3·
8 days agodeleted by creator
- 0 Posts
- 11 Comments
Joined 2 years ago
Cake day: July 1st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
deleted by creator
Good to know! *-cert is definitely something I’d need to setup in my self host setup, though a little complex as my (free) domain provider does not let me edit TXT records for DNS-01.
deleted by creator
2·2 months agodeleted by creator
Why exactly would they ever need to turn VPN off again? It’s not like all their traffic will go through it if it’s on, unless you specifically configure stuff that way (exit node, routes).
And one option to do the VPN stuff is on their router too, so it’s totally transparent to them. More stuff to configure though, unless running owrt or some other router software compatible with Tailscale.
Have zero knowledge of Roku but for example with AppleTV boxes it is totally fire and forget, Tailscale is always on in the background and apps will find my media servers through it.
And I’ve noticed even tech illiterate people will learn to become literate when there is some motivation, like a huge movie archive :) Flipping a preference like VPN on if they want to use certain app is certainly within realm of possibility.
deleted by creator
deleted by creator
deleted by creator
deleted by creator
Or maybe it pops the link out of the browser into a dedicated media player which has decent codec support.
I think this is exactly what it does.
With iDevices no luck with mkv’s if I remember right, but not sure if I have even tested one. Most my files are mp4 x264.
Mostly using the ”browser” (so shitty that you can barely call it one) on my LG smart TV, and sometimes some iDevices, but I’ll consider myself lucky with codecs then. Even mkv’s play on LG without hiccups. Only small thing I miss are subtitles which these devices do not seem to support, even if I’d mux them in as a track.
Someone should explain me why transcoding is even needed (other than in case bandwidth is an issue)? My ”media server” at the moment is a custom ffmpeg script to edit all x264 mp4 files it finds by moving the moov atom to the beginning of the file (and what ever the similar thing for x265 was), and then lighttpd to serve them via dir listing. No file has yet had playback issues even over the internet…
Nice, but the bots may not understand the joke.
And not only that but they will tag the domain with ”there is something here”, and maybe some day someone will take a closer look and see if you are all up-to-date or would there maybe be a way in. So better to just drop everything and maybe also ban the IP if they happen to try poke some commonly scanned things (like /wp-admin, /git, port 22 etc.) GoAccess is a pretty nice tool to show you what they are after.
Not at hand no, but I’m sure any of the LLMs can guide you through the setup if googling does not give anything good.
Nothing very special about all this, well maybe the subdir does require some extra spells to reverse proxy config.
deleted by creator
Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:
- nothing answers from www.mydomain.com or mydomain.com or ip:port.
- I have subdomains like service.mydomain.com and letsencrypt gives them certs.
- some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
- keep the services updated and using good passwords & non-default usernames.
- Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
- Planned: geofencing some ip ranges, auto-updating from public botnet lists.
- Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
deleted by creator