r0ckr

joined 2 years ago
[–] r0ckr 2 points 2 years ago

I live in switzerland, our main consumer electronics store is digitec and they tend to get the latest and greatest stuff first.

[–] r0ckr 2 points 2 years ago (1 children)

If you can afford it, buying a cheap 10TB external drive might be the best solution. I'm hesitant to recommend taking down the ZFS array, it does help with data reliability.

[–] r0ckr 4 points 2 years ago (3 children)

Can you backup directly to backblaze? Bypassing the 1TB drive?

 

Hi all

I'm running several docker containers with local persistent volumes that I would like to backup. I haven't found an easy method to do so.

What do you use / recommend to do that? AFAIK you can't just rsync the volume directory while the container is running.

[–] r0ckr 1 points 2 years ago

Well executed idea!

[–] r0ckr 1 points 2 years ago (2 children)

Ha, same here. HAProxy plugin running on my opnSense. I should probably try caddy because HAProxy is complete overkill for my requirements.

[–] r0ckr 1 points 2 years ago

Very good, that makes things much easier. Has been a while since I used pihole but when I did I used pihole to serve the internal IPs.

[–] r0ckr 4 points 2 years ago (2 children)

That is a cool idea 😄 . Are you getting enough airflow?

[–] r0ckr 3 points 2 years ago (2 children)

This is the perfect opportunity to set up a pihole. Its primary purpose is to block ads network wide but since it is essentially a DNS with a block list you can also set custom dns-entries.

[–] r0ckr 2 points 2 years ago (1 children)

Looking good! I didn't know that Noctua still made top-down-coolers of that size.

[–] r0ckr 5 points 2 years ago (1 children)

No problem, happy to help. Since I am not sure about your knowledge-level I will start from the basics, namely your ISP router.

It is in fact several devices in one:

  1. A modem: The Modulator / Demodulator converts the signal from whatever standard they use on the cable net (likely some version of DOCSIS) into something the rest of your network can understand.

  2. A router: This routes network packets between different networks. In your case that would be your internal network (probably 192.168.X.X) and the internet. Everytime different networks need to talk to each other a router will be needed between them. It also does NAT which is explained well here.

  3. A firewall: While a router can guide a packet to where it needs to go, it can not decide whether it is welcome there. A firewall can check packets according to various configured criteria and decide to pass or block it. Very helpful to keep the FSB out of your porn collection.

  4. A switch: Functions as a sort of central interconnect between wired devices. Much like an old telephone exchange where ladies would literally connect plugs with wires to create a direct connection between callers. The one in your ISP provided device is likely an "L2 dumb switch" <- more on this later.

  5. A wifi access point: Very simplified basically a switch that works with radio waves instead of physical wires. Again, very simplified.

This is all very nice and comfortable for your basic home user. But it also greatly limits your options if you want to do something different than whatever the manufacturer of your ISP-device deems fitting. The most common option to cirumvent this is to separate the functions out into their own devices, using software and hardware that you have much more control over. Businesses do the same, depending on their size and requirements. It is therefore also good practice for a future career in system administration and networking.

In your case I would recommend the following:

  1. Check if your ISP-device allows you to set it in passthrough mode. This switches functions 2-5 off and turns it into a pure Modem and nothing else. DOCSIS comes in from the cable net, good old standard TCP/IP (among other things) comes out of the other. This is where you plug in device number 2/3.

2/3. Here is where opnSense comes in. It is a combined router AND firewall. This specific combination of functions is what most small and medium businesses use. Very large organisations may further separate out routing and firewalling into dedicated devices. But that is Facebook / Google / Microsoft level stuff. You connect the modem into the WAN-port of opnSense and device number 4 into the LAN-port. opnSense sits in the middle.

  1. Get yourself a separate switch with as many ports as you need. Make sure that it supports the following functions: LACP (also known as IEEE 802.3ad), 802.1x and L2 VLAN (also known as IEEE 802.1q). POE might be useful as well, to supply some devices with power directly over the network. These weird words will become relevant later if you choose to go deeper into this rabbit hole. You won't need them in the beginning but this way you are ready to really get into the deeper stuff.

  2. Add in an access point to cover all your wifi needs. Make sure that it is an access point, not a wifi router. Some routers can be set to access point mode but thats just a waste of capabilities. The access point basically converts wired signals into radio. I recommend ubiquiti for this.

But for your next step you should start researching the five different functions I outlined in my first list. If I'm not sure about somethings (happens quite often ;-)) I literally type "whatever for dummies" into google and start reading. Don't be embarassed to start at the bottom, we all came from there in the beginning. There are also some good youtube channels that might help. Once you are somewhat confident that you at least generally know what those magic five do you can start with the second list.

Feel free to ask further questions but it's night time in my time zone so answers will take a while. Good luck and above all: Have fun. This is a fascinating topic and you can spend years exploring it.

[–] r0ckr 3 points 2 years ago* (last edited 2 years ago) (1 children)

There seems to be a bit of a misunderstanding of what a reverse proxy does.

The proxy should accept requests on port 80 and 443 and on the basis of the requested website route you to the correct adress:

  1. Request for jellyfin.mydomain.com comes in
  2. Reverse proxy checks where it should reroute it -> host.of.jellyfin:8443

So your client thinks its talking to your jellyfin-instance over port 443 but in actuality your proxy reroutes the traffic to wherever your jellyfin needs it to arrive..

/Edit: Ah just saw that it redirects 443 requests to your router. Can you configure a DNS override on its config somewhere?

[–] r0ckr 2 points 2 years ago

Try running this command on your target system:

cat $HOME/.ssh/authorized_keys

Does the private key part of your key pair show up in the list?

 

Inspired by Optimum Techs awesome video about the Dan C4 SFX (https://youtu.be/PpENpqI7BiE) I decided to upgrade my PC and try my hand at this whole MiniITX-thing:

HW:

  • AMD Ryzen 7 7800X3D (AM5, 4.20 GHz, 8 -Core)
  • Noctua NH-D12L (145 mm)
  • Corsair Vengeance (2 x 16GB, 6400 MHz, DDR5-RAM, DIMM) which kinda bit me in the arse
  • ASUS ROG STRIX B650E-I GAMING WIFI
  • Gigabyte AORUS GeForce RTX 3080 MASTER 10G LHR
  • Samsung 990 Pro 1TB for OS und apps
  • WD Black SN850X 4TB for games
  • Lian-Li SP850 SFX power supply
  • Dan Cases C4-SFX

I admit, I was quite intimidated by the prospect of building in such a small case, but the C4 SFX makes it easy.

Some tipps for first time builders like me:

  • Check your graphic card measurements carefully against the numbers on the website for this case:https://www.dan-cases.com/c4sfx_spec.html
  • Don't be afraid to use a bit of force when running the power supply cables. Don't destroy the plugs but you can push a bit to make them fit.
  • Best use only NVMe-drives. The less you try to shove into the case the better.

For those who are a bit unsure I recommend the video from Optimum Tech. While it's not a detailed step-by-step guide it does cover most of what you should know. Sure made my day easier and gave me some confidence.

view more: next ›