Foster Hangdaan

Just a random person who likes building software and configuring Linux.

Here are other places where you can find me:

  • 3 Posts
  • 10 Comments
Joined 24 days ago
cake
Cake day: September 13th, 2024

help-circle
  • I wonder sometimes if the advice against pointing DNS records to your own residential IP amounts to a big scare. Like you say, if it’s just a static page served on an up to date and minimal web server, there’s less leverage for an attacker to abuse.

    That advice is a bit old-fashioned in my opinion. There are many tools nowadays that will get you a very secure setup without much effort:

    • Using a reverse proxy with automatic SSL certs like Caddy.
    • Sandboxing services with Podman.
    • Mitigating DoS attacks by using a WAF such as Bunkerweb.

    And of course, besides all these tools, the simplest way of securing public services is to keep them updated.

    I’ve found that ISPs too often block port 80 and 443. Did you luck out with a decent one?

    Rogers has been my ISP for several years and have no issue receiving HTTP/S traffic. The only issue, like with most providers, is that they block port 25 (SMTP). It’s the only thing keeping me from self-hosting my own email server and have to rely on a VPS.




  • Foster HangdaanAtoLinux@lemmy.mlMy move to Linux
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    edit-2
    5 days ago

    Notepad++ is a fabulous software program that had no complete alternatives on Linux. I used it for scripting, text manipulation, note taking, dumping and editing thoughts. Scintilla-based equivalents Geany, SciTE exist, but do not come close.

    Really? No alternatives on Linux? Have you tried Emacs? I think Emacs with Org mode blows Notepad++ out of the water in all the uses you just mentioned.



  • First of all, doesn’t Navidrome have authentication? So, I don’t see why exposing it to the public is a problem.

    Second, some reverse proxies support basic auth. This way, you can password-protect some services and is useful if the service does not have its own authentication. Here as an example snippet for Caddy:

    example.com {
    	basic_auth {
    		# Username "Bob", password "hiccup"
    		Bob $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG
    	}
    	reverse_proxy myservice:8000
    }
    

    You’ll have to look up the docs for other reverse proxies.









Moderates