30-something grey wolf therian and furry. Admin of yiffit.net lemmy instance and packmates.org mastodon instance.

  • 3 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 7th, 2023

help-circle
  • I’d say to start with CF tunnels unless you need non-web based applications. Cloudflare tunnels require you to have a domain, though.

    It has the added benefit that you have network monitoring, logging and some filtering for security that they do on top and you get to manage everything from their web interface.

    be warned that the first time can be a bit confusing, but since it’s done using their web interface it’s easier than if you have a problem making wireguard work.

    1. Create a tunnel with a public hostname that will be the url to access that service. During the creation of the hostname specify you want it protected by L7 application firewall.
    2. Create a new self-hosted application in cloudflare application section and for starters use the default login email and in rules specify the list of emails that are allowed to login

    you should now be able to access your application from anywhere.

    Alternatively, if you have a DNS server in your home network you can add a private IP range to your tunnel. Let’s say 192.168.0.0/24. Then when you connect with their pseudo-VPN (cloudflare warp or cloudflare ONE) you can directly use your home network’s ip address from that device. If you tell your device to use a local DNS server that resolves your internal services, you’ll be able to connect to them that way.



  • Install proxmox on a computer with plenty of RAM and CPU and you’ll be able to create VMs which you can give out or rent out to anyone.

    In regards to access, ipv4 is not a good idea. Especially not residential IP addresses., You should get ipv6 addresses maybe from a tunnelbroker. But anyways, first you need the server with the hypervisor (which is what you’re looking for) and then you can slowly run tests, learn and eventually figure out networking.

    Btw, it might be cheaper to simply rent a server, which would solve the issue of ip addresses. OVH has cheap servers and a proxmox install wizard.

    Just please don’t use it for anything sensitive until you can find someone to give a quick check up in regards to security to make sure you haven’t missed anything. Unlike a regular PC, this one is expected to receive inbound connections which has its risks.

    But don’t worry about that too much now. Find an old computer or rent a server, install proxmox and start testing, playing around and learning.

    Edit: chatgpt is good when wanting to learn this stuff. Especially gpt-4, but even gpt-3.5 will do. Just don’t trust it blindly as it still messes up about 20% of the time. But it’s often better than googling for tutorials since you can’t often find what you’re looking for.

    Edit2: the setup I propose will allow you to divide a regular computer into 100s of virtual ones limited only by the total RAM, disk and CPU. If you only want a web server on dedicated hardware get a raspberry pi, because my proposal would be overkill. But it’s the closest to “being your own cloud provider”.
















  • Hello again! I just completed object storage migration. Here’s what I learned if you want to do it with an instance that’s already setup:

    1. Download the binary file for pict-rs from the project’s git repository.
    2. Stop the pict-rs container.
    3. Perform the migration as indicated in the pict-rs documentation. If it hangs at some point due to a missing file, re-run with --skip-missing-files.
    4. Verify that files have been migrated to object storage.
    5. Change docker-compose settings.
    6. And here the most important part… changes won’t be applied unless you run docker-compose up -d. Simply running docker-compose restart will NOT apply the new config. This might be obvious for docker users but I didn’t know about it and had to rollback the first time because it wouldn’t fetch images from object storage while they had already been migrated there.




  • The best way is to have a small server with wireguard installed, which is a VPN. This runs on virtually anything, including a raspberry pi or even a router with open-wrt.

    Anyways, your wireguard server will only accept connections from devices that have its certificate (secure passwordless authentication).

    Once you’re connected to that VPN, it’s effectively as being in your home network.

    You might want to Google for guides on how to setup wireguard on a raspberry pi. Even if you don’t have a PI you’ll surely find the tutorial you need.