I can and do self host, but I’m not willing to provide these services for free. I don’t want to be responsible for other peoples passwords or family photos.
Thats where good, privacy-respecting services come into play. Instead of hosting for my neighbours, I would recommend mailbox.org, bitwarden, ente or a hosted nextcloud.
The blog post contains an interesting tineline. Apparently, the first fix was not sufficient. So if you have updated Vaultwaren before November 18, update it again.
Copy of the timeline:
My HP has a 65 watt CPU built in, when it’s running at full load it is quite loud.
Small, 10 inch rack, with some 3D printed rack mounts.
Maybe try some TLS-based VPN? This should work almost anywhere, because it looks like a standard HTTPS connection.
Wireguard - even on port 443 - is special as it uses UDP protocol and not the more widely used TCP protocol.
I like it :) Can you provide a link to the sensors you used?
You‘re supposed to host this yourself.
Set the DNS cache time to 60 seconds.
Set the script to run on every host delayed by some time to avoid simultaneously accessing the API (e.g. run the script every other minute).
With this approach, you get automatic failover in at most 3 minutes.
I’d host it on both webservers. The script sets the A record to all the servers that are online. Obviously, the script als has to check it’s own service.
It seems a little hacky though, for a business use case I would use another approach.
OP said that they have a static website, this eliminates the need for session sync.
Your challenge is that you need a loadbalancer. By hosting the loadbalancer yourself (e.g. on a VPS), you could also host your websites directly there…
My approach would be DNS-based. You can have multiple DNS A records, and the client picks one of them. With a little script you could remove one of the A Records of that server goes down. This way, you wouldn’t need a central hardware.
For a start, try hosting something in your own home. A raspberry or an older PC or laptop should be enough.
My first projects were a print server (so I can print via wifi) and a file server. Try to find something that is useful for you.
Only start hosting on the internet when you’ve learned the basics and have more experience.
I agree, but I understood this question in the context of a homelab.
And for me, a homelab is not the right place for a public website, for the reasons I mentioned.
No, with these reasons:
I have a VPS for these tasks, and I host a few sites for friends amd family.
You’re right, Google released their vision in 2023, here is what it says regarding lifespan:
a reduction of TLS server authentication subscriber certificate maximum validity from 398 days to 90 days. Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to transition the ecosystem to quantum-resistant algorithms quickly. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Additionally, shorter-lived certificates will decrease the impact of unexpected Certificate Transparency Log disqualifications.
Sorry, I understood you wrong. You’re right!
Nothing of value was lost when EV certificates disappeared.
even more secure with the 90 days policy.
Yes, if you do this manually it will work.
There is no way to be 100% sure, but: