Rsyslog to collect logs to a single server, then lnav for viewing them on that server is a good combo. Oldschool but very effective for self-host scale.
Oh the times when getting GTA from a friend required 30+ 3½" floppy disks IIRC. That plus making 5 or 6 round trips to friend's house, because one of them almost always got corrupted during the zip process.
And since no one had the disk space or knowhow to store the zip packets on HDD for the inevitable re-copying, had to redo the whole pack from scratch each time.
+1 for rootless Podman. Kubernetes YAMLs to define pods, which are started/controlled by systemd. SELinux for added security.
Also +1 for not using auto updates. Using the latest tag has bit me more times I can count, now I only use it for testing new stuff. All the important services have at least the major version as tag.
Rent a cheap VPS, ask your friends to gobble up the 1-2 units of local currency per month. Run a DNS over HTTPS server on the VPS (Adguard Home can do it, I'm not sure about PiHole), then just use browsers that can use a custom DoH resolver.
Don't open port 53 to the public, that's just asking for trouble. The bonus with this is the adblocking is in use on the go as well, and you can use the same server yourself.
The set up isn't actually hard at all, if you understand the concepts. Keeping off blacklists is the hard part, as big providers often block entire IP ranges due to one bad actor.
Edit: I meant sometimes your server gets blacklisted for something some neighboring server did
If they offered a way to export/import the DB and user files as is, it would be great. But you are kind of stuck with Hetzner if you go there, transferring elsewhere will be a pain. Probably need to use the desktop client to download everything and then again upload to the new place.
You are right, and the fact federation is perhaps overplayed or emphasized when talking about something like Lemmy doesn't help.
The regular users don't care, as long as the content is available. Which unfortunately isn't quite the case yet (with no disrespect to developers, I think Lemmy is something I'll stick to for a good while)
You'd create a CNAME for myservice.mydomain.com, that points to proxynearorigin.cloudflare.com.
proxynearorigin.cloudflare.com contains the A and AAAA records for the reverse proxy servers. When you do a DNS query for myservice.mydomain.com, it will (eventually) resolve to the CF proxy IPs.
The CF proxies see from the traffic that you originally requested myservice.mydomain.com and serve your content based on that. This still requires you to tell Cloudflare where the origin server is so the reverse proxies can connect to it.
On the free service instead of the CNAME you set the origin server's IP as the A and/or AAAA record. Enabling the proxy service actually changes this so that when someone makes a DNS query to myservice.mydomain.com they get the proxy addresses straight as A and AAAA records, leaving the IP you originally configured known only to Cloudflare internally.
It's hard to explain this, and since I don't work at Cloudflare the details may be off too. The best way to get an idea is play around with something like NGINX and run a local DNS server (Bind, Unbound, dnsmasq, PiHole...) and see for yourself how the DNS system works.
CDN isn't really related to DNS at all. In the case of the CF free tier, it's actually more like caching static content, which is technically a bit different. A CDN is a service that replicates said static content to multiple locations on high-performant servers, allowing the content to always be served from close to to the client. Where DNS comes in is that Anycast is probably used, and cdn.cloudflare.com actually resolves to different IPs depending on where the DNS query is made from.
There's also the chance that I don't actually know what I'm talking about, but luckily someone will most likely correct me if that's the case. :)
The reasons for having to use their nameservers is probably about getting some data in the process. But DNS queries are quite harmless compared to the MITM issue for the actual traffic.
Traffic proxied via CF uses their TLS certificates. Look up how HTTPS works, and you'll understand that it means the encryption is terminated at Cloudflare.
For the record, CF DNS infrastructure is really solid. For something already public anyway, I'd use their services in a heartbeat. You get some WAF features and can add firewall rules like geoblocking, even on the free tier.
For sensitive data, I probably wouldn't use the proxy service.
Cloudflare has several reverse proxies all around the world. When you enable their proxy service, CF decides which proxy is used for your traffic. To be able to control this better, they need to have control over the DNS record.
If you have an issue with changing your domain's nameservers (perfectly valid), my guess is you'll also have an issue with the fact that using CF proxy essentially means they are a man-in-the-middle for all your HTTPS traffic and decrypt everything before proxying it forward.
Poistin juuri shredditillä tililtä kaiken sisällön ja äänetkin. Enimmäkseen oli linux-aiheisille palstoille tullut kirjoiteltua.
Veikkaan samoilla linjoilla kuin muutkin, että API-hinnoittelumuutosten takia sisällön taso laskee. Mutta tuo mainittu NSFW-muutos saattaa olla jopa niin iso virhe, että Reddit ehtii mennä sen takia konkkaan ennenkuin muita merkittäviä muutoksia tapahtuu. Suurin osa käyttäjistä ei ole valmis tekemään tiliä päivittäisen pornoannoksen saamiseksi. Varsinkin kun suurimmalla osalla ihmisistä ei ole kuin se yksi oma gmail-sähköposti.
Uskon että teknisemmillä tyypeillä Lemmy tulee aika vahvaksi jatkovaihtoehdoksi. Harmittaa kun ei osaa Rustia yhtään, että voisi osallistua kehitykseen.
I recently put the nvidia variant of ublue-os on my work laptop, which has Optimus graphics. Couldn't be happier.
It's great to see these variants popping up! I really think ostree may be the future for desktop Linux, and not even very far away.