- 0 Posts
- 63 Comments
Cloudflare tunnels uses a QUIC connection between the cloudflared on the server and Cloudflare itself, which is encrypted similarly to HTTPS.
Whatever protocol cloudflared uses to talk to your webserver locally is configurable through the Cloudflare access web UI (just change http to https). I’ve actually got it configured to use unix sockets, which lets me treat it differently in my nginx config.
It’s probably blocked for whatever reason (maybe less than 90 days old?)
My work and Uni do the same thing, they don’t do full SSL inspection, so most websites don’t need a custom certificate authority; but if the SNI is blocked then they need a custom certificate to hijack and display a blocked message, most browsers will detect this as a MITM and display a not secure message instead.
IIRC the RTL chip inside them was originally designed for TV, so it works great! I’m actually using very cheap AliExpress clones for the TV ones, because they otherwise don’t work very well.
I’m also using the outdoor TV antenna on my roof (common in Australia, idk elsewhere), and a splitter and adaptors. And with that I get every channel with no artifacts, at 30% strength, but that’ll probably be higher with not awful SDRs.
I’ve got an interesting setup I’d like to share:
So I’ve got a Raspberry Pi with 4 RTL-SDRs, 2 for TV, 1 for radio, and 1 for plane transponders. That runs SatPi for the 2 TV SDRs, which TVHeadend running on my main server connects to, to record and stream. Jellyfin also connects to TVHeadend to properly index everything and for easy access to recordings and live TV.
Will I see any performance increase?
Like others have said LLMs mostly use VRAM, they can use system RAM if you’re running them on CPU, but that’s ridiculously slow.
It will however increase the speed of your compile times, which is especially useful if you’re compiling something large like the Linux kernel on a regular basis.
I’m also worried about not having ECC RAM.
If you are using it purely for LLMs, if it’s going to get bit flips, it’ll happen in VRAM.
If you are compiling large things for customers, I’d recommend ECC, just in case, e.g. you don’t want a bricking firmware from a bit flip. But according to EDAC and my TIG stack, my server’s ECC RAM has never even detected an error in the past year, if I understand EDAC properly, so it’s really not important.
Is it possible to send the hint from OPNsense itself?
Yes, to me it sounds like you’re already getting a big enough prefix from your ISP (all devices getting a /64), but you’ll have to request a bigger prefix from OPNsense. I believe it should give you the options to do this when you set the IPv6 mode to DHCPv6 on OPNsense, but I can’t say if your ISP router will handle it.
If you can’t get the VPS to work, alternatively there’s Cloudflare but last I checked streaming was a little out of their free terms. With it, you should just have to set your AAAA record and make the cloud orange, that way Cloudflare will proxy it, and IPv4 will work. There’s also Cloudflare tunnels which lets you host websites without port forwarding anything.
I’ve run kill -9 and similar heaps before, but weirdly this comment reminded me of this: https://youtu.be/Fow7iUaKrq4
A lot of external status services just send a HTTP request to a certain url, if it succeeds then it’s up, if it errors or times out then it’s down. They also usually let you check if TCP ports do the usual handshake thing if you aren’t using HTTP.
The response time can also be used to check if a site is running slower than usual too, and if you have a use for it you can usually specify the required response code for success.
Although I wouldn’t be surprised if GitHub has some per-server analytics they can also use to estimate the load, but Instatus would work as described above.
Sometimes these sorts of things are referred to as health checks, if you’re looking for search terms. For example Docker can be set up to poll a container’s web server every few minutes, and mark it as unhealthy it if it stops replying using the HEALTHCHECK instruction in the Dockerfile.
That’s true, but because of that you can get Cisco certifications, which could be helpful if you end up in an network related job. Those certifications will also give you a lot of knowledge of how networks work. (I’m currently completing a CCNA, and quite enjoy it)
A few other companies also clone the Cisco CLI, so there’s that too. I wouldn’t touch the Web UI if it has one though.
Came across these HP NC522SFP 10Gb NICs
Yeah I have one and they’re pretty good, and I haven’t had an issue using it with generic stuff.
any 10Gb SFP switch
Some switches from bigger companies (like the ones listed on fs.com products) are vendor locked, but you should just need a DAC cable compatible with the switch to work.
a transceiver to get the link from the ISP to the router
Correct! Make sure to get an ethernet/10GBase-T one, because there are other transceivers.
would be easy enough to do some fiber runs there, and it’s all short.
I did forget to mention that you would need more transceivers to convert between the fibre and SFP+, and they are rated for up to different lengths but they should reduce their power for shorter distances. They also come in different speeds too, but unless you’re really strapped for cash, it’s not worth it to go below 10G.
I currently have a 300m ones doing a run of 30m, and I’m about to do a 10m run too. Also these are about AU$10-$20, I find FTLX8571D3BCLs the cheapest, but there are others. (I actually got mine for free off a guy on Reddit)
Also 10G is really cheap if you go with used SFP+ gear. Like I’ve got a managed 48x 1G + 4x 10G Dell switch I got for AU$78 running my network. The NICs are about US$40 used, ConnectX3s seem the cheapest, I usually use Intel X520s which are a little more (watch out for clones though).
For the accessories: DACs are AU$20 new from fs.com, and because you’ll probably need ethernet for that router, a 10GBaseT transceiver is AU$90 new off eBay. Those you could probably buy cheaper used too.
Additionally you wouldn’t be adding 10G to all your devices, I’d just definitely do between your router so you can have 3 1G devices maxing out your 3Gb internet, and maybe add it to a server or two.
And if you do your own runs, in my experience, fibre is slightly cheaper for the longer runs than CAT6 itself too.
Cloudflare Tunnels have a basic reverse proxy built in, so you could technically still have one and eliminate Traefik.
However, I still use one for nginx, and one for each important app (frigate, home assistant, probably others), plus an extra on a raspberry pi as more of a VPN if my wireguard server goes down.
I’ve seen some that activate an insane number of breakpoints, so that the page freezes when the dev tools open. Although Firefox let’s you disable breaking on breakpoints all together, so it only really stops those that don’t know what they’re doing.