• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: October 21st, 2023

help-circle
  • Which is exceedingly dumb IMHO. Sure it would be a vector, but it’s a vector to something that should be an additional step to username and password. Idk, I use vaultwarden and find myself worrying less about “what if?”. I’m also enabling TOTP far more often now that I can easily add it to my phone and have it sync to other systems.


  • I think the reason is that there’s a preferred method for doing things for each person.

    Like take reverse proxies for instance.

    You can use nginx proxy manager if you’re comfortable with docker but uncomfortable with CLI or text file configs.

    Or you can just use straight nginx.

    Or if you want you can use Caddy, which is what I personally do, because I dig how well Caddy does automatic management of letsencrypt certs. But that means being comfortable grokking how to write a Caddyfile (the config), and how to launch a daemon on some sort of Linux.

    So if you want to take my route you’ve got even more choices, you can run it on a Linux VM, a Linux container, or let docker manage your Linux container. Or you can use someone’s Caddy docker container and config that for yourself.

    Personally I hand configured a Linux LXC container on proxmox and am using that for all the reverse proxying on my proxmox NUC server.

    It’s just so many variables now.

    I remember back in the day you just installed a LAMP server and ran everything with PHP.

    I’m not sure which is better.

    But I’ve got to say, the sheer amount of abstractions and ways to orchestrate a system are mind numbing.

    Like you can do proxmox or truenas or truenas scale or Synology or rancher or bare metal. There are so many things to decide on now.

    And I’ve been running Linux for the past 18 years or so.

    The biggest thing for me is that you should decide on the outset if you want a simple setup, or if you want to play with bleeding edge enterprise stuff.

    One is relatively plug and play and somewhat tends to be less secure.

    The other can be fun for some or job training for others. I find the people who find it fun to be a bit weird, like they are basically LARPing being a system administrator. But it might be just dressing up for the job they want instead of the job they’ve got, or they just like it and that’s fine for them.

    It’s not really for me. I look for simplicity, but also security. Luckily I’m a fan of minimal installs and am happy with operating on a CLI. OpenBSD is a pretty solid base to build on. It makes you think about everything you add and how it’s a possible security hole.

    Anyway, enjoy reading manuals. That’s most of what we do here. Join a forum or two (a real one). Find a supportive community there, ask good questions, contribute good answers. It’s computer karma and by helping others you’re broadening and solidifying your own comfort levels.

    Don’t give opinions as fact. They are opinions.

    This comment is clearly riddled with opinions. YMMV. Good luck with your goals.