• 1 Post
  • 103 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle


  • Yes, I do loose the origin IP and I’m a little bugged by it. It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware. That’s totally my personal preference though.

    I trust my VPS provider to not be interested enough in my data to setup special surveillance tooling for each and every possible software combination their customers might have. Cloudflare on the other hand only has their own software stack to monitor and all customers must adhere to it. It’s by design much easier for them to do statistics or snooping.




  • maiskanzler@feddit.detoSelfhosted@lemmy.worldCloudflare is bad. Youre right.
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    5 months ago

    Sure it’s easy to set up, but the same behaviour is what I get with my handrolled solution. I rent a cheap VPS with a fixed IP solely for forwarding all traffic through wireguard. My DNS entries all point to the VPS and my servers connect to the VPS to be reachable. It is absolutely network agnostic and does not require any port shenanigans on the local network nor does it require a fixed IP for the internet connection of my home server.

    Data security wise the HTTPS terminates on my own hardware (homeserver with reverse proxy) and the wireguard connection is additionally encrypted. There are no secrets or certificates on the rented VPS beyond the bare minimum for the wireguard tunnel and my public key for SSH access.

    Shuttling the packets on the VPS (inet to wireguard) is done by socat because I haven’t had the will or need to get in the weeds with nftables/iptables. I am just happy that it works reliably and am happy to loose some potential bandwidth to the kernelspace/userspace hoops.









  • Your btrfs snapshots are possibly counted separately by all the regular tools. They simply go into every directory they can find and add up the size of the files they see. They do not care if they are looking at an identical snapshot of the folder next to them, they simply add it all up.

    Use sudo btrfs filesystem show (and maybe add a path behind it, I am not sure). That will give you the true usage.






  • I’ve always been on android, so take this with a grain of salt. In my opinion Samsung phones have come a very long way. They used to be slower and bloated in comparison to other brands, especially while the market was still moving fast. I used to have a Sony, a ZTE, a Motorola, an Umi and a Jiayu - I tried quite a few over the years.

    The recent generation are all fast enough and performance wise last 4+ years before they get noticably slow and an upgrade becomes necessary. Software support on Samsung is now phenomenal. I had so many bugs and hitches on other vendors’ phones and they were rarely fixed - the absolute opposite has been the experience on my Samsungs. Updates are frequent, smooth and stable.

    I know this reads like an ad, but I was honestly positively suprised after I bought a Samsung tablet a few years back and have slowly switched over to Samsung devices. The same happened with all other members of my family. Samsung simply won.

    I suppose the iPhone is very similar in that regard, both simply work and are great for everyday use. It’s almost boring!

    I do advice you to look at the upper end though, they simply have more performance reserves. If you are a display menace and battery destroyer though, you won’t notice any significant slow down from the cheaper range in the 2 to 3 years you have before it becomes uneconomical to repair the device anyways.