16·
3 days agoThe server has been reverse engineered for literal decades at this point.
DarkSirrush
- 0 Posts
- 44 Comments
Joined 2 years ago
Cake day: June 10th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I can share my traefik setup - note I am doing this on my phone at work, so I might miss something
compose.yaml labels: - "traefik.enable=true" - "traefik.http.routers.traefik.middlewares=authwares@file"GNU nano 7.2 /config/traefik/dynamic/middlewares.yaml http: middlewares: limit: buffering: memRequestBodyBytes: 5000000000 memResponseBodyBytes: 5000000000 maxRequestBodyBytes: 5000000000 maxResponseBodyBytes: 5000000000 authwares: chain: middlewares: - default-headers - authelia - limit default-headers: headers: accessControlAllowHeaders: "content-type,authorization" accessControlAllowMethods: - GET - OPTIONS - PUT - POST - DELETE frameDeny: true accessControlAllowOriginList: "*" accessControlMaxAge: 100 addVaryHeader: true browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN referrerPolicy: "strict-origin-when-cross-origin" customRequestHeaders: X-Forwarded-Proto: https customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" server: "" X-Forwarded-Proto: "https,wss" hostsProxyHeaders: - "X-Forwarded-Host" authelia: forwardAuth: address: http://auth/api/verify?rd=https%3A%2F%2Fauth.example.com%2F trustForwardHeader: true authResponseHeaders: - "Remote-User" - "Remote-Groups" - "Remote-Email" - "Remote-Name"GNU nano 7.2 /config/traefik/traefik.yaml global: checkNewVersion: false sendAnonymousUsage: false entryPoints: web: address: :80 proxyProtocol: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 forwardedHeaders: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 http: redirections: entryPoint: to: websecure scheme: https permanent: true websecure: address: :443 proxyProtocol: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 forwardedHeaders: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 http: tls: options: modern@file certResolver: letsencrypt domains: - main: "example.com" sans: - "*.example.com" providers: docker: exposedByDefault: false network: compose_proxied allowEmptyServices: true endpoint: "http://socket:2375/" defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" file: directory: /config/dynamic watch: true api: insecure: false dashboard: true certificatesResolvers: letsencrypt: acme: email: acme@example.com storage: /certificates/acme.json dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "1.0.0.1:53" log: level: DEBUG filePath: /config/logs/traefik.log format: json accesslog: filepath: /config/logs/access.log bufferingSize: 100 format: json
Guess I am making this in excel now.
Note that its also possible to set up service auto discovery with traefik, the only traefik related config I do on new containers is
Traefik.enabled=true
I have a few:
loginserver- 3 of these, 1 for each of my headless vm’s/computers that’s just an SSH command
dcompose(d/pull) - docker compose (down/pull)3 scripts that are just docker compose up/down/pull, as scripts (remind me in 6 hours and I will post the scripts) so that it will CD to my compose folder, execute the command (with option for naming specific containers or blank for all) and then CD back to the directory I started in.
I did this twice in both big toes, as the first time they only did the sides.
Now I gross out coworkers and fascinate small children when I wear sandals, and haven’t had big toenails in close to 20 years.
31·1 month agoWhy not use myrient? It seems to have every ps2 game individually and is also easy to mass download from (at least with a download manager) and the speeds are great in my experience.
I gave up on automating it, I download with slskd, and run musicbrainz Picard (import slskd download folder, and set it to always save to the jellyfin music folder/rename with my preferred sorting method). This has the bonus of downloading the cover art, and rarely has issues.
26·2 months agoMy bank forces a 6 digit PIN as a password.
Their 2fa is also email or text only.
At least we can set a unique username?
In Canada you can opt out of spam, with the exception of political spam.
Slskd is nice
Anecdotal, but I have owned a total of 3 sapphire amd cards in my lifetime, and all 3 failed much sooner than a GPU should.
It has been about a decade since my last one, so maybe they have stopped using low quality parts, but just wanted to give that input.
Especially with the VPN icon on there.
Tailscale to pihole ftw though!
For bad ragons in specific? Yes. Last I checked there was a subreddit and a section in heir official forums to do so, and I am sure there were more spaces I didn’t know about (because I never cared to try looking).
There are literally trusted middlemen for ensuring you don’t get scammed.
As with the fediverse, there are a lot of user curated blacklists to get rid of the problem children.
Just don’t trust shinigamieyes, that shit got taken over by terfs a few years back and now lists a lot of innocent trans bloggers.
Pihole at home with a personal VPN (wireguard, tailscale, head scale, etc) that routes all your phone traffic through it.
Works pretty good, and you can always add additional blacklists if something still gets through.
I haven’t overheard them in awhile, didn’t realise they open with ads now. Sorry for the suggestion that doesn’t fit your criteria!
Note: I don’t actually listen to podcasts myself (I struggle to process voices when doing other tasks, or for long periods of time) but my spouse enjoys it.
43·6 months agoTumblr ha no choice, WordPress bought it years ago
I am definitely not the best at networking, but can’t you do that through your current dhcp client?