The Tunnel daemon creates an encrypted tunnel between your origin web server and Cloudflare’s nearest data center, all without opening any public inbound ports.
The Tunnel daemon creates an encrypted tunnel between your origin web server and Cloudflare’s nearest data center, all without opening any public inbound ports.
The good news is that in order to exploit the new vulnerability, the attacker first has to obtain kernel level access to the system somehow - by exploiting some other vulnerabilities perhaps.
The bad news is once Sinkclose attack is performed, it can be hard to detect and mitigate: it can even survive an OS reinstall.
Cloudflare tunnel is an option, you can even scrap your own nginx
Unless you’ve used something secure for formatting or wrote data to the SD after, consider attempting data recovery.
Speaking of Cloudflare, if you’re okay with not self hosting, then there’s Cloudflare Pages which is good for hosting static websites.
I’m running Arch on my RPI 4b+ and quite happy with it.
The installation was pretty simple IIRC - I did run into some issue with uboot which was easily solved by searching for the error on the internet.
Arch Linux ARM ships with a mainline aarch64 kernel and uboot by default, but if you are interested in running the RPI kernel and their boot loader, there’s a custom pacman repo and instruction on the forums: https://archlinuxarm.org/forum/viewtopic.php?t=16144
All in all I don’t think arch needs that much maintenance on a non-critical home server - just make sure to check for config updates every now and then and reboot after kernel upgrades.
A spreadsheet