Hiya, just got NPM installed and working, very happy to finally have SSL certs on all of my serivces and proper URLs to navigate to them, what a breeze! However, as I am still in the learning process: I am curious to know when to enable these three toggles and for what services. I assume the “Block Common Exploits”, can always be turned on. But unsure about the two others. Some applications have not worked until I turned on the Websockets Support, but I dont really know what it does, nor do I know what applications need this in order to fully work. Are there any thumb rules for these things?
As others said, “Websocket Support” enables support for them and is required for some applications. “Cache Assets” caches (likely static) assets in the proxy so they don’t have to be loaded from the backend service - I’d leave this disabled unless the backend service is hosted on another network entirely, and even then only enable it if you know the implications. “Block Common Exploits” is a very primitive filter against SQL injection (and similar) attacks. It also blocks some user agents. I wouldn’t enable it as it won’t do much to block a dedicated attacker and some filters may falsely trigger in edge cases, causing errors.
Then yeah, that option is worthless to you. For me, having networked solutions over a domain I have that enabled. But if its just internally I’d also disable it
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
As others said, “Websocket Support” enables support for them and is required for some applications. “Cache Assets” caches (likely static) assets in the proxy so they don’t have to be loaded from the backend service - I’d leave this disabled unless the backend service is hosted on another network entirely, and even then only enable it if you know the implications. “Block Common Exploits” is a very primitive filter against SQL injection (and similar) attacks. It also blocks some user agents. I wouldn’t enable it as it won’t do much to block a dedicated attacker and some filters may falsely trigger in edge cases, causing errors.
Thanks for this, I guess it would matter much for me to have the BCE on or not, as my services are only hosted over my own VPN and not exposed at all.
Then yeah, that option is worthless to you. For me, having networked solutions over a domain I have that enabled. But if its just internally I’d also disable it