nbailey @ nbailey @lemmy.ca

Posts

5

Comments

154

Joined

2 yr. ago

Best advice I can give is to make sure the default virtualhost on nginx/apache just sends a 404 to all requests to your IP, and only serve the apps you want when they’re accessed by the correct hostname. The vast majority of spammy scanners are just hitting all public IPs, so as long as you don’t tell them what you’re hosting you’ll be alright.

Then, I’d advise having some sort of basic web application firewall (WAF). Modsecurity is a common one, NAXSI is another. These take some time to set up, but are quite good at absorbing attempted attacks.

Generally speaking, yes, but things can get a little weird when you’re dealing with an abstraction like docker.

It looks like it’s not able to reload the service. Could be permissions? As the nginx user (www-data often), try touch /run/nginx.pid

The Linux and Unix System Administration Handbook (6th edition)

Might be worth it if you want network printing. Usb only is fine, but it’s worth paying a little extra to get Ethernet if that’s what you want. Mdns/avahi/bonjour make things easy for sure. Wifi printers always suck, I’d avoid that. I’ve had nothing but good results with my brother b&w on wired Ethernet.

Mine got used as a cat brush once and never worked right after that. Cat was happy though

Get a 2004-2009 car, yank the stereo out and throw an aftermarket headunit with android/carplay in. Best of both worlds!

Keycloak is decent. It has its own built in user database, or it can connect to an “upstream” idp like AD, GitHub, google, fb, basically anything that speaks openid or SAML. Then, it can act as an idp to each service you run. It is a bit of a chore to configure, but compared to other SSO servers it’s pretty good (looking at you shibboleth)

You could probably get a used x280 or x390 for that price. Both are great machines even 4 years later. Check local refurbishers for off-lease machines on the cheap.

Write install and maintenance guides, save them somewhere public. Automation is good, but documentation and practicing technical writing is better.

Not for a new selfhoster, no. It’s fairly complex and has lots of moving pieces. Start with a simple syslog server before going way into the deep end.

Wazuh is a neat tool, but it’s really just good old OSSEC bolted into Elasticsearch with some custom plugins and middleware. You can get nearly the same result by just shipping logs from ossec and osquery with a lot less complexity.

Why not Debian? It’s a fantastic distro on its own, without the need to bolt on vendor’s stuff if you already know what you’re doing.

Will this be offered to refugees from Syria, Yemen, Sudan, etc?

AP, unless the article is about a protest

Aljazeera, unless the article is about Qatar

Reuters, unless the article is about non-G20 countries

BBC, unless the article is about the UK

CBC, unless the article is about Canada

It’s a feudal monarchy. All three leaders have been direct descendants of each other. Most of the Party members are also related to each other. It’s worse than just “dictatorship”, it’s downright serfdom. It’s a stupid country and they get way too much attention from tankies for having “communism” as part of their branding.

The model has become inbred because it’s now impossible to scrape the web without AI content getting ingested, which is full of “hallucinations” and other weird artifacts. The last opportunity to get “uncontaminated” training data was sometime in mid 2022.

Not to say that it’s causing this particular problem, but this issue will emerge eventually. Garbage in = garbage out. Eventually GPT-19 will grow a mighty Habsburg chin.

The config dsl syntax is a bit strange, can’t run a script on “recovery”, but it’s generally not bad honestly. I use it on loads of servers as a monitoring-tool-of-last-resort if the main system fails.

Very cool! I like the idea of a less-weird Monit. I might try this on some one-off servers later…

Folder = non-hidden directory under /home Directory = everything else