• 0 Posts
  • 17 Comments
Joined 1 year ago
Cake day: June 10th, 2023
  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.worldWhy do so many people use NGINX?English
    1·
    3 months ago

    HAproxy is good at what it does but it’s only good at proxying and simple rules.

    It’s possible to write very complex rules/ACLs with HAproxy… stick-tables, ACLs with regexes on whatever HTTP header, source or destination ACLs, map files, geoblocking, lua scripting, load-balancing from round-robin to host header load balancing, dynamic backend servers provisionning through DNS… Not that you can’t do it with Nginx (it started as a reverse-proxy before becoming a jack of all trades), nor that nginx isn’t a great tool (it is!), but HAProxy can do very complex things too. It also follows the good ol’ UNIX philosophy of “one program to do one thing and do it well” and thus doesn’t try to be a webserver, hence why you need a webserver behind it to serve anything from static files to PHP/Python/whatever.

  • lidstah@lemmy.sdf.orgtoLinux@lemmy.mlHow bad/terrible is this docker image? (Click here to see it.)
    2·
    1 year ago

    You’re welcome! scratch and distroless are indeed basically the same thing, scratch being the ‘official’ docker minimal image while distroless is from google - as I’m more a Kubernetes user (at home and at work) than a Docker user, I tend to think about distroless first :) - my apologies if my comment was a bit confusing on this matter.

    By the way, have fun experimenting with docker (or podman), it’s interesting, widely used both in selfhosting and professional environments, and it’s a great learning experience - and a good way to pass time during these long winter evenings :)

  • lidstah@lemmy.sdf.orgtoLinux@lemmy.mlHow bad/terrible is this docker image? (Click here to see it.)
    2·
    1 year ago

    A bit late but you might want to have a look at docker multi-stage build documentation which does exactly what you did (start from a base image then copying stuff from it to your own image), something like that:

    FROM someimage:sometag AS build
[do stuff]
FROM minimalimage:someothertag
COPY --from=build /some/file /some/other/file
[and so on]
USER somebody
CMD ["/path/somecommand"]

    Which will simplify building new images against newer “build” image newer tags easier.

    btw, you were quite creative on this one! You also might want to have a look at the distroless image, the goal being to only have the bare minimum to run your application in the image: your executable and its runtime dependencies.

  • lidstah@lemmy.sdf.orgtoSelf Hosted - Self-hosting your services.@lemmy.mlRaspberry Pi or other in data center.
    4·
    1 year ago

    If you are in France, or around Europe and don’t mind sending your Pi via mail to them, Faimaison and Tetaneutral do propose small computers hosting in their datacenter racks, Pi type included, but also NUCs, respectively for 24€/month (bit expensive but small structure compared to Tetaneutral edit: it’s ~15€/month nowadays) and 5 to 10€ / month. That’s just an example. Generally you’ll get one IPv4 and one /56 or /64 IPv6 prefix.

    You might want to look near your location if there is a LUG, non-profit ISP, or non-profit colocation proposing the same kind of services. You may even meet some nice people! But it’s definitely doable at least in Europe.

  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.world[RANT] I pay $70/mo for this privilegeEnglish
    8·
    1 year ago

    1Gbps down/700Mbps up here, 35€/month (another french provider), no data caps - for 5 bucks/month more I could have 5Gbps down/1Gbps up, but… well, my home network is still using 1Gbps switches - but all the cabling was built with 10Gbps in mind.

    Data caps are pure robbery. We run a non-profit ISP/hosting platform and a non-profit IXP with friends in West France, the only thing you pay (and the only thing end users should have to pay) is goddamn bandwidth.

  • lidstah@lemmy.sdf.orgtoLinux@lemmy.mlWindows 11 vs Linux supported HW
    1·
    1 year ago

    Can confirm, recently installed it on a friends’ dell G3 laptop and I was quite impressed to see that it recognized both the nvidia graphics card and the intel GPU without a hitch, and installed the nvidia proprietary driver directly from the live usb.

    Then I installed it on my wife’s mother thinkpad x260, because she was bored with Windows “getting in [her] way” (her words, not mine) and wanted to try something else (70 years old grandma, main usage is web browsing, mails, some accounting on LibreOffice Calc, Zoom with her friends and… that’s all). Everything worked out of the box (well, the x260 is pretty standard by the way). I showed her how to upgrade, how to use her software, how to install or uninstall software from the package manager GUI, and how to use workspaces. She didn’t call for help once, and, for the moment, when I ask her about it she’s quite pleased with it.

    I’m a Debian and OpenBSD guy but recently got a second hand thinkpad yoga X390 laptop and decided to give Pop a try on it. From touchscreen to touchpad gestures to automatic screen rotation in tent or tablet mode - everything works out of the box (except for the fingerprint reader, but well, we’re used to that). Basically it’s Ubuntu 22.04 LTS without the snap hassle and a recent kernel (6.4 right now). For what I tested it on, it’s always been a pleasant experience.

    Of course, YMMV, and I might as well go back to my trusty Debian Stable + flatpak setup if things goes awry but right now I’m quite impressed with what they’ve managed to do.

  • lidstah@lemmy.sdf.orgtoLinux@lemmy.mlThe author of vim has sadly passed away
    3·
    1 year ago

    Recently I used testdisk/photorec to recover photos from a dead sd card. Made a small donation and sent a big thank you to the developer. As you said, sending appreciations and thanks for someone’s hard work is an important thing to do, and if applicable, small donations. Right now I’m quite ashamed I’ve never did the same for Vim while Bram was still alive, especially since Vim is one of the most important tools I daily use :/.

  • lidstah@lemmy.sdf.orgtoLinux@lemmy.mlThe author of vim has sadly passed away
    41·
    1 year ago

    I use Vim since 31 years. Started in 1992, on Amiga with Fred Fish disks. I use Vim daily at work since 20 years. It’s like a second home for me, a familiar tool which makes me confident that it’ll help me manage whatever task I throw at it. I never had the pleasure to encounter Bram to tell him how much his work helped me throughout the years. I should have sent a “thank you for your hard work” mail when it was still possible. Now I can only send condolences. And some money to the ICCF. That’s the least I can do.

  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.worldrun my own authoritative DNSEnglish
    1·
    1 year ago

    Kudos for mentionning powerDNS, it’s an amazing software :)

    One thing I love with powerDNS is the various backends available, notably the postgreSQL and mariaDB/mysql ones. Only the primary powerdns instance modifies the database records, the secondary instances just read from database (master or replicas). Thus, no real need for AXFR: as soon as you added/modified a record on the primary, the secondary pdns servers will see it in the database.

    The pdnsutil CLI tool is also really convenient, and the powerDNS API is a godsend when you need to automatise stuff for thousands of domains and hundred of thousands of records. There’s also a nice third-party webUI (powerdns-admin, docker image: pdnsadmin/pda-legacy). Bonus, Terraform does have a powerdns provider.

    At work we use dnsdist (from powerDNS too) to load-balance between our powerdns instances (with caching!), and to filter out/rate-limit/temporary ban bad actors (dns laundering, records enumeration and such for example).

  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.worldWhat are YOU self-hosting?English
    4·
    1 year ago

    Everything runs in a kubernetes cluster hosted on my homelab, except the public services access point which is a VM hosted on a non-profit ISP and service provider infrastructure, which I contribute to, through a wireguard VPN between the VM and home:

    Public-facing:

    • an old static website (nginx-unprivileged), which was my first website and which I keep online because nostalgia
    • Ghost, personal blog
    • OpenSMTPd + rspamd + dovecot (dovecot only accessible from home, not public)
    • privatebin
    • picoshare
    • Whoogle + Tor
    • SearxNG

    Work related (I work from home 75% of time), not public-facing:

    • dolibarr ERP for managing prospects and clients billing
    • gitea
    • bookstack for personal documentation
    • edit: forgot Harbor as container registry.
    • vaultwarden
    • eck-operator
    • wireguard operator for personal, family and friends access from outside
    • awx operator
    • draw.io
    • zalando postgresql operator for postgres needs
    • mariadb-galera for mariadb needs
    • bitlbee-libpurple for all clients’ slack needs
    • Authentik as OIDC/LDAP/SAML provider (also used to identify family and friends)
    • internal DNS (pdns-resolver + powerdns with postgres backend) serving work zone and home zone.

    Home stuff, not public-facing:

    • Games: Minetest, EQEmu server (Everquest), planar ally, bzflag, veloren
    • Home-cinema/music: Jellyfin, Koel, alltube, and the usual tools to share Linux isos.
    • Immich to sync photos
    • homeassistant (more a PoC than anything else right now)
    • mealie for recipes (I like cooking original meals for friends and family) and lunch/dinner planning
    • another instance of vaultwarden for family
    • piHole to keep the children a bit safer online (notably blocking malware/scams/nsfw sites)

    all of this running on a 3 control-planes/6 workers talos linux k8s cluster, itself hosted on a franken-proxmox cluster (a mix of server/“old” desktops/Ryzen NUCs) and a bunch of NAS (VM dedicated NAS, data storage NAS, backup NAS).