1·
1 year agoHard to tell for sure because i can’t tell the size, but it looks like it could be an adaptor from 33 LP center holes to 45 size holes
- 0 Posts
- 6 Comments
Joined 1 year ago
Cake day: June 11th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·1 year agoDon’t forget SUSE :D
Everyone always forgets SUSE :(
1·1 year agoUnfortunately no guide, just things I’ve pieced together myself over the years.
Cloudflare is probably the easiest and most intuitive part of the setup though, you can setup dns/proxy/firewall rules very intuitively, and I’m sure there are plenty of guides out there.
Here is my setup:
Cloudflare fronts all of my webserver traffic, and I have firewall rules in Cloudflare.
Then I have an OPNsense firewall that blocks a list of suspicious ips that updates automatically, and only allows port 80/443 connections from Cloudflare’s servers. The only other port I have open is for Wireguard to access all of my internal services. This does not go through Cloudflare obviously, and I use a different domain for my actual IP. I keep Vaultwarden internal for extra safety.
Next I run every internet facing service in k3s in a separate namespace. This namespace has its own traefik reverse proxy separate from my internal services. This is what port 80/443 forwards to. The namespace has network policies that prevent any egress traffic to my local network. Every container in the WAN facing namespace runs as a user with no login permission to the host. I am also picky about what storage I mount in them.
If you can get through that you deserve my data I think.
Oh this was just a bot reposting :(