• 1 Post
  • 3 Comments
Joined 1Y ago
cake
Cake day: Jun 11, 2023

help-circle
rss

Of all those, I’ve only heard of Heztner. Am I out of touch?

I’ve been a Linode customer for years, and I used to use Digital Ocean as well. I’ve been happy with them, did you consider them?


Self-hosted Content-Security-Policy report, etc, collector/displayer?
tl;dr: self-hosted `report-uri.com` ? I messed up my site's Content-Security-Policy and blew up my report quota on report-uri.com last month. I'm happy with them, but I don't really want to pay for this service, and I want to avoid that in the future. So I'm looking for something(s) to: 1. Collect Content-Security-Policy browser reports ([go-csp-collector](https://github.com/jacobbednarz/go-csp-collector) is *sufficient* here, if not great, as it doesn't support the newer [Report-To](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to)) and log to JSON (or whatever) 2. Collect other browser reports such as NEL, Deprecation, Crash and log to JSON 3. Collect SMTP-TLS and DMARC email reports and log to JSON 4. Display them somehow for searching and for seeing trends: preferably something less manual than Grafana, but I can collect the logs and do custom dashboards in Grafana that parse JSON (or whatever) logs if I need to. 5. Let me filter incoming reports based on various things (like ignore CSP reports with no URL) In my searches I found plenty of SaaS and no source code for the whole thing. Sentry and its clones are too much; I don't want to instrument an app I don't have. I did find plenty of 5-year old abandoned projects, though. So, what's out there in this space for self-hosting? For reference, report-uri.com looks like the below, with the ability to drill down and filter and see reports. ![](https://lemmy.world/pictrs/image/ce5d87b9-a1b8-44d9-a1cb-a55e22dd49a0.png)
fedilink

Ping is not a good way to test http, because they are completely different protocols, and can be blocked separately or not. From what you have posted so far, I don’t see a problem being demonstrated. Your caddy log here also shows one successful request. So: define “not working” better. Are you testing from a browser? Via curl? From where? To exactly what urls? What message do you get back from your browser/curl?