!hokCjFXtQcxTAIXSdZ:matrix.org

#selfhosted

720 Members
#selfhosted : discussion about self hosted or in house applications and services for private cloud and privacy preservation use cases. inspired by /r/selfhosted community on reddit (no official affiliation). 176 Servers

Load older messages


SenderMessageTime
24 Jan 2021
@blackslide13:matrix.orgblackslide13But then the proxy might go down. So that too needs redundancy.16:18:11
@cyberkat:matrix.orgCyberkat joined the room.16:32:30
@cyberkat:matrix.orgCyberkat set a profile picture.16:39:49
@zygon.sisyphus:matrix.orgzygon.sisyphus joined the room.16:53:42
@max:dnzm.nlMaxRound robin dns and two hosts it is17:15:01
@blackslide13:matrix.orgblackslide13Thanks for the suggestions, I'll have to try and source some extra hw to get this running.17:43:00
@max:dnzm.nlMax
In reply to @blackslide13:matrix.org
Thanks for the suggestions, I'll have to try and source some extra hw to get this running.
Don't sweat it too much at first, as long as you have decent backup in case of disaster, you can always grow it later
17:53:07
@darvvin:matrix.orgdarvvinIF I ran a SSH tunnel from a local computer to a linode instance to tunnel port 80 on linode to a traefik host on local network, is the SSL certs handled on the local traefik or the linode?17:58:47
@max:dnzm.nlMaxTraefik handles them18:02:50
@max:dnzm.nlMaxThrough the linode node, if I understand correctly18:03:12
@nathannever:matrix.orgnathannever joined the room.18:04:24
@max:dnzm.nlMaxAlthough port 80 is not ssl of course18:05:30
@max:dnzm.nlMaxYou would have to tunnel 443 as well18:05:45
@julia:ma.teric.usjuliaI suspect you could set it up either way. Have traefik do the ssl termination then reverse proxy through the tunnel. You could also manage the ssl termination on the local node and ssh tunnel 443 instead18:06:05
@darvvin:matrix.orgdarvvinYah, meant 443. So it can be done either way, good to know. thanks.18:13:05
@max:dnzm.nlMaxWell, theoretically, at least, i never tried it myself18:45:08
@darvvin:matrix.orgdarvvinI'm going to try the tunnel with the local traefik handling the ssl. I got the tunnel working with: /usr/bin/ssh -tt -i /home/pi/.ssh/mysecretkey -R 80:localhost:80 -R 443:localhost:443 root@mylinode18:59:02
@darvvin:matrix.orgdarvvinNow to get ssl on traefik :)18:59:23
@julia:ma.teric.usjuliaYou will likely run into issues with that configuration19:02:16
@julia:ma.teric.usjuliaIf you want traefik to manage ssl termination, then it should be the one bound to 44319:02:48
@julia:ma.teric.usjuliaAnd the tunnel to 80.19:03:08
@darvvin:matrix.orgdarvvinI'm not sure I under stand. I'm forwarding both ports from linode to my local traefik, My local traefik is bound to both ports locally.19:07:52
@darvvin:matrix.orgdarvvinAre you saying I should be runnin an instance of traefik on the linode?19:09:56
@julia:ma.teric.usjuliaOh, I'm the one that misunderstood, sorry.19:10:01
@julia:ma.teric.usjuliaYou're basically managing it all locally. That should work.19:10:26
@darvvin:matrix.orgdarvvinlol, My linode has been up for 1.5 hours and fail2ban has over 200 iPs banned.20:31:23
@max:dnzm.nlMaxNice21:23:07
@max:dnzm.nlMaxThat's why I keep my ssh on a non-standard port21:23:38
@max:dnzm.nlMaxNot because it's so secure, but it cuts down on the bot spam so much21:24:05
@julia:ma.teric.usjuliai've been meaning to slip everything behind wireguard at some point21:31:39

There are no newer messages yet.


Back to Room List