Elvith Ma'for

I thought the easy way were “A Pussy So Tight No Dick Penetrates”?

Can I interest you in the blog Buried Treasure? The author reviews small and unknown indie games an there are a lot of pearls to be found

Let’s just say „every unmarked block, but one“?

If we count diverse electronic trinkets (ESPs, Raspberry Pis, breadboards, LEDs,….) as crafting supplies, then yes that’d work perfectly

Bold of you to assume I thought of having something to take notes on handy when I need to take notes…

No, that’s just another hypothetical app that you’re using a reverse proxy for. I just included it to show how you can also set settings for a single subdomain/reverse proxy entry that isn’t used globally on all domains that get served. I used a hypothetical REST API that needs a CORS Header that other apps don’t need (or maybe serve themselves).

admin off disables Caddy’s admin interface (which shouldn’t be public and if you’re using config files this usually isn’t needed. So just a bit of gardening)

servers sets some general server options.

and then I just inserted several blocks that each define a reverse proxy to a different app / backend to show that you can just dump them all in a single Caddyfile. And the last example to show that you can set specific settings only for a specific subdomain instead of globally. As I set headers mostly used by REST APIs, I just called that api.example.com instead of app3.example.com.

If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.

But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)

Something like this should work:

admin off 

servers {
		client_ip_headers X-Forwarded-For X-Real-IP
}

app.example.com {
    reverse_proxy 127.0.0.1:8080
}

app2.example.com {
    reverse_proxy 127.0.0.1:8081
}

api.example.com {
    reverse_proxy 127.0.0.1:8082
    header {
        Access-Control-Allow-Methods "GET, OPTIONS"
        Access-Control-Allow-Origin "*"
    }
}

Go ahead and give them your Social Security number, and see what happens.

“Socially I’m rated 3/10, but for security I’m an 8/10. Now that I’m replying to this, I think my security score just dropped a bit, though.”

Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)

It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.

I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 your registrar to find some documentation.

Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.

In this case, she just wanted to make sure that everything is off and without current before the vacation and since I told her to not trip that one breaker, she unplugged some seemingly unrelated cables and just unplugged the wrong one

My wife: accidentially unplugs homeservers (with PiHole running)

Also my wife: the internet is down?!

PC / General:

• Nextcloud with Collabora Office CODE Server for Filesync and Online editing. I also setup STUN and TURN for Nextcloud Talk, which I use to groupcall friends for virtual board game nights. And I use Deck as a Kanban-Board.
• Bitwarden/Vaultwarden - I do not need to say more, I think.
• Firefox + uBlock Origin. This combo also works on mobile, so… Good Bye ads!
• Thunderbird. Also available on Android. Though Thunderbird Mobile is the same as K9 Mail, but reskinned IIRC.
• PiHole (at least in my home network). Same as above, but also (somewhat) blocks ads in proprietary apps/devices. Even works on the ad supported tier of streaming services to at least reduce ads.
• SearXNG - Meta search engine, that you can self host. There are public instances, but if you want full control over the available feature set/ available search engines, etc. just host it yourself.
• I host a private instance of an unofficial open source web app of the board game Terraforming Mars, as one person in our game group has incompatible hardware for the official implementation. One of the options for the mentioned virtual board game nights.
• Jellyfin. My BluRay Player died. I had most of my library ripped anyways, so… I finally got around to set it up.

On Android:

• DAVx5 and ICSx5 to Sync contacts and calendar with my Nextcloud.
• Etar Calendar. It’s a simple calendar. Just a simple “no bullshit” app. I like it.
• Firefox/uBlock Origin/K9 Mail
• Signal/Threema/SchildiChat(Matrix) - secure messengers
• OSMAnd/Street complete/Organic Maps - all three are Open Street Map apps. OSMAnd is the killer-app that does everything. Organic Map for a more streamlined experience. Street complete, to quickly contribute to OSM by doing “quests” (= answer questions) in your surroundings to fill in incomplete data. (Street names, types of streets, house numbers, opening times, is X still here?,…)
• Shattered Pixel Dungeon. Roguelike Dungeon Crawler, high quality. Looks easy, but hard to master.
• Lichess - Chess app/plattform.
• Öffi - Germany centered, but also somewhat usable in other places. Open Source public transit app, with many integrations of local and national networks. The developer has had some problems with Google and their app review process (IIRC regarding donation instructions?), so better to get it from FDroid, where updates are not blocked by some company policy…

Hey everyone has a learning opportunity. Some even have a separate production system!

Client: “Hey can we have feature X?”

You (internally): I already implemented that last year for you…

You: “Sure!” makes button more obvious, bills 15h of work

Remember “After Dark”?

To escape this trap, you only need to press and hold the button on the left side on the room until the first light turns green and then go to the right side of the room and repeat the same procedure on the second button. If you get distracted at any point in the task, you’re dead.

Me: fuck.

The code screenshot is pretty nice though. Actual grammar in there, full sentences that “Goethe would be proud of”.

The syntax and all these Wenn reminds me of Cucumber/Gherkin

“we got a ransomware infection” vs. “Our data encryption got an upgrade”

IIRC the screenshot in the tweet is from a shitpost in reddits r/badUIbattles