NextCloud’s trusted_proxies setting supports CIDR notation, so it mught be better to set the subnet of Traefik’s network as opposed to the IP address. That way, if you ever need to do anything with the container (I.e. upgrade traefik), the IP can change but the subnet is less likely to change.
It may not affect this current use case for a home media server, but people should still be aware of it so as they learn and grow, they don’t paint themselves in a corner by knowing only the anti patterns as the path forward.
Last time this was asked, I’ve voiced the concern that tying fixed IP address to container definitions is an anti-pattern, and I’ll voice that again. You shouldn’t be defining a fixed IP address to individual services as that prevents future scaling.
Instead, you should leverage service discover mechanisms to help your services identify each other and wire up that way.
It seemed like in NPM, there is no fitting mechanisms out of the box. Which may suggest your use case is out growing what it may be able to service you for in the future. However, docker compose stacks may rescue the current implementation with DNS resolution. Try simplifying your npm’s docker compose to just this:
Have your other services in Jellyfin stack stay only on jellyfin_net or whatever you define it to be, so they’re not exposed to npm/other services. Then in the configs, have your npm talk direct to the name of your jellyfin service using hostname, maybe something like jellyfin or whatever you’ve set as the service name. You may need to include the compose stack as prefix, too. This should then allow your npm to talk to your jellyfin via the docker compose networks’ DNS directly.
I don’t use the two you’ve called out, so I cannot guarantee my Google results are accurate, but the principle is similar…
If the app supports external authentication (usually, looking for things like OIDC, SAML, or SSO in the documentation), then I’d configure the app to do that and skip the Traefik middleware piece.
This is what I’d do based on what I’m seeing on this article for NextCloud. That is, when all is said and done, I’d go https://nexcloud.myunexistent.deployment/ and be greeted with the next cloud login screen, where the external authentication option is shown on screen.
I’m so lucky I got my SO on board with using a password manager early on! However, the passwordless login (after figuring out how send a user to the enroll stage initially) makes it so smiple, don’t even need the federated Google login.
I don’t know about other platforms, but YouTube membership is totally implementable on any other platform.
The workflow anyone need to implement is the same flow Discord has implemented:
Perform OAuth to get the user’s own channel using the mine filter on channels.list end point. This way the service can know SomeOneWatching is owner of channel UC1234ABCD
Perform OAuth to get the host’s members on a fixed interval to get a list of all members, and match it against all known users’ channel IDs or target individual user like SomeOneWatching’s UC1234ABCD channel ID as part of filterByMemberChannelId on the same members.list end point.
Upgrade users’ groups on the service to reflect membership accordingly, no direct YouTube partnership required.
Revisit the same flow in 2 regularly to downgrade when memberships are not renewed; beyond the pubsubhubbub which notifies subscription content updates (new uploads/deletions) on a subscribed channel, YouTube does not have a push notification for automatic updates. This is why there’s always a slight delay when membership status changes.
Source: I’ve worked in YouTube adjacent company using all of their public and several proprietary APIs for around 10 years now. I’m fairly familiar with their API offerings.
I use Traefik as reverse proxy and Authentik as SSO IdP. When I connect to my “exposed” service, Traefik middleware determines if I have the appropriate access credentials established. If so, I get access; if not, I’m bounced over to Authentik, where I enter my username, and authenticate via Passkey (modern passwordless gated by private keys behind biometrics unlock). The middleware can also be bypassed based on my pre established private custom HTTP header, so apps doesn’t support the flow (ie mobile client for some apps) can get in directly as well.
It’s not as a fully scalable solution, no. Without swarm, last I checked, it cannot even really run on multiple instances. However, it does have the functionality to scale individual services within the same host if resources are available and the service can benefit from such a scaling. It is not very uncommon to see something require multiple worker instances and this breaks that paradigm.
Service discovery will certainly play a much larger role in even more orchestrated systems, but doesn’t mean it shouldn’t start here.
Except it is explicitly being told to use a singular IP address here. So the engine is either going to go against explicit assignment or going to create a conflict within its own network. Neither of which are the expected behavior.
Just because people are self hosting, doesn’t mean they should be doing things incorrectly.
This feels like an anti-pattern that should be avoided. Docker compose allows for scaling individual services to have more than one instance. By hard assigning an IP address to a service, how is that going to be scaled in the future?
I don’t know how to reconcile this issue directly for NPM, but the way to do this with Traefik is to use container labels (not hard assigning IP address) such that Traefik can discover the service and wire itself up automatically. I’d imagine there should be a similar way to perform service discovery in NPM?
Most self hosted DNS level blocking will be very fast as it is really easy to keep the block list in RAM. I hosted Pi Hole on RPi 3 and an over provisioned VM (4 cores and 4GB of ram lol). The only difference I’ve noticed is whether or not the device is hardwired. When my RPi was hardwired into the network, there was no notable difference between the two.
The app originated from iOS and the design language of swiping from left edge in is always to go back in the history; and design language of swiping from right edge in is always to go forward in the history stack. The forward swipe is not straight forward in the ionic framework the app is currently implemented in, but in all cases it shouldn’t break the design language.
The design language generally suggests something near the header (i.e. the sort and moderator icons area ), inset from the existing interaction button, to have up/down arrows to move to previous/next item in the same list, and I think maybe some optional buttons there might make sense.
Though, given the type of app this is (social link aggregator with up/down votes), simple arrows might be confusing for some users. Perhaps a visually different set of arrows might do the trick…?
As much as this is the right thing to do — I’ve revoked my subscription on several world news communities myself, so I am no saint here — by withdrawing from communities on subjects we actually care about, we reduce the chance of steering content in the positive direction, thereby stifling growth and contributes to the downward spiral vicious cycle. This is also exacerbated by the very toxic “go find your own instance” mindset these people bear, which is what’s driving communities to their demise.
Sadly, the amount of activity on Lemmy reflects this decline. Only the active user count is showing any signs of positive movement due to it being masked from the change in stats counting in the new version, which makes it look like there are more active users than there actually is. The instances count and post count are all going downhill and less and less people will interact because of the toxic behaviours.
I’m rooting for the DOJ because even the underdogs need some supporter too. DOJ giving themselves a pat on the back about their Microsoft Antitrust case tells me all I need to know where this whole thing would go — and if it is not clear: no where.
There's no point in trying to build a community with a very hostile environment for anything that doesn't align with the very odd hostile-against-everything-not-OSS zeitgeist.
Wait until they come to correct you by saying that’s not true, they’re actually hostile-against-everything-not-FOSS, how the F is very important, and why certain licensing standards are better than others. And any time anyone tries to call out deficiencies in their favorite FOSS, they’d be greeted with swarms of “you don’t understand FOSS” comments and have no room for any constructive discussion. Then, to top it off, they’d always default to the “why don’t you just go find your own instance instead” comment. It’s almost as if they don’t want a community for discussions, they want echo chambers, and they’ll be hostile and unwelcoming to everyone who’s not aligned with their believes.
Edit: oh, look, we have the go fund your own instance comment in this thread already! Called it.
Some of Apple’s biggest fans are also sometimes Apple’s largest critics. I’m all for critical discussions, but the “herp derp finally getting what Android have for years” kind of comments are certainly getting old, and I wouldn’t mind seeing less of.
I thought it was reference to tiff in a png? It's been far too long, but you're right, PDF was certainly also a vector in a slightly later incarnation I remember :)
chiisana @ chiisana @lemmy.chiisana.net Posts 4Comments 500Joined 2 yr. ago
No problem! It’s a small change that might not affect most people :)