365 at work and honestly OneNote is a solid product and does the job well.

For my personal life my note taking requirements are pretty basic and keep/onenote/etc... fits the bill. Esp since I share notes with my wife. But I'm a tinkerer at heart and I'd like to take more control of my services/data, so I'm experimenting with how much I can pull in without making my life overly and unnecessarily complicated.

The convenience of saying, "Hey Google, add milk to my shopping list", and having that list shared with my wife, is too great. Long term goals would be to find a self-hosted alternative but right now that's where I am.

That being said I am trying to diversify as and pull in house what I can and notes is one of the things I've been experimenting with.

Historically I've been using Google keep or one note (I'm a monster I know). I've been trying to see if I can migrate over to Nextcloud notes as I slowly de-FAANG my life.

I believe the policy based routing is the same thing. I'm starting to think I'm encountering an opnsense bug.

Yeah. The spam filter see everything as being from the VPS ip, so spf and dns checks are all failing on inbound mail.

You nailed it on the head. This is a project for the experience and because I enjoy experimenting. If I can make this work to my satisfaction I may consider putting my primary domain behind it some day.

Thanks for the info and the support.

I don't think I was clear in my post and I'm a little confused by your response. Rather than take the inbound traffic on the vps and proxy it over to the mailu server, I'd like to NAT (masquerade) that traffic so that source IP reports the actual source.