• 1 Post
  • 17 Comments
Joined 1Y ago
cake
Cake day: Jun 15, 2023

help-circle
rss

Is that an issue with the format or the currently available tools though?


Does the bt hub let you turn off DHCP? I had a similar issue with my ISP router, but it let me turn off dhcp and then I ran pihole which can run its own DHCP server.

Then, the DHCP server can tell all clients to use your preferred DNS server.

I haven’t used adguard, but it can probably do the same. If not, you can run a DHCP client on the same box probably.


I think that was his point. He said none of the other jetbrains ides are slow so it can’t just be because it’s java


Not being able to install local apps is a valid issue. But if you are really concerned about a work laptop, I wouldn’t trust something just because it’s web based. Depending on the company, they can access that data if they really wanted to just alomst as easily as a file on disk.


How much are you scraping? You may end up getting your home up blocked.


Do you need to expose the services to the entire Internet or can you use something like tailscale or zerotier (these require installing an app on each remote device, but don’t open up ports to the internet).


That’s great. Can I set the subnet router to use my local DNS? So service.mydomain.com will still route appropriately?


how do you use tailscale/zerotier?
I have all my services running locally on a 192.168.10.x subdomain. Many are docker containers but some (like gitlab) are proxmox vms. Everything is behind a reverse proxy so I can access services through a url like paperless.mydomaon.com. the reverse proxy automatically pulls certs as needed. This is great for accessing stuff when I'm home. I'm trying to set up something for remote access. I don't want to use cloudflare as I just want access for myself from my phone and laptop. So I'm leaning towards tailscale or similar. But do I need to move all my services to use the tailscale subnet? Seems like a pain and also requires installing tailscale on everything (even on docker containers?). Or do I just install tailscale on the reverse proxy since it can reach everything else. But then I wouldn't be able to ssh into a proxmox vm remotely unless I installed tailscale on the vm? Or is this what the tailscale subnet router is for?
fedilink

Thanks. Authelia looks promising, but I can find anything about tls client auth.

Edit: actually maybe caddy supports this directly? https://caddyserver.com/docs/json/apps/http/servers/tls_connection_policies/client_authentication/


How do you have this set up? Is it possible to have a single verification process in front of several exposed services? Like as part of a reverse proxy?



This is my exact setup as well. Proxmox with one beefy vm dedicated just to docker and then a few other vms for non docker workloads (eg, home assistant, pihole, jelltfin). I can probably run those in docket as well, but the to worked better as vms when I set them up



Definitely more expensive, but you can get used ones from a few generations ago for cheap on eBay


I’m curious which part you think is overkill and how you would redo this? I have a proxmox cluster and run docker amongst other things, but haven’t set up any sort of high availability.

I don’t need live migrations, but something that could help with load balancing and reducing any potential downtime if a host fails would be great.


Is the internal drive replaceable? That might be a better option. Alternatively, 256gb is more than enough to install Linux (or proxmox) and serve a lot of useful apps. You only need a ton of space if you are planning on storing media.


It’s confusing. I think they are under zero trust now


Any specific reason you think they should be backwards? I have only limited exposure to the alternatives, but caddy was the easiest for me to set up when I was looking for a reverse proxy.

My main issue with caddy was having to compile in any extensions manually, but you don’t even need to do that anymore.