3·
10 days agoThanks for your … er… um… reply? I guess? For what seems like a response to a different question than the one asked?
- 1 Post
- 9 Comments
Joined 2 years ago
Cake day: June 18th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Nice try… North Korea. j/k. IDK man, because I watched “The Undeclared War”. Give it a look.
Several other comments called me out for the same thing and you are right, I didn’t mean to imply that there are not domestic bad actors also.
It was not my intention to suggest there are not “domestic bad actors”. I live in America, and yes, that is a blanket term that we use to generalize countries that are antagonistic to “American values”. We have plenty of domestic bad actors. I was painting with too broad of a brush and that was my bad.
State-sponsored
In another comment I was accused of being a brainwashed American, so take this for what it is, but some posts — mostly of a political nature — just seem to defy any mainstream thinking across the spectrum. Looking at some user profiles when I come across these, it seems their post history is entire based around fueling arguments, with no agenda, other than breed discontent.
Your point is fair and I didn’t mean to imply that bad actors are purely foreign. There are plenty of domestic bad actors. Please excuse the “propaganda framing”.
This was my subjective opinion based on the kinds of discussions and posts I see.
7·2 months agoI think what you’re looking for is what is sometimes called a “dns load balancer”. Offerings like Azure Traffic Manager or AWS Route 53 do this. You can set up health checks that the service will use to determine if one of your locations is down and then automatically update the DNS record to point to the other one. You can also get clever and do things that allow the DNS to resolve the IP of whichever of your servers is physically closer so you get the best performance. I’m not sure what options there are for selfhosting a DNS service like this, however, these services are extremely affordable – pennies – and run on very reliable infrastructure, which is what you want.
5). Hey OP, don’t worry, this can seem kind of scary at first, but it is not that difficult. I’ve skimmed some of the other comments and there are plenty of good tips here.
2). Yes, you will want your own domain and there is no fear of other people “knowing it” if you have everything set up correctly.
1b). Any cheap VPS will do and you don’t need to worry about it being virtualized rather than dedicated. What you really care about is bandwidth speed and limits because a reverse proxy is typically very light on resources. You would be surprised how little CPU/memory it needs.
1a). I use a cheap VPS from RackNerd. Once you have access to your VPS, just install your proxy directly into the OS or in Docker. Whichever is easier. The most important thing for choosing a reverse proxy is automatic TLS/Let’s Encrypt. I saw a comment from you about certbot… don’t bother with all that nonsense. Either Traefik, Caddy, or Nginx Proxy Manager (not vanilla Nginx) will do all this for you–I personally use Traefik unless for some reason I can’t. Way less headaches. The second most important thing to decide is how your VPS in the cloud will connect back to your home securely… I personally use Tailscale for that and it works perfectly fine.
3). Honestly, I think Fail2Ban and geo restrictions are overdoing it. Fail2ban has never gotten me any lift because any sort of modern brute force attack will come from a botnet that has 1000s of unique IPs… never triggering Fail2ban because no repeat offenders. Just ensure your VPS has a firewall enabled and you know what ports you are exposing from Docker and you should be good. If your services don’t natively support authentication, look into something like Authelia or Authentik. Rather than Fail2Ban and/or geo restrictions, I would be more inclined to suggest a WAF like Caddy WAF before I reached for geo restrictions. Again, assuming your concern is security, a WAF would do way more for you than IP restrictions which are easily circumvented.
4). Have fun!
EDIT: formatting