Still it is not clear to me how the internal reverse proxy may get a valid certificate when the domain name is pointing to the vps. Do you copy later manually to the internal proxy?
And if so, how do you overcome the invalid certificate warning when you are accessing your services locally?
Question, how do you deal with the certificates if you have an external vps doing passthroy?
Because that certificate will not match the domain name of the vps and then everything will fail or at least trigger a lot of alerts.
I really fail to see how an internal backend in a different subnet can send the right certificate
Ey! congrats for the donation. I hope your personal project succeeds!
This could be funny if you have a d event computer, specially for od games
If you are interested in the photo storage then start… With the storage.
So pick up a nas or something similar, pay a bit more for the super intuitive fancy gui product and the start from there.
Learn what is nas and how to connect to a pc Thne learn how to do the same with your smartphone Then learn a bit about networking Then… Continuous for the hardest itch and try to Scratch it
And if you need support, come back here, check videos and web pages or even chatgpt, for the basic stuff is quite acceptable
Ehmmmm I still don’t grasp what you mean.
In any case, mandos has a possibility to do it automatically via rsa encryption, so you have the possibility of totally unattended restart.
Because the server is (ideally) in a different location, if one of yiur systems is stolen / compromised then you only delete / revoked the certificates ID and then that machine would not be able to decrypt its own luks system.
I never deployed this system on my own, but I know a few guys who did it
Regards
I am afraid I don’t get the question.
What do you exactly mean?
Chech here, I think is a more sensible way of doing things https://www.recompile.se/mandos
You are partially right, I was fast and sloppy and I gave the impression all is jitted and it is not the reality.
The part of the translation is fine. However there are parts that are compiled beforehand (shaders for example and I can recall something about arm or other architectures, not sure now). And this is a crucial point of the extra performance, because some parts can be ported to more updated/efficient implementations, not because there are less services in the background.
As far as I know for the new Vulkans layers and dx12 implementation there is a “translation layer” from the old dx implementation to the most updated one. This is the main reason why old games runs faster on Proton than in w7 for the same hw. Even if they were designed for w7 specifically.
Last time I checked this was done during the booting of the game, but i have to admit this was time ago and it could have been changed.
Ummmm sure?
I don’t want to start that extremely old flame war of native VS jit code but…
Proton is not an emulation, it is a translation to native code, and while it has some drawbacks (more memory usage, more time at start up to compile things) it can unlocks a lot of potential when the hw support new capabilities, this is the reason that some dx10 games run faster on Linux…
Nginx is considered battle tested.
Very few products have this level of puic scrutiny and and a good record of being safe.
Once this is said, the majority of problems come from misconfigurations, so triple check the things
Nope, it didn’t, the hiper inflation happened almost 9 years before.
https://en.wikipedia.org/wiki/Hyperinflation_in_the_Weimar_Republic
Edit: I appreciate your edit, but now mine looks out of touch :)
???
The weymar hiper inflation happened almost 9 years before…
The great US depression was only a drop in a miriad of causes, it is not even in the top 3 of reasons of nazi getting the power.
https://en.wikipedia.org/wiki/Hyperinflation_in_the_Weimar_Republic
Not really, the great depression in capital letters was almost 100% in the US.
The rest of the world had a recession, a bit tougher than normal but nothing near what happen in the US
OK I understood that the request came from internet and tailscale was to link the reverse proxy and the server.
In this case try ipv6, pretty sure you have ipv6 and you will have a public address.
But for this case you will need a dns in your network so example.com can be resolved and then your proxy will make the right request.
Yes doable.
Yes, it is possible, but you need a domain (example.com) that I guess you want to be resolved from internet and a public face ip.
After that, yep, if the reverse proxy can resolve tailscale names (basically it has tailscale installed in the same machine) and the service is reachable via tailscale, then it is perfect.
In fact in my setup I have a public domain name that is translated into a private domain name in the reverse proxy (exactly what you want with the addition of tailscale)
Start with a nas, the rest will naturally come when you try to access your data for outside, or organize your data, or save more data types to your nas.
Your nas should be the central device and you build the rest around it.
Now, The question is, which nas? I would recommend synology, they are not too performance, a bit expensive and the company is lately doing suspicious moves, but the sw and the hw are rock solid and they are quite good for beginners from almost all angles. Extra point for how many howtos and tutorials are present in internet.
Once you are comfortable with them, you will realize the rest
How, because Overton window says the opposite
Honestly, every hw that is not going automatically into a power save mode when not used is utterly crap, even my home grade switches are able to do so.
So, the only thing you need to do is to buy recent hw and of course not over size your hw necessities. But recent hw tends to be more expensive, so in the end, it is an excel driven decission.
And once this is said, be careful, some hw suffer more for a on/off cycle than from a continuous power on mode. Think in hdd power cycles or condensation/ salt-rust problems in high humidity areas.