douglasg14b @ douglasg14b @lemmy.world

Posts

11

Comments

947

Joined

2 yr. ago

I stated in the OP that cloudflair HTTPS is off :/

I'm not using cloudflare for the certificate. I also can't use the cloud for certificate anyways for internal services through a loopback.

Similarly you can have SSL termination at multiple layers. That's works I have services that proxy through multiple SSL terminations. The issue that I'm having is that the ACME challenge seems to be having issues, these issues are documented and explained in various GitHub threads, however the set of solutions are seemingly different and convoluted for different environments.

This is why I'm asking this question here after having done a reasonable amount of research and trial and error.

I am doing SSL termination at the handoff which is the caddy proxy. My internal servers have their SSL terminated at caddy, my traffic does not go to the internet.... It loops back from my router to my internal Network.

However DNS still needs to have subdomains in order to get those certificates, this cloudflair DNS. I do not want my IP to be associated with the subdomains, thus exposing it, therefore cloudflair proxy.

You're seeing the errors because the proxy backend is being told to speak HTTPS with Caddy, and it doesn't work like that.

You can have SSL termination at multiple points. Cloudflare can do SSL termination and Cloudflair can also connect to your proxy which also has SSL termination. This is allowed, this works, I have services that do this already. You can have SSL termination at every hop if you want, with different certificates.

That said, I have cloudflair SSL off, as stated in the OP. Cloudflare is not providing a cert, nor is it trying to communicate with my proxy via HTTPS.

Contrary to your statement about this not working that way, cloudflair has no issues proxying to my proxy where I already have valid certs. Or even self signed ones, or even no certs. The only thing that doesn't work is the ACME challenge...

Edit: I have now solved this by using Cloudflair DNS ACME challenge. Cloudflair SSL turned back on. Everything works as expected now, I can have external clients terminate SSL at cloudflair, cloudflair communicate with my proxy through HTTPS, and have internal clients terminate SSL at caddy.

A password is literally just:

secret data, typically a string of characters, usually used to confirm a user's identity

A secret key or passcode meets that definition 🤦 You're most definitely on poor standing here.

A very long password that no one can remember (ie. A key) is still a password. Also are you unaware of the existence of password managers and random password generation...?

"spreading misinformation" is a phrase mostly used by feds when they see something they consider to be "wrong think" or not "politically correct". They use this anti-misinformation campaign to support their censorship and mass surveillance system.

Immediately jumping to discredit and dismiss instead of engage by way of over generalization and accusation is not a good look my man.

It's absolutely bonkers.

There's so many people here that fight against their own interests by letting perfect be the enemy of good.

Got to love ignorant hot tapes based on article headings.

That's.... Literally just a long password.

I assumed you were talking about a private key as in cryptographic private key, where your data is encrypted on the remote server and your private key is required for it to be decrypted and for you to use it.

If you just talking about something to get into an SSH key then all that is is a longer password.

It should be $0 because this was a credential stuffing attack (Using breached passwords people reused), and affected people who knowingly shared their data with other people.

23&me didn't leak data, they didn't have any database breaches, their infrastructure wasn't compromised due to negligence...etc The majority share of negligence is in the users here.

Yes, they should have MFA, but also no, most sites and services don't force you to use MFA to begin with, and that's not a regulatory requirement anyways.

This is, for the most part, the fault of the folks using terrible security practices such as refusing passwords and sharing their data with other users. And this is a shitty precedent to set where the technical reasons for this event are thrown out the window in favor of the politics of it.

That's literally just a long password that you can never recover your data from when you inevitably lose or forget it (remember we're talking about the majority of users here who do not use password managers).

Custom launchers have their own issues. I've tried them such as Nova launcher and I really just don't like the experience.

Yeah but this requires you to use an entirely different launcher which has its own caveats...

You can if you are in the EU.

Google just says fuck you to everyone else because they get away with anti-competitive practices.

For a huge number of phones it's a requirement because Google and Android do not allow you to customize or change this aspect of the device.

Unless you're in the European Union in which you get the right to.

Fuck Google.

If only we had a choice to... You know... Not use the stupid thing

Unfortunately that right is only reserved for EU Citizens.

Google needs to be broken up.

Imagine this comment existing before woman's suffrage.

Mass protests are how change has always happened to the oppressed. The oppressed have always continued to be oppressed when they take the stance of your comment.

The comment two above this links to a tool that literally does live syncing on a line by line level. Unless you're editing the same lines at the same time you're not going to get sync conflicts.

I use it as well and it works wonderfully in real time.

Please do not make this another 2016, and assume Kamila will win.

The Russian bots are out in full force to pacify voters that "they have this in the bag". This is an indication that the only way we lose is by not voting. And the sentiment is changing, I see calls to vote less and less now, and comments assuming Kamila has already won more and more.

It's not over till it's over.

Incels at least is a natural consequence of the difference between society's expectations, the needs of an individual, and generally the lack of support and or direct toxicity towards men who need help and emotional support men require as humans.

That one is a societal problem around isolating people away from affection.

The rest I have no freaking clue how one becomes a Nazi in 2024.

Yes, literally anyone that wants to sell a product or provide a service relies, to a large degree, on advertising.

It's been this way for over a century.

You literally can't.

There's a ton of stuff you can't do with the new garbage settings.

Let's not even mention that on an operating system called "Windows" you can only have one "window" of settings open. And opening new settings will just replace where you just where. Which is extremely rage inducing.