Lingolol

Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:Another short blog post on blocking <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> <a href="https://infosec.exchange/tags/Bots" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bots</a> that slow down a website. Using <a href="https://infosec.exchange/tags/NGINX" class="mention hashtag" rel="nofollow noopener" target="_blank">#NGINX</a>, but easily adaptable to <a href="https://infosec.exchange/tags/ApacheWebServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApacheWebServer</a> <a href="https://infosec.exchange/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> etc<a href="https://www.infosecworrier.dk/blog/2025/07/botblocker/" rel="nofollow noopener" translate="no" target="_blank">https://www.infosecworrier.dk/blog/2025/07/botblocker/</a>

patproHello, I’m hosting a <a href="https://social.patpro.net/tags/vaultwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vaultwarden</a> server behind <a href="https://social.patpro.net/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> 2.10 and made the following test:Tuning Caddy to allow only <a href="https://social.patpro.net/tags/pqc" class="mention hashtag" rel="nofollow noopener" target="_blank">#PQC</a> curves:<pre><code> tls { curves x25519mlkem768 } </code></pre>Trying to connect with <a href="https://social.patpro.net/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> Mac -> OK Trying to connect with <a href="https://social.patpro.net/tags/bitwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bitwarden</a> <a href="https://social.patpro.net/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#android</a> client -> FailWithout the <a href="https://social.patpro.net/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> tuning, the Bitwarden Android client will happily connect to the server.Is it a problem with the Bitwarden Android client or with Android, or both?

Bradley TauntI'm in the process of porting over all OpenBSD related mini-sites to <a href="https://mastodon.bsd.cafe/tags/httpd" class="mention hashtag" rel="nofollow noopener" target="_blank">#httpd</a> running on my TinyKVM VPS.All other web projects will be migrated to Alpine <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>, served through <a href="https://mastodon.bsd.cafe/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> on my other VPS.

Adam ♿If I don't want to use <a href="https://aus.social/tags/Ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ansible</a> and I'll only use <a href="https://aus.social/tags/Terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#Terraform</a> if I'm being paid to, what are my other options if I want to say, deploy <a href="https://aus.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> plus some kind of Fedi server and have it repeatable?It looks like Jet was an alternative but the creator ran out of steam.<a href="https://aus.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#AskFedi</a>[I realise I am basically asking for <a href="https://aus.social/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> but I would like to try something else]

Mauricio Teixeira 🇺🇸🇧🇷Ha! I was able to get at least Forgejo configured with Pocket ID!I thought I had to rebuild my Caddy container simply because I was misunderstanding how to properly configure it, but I don't actually need that. Interesting enough, the solution hit me in the head while I was brushing my teeth. 😁 Okay, now let's see which other services accept OAUTH2. 🎉 <a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/PocketID" class="mention hashtag" rel="nofollow noopener" target="_blank">#PocketID</a> <a href="https://hachyderm.io/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#Forgejo</a> <a href="https://hachyderm.io/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a>

Mauricio Teixeira 🇺🇸🇧🇷Okay. Plans for putting the home lab behind Pocket ID have been postponed, until I have time and patience to properly automate a custom build of `lucaslorentz/caddy-docker-proxy` with the `greenpau/caddy-security` plugin enabled. <a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> <a href="https://hachyderm.io/tags/PocketID" class="mention hashtag" rel="nofollow noopener" target="_blank">#PocketID</a>

nabeardsFigured I'd test out Caddy, lol. Installing from brew installs it, I guess? No way to run it, doesn't actually start, running `brew test caddy` just errors `Error: Testing requires the latest version of caddy`. I mean, I guess nevermind then?<a href="https://hachyderm.io/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#caddy</a> <a href="https://hachyderm.io/tags/homebrew" class="mention hashtag" rel="nofollow noopener" target="_blank">#homebrew</a>

Heals :heart_nb:I recently started to replace <a href="https://indiepocalypse.social/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> with <a href="https://infosec.exchange/@caddy" class="u-url mention" rel="nofollow noopener" target="_blank">@caddy</a> and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines. And on top of that <a href="https://indiepocalypse.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> also made certbot redundant as it takes care of fetching and renewing the tls certs from <a href="https://indiepocalypse.social/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#LetsEncrypt</a> and keeps a <a href="https://indiepocalypse.social/tags/ZeroSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroSSL</a> backup for all of my domains. I think I'm in love..

Lanie Molinar CarmeloI'm curious to hear what others are <a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a>! Here's my current setup:Hardware & OS<ul><li>Hardware: <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi500</a> (8 GB RAM, 512 GB SD card) <a href="https://allovertheplace.ca/tags/RPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RPi</a> <a href="https://allovertheplace.ca/tags/RPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RPi500</a> <a href="https://allovertheplace.ca/tags/SingleBoardComputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleBoardComputers</a> <a href="https://allovertheplace.ca/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a></li><li>OS: <a href="https://allovertheplace.ca/tags/Stormux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Stormux</a>, an accessible <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> distro based on <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a> <a href="https://allovertheplace.ca/tags/LinuxAccessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#LinuxAccessibility</a> <a href="https://allovertheplace.ca/tags/AccessibleTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#AccessibleTech</a></li></ul>Infrastructure & Networking<ul><li>Dashboard: <a href="https://allovertheplace.ca/tags/Glance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Glance</a> (<a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a>) <a href="https://allovertheplace.ca/tags/DockerApps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DockerApps</a></li><li>Reverse Proxy: <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a></li><li>DNS: <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a></li><li>Domain Registrar: <a href="https://allovertheplace.ca/tags/Porkbun" class="mention hashtag" rel="nofollow noopener" target="_blank">#Porkbun</a></li><li>Networking & Remote Access: <a href="https://allovertheplace.ca/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tailscale</a> (non-Docker), love its SSH agent and magic DNS features. <a href="https://allovertheplace.ca/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkSecurity</a></li></ul>Security & Monitoring<ul><li>Ad Blocking: <a href="https://allovertheplace.ca/tags/AdGuardHome" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdGuardHome</a> (non-Docker). Previously used PiHole but find AdGuardHome slightly faster. <a href="https://allovertheplace.ca/tags/PrivacyTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivacyTools</a></li><li>Server Monitoring: <a href="https://allovertheplace.ca/tags/Beszel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Beszel</a> (non-Docker). Tried Grafana/Prometheus/Alertmanager (accessible but overkill) and Netdata (poor screen reader accessibility). Beszel isn't perfect but best compromise so far. <a href="https://allovertheplace.ca/tags/ServerMonitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#ServerMonitoring</a></li><li>Server Overview: <a href="https://allovertheplace.ca/tags/Cockpit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cockpit</a> (non-Docker)</li><li>Security Tools: <a href="https://allovertheplace.ca/tags/Fail2ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fail2ban</a>, <a href="https://allovertheplace.ca/tags/FirewallD" class="mention hashtag" rel="nofollow noopener" target="_blank">#FirewallD</a>, <a href="https://allovertheplace.ca/tags/ClamAV" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClamAV</a>, and <a href="https://allovertheplace.ca/tags/Rkhunter" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rkhunter</a> (non-Docker). Tried CrowdSec but couldn't get it working on Stormux. <a href="https://allovertheplace.ca/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a></li><li>Service Uptime Monitoring: <a href="https://allovertheplace.ca/tags/UptimeKuma" class="mention hashtag" rel="nofollow noopener" target="_blank">#UptimeKuma</a> (Docker), accessible and easy to use. <a href="https://allovertheplace.ca/tags/MonitoringTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#MonitoringTools</a></li></ul>Authentication & Identity Management<ul><li>Authelia (Docker): Just set this up for two-factor authentication and single sign-on. Seems to be working well so far! </li><li>LLDAP (Docker): Lightweight LDAP server for managing authentication. Also seems to be working pretty well! <a href="https://allovertheplace.ca/tags/AuthenticationTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#AuthenticationTools</a> <a href="https://allovertheplace.ca/tags/IdentityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#IdentityManagement</a></li></ul>Productivity & Personal Tools<ul><li>Docker Management: <a href="https://allovertheplace.ca/tags/Dockge" class="mention hashtag" rel="nofollow noopener" target="_blank">#Dockge</a> (Docker). More accessible than Portainer; main issue is built-in terminal isn't readable with screen readers. <a href="https://allovertheplace.ca/tags/DockerCompose" class="mention hashtag" rel="nofollow noopener" target="_blank">#DockerCompose</a></li><li>Docker Logs Viewer: <a href="https://allovertheplace.ca/tags/Dozzle" class="mention hashtag" rel="nofollow noopener" target="_blank">#Dozzle</a> (Docker), great web interface and easy searching.</li><li>Git Hosting: <a href="https://allovertheplace.ca/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#Forgejo</a> (non-Docker), my personal Git server. <a href="https://allovertheplace.ca/tags/GitServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitServer</a></li><li>Backups: <a href="https://allovertheplace.ca/tags/IDrive" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDrive</a> (non-Docker), backs up all my devices easily. <a href="https://allovertheplace.ca/tags/BackupSolutions" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackupSolutions</a></li><li>Notes: <a href="https://allovertheplace.ca/tags/Joplin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Joplin</a> server (Docker). Accessibility improving; love the VSCode extension. <a href="https://allovertheplace.ca/tags/NoteTakingApps" class="mention hashtag" rel="nofollow noopener" target="_blank">#NoteTakingApps</a></li><li>Bookmarks: <a href="https://allovertheplace.ca/tags/Linkding" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linkding</a> (Docker). Accessible bookmark manager with good browser extension support. <a href="https://allovertheplace.ca/tags/BookmarkManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#BookmarkManager</a></li><li>Recipes: <a href="https://allovertheplace.ca/tags/Mealie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mealie</a> (Docker), starting to learn cooking! 🍳📖  <a href="https://allovertheplace.ca/tags/CookingApps" class="mention hashtag" rel="nofollow noopener" target="_blank">#CookingApps</a></li><li>RSS Feeds: <a href="https://allovertheplace.ca/tags/Miniflux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Miniflux</a> (non-Docker), excellent accessibility. Originally wanted better podcast support but other options had major accessibility issues. <a href="https://allovertheplace.ca/tags/RSSReader" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSSReader</a></li><li>Automation & Workflows: <a href="https://allovertheplace.ca/tags/N8N" class="mention hashtag" rel="nofollow noopener" target="_blank">#N8N</a> (Docker). Haven't explored deeply yet—open to ideas! <a href="https://allovertheplace.ca/tags/AutomationTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#AutomationTools</a> <a href="https://allovertheplace.ca/tags/WorkflowAutomation" class="mention hashtag" rel="nofollow noopener" target="_blank">#WorkflowAutomation</a></li><li>Pastebin Service: <a href="https://allovertheplace.ca/tags/PrivateBin" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivateBin</a> (non-Docker). Considering alternatives or CLI tool for easier console access. <a href="https://allovertheplace.ca/tags/PastebinAlternative" class="mention hashtag" rel="nofollow noopener" target="_blank">#PastebinAlternative</a></li><li>File Sharing & Editing: <a href="https://allovertheplace.ca/tags/Samba" class="mention hashtag" rel="nofollow noopener" target="_blank">#Samba</a> (non-Docker), easy file management from my Windows 11 mini PC. <a href="https://allovertheplace.ca/tags/FileSharing" class="mention hashtag" rel="nofollow noopener" target="_blank">#FileSharing</a> <a href="https://allovertheplace.ca/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows11</a></li><li>Search Engine: <a href="https://allovertheplace.ca/tags/SearXNG" class="mention hashtag" rel="nofollow noopener" target="_blank">#SearXNG</a> (non-Docker), accessible and searches multiple engines at once. <a href="https://allovertheplace.ca/tags/PrivacySearchEngine" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivacySearchEngine</a></li><li>IRC Client: <a href="https://allovertheplace.ca/tags/TheLounge" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheLounge</a> (non-Docker). Some accessibility issues but best I've found so far for always-connected IRC. <a href="https://allovertheplace.ca/tags/IRCClient" class="mention hashtag" rel="nofollow noopener" target="_blank">#IRCClient</a></li><li>Read Later Service: <a href="https://allovertheplace.ca/tags/Wallabag" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wallabag</a> (Docker). Biggest issue is Wallabagger Chrome extension doesn't work for me yet. <a href="https://allovertheplace.ca/tags/ReadItLater" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReadItLater</a></li></ul>Notifications & Development Workflow<ul><li>Notifications via: <a href="https://allovertheplace.ca/tags/Ntfy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ntfy</a> (Docker) and Zoho's ZeptoMail (<a href="https://allovertheplace.ca/tags/Zoho" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zoho</a>)</li><li>Development Environment: Mostly using VSCode connected to my server via Remote-SSH extension. <a href="https://allovertheplace.ca/tags/VSCodeRemote" class="mention hashtag" rel="nofollow noopener" target="_blank">#VSCodeRemote</a></li></ul>Accessibility Focus ♿️🖥️Accessibility heavily influences my choices—I use a screen reader full-time (<a href="https://allovertheplace.ca/tags/ScreenReader" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScreenReader</a>), so I prioritize services usable without sight (<a href="https://allovertheplace.ca/tags/InclusiveDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#InclusiveDesign</a>, <a href="https://allovertheplace.ca/tags/DigitalAccessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalAccessibility</a>). Always open to discussing accessibility experiences or recommendations!I've also experimented with:<ul><li>Ollama (<a href="https://allovertheplace.ca/tags/Ollama" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ollama</a>): Not enough RAM on my Pi.</li><li>Habit trackers like Beaver Habit Tracker (<a href="https://allovertheplace.ca/tags/HabitTracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#HabitTracking</a>): Accessibility issues made it unusable for me.</li></ul>I don't really have a media collection, so no Plex or Jellyfin here (<a href="https://allovertheplace.ca/tags/MediaServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#MediaServer</a>)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services! 😄What's your setup like? Any cool services you'd recommend I try?<a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> <a href="https://allovertheplace.ca/tags/LinuxSelfHost" class="mention hashtag" rel="nofollow noopener" target="_blank">#LinuxSelfHost</a> <a href="https://allovertheplace.ca/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://allovertheplace.ca/tags/TechCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechCommunity</a> <a href="https://allovertheplace.ca/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://allovertheplace.ca/tags/TechDIY" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechDIY</a><a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhost</a> <a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhosted</a> <a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhosting</a>

Paul CampbellSwitching my Caddy server to use ZeroSSL for AMCE SSL certification, replacing LetsEncrypt, was as easy as adding this to my <code>Caddyfile</code>:<pre><code>{ acme_ca https://acme.zerossl.com/v2/DV90 } </code></pre><a class="hashtag" href="https://mitra.kemitix.net/collections/tags/caddyserver" rel="nofollow noopener" target="_blank">#CaddyServer</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/caddy" rel="nofollow noopener" target="_blank">#Caddy</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/ssl" rel="nofollow noopener" target="_blank">#SSL</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/acme" rel="nofollow noopener" target="_blank">#ACME</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/letsencypt" rel="nofollow noopener" target="_blank">#LetsEncypt</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/zerossl" rel="nofollow noopener" target="_blank">#ZeroSSL</a>

Marc TriusSo I want to set up a <a href="https://hachyderm.io/tags/CI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CI</a> pipeline on my webserver to serve static sites.I already have a <a href="https://infosec.exchange/@caddy" class="u-url mention" rel="nofollow noopener" target="_blank">@caddy</a> setup that can serve static files, as well as a bunch of other stuff that all runs in <a href="https://hachyderm.io/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> containers. But I would like to have a CI pipeline that will pick up my repository changes, and build and deploy stuff to a directory that <a href="https://hachyderm.io/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> can serve.Now, how ridiculous would it be to have:- an SSH server running in a Docker container - <a href="https://floss.social/@WoodpeckerCI" class="u-url mention" rel="nofollow noopener" target="_blank">@WoodpeckerCI</a>, also in Dockerand get Woodpecker to build the site and use scp to copy files over to the SSH server, that will have a shared volume with the Caddy container that maps to the /var/www directory?I am not ready to set up a whole <a href="https://floss.social/@forgejo" class="u-url mention" rel="nofollow noopener" target="_blank">@forgejo</a> instance to serve from Forgejo Pages. Plus, why use the Pages thing when I have a perfectly good Caddy server running already, that would be serving the Forgejo instance anyway?Why not some sort of S3 compatible service in a container? Why not FTP? How many containers can a guy run? Am I losing my mind (probably)?<a href="https://hachyderm.io/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a>

repeatroToday I got into Docker as I'm planning to not only host Owncast and Caddy but also other platforms/services.Docker helps separating these services from each other on your server, so they don't interfere. It comes with pre-built docker images of many well known applications in the field of self-hosting. <a href="https://mastodon.social/tags/Owncast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Owncast</a> <a href="https://mastodon.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> <a href="https://mastodon.social/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhosting</a> <a href="https://mastodon.social/tags/Portainer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Portainer</a> <a href="https://mastodon.social/tags/server" class="mention hashtag" rel="nofollow noopener" target="_blank">#server</a> <a href="https://mastodon.social/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a>

algernon just wants to read one blog post without AI slop, please :flan_aw:Oh, rofl. I just locked myself out of my own forge's web UI for an entire hour.How? I was curious whether my HackerNews griefing snippet works, so I searched for <code>git.madhouse-project.org</code> on HN, followed a link, got a nice HTTP 418 Teapot, and all was fine.But then I wanted to toot about this, and mention <a href="https://git.madhouse-project.org/algernon/caddy-matcher-persistent-referrer" rel="nofollow noopener" target="_blank">caddy-matcher-persistent-referrer</a>, a small module that remembers the IP of visitors from a particular referrer, and continues to match them for some time.I made this <a href="https://come-from.mad-scientist.club/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> module to circumvent HNers just copy pasting links after seeing the initial 418, or simply hitting enter on the address bar. With this module, they're locked out for an hour....and so am I, because I tested it, with a visit referred from HN.(Of course, I can ssh into my VPS, reload Caddy, and clear its in-memory cache, which I did. But nevertheless, it's funny!)

algernon just wants to read one blog post without AI slop, please :flan_aw:As the next step in my quest to make it easier to poison AI crawlers, I present you: <a href="https://git.madhouse-project.org/algernon/ociocaine" rel="nofollow noopener" target="_blank">OCIocaine</a>: a project where <a href="https://come-from.mad-scientist.club/tags/dockercompose" class="mention hashtag" rel="nofollow noopener" target="_blank">#DockerCompose</a> meets <a href="https://come-from.mad-scientist.club/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> and <a href="https://come-from.mad-scientist.club/tags/iocaine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iocaine</a>, to poison AI crawlers for all your sites, automatically.The idea here is to provide a docker compose file that starts up Caddy and Iocaine, configured so that Caddy will reverse proxy for any and all services on the same docker network, as long as they have a few labels that tell it to do so. In addition, a Caddyfile snippet will be available for all of these, which takes care of routing bad visitors to Iocaine.And if that's not enough, the whole thing comes preconfigured with a wordlist (a list of English words), and traning data (the complete works of Shakespeare), and a list of known AI crawlers (courtesy of <a href="https://github.com/ai-robots-txt/ai.robots.txt" rel="nofollow noopener" target="_blank"><code>ai.robots.txt</code></a>).All you have to do is copy the sample configuration, create a network, start it up, and deploy labeled containers into the same network, and OCIocaine takes care of the rest.

algernon just wants to read one blog post without AI slop, please :flan_aw:Tehehehehe.<pre><code> test: image: traefik/whoami networks: - iocaine labels: caddy: http://127.0.0.1:21080 caddy.import: iocaine caddy.reverse_proxy: "{{upstreams 80}}" </code></pre>The goal: create a docker network called <code>iocaine</code>, deploy containers within the network, and with just a few labels, have them wrapped, so they're shadowed by iocaine. Just one <code>compose.yml</code> for <a href="https://come-from.mad-scientist.club/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#caddy</a> + <a href="https://come-from.mad-scientist.club/tags/iocaine" class="mention hashtag" rel="nofollow noopener" target="_blank">#iocaine</a> to make it all work.Probably sounds less exciting than it really is. I'll explain more once it's ready.

Lanie Molinar CarmeloHelp Needed with Cloudflare Zero Trust, Pages, and Workers for ReactFlux + MiniFlux SetupHi everyone, I'm new to <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> and have been trying to set up a <a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> project on my <a href="https://allovertheplace.ca/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a> 500. I'm mostly self-taught, so I apologize if I misunderstand anything or miss important details. Here's my situation: Current Setup<ul><li>I'm running the self-hosted <a href="https://allovertheplace.ca/tags/RSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSS</a> feed reader <a href="https://allovertheplace.ca/tags/MiniFlux" class="mention hashtag" rel="nofollow noopener" target="_blank">#MiniFlux</a> on my Raspberry Pi 500 (<a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a>, installed via Pacman). </li><li>The setup uses <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> as a reverse proxy, a <a href="https://allovertheplace.ca/tags/CloudflareZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareZeroTrust</a> tunnel, and Cloudflare Access for SSO. </li><li>My <a href="https://allovertheplace.ca/tags/CloudflareAccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareAccess</a> application is configured to allow all origins, methods, and headers. It has a policy that allows specific emails or login methods (e.g., GitHub). </li></ul>What I'm Trying to Do<ul><li>I want to deploy ReactFlux, an alternative frontend for MiniFlux, on <a href="https://allovertheplace.ca/tags/CloudflarePages" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflarePages</a>. </li><li>Before setting it up fully, I tested the <a href="https://reactflux.pages.dev/login" rel="nofollow noopener" target="_blank">ReactFlux demo</a> with my MiniFlux instance at <code>https://rss.laniecarmelo.tech</code>. However, ReactFlux couldn't log in. </li></ul>Suspected IssueI believe the issue is caused by Cloudflare Access protection blocking ReactFlux from accessing the MiniFlux API (<code>https://rss.laniecarmelo.tech/v1/*</code>). What I've Tried So Far<ol><li>I added another hostname (<code>rss.laniecarmelo.tech/v1/*</code>) to my tunnel configuration and created a new Cloudflare Access application with a policy set to "Bypass" for everyone. However, this didn't work—when testing the API endpoint in a private browser window, I'm still asked to sign into Cloudflare. </li><li>I also tried setting up the hostname with "Protect with Access" turned off but got the same results. </li><li>Next, I attempted to use a <a href="https://allovertheplace.ca/tags/CloudflareWorker" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareWorker</a> written in JavaScript to bypass authentication for <code>/v1/*</code>, but it doesn't seem to be doing anything (or isn't being triggered). </li></ol>What I Need Help With<ul><li>How can I properly configure Cloudflare so ReactFlux can access the MiniFlux API (<code>/v1/*</code>) while keeping the rest of my MiniFlux instance protected by Cloudflare Access? </li><li>I've been stuck on this for a couple of days and would really appreciate any guidance or suggestions! </li></ul>Thanks in advance for your help! <a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> <a href="https://allovertheplace.ca/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinux</a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://allovertheplace.ca/tags/RSSReader" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSSReader</a> <a href="https://allovertheplace.ca/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://allovertheplace.ca/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a> <a href="https://allovertheplace.ca/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a> <a href="https://allovertheplace.ca/tags/RPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RPi</a> <a href="https://allovertheplace.ca/tags/RPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RPi500</a> <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi500</a> <a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhosting</a> <a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhost</a> <a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhosted</a>

gemelenI'm doing a bit of my own server revamp and one of the points is a decision: stay with Nginx or switch to Caddy. For my loads I could run bashttpd, so it's only about the comfort of setting up, configuring, is it secure enough and so on.I went for a JSON format for caddyfile (to see what you could do) and it's prohibitevly bad admin-wise....Sidenote, this exploration <a href="https://blog.tjll.net/reverse-proxy-hot-dog-eating-contest-caddy-vs-nginx/" rel="nofollow noopener" translate="no" target="_blank">https://blog.tjll.net/reverse-proxy-hot-dog-eating-contest-caddy-vs-nginx/</a> shows that you want Nginx as your production proxy and Caddy for file delivery.<a href="https://mammut.moe/tags/Nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nginx</a> <a href="https://mammut.moe/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a>

Lanie Molinar Carmelo<a href="https://allovertheplace.ca/tags/MiniFlux" class="mention hashtag" rel="nofollow noopener" target="_blank">#MiniFlux</a> users, can anyone help?Hi all. I'm having some issues with MiniFlux, a <a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> <a href="https://allovertheplace.ca/tags/RSSReader" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSSReader</a>, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> to <a href="https://allovertheplace.ca/tags/Pacman" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pacman</a> package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.I'm using <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> for <a href="https://allovertheplace.ca/tags/ReverseProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseProxy</a> and <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> for <a href="https://allovertheplace.ca/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSO</a>. Has anyone seen anything like this before? This is on a <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi500</a> running <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a>.I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.<a href="https://allovertheplace.ca/tags/SelFhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelFhosting</a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://allovertheplace.ca/tags/RSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSS</a> <a href="https://allovertheplace.ca/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a> <a href="https://allovertheplace.ca/tags/RPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RPi</a> <a href="https://allovertheplace.ca/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://allovertheplace.ca/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a> <a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhost</a> <a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhosted</a> <a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener" target="_blank">@selfhosting</a>

Lanie Molinar Carmelo🚨 Help Needed: <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> and <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> Access Issues with <a href="https://allovertheplace.ca/tags/Nextflux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nextflux</a> + <a href="https://allovertheplace.ca/tags/MiniFlux" class="mention hashtag" rel="nofollow noopener" target="_blank">#MiniFlux</a> Setup 🚨Hi everyone! I’m struggling with a <a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:Setup<ul><li>MiniFlux: Running in <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> on a <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi500</a> (<a href="https://allovertheplace.ca/tags/Stormux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Stormux</a>, based on <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a>).</li><li>Nextflux: Hosted on Cloudflare Pages.</li><li>Reverse Proxy: <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> (installed via AUR).</li><li>Cloudflare Access: Enabled for security and SSO.</li><li>Cloudflared: Also installed via AUR.</li><li>CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.</li></ul>What’s Working<ul><li>MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.</li><li>Nextflux is properly deployed on Cloudflare Pages.</li></ul>The ProblemNextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:<ol><li>CORS Error:<code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.</code></li><li>Cloudflare Access Redirection:<pre><code>Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'. </code></pre></li><li>Failed to Fetch:<pre><code>Failed to fetch: TypeError: Failed to fetch. </code></pre></li></ol>What I’ve Tried<ol><li>Service Token Authentication:<ul><li>Generated a service token in Cloudflare Access for Nextflux.</li><li>Added <code>CF-Access-Client-Id</code> and <code>CF-Access-Client-Secret</code> headers in Caddy for <code>rss.laniecarmelo.tech</code>.</li><li>Updated Cloudflare Access policies to include a bypass rule for this service token.</li></ul></li><li>CORS Configuration:<ul><li>Tried permissive settings (<code>Access-Control-Allow-Origin: *</code>) in both Caddy and MiniFlux.</li><li>Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.</li></ul></li><li>Policy Adjustments:<ul><li>Created a bypass policy for my home IP range and public IP.</li><li>Added an "Allow" policy for authenticated users via email/login methods.</li></ul></li><li>Debugging Logs:<ul><li>Checked Cloudflared logs, which show requests being blocked due to missing access tokens (<code>AccessJWTValidator</code> errors).</li></ul></li></ol>Current StateDespite these efforts:<ul><li>Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.</li><li>The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.</li></ul>Goals<ol><li>Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).</li><li>Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).</li></ol>My Environment<ul><li>Raspberry Pi 500 running Arch Linux ARM.</li><li>Both Caddy and Cloudflared are installed via AUR packages.</li><li>MiniFlux is running in Docker with the following environment variables:<code>CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret></code></li></ul>Relevant LogsFrom <code>cloudflared</code>:<pre><code>ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request" </code></pre>From the browser console:<pre><code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy. </code></pre>Questions<ol><li>Is there a better way to configure CORS for this setup?</li><li>Should I be handling authentication differently between Nextflux and MiniFlux?</li><li>How can I ensure that requests from Nextflux include valid access tokens?</li></ol>Any help or advice would be greatly appreciated! 🙏<a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#CaddyServer</a> <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> <a href="https://allovertheplace.ca/tags/RSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSS</a> <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a> <a href="https://allovertheplace.ca/tags/CloudflarePages" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflarePages</a> <a href="https://allovertheplace.ca/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://allovertheplace.ca/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a>

patproBonjour l’<a href="https://universites.social/tags/ESR" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESR</a> !Y-a-t’il des gens parmi vous ou vos collègues qui font tourner du <a href="https://universites.social/tags/Moodle" class="mention hashtag" rel="nofollow noopener" target="_blank">#Moodle</a> via des PHP-FPM en balance de charge derrière un frontal HTTP <a href="https://universites.social/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> ?On est sur un boitier F5 en fin de vie qui répartit la charge entre 7 nœuds Apache + php-fpm. J’aimerai explorer une piste plus simple/moderne (où les nœuds font seulement le php, et où le frontal web gère HTTP/3, le renouvellement auto de ses certificat TLS, et peut être reconfiguré à chaud, etc).Le <a href="https://universites.social/tags/boost" class="mention hashtag" rel="nofollow noopener" target="_blank">#boost</a> garantit un bon W-E :)

Recent searches

Search options

Administered by:

Server stats:

#caddy