• 5 Posts
  • 33 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle

  • I have heard of several cloud screw-ups as well, leading to charges of several thousands.

    On one side this can happen if you experiment something outside of the free machine(s), on the other side you have all the reporting and notification tools to avoid surprises.

    Nonetheless, I still see your point, reason why I prefer to use an almost dry revolut prepaid for all the cloud accounts instead of my main credit card.






  • aesir@lemmy.worldtoSelfhosted@lemmy.worldHow do you use Tailscale?
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Relays have become a pro feature in the last release. I tested them on netmaker.io SaaS version and they work but it defeats the purpose of selfhosting my VPN manager. You also need to have a good relay, for instance among GCP, Azure, Oracle and Vultr only the latter works because their VPS are not behind a NAT.

    Netbird first of all is extremely resource hungry. In some occurrences completely hanged a 1 GB RAM VPS when I was testing. Even without trashing I had issues connecting many of my peers. It has to be said that it was surely my fault in some ways as netbird.io SaaS worked fine.


  • Tailscale just works, I recently tried netbird and netmaker. I did not manage much with the first but netmaker instead seemed even easier to manage than tailscale, being faster at the same time. Unfortunately it failed with peers behin my corporate NATwhich tailscale can bypass with its own relays. But for others it can work very well.


  • Hi, to check attacks you should look at the logs. In this case auth.log. Being attacked on port 22 is not surprising neither really troublesome if you connect via key pair.

    My graph was showing egress traffic, on any kind of server the traffic due to these attacks would have been invisible but on a backup server which has (hopefully) only ingress you can clearly see the volume of connections from attackers from bytes teansmitted



  • I disagree, you’ll have your backups, so even if everything breaks you will have a failsafe. If you get compromised it’s still not an issue: Everything server side is encrypted, the safety is in the clients and your master password length.

    So, I see no particular differences with other services. Considering I hear of some issues with bitwarden servers that are constantly under attack, selfhosting could even increase the availability.





  • In all the cases for me is sufficient to backup the folder which host the volume for persistent data of each container. I typically do not care to stop and reload containers but nothing prevents you to do so in the backup script. Indeed if a database is concerned the best way is to create a dump and backup that one file. Considering tools, Borg and restic are both great. I am moving progressively from Borg to restic+rclone to exploit free cloud services.