| 24 Jan 2021 |
 blackslide13 | But then the proxy might go down. So that too needs redundancy. | 16:18:11 |
|  Cyberkat joined the room. | 16:32:30 |
| Cyberkat set a profile picture. | 16:39:49 |
|  zygon.sisyphus joined the room. | 16:53:42 |
 Max | Round robin dns and two hosts it is | 17:15:01 |
| blackslide13 | Thanks for the suggestions, I'll have to try and source some extra hw to get this running. | 17:43:00 |
| Max | In reply to @blackslide13:matrix.org
Thanks for the suggestions, I'll have to try and source some extra hw to get this running. Don't sweat it too much at first, as long as you have decent backup in case of disaster, you can always grow it later | 17:53:07 |
 darvvin | IF I ran a SSH tunnel from a local computer to a linode instance to tunnel port 80 on linode to a traefik host on local network, is the SSL certs handled on the local traefik or the linode? | 17:58:47 |
| Max | Traefik handles them | 18:02:50 |
| Max | Through the linode node, if I understand correctly | 18:03:12 |
|  nathannever joined the room. | 18:04:24 |
| Max | Although port 80 is not ssl of course | 18:05:30 |
| Max | You would have to tunnel 443 as well | 18:05:45 |
 julia | I suspect you could set it up either way. Have traefik do the ssl termination then reverse proxy through the tunnel. You could also manage the ssl termination on the local node and ssh tunnel 443 instead | 18:06:05 |
| darvvin | Yah, meant 443. So it can be done either way, good to know. thanks. | 18:13:05 |
| Max | Well, theoretically, at least, i never tried it myself | 18:45:08 |
| darvvin | I'm going to try the tunnel with the local traefik handling the ssl. I got the tunnel working with:
/usr/bin/ssh -tt -i /home/pi/.ssh/mysecretkey -R 80:localhost:80 -R 443:localhost:443 root@mylinode | 18:59:02 |
| darvvin | Now to get ssl on traefik :) | 18:59:23 |
| julia | You will likely run into issues with that configuration | 19:02:16 |
| julia | If you want traefik to manage ssl termination, then it should be the one bound to 443 | 19:02:48 |
| julia | And the tunnel to 80. | 19:03:08 |
| darvvin | I'm not sure I under stand. I'm forwarding both ports from linode to my local traefik, My local traefik is bound to both ports locally. | 19:07:52 |
| darvvin | Are you saying I should be runnin an instance of traefik on the linode? | 19:09:56 |
| julia | Oh, I'm the one that misunderstood, sorry. | 19:10:01 |
| julia | You're basically managing it all locally. That should work. | 19:10:26 |
| darvvin | lol, My linode has been up for 1.5 hours and fail2ban has over 200 iPs banned. | 20:31:23 |
| Max | Nice | 21:23:07 |
| Max | That's why I keep my ssh on a non-standard port | 21:23:38 |
| Max | Not because it's so secure, but it cuts down on the bot spam so much | 21:24:05 |
| julia | i've been meaning to slip everything behind wireguard at some point | 21:31:39 |
