um… did my bio get deleted?

  • 0 Posts
  • 50 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle
  • Used “1-liter” business PCs which come with a modest amount of RAM+storage (assuming you’re likely to replace/upgrade after buying anyway) and an 8th gen Intel CPU should run between ehhh like $125 to $250 depending on which model CPU, how much RAM etc. Totally worth it IMO, I use one with an i5-8500T as a Proxmox host for my web services and so far I’m quite happy with it. Snagged a deal on it a couple months ago, $110, shipped with 8GB RAM and a 256GB SSD which I immediately replaced.



  • The one advantage of using megacorp “1-liter” business PCs from Dell/HP/Lenovo over brands like Minisforum is that parts commonality / availability is likely to be a lot better for the big brand boxes.

    This will make little or no difference to a lot of people of course :) in my case it’s a big factor because I’m trying to do everything on a shoestring budget and I want the hardware to be physically small but still as repairable/upgradable as possible, and to last as long as possible. So I ended up going with used 1L PCs even though you get a bit less CPU capability per dollar spent, as right now these PCs are the smallest platform that I know of that tends to be upgradable (no soldered RAM etc) and have lots of parts available.






  • For a long time I did 1 hot copy (e.g. on my laptop), 1 LAN/homelab copy (e.g. Syncthing on a VM), and 1 cloud copy … less a backup scheme than a redundancy scheme, albeit with file versioning turned on on the homelab copy so I could be protected from oopsies.

    I’m finally teaching myself duplicity in order to set up a backup system for a webdev business I’m working on … it ain’t bad.


  • I use NoMachine, but that’s in a Linux-to-Linux environment.

    Did a test last weekend sitting in a department store parking lot on the store’s public wifi, wifi bitrate about 50Mbps both ways, 50ms between me and my homelab … very very usable experience with quality set at 6/10.



  • I consider selfhosting to be both. VPS or homelab. The latter has more ‘cred’ but is also a much bigger investment and not everyone can do it. Granted I’m living in a difficult environment but as somebody using Linux since 1994 it took me 3 years to recently get a homelab to where I could credibly serve the wider internet from it, and I still use a VPS as reverse proxy anyway! Meanwhile, offloading your physical plant to a mom-n-pop platform-as-a-service provider isn’t the worst thing in the world. Some operators started out selfhosting and grew their little VPS provider from that, those guys need business too!





  • Personally I’d go for as big a UPS as I could afford, but I serve some public-facing stuff from my homelab and I live in an area with outdated infrastructure and occasional ice storms. I currently have a small UPS and have been too tired/overwhelmed to set up automated shutdown yet. It’s not too hard though, I’ve done it before. And even without that in place, my small UPS has kept things going thru a bunch of <10 minute outages.



  • There isn’t a guide yet that I’ve found. I slowly & painfully assembled all the info and beat my head against the task until I had something working & stable.

    I’m currently building a comprehensive one, but due to circumstances beyond my control, it’s taking forever.

    I think civilization just hasn’t gotten there yet, but I suspect I’m not the only one working on this, so I bet the reverse proxy tunnel HOWTO situation will be way better in a year or two…

    FWIW I use nginx on the front end, and rathole for my tunnels - the latter is a very straightforward way to set up the tunnels.


  • Currently I have a bastion host running a hardened distro, which establishes a reverse proxy tunnel to its ssh port via my $4/mo VPS using rathole, an excellent reverse proxy utility I switched to from frp.

    I also maintain a Tor hidden service pointed at the bastion host’s ssh port and another on a different internal host. These are so that I can still get in if the bastion host, my VPS, or certain aspects of networking are down for some reason.

    Eventually I will implement port knocking / single packet authorization by deploying fwknop on some or all of these services to further enhance security.