I'm using the LSIO docker image and I could not locate the occ file to fire off the reset - but even then - I didn't need to reset my password anyway..
Not sure if I completely understand but I think you want public service 1 accessible on subdomains s1.domain.com and internal service 2 on s2.domain.com?
Just point the A record for s2 to an internal ip address (or a tailscale ip). The only thing dns does is translate a (sub)domain to an ip address. So outside of your network s2.domain.com wouldn't resolve but inside your network it would.
How I understand it is that database/io calls are heavy and network calls are relatively light. A user on the instance itself equals Database/io and a federated server means just 1 database call and a bunch of network calls. Since it's a push model the instance only has to retrieve the data from the database itself once and then just pushes it to all subscribed instances.
I remember here in the Netherlands that you could only watch HBO through a specific internet provider (ziggo-Vodafone). I'd have to switch goddamn ISP's to pay for their show. That gave me all the justification to pirate the shit out of it.
Obscuring version numbers is best practice. Trying exploits isn't always trivial and by knowing the exact version number of the software it can be made a whole lot easier. Good post by OP though I do think it should've been a DM to Ruud.
I was considering it (having previously tested the now defunct Neeva) but the to me limited amount of searches is really stopping me from giving it a go.
I'm using the LSIO docker image and I could not locate the occ file to fire off the reset - but even then - I didn't need to reset my password anyway..