Okay so you’re able to access it via the IP it’s hosted on, but NOT via the domain name in the tunnel?
Is the working IP a public or private one?
My $5 is that you don’t have the tunnel configured properly and that’s why you’re having issues, but maybe not.
Also, what specifically did you put in the config file? Usually they’re not asking for an IP, but the FQDN of the site.
Am I missing something, or is this just the argo tunnel thing Cloudflare has offered for quite a while?
Are you using Cloudflare as DNS, proxy, or via their argo tunnels? (I know you said tunnel, but then mention accessing via IP address, so I’m not entirely sure what you’ve done.)
Kinda changes what you should be looking at.
10000% this.
Tell me what it does, and SHOW me what it does.
Because guessing what the hell your thing looks like and behaves like is going to get me to bounce pretty much immediately because you’ve now made it where I have to figure out how to deploy your shit if I want to know. And, uh, generally, if you have no screenshots, you have no good documentation and thus it’s going to suuuuck.
It’s because of updates and who owns the support.
The postgres project makes the postgres container, the pict-rs project makes the pict-rs container, and so on.
When you make a monolithic container you’re now responsible for keeping your shit and everyone else’s updated, patched, and secured.
I don’t blame any dev for not wanting to own all that mess, and thus, you end up with seperate containers for each service.
Head to the lemmy github and subscribe to the releases email and you’ll get one when a new version is out.
(And, unlike SOME projects I’m subbed to, they don’t do anything that generates a ton of spam, so it really is just one-email-per-release.)
I’d probably go with getting the ISP equipment into the dumbest mode possible, and putting your own router in it’s place, so option #2?
I know nothing about eero stuff, but can you maybe also put it into a mode that has it doing wifi-only, and no routing/bridging/whatever?
Then you can just leave the ISP router in place, and just use them for wifi (and probably turn off the wifi on the ISP router, while you’re in there).
I’ve become a fan of staying one version behind for a month or two, unless there’s a security issue that is involved in which case I’ll patch.
I like it when someone who isn’t me finds out the catastrophic breaking issues and has to do the cleanup, and I’ll wait for the fixed version. :P
Then the correct answer is ‘the one you won’t screw up’, honestly.
I’m a KISS proponent with security for most things, and uh, the more complicated it gets the more likely you are to either screw up unintentionally, or get annoyed at it, and do something dumb on purpose, even though you totally were going to fix it later.
Pick the one that makes sense, is easy for you to deploy and maintain, and won’t end up being so much of a hinderance you start making edge-case exceptions because those are the things that will 100% bite you in the ass later.
Seen so many people turn off a firewall or enable port forwarding or set a weak password or change permissions to something too permissive and just end up getting owned that have otherwise sane, if maybe over-complicated, security designs and do actually know what they’re doing, but just getting burned by wandering off from standards because what they implemented originally ends up being a pain to deal with in day-to-day use.
So yeah, figure out your concerns, figure out what you’re willing to tolerate in terms of inconvenience and maintenance, and then make sure you don’t ever deviate from there without stopping and taking a good look at what you’re doing, what could happen if you do it, and coming up with a worst-case scenario first.
What’s your concern here?
Like who are you envisioning trying to hack you, and why?
Because frankly, properly configured and permissioned (that is, stop using root for everything you run) container isolation is probably good enough for anything that’s not a nation state (barring some sort of issue with your container platform and it having an escape), and if it is a nation state you’re fucked anyways.
But more to your direct question: I actually use dns scopes and nginx acls to seperate public from private. I have a *.public and a *.private cname which points to either my external or internal IP, and ACLs in the nginx site configuration to scope where access is allowed.
You can’t access a *.private host outside the network, but can access either from inside it, and so (again, barring nginx having an oopsie somewhere) it’s reasonably secure and not accessible, and leaves a very clear set of logs (and I’m pulling those logs in and parsing them for anything suspicious and doing automated alerting if I find anything I would not otherwise expect) so I’m happy enough with the level of security that this is, when paired with the services built-in authentication options.
When you say you ‘can’t access local devices’ is it just via the browser, or can you also not ping/telnet/ssh/whatever?
Are content creators we already know expected to start their own servers? Or will there be a general mega instance for everyone to post to.
Honestly - both?
Good examples are going to be Floatplane and Nebula for the single-content-creator platform and the group of creators platforms.
There’s no real reason you can’t build a platform and require someone to pay you to have access, and it seems to have been successful for both groups.
Video hosting is expensive, but it 's not prohibitive and a group of creators could certainly come up with a useful platform and self-host it and still be profitable.
Now, the question is, of course, if peertube is the right choice for that and if it offers anything they’d need, but that’s a different discussion.
[Edit] I’ll have to see if I can find the video.
I can save you the time there, at least: https://youtu.be/hiwaxlttWow
There was a recent video from everyone’s favorite youtube Canadians that tested how many USB devices you can jam onto a single controller.
The takeaway they had was that modern AMD doesn’t seem to give a shit and will actually let you exceed the spec until it all crashes and dies, and Intel restricts it to where it’s guaranteed to work.
Different design philosophies, but as long as ‘might explode and die for no clear reason at some point once you have enough stuff connected’ is an acceptable outcome, AMD is the way to go.
Quicksync
Yeah, it doesn’t sound like you’re transcoding in a way that’ll show any particular benefit from Quicksync over AMF or anything else. My ‘it’s better’ use case would be something like streaming to a cell phone at 3-5mbps, and not something local or just making a file to save on your device.
DDR4 and no ECC
That’s what my build is: 128gb of Corsair whatever on a 10850k. I’m sure there’s been some silent corruption somewhere in some video file or whatever, but, honestly, I don’t care about the data enough to even bother with RAID, let alone ECC.
I will say, though, if you’re going to delve into something like ZFS, you should probably consider ECC since there are a lot more ‘well shits’ that can happen than what I’m doing (mergerfs + snapraid).
power consumption
A $30 or whatever they are kill-a-watt plus something like s-tui running on the NAS itself to watch what the CPU is doing in terms of power states and usage. I’ve got a 8-drive i9-10850k under 60w at “idle” which is not super low power, but it’s low enough that the cost of hardware to improve on it even a little bit (and it’d be a very little bit) has a ROI period of longer than I’d expect the hardware to last.
If you’re going to be doing transcoding for remote users at lower bitrates, quicksync is still better than AMF, so I’d vote Team Intel.
If you’re not, then buy whatever meets your power envelope desires and price point.
For Intel, anything 8th gen or newer should be able to natively do anything you need in Quicksync, so you don’t need to head to Amazon and buy something new, unless you really want to.
Also, I’d consider hardware that has enough SATA ports for the number of drives you want so that you can avoid dealing with a HBA card: they inflate the power envelope of the system (if power usage is something you’re concerned with), and even in IT mode, I’ve found them to be annoyingly goofy at times and am MUCH happier just using integrated SATA stuff.
They’re probably safe, since they don’t emulate commercially viable platforms via EmulatorJS, but never hurts.
Not the OP, but capacity: there aren’t 20TB 2.5 drives.
(Or 18, 16, 14, 12, or 10TB ones, for that matter…)
Kinda a dead-end product since laptops are all on SSDs, and enterprises have flocked to SSDs as well and that was essentially the entire market for that size of HDD.
convincing ourselves that the fediverse is actually very simple
There’s a difference between ‘technically simple’ and ‘understandable UX’.
Your mom doesn’t need to know how ActivityPub works or the intricacies of federation. She just needs to know to log in and go to c/cutecats.
The early-adopter curse here is causing way too much technobabble to be involved in descriptions that just confuse people, and it’s technical aspects that the nerd cohort here is fascinated by, but uh, nobody else is.
The real leap will be to resist the urge to pull out the PPT and spend 3 hours and 10,000 words explaining how Lemmy works vs the much more concise how-to-use-Lemmy details that people actually want.
There’s a lot of assumptions being made by a lot of people that “normal” people are stupid and couldn’t understand ‘It’s a conversation platform like Reddit, but it’s run by it’s users and that’s why there’s a lot of servers who all talk to each other’ and so there’s a lot of hand wringing about how you have to explain all the details and such, which really, isn’t all that true.
Every non-technical person I’ve explained it to like that immediately understands what it is, how you’d use it, and what it’s used for and I’ll occasionally get a ‘Oh, neat, how does all that work?’ question I can then expand on, but that’s like, maybe 1 out of 20.
TLDR: too many details is not helpful for most people, and nerds loooooove going into more detail than anyone could possibly care about
It’s viable, but when you’re buying a DAS for the drives, figure out what the USB chipset is and make sure it’s not a flaky piece of crap.
Things have gotten better, but some random manufacturers are still using trash bridge chips and you’ll be in for a bad time. (By which I mean your drives will vanish in the middle of a write, and corrupt themselves.)