Neo4j might with
Neo4j might with
Doubt. You probably need to set the file owners in your volume to the same user running in the container.
Pass can’t do this.
It’s a cli tool, so you can call it within another call using dollar sign syntax
terraform apply --var "myvalue=$(pass path/to/value)"
I’m using pass at home, but I’ve used hashicorp vault at a few jobs with great success.
IBM just forked it to openBao as well to get around the business license, if that’s a concern for your. But honestly I’d trust hashicorp more than IBM at this point.
You can try putting it on pretty 443 or another tls port. It’s not a perfect solution but it could help for your specific setup.
Wireguard is e2e encrypted, no middleman can inspect the packets without the private keys.
You could always add them to the allow list so they don’t get blocked.
All software ads exploits. Antivirus software mitigates already exploited systems.
And yes, some antivirus programs are infamous for being difficult to work with, but also remember that any vector that allows a user to easily override antivirus features can also be done by malicious software.
Moving the port doesn’t reduce attack surface. It’s the same amount of surface.
Tailscale is a bit controversial because it requires a 3rd party to validate connections, a 3rd party that is a large target for threat actors, and is reliant on profitability to stay online.
I would recommend a client VPN like wireguard, or SSH being validated using signed keys against a certificate authority your control, with fail2ban.
This is not true and bad security practice.
There are exploits that can be installed without a mistake made on the users part, the user can make a mistake, and almost every user downloads and open files regularly.
Windows is less secure than the other options, but the other options are not impenetrable. The biggest botnets are made of Linux IoT devices, and nobody opened the wrong email on they’re thermostat…
What a virus scanner will do is check your filesystem and possibly program memory for known footprints. A tool like this can save you from becoming a node on a botnet or being crypto locked. More importantly, if you work from home it can save your company from this issue as well!
Sounds like you were out of resources. That is the goal of a DoS attack, but you’d need connection logs to detect if that was the case.
DDoS attacks are very tricky to defend. (Source: I work in DDoS defence). There’s two sections to defense, detection and mitigation.
Detection is very easy, just look at packets. A very common DDoS attack uses UDP services to amplify your request to a bigger response, but then spoof your src ip to the target. So large amounts of traffic is likely an attack, out of band udp traffic is likely an attack. And large amount of inband traffic could be an attack.
Mitigation is trickier. You need something that can handle a massive amount of packet inspection and black holing. That’s done serious hardware. A script kiddie can buy a 20Gbe/1mpps attack with their moms credit card very easily.
Your defence options are a little limited. If your cloud provider has WAF, use it. You may be able to get rules that block common botnets. Cloudflare is another decent option, they’ll man in the middle your services, and run detection and mitigation on all traffic. They also have a decent WAF.
Best of luck!
What you’re looking for is an HRM. try these options: https://github.com/awesome-selfhosted/awesome-selfhosted#human-resources-management-hrm
Your host sets it’s own DNS servers, if the router isn’t on the list, they don’t get pinged. Now they could try to man in the middle you, so you could try DNS over TLS, but it’s probably not your issue.
You’re DNS server settings likely never took hold. Like if you use a DHCP client, then override your DNS settings, that won’t take effect until you request a new DHCP connection.
Some Linux distros will have local DNS servers that you always point to which are a pain to update as well. Not sure about Windows and MAC.
good luck man!
Try changing your DNS server in that case!
I would migrate the domain. Don’t bother with flakey services. Cloudflare free tier can do some amazing things.
In the meantime set it in your host file to the correct IP to get by.
I migrated from Plex to jellyfin.
I tried it out when I couldn’t get HEVC files to steam on Plex, and i liked it!
It doesn’t have the full ecosystem around it that Plex does, but that’s fine by me.
The only selfhosted github I know about is github enterprise.
If you just want to host git repos, gitea, and gitlab are good. You don’t need that to host git though, git is peer based and doesn’t require a fancy dashboard to work.
The suggestions here are good for production. Over used aws secret manager and hashicorp vault before and both did everything we needed.
I find they’re too much firepower for selfhosted, and prefer pass
Simple commandline tool, backed by a gpg encrypted git repo. Perfect for small use cases!
Pfsense is built on this, but it has some free software issues.
OpnSense was a pfsense fork from some of them original creators, that is free software.
Both are fantastic.