Recent searches

No recent searches

Search options

Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Administered by:

Server stats:

53
active users

lingo.lol: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#caddy

1 post1 participant0 posts today
*
Judith

For many years I was an independent ruffty tuffty camper. All my kit carried on my back, I'd set off into the most remote parts of England, Scotland and Wales and enjoy the solitude and the "back to basics" nature of simple camping.

Now, as I get a bit older, I'm entering a new chapter. Yesterday I bought a VW Caddy Maxi van which I'm going to convert into a #MicroCamper.

Currently my ambition far exceeds my ability but I have a good idea about what I want to do. I'll probably make a simple bed and kitchen myself while I experiment with my requirements. Then I may get someone to make something more permanent and professional.

It's all a bit overwhelming but incredibly exciting!

#VanLife#Camping#VWCaddy
patpro

Hello, I’m hosting a #Vaultwarden server behind #Caddy 2.10 and made the following test:

Tuning Caddy to allow only #PQC curves:

	tls {
		curves x25519mlkem768
	}

Trying to connect with #Firefox Mac -> OK
Trying to connect with #Bitwarden #android client -> Fail

Without the #TLS tuning, the Bitwarden Android client will happily connect to the server.

Is it a problem with the Bitwarden Android client or with Android, or both?

*
Adam ♿

If I don't want to use #Ansible and I'll only use #Terraform if I'm being paid to, what are my other options if I want to say, deploy #Caddy plus some kind of Fedi server and have it repeatable?

It looks like Jet was an alternative but the creator ran out of steam.

#AskFedi

[I realise I am basically asking for #Docker but I would like to try something else]

Continued thread
*
Mauricio Teixeira 🇺🇸🇧🇷

Ha! I was able to get at least Forgejo configured with Pocket ID!

I thought I had to rebuild my Caddy container simply because I was misunderstanding how to properly configure it, but I don't actually need that. Interesting enough, the solution hit me in the head while I was brushing my teeth. 😁

Okay, now let's see which other services accept OAUTH2. 🎉

#HomeLab#PocketID#Forgejo
nabeards

Figured I'd test out Caddy, lol. Installing from brew installs it, I guess? No way to run it, doesn't actually start, running `brew test caddy` just errors `Error: Testing requires the latest version of caddy`. I mean, I guess nevermind then?

#caddy#homebrew
Heals :heart_nb:

I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.

And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.

I think I'm in love..

Lanie Molinar Carmelo

I'm curious to hear what others are #SelfHosting! Here's my current setup:

Hardware & OS

Infrastructure & Networking

Security & Monitoring

Authentication & Identity Management

  • Authelia (Docker): Just set this up for two-factor authentication and single sign-on. Seems to be working well so far!
  • LLDAP (Docker): Lightweight LDAP server for managing authentication. Also seems to be working pretty well!
    #AuthenticationTools #IdentityManagement

Productivity & Personal Tools

Notifications & Development Workflow

  • Notifications via: #Ntfy (Docker) and Zoho's ZeptoMail (#Zoho)
  • Development Environment: Mostly using VSCode connected to my server via Remote-SSH extension. #VSCodeRemote

Accessibility Focus ♿🖥️

Accessibility heavily influences my choices—I use a screen reader full-time (#ScreenReader), so I prioritize services usable without sight (#InclusiveDesign#DigitalAccessibility). Always open to discussing accessibility experiences or recommendations!

I've also experimented with:

  • Ollama (#Ollama): Not enough RAM on my Pi.
  • Habit trackers like Beaver Habit Tracker (#HabitTracking): Accessibility issues made it unusable for me.

I don't really have a media collection, so no Plex or Jellyfin here (#MediaServer)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services! 😄

What's your setup like? Any cool services you'd recommend I try?

#SelfHosted #LinuxSelfHost #OpenSource #TechCommunity #FOSS #TechDIY

@selfhost @selfhosted @selfhosting

Marc Trius

So I want to set up a #CI pipeline on my webserver to serve static sites.

I already have a @caddy setup that can serve static files, as well as a bunch of other stuff that all runs in #Docker containers. But I would like to have a CI pipeline that will pick up my repository changes, and build and deploy stuff to a directory that #Caddy can serve.

Now, how ridiculous would it be to have:

- an SSH server running in a Docker container
- @WoodpeckerCI, also in Docker

and get Woodpecker to build the site and use scp to copy files over to the SSH server, that will have a shared volume with the Caddy container that maps to the /var/www directory?

I am not ready to set up a whole @forgejo instance to serve from Forgejo Pages. Plus, why use the Pages thing when I have a perfectly good Caddy server running already, that would be serving the Forgejo instance anyway?

Why not some sort of S3 compatible service in a container?
Why not FTP?
How many containers can a guy run?
Am I losing my mind (probably)?

#SelfHosted
repeatro

Today I got into Docker as I'm planning to not only host Owncast and Caddy but also other platforms/services.

Docker helps separating these services from each other on your server, so they don't interfere. It comes with pre-built docker images of many well known applications in the field of self-hosting.

#Owncast#Caddy#Docker
systemd-algernon over-analyze security iocaine-main.service

Oh, rofl. I just locked myself out of my own forge's web UI for an entire hour.

How? I was curious whether my HackerNews griefing snippet works, so I searched for git.madhouse-project.org on HN, followed a link, got a nice HTTP 418 Teapot, and all was fine.

But then I wanted to toot about this, and mention caddy-matcher-persistent-referrer, a small module that remembers the IP of visitors from a particular referrer, and continues to match them for some time.

I made this #Caddy module to circumvent HNers just copy pasting links after seeing the initial 418, or simply hitting enter on the address bar. With this module, they're locked out for an hour.

...and so am I, because I tested it, with a visit referred from HN.

(Of course, I can ssh into my VPS, reload Caddy, and clear its in-memory cache, which I did. But nevertheless, it's funny!)

MadHouse Git Repositoriescaddy-matcher-persistent-referrerCaddy module to aggressively match referrers
systemd-algernon over-analyze security iocaine-main.service

As the next step in my quest to make it easier to poison AI crawlers, I present you: OCIocaine: a project where #DockerCompose meets #Caddy and #Iocaine, to poison AI crawlers for all your sites, automatically.

The idea here is to provide a docker compose file that starts up Caddy and Iocaine, configured so that Caddy will reverse proxy for any and all services on the same docker network, as long as they have a few labels that tell it to do so. In addition, a Caddyfile snippet will be available for all of these, which takes care of routing bad visitors to Iocaine.

And if that's not enough, the whole thing comes preconfigured with a wordlist (a list of English words), and traning data (the complete works of Shakespeare), and a list of known AI crawlers (courtesy of ai.robots.txt).

All you have to do is copy the sample configuration, create a network, start it up, and deploy labeled containers into the same network, and OCIocaine takes care of the rest.

MadHouse Git RepositoriesociocaineDocker Compose meets Caddy and Iocaine to poison AI for all your sites, automatically.
systemd-algernon over-analyze security iocaine-main.service

Tehehehehe.

  test:
    image: traefik/whoami
    networks:
      - iocaine
    labels:
      caddy: http://127.0.0.1:21080
      caddy.import: iocaine
      caddy.reverse_proxy: "{{upstreams 80}}"

The goal: create a docker network called iocaine, deploy containers within the network, and with just a few labels, have them wrapped, so they're shadowed by iocaine. Just one compose.yml for #caddy + #iocaine to make it all work.

Probably sounds less exciting than it really is. I'll explain more once it's ready.

Lanie Molinar Carmelo

Help Needed with Cloudflare Zero Trust, Pages, and Workers for ReactFlux + MiniFlux Setup

Hi everyone,

I'm new to #Cloudflare and have been trying to set up a #SelfHosted project on my #RaspberryPi 500. I'm mostly self-taught, so I apologize if I misunderstand anything or miss important details. Here's my situation:

Current Setup

  • I'm running the self-hosted #RSS feed reader #MiniFlux on my Raspberry Pi 500 (#ArchLinuxARM, installed via Pacman).
  • The setup uses #Caddy as a reverse proxy, a #CloudflareZeroTrust tunnel, and Cloudflare Access for SSO.
  • My #CloudflareAccess application is configured to allow all origins, methods, and headers. It has a policy that allows specific emails or login methods (e.g., GitHub).

What I'm Trying to Do

  • I want to deploy ReactFlux, an alternative frontend for MiniFlux, on #CloudflarePages.
  • Before setting it up fully, I tested the ReactFlux demo with my MiniFlux instance at https://rss.laniecarmelo.tech. However, ReactFlux couldn't log in.

Suspected Issue

I believe the issue is caused by Cloudflare Access protection blocking ReactFlux from accessing the MiniFlux API (https://rss.laniecarmelo.tech/v1/*).

What I've Tried So Far

  1. I added another hostname (rss.laniecarmelo.tech/v1/*) to my tunnel configuration and created a new Cloudflare Access application with a policy set to "Bypass" for everyone. However, this didn't work—when testing the API endpoint in a private browser window, I'm still asked to sign into Cloudflare.
  2. I also tried setting up the hostname with "Protect with Access" turned off but got the same results.
  3. Next, I attempted to use a #CloudflareWorker written in JavaScript to bypass authentication for /v1/*, but it doesn't seem to be doing anything (or isn't being triggered).

What I Need Help With

  • How can I properly configure Cloudflare so ReactFlux can access the MiniFlux API (/v1/*) while keeping the rest of my MiniFlux instance protected by Cloudflare Access?
  • I've been stuck on this for a couple of days and would really appreciate any guidance or suggestions!

Thanks in advance for your help!

#SelfHosting #ArchLinux #Linux #RSSReader #tech #technology #RaspberryPi #RPi #RPi500 #RaspberryPi500
@selfhosting @selfhost @selfhosted

reactflux.pages.devReactFluxA Simple but Powerful RSS Reader for Miniflux
gemelen

I'm doing a bit of my own server revamp and one of the points is a decision: stay with Nginx or switch to Caddy.
For my loads I could run bashttpd, so it's only about the comfort of setting up, configuring, is it secure enough and so on.

I went for a JSON format for caddyfile (to see what you could do) and it's prohibitevly bad admin-wise....

Sidenote, this exploration blog.tjll.net/reverse-proxy-ho shows that you want Nginx as your production proxy and Caddy for file delivery.

Tyblog35 Million Hot Dogs: Benchmarking Caddy vs. NginxHave you ever wondered about the performance delta between Caddy and Nginx? Wonder no more.
#Nginx#Caddy
Lanie Molinar Carmelo

#MiniFlux users, can anyone help?

Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.

Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.

I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.

I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.

#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting

*
Lanie Molinar Carmelo

🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨

Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:

Setup

  • MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
  • Nextflux: Hosted on Cloudflare Pages.
  • Reverse Proxy: #Caddy (installed via AUR).
  • Cloudflare Access: Enabled for security and SSO.
  • Cloudflared: Also installed via AUR.
  • CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.

What’s Working

  • MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
  • Nextflux is properly deployed on Cloudflare Pages.

The Problem

Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:

  1. CORS Error:Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

  2. Cloudflare Access Redirection:

    Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.

  3. Failed to Fetch:

    Failed to fetch: TypeError: Failed to fetch.

What I’ve Tried

  1. Service Token Authentication:

    • Generated a service token in Cloudflare Access for Nextflux.
    • Added CF-Access-Client-Id and CF-Access-Client-Secret headers in Caddy for rss.laniecarmelo.tech.
    • Updated Cloudflare Access policies to include a bypass rule for this service token.

  2. CORS Configuration:

    • Tried permissive settings (Access-Control-Allow-Origin: *) in both Caddy and MiniFlux.
    • Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.

  3. Policy Adjustments:

    • Created a bypass policy for my home IP range and public IP.
    • Added an "Allow" policy for authenticated users via email/login methods.

  4. Debugging Logs:

    • Checked Cloudflared logs, which show requests being blocked due to missing access tokens (AccessJWTValidator errors).

Current State

Despite these efforts:

  • Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
  • The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.

Goals

  1. Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
  2. Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).

My Environment

  • Raspberry Pi 500 running Arch Linux ARM.
  • Both Caddy and Cloudflared are installed via AUR packages.
  • MiniFlux is running in Docker with the following environment variables:CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>

Relevant Logs

From cloudflared:

ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"

From the browser console:

Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.

Questions

  1. Is there a better way to configure CORS for this setup?
  2. Should I be handling authentication differently between Nextflux and MiniFlux?
  3. How can I ensure that requests from Nextflux include valid access tokens?

Any help or advice would be greatly appreciated! 🙏

#SelfHosting#CaddyServer#RSS
TrendingLive feeds
About