A PHP developer who, in his spare time, plays tabletop and videogames; if the weathers nice I climb rocks, but mostly fall off of indoor bouldering ones.

He/Him Blog Photos Keyoxide

  • 1 Post
  • 28 Comments
Joined 1 year ago
cake
Cake day: November 4th, 2023

help-circle






  • I’ve not used dockge so it may be great but at least for this case portainer puts all the stack (docker-compose) files on disk. It’s very easy to grab them if the app is unavailable.

    I use a single Portainer service to manage 5 servers, 3 local and 2 VPS. I didn’t have to relearn anything beyond my management tool of choice (compose, swarm, k8s etc)




  • ActivityPub implementations generally don’t allow this.

    This comment will, when I click ‘Reply’, be sent to your instance (dormi.zone), that instance should then run it’s filter/block checks on it and if it’s happy it will forward it onto the lemmy.ml instance for further disemination amongst the subscribers of the group.

    If you were to have blocked me then my reply will appear on my instance only (which is admitedly tiny - at 1 user) and go no further. This kind of falls apart if I were to be on a bigger instance as more people would see the reply.

    That said, Lemmy may not be doing that quite right as the whole Groups/Communities thing is sort of an extension of the main protocol. I hope it’s doing it the right way.







  • Documentation people don’t read

    Too bad people don’t read that advice

    Sure, I get it, this stuff should be accessible for all. Easy to use with sane defaults and all that. But at the end of the day anyone wanting to using this stuff is exposing potential/actual vulnerabilites to the internet (via the OS, the software stack, the configuration, … ad nauseum), and the management and ultimate responsibility for that falls on their shoulders.

    If they’re not doing the absolute minimum of R’ingTFM for something as complex as Docker then what else has been missed?

    People expect, that, like most other services, docker binds to ports/addresses behind the firewall

    Unless you tell it otherwise that’s exactly what it does. If you don’t bind ports good luck accessing your NAT’d 172.17.0.x:3001 service from the internet. Podman has the exact same functionality.




  • So to be clear, you want traffic coming out of your VPS to have a source address that is your home IP?

    No that’s not how I read it at all. He wants his VPS to act as a NAT router for email that routes traffic through a wireguard tunnel to the mail server on his home network. His mail server would act as if it was port forwarded using his home router, only it won’t be his home IP, it’ll be the VPS’s