0·
13 days agoCloudflare tunnels are cheap(free if it’s just a couple), simple, and really great.
- 0 Posts
- 9 Comments
Joined 4 months ago
Cake day: September 25th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
You’re using something in front of caddy right?
Atleast refuse basic headers and close connections
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server; listen [::]:443 default_server; ssl_certificate certs/server.cert; ssl_certificate_key certs/server.key; server_name _; return 444; #CONNECTION CLOSED WITHOUT RESPONSE }
Ports, any NAT, internal IPs. The first part of an organized attack is getting environment enumeration down. If a bad actor can map your network they can more efficiently direct their attack.
It’s a custom nginx proxy to the kube api. Too long to get into it. I was hired to move this giant cluster that started as a lab and make it production ready.
Thanks for the feedback
Coredns and an nginx reverse proxy are handling DNS, failover, and some other redirect. However it’s not ideal as it’s a custom implementation a previous engineer setup.
We’re thinking of moving to it from a custom coredns and flannel inplementation in a k3s 33 node cluster.
Tangentially what’s your opinion on Traefik?
I literally just got bigger drives for my array last week. So happy I put it off.
Simplest way would be to mount the nfs share natively on the proxmox host and then backup to that file location in storage.
Here’s a good thread on it
https://forum.proxmox.com/threads/how-to-setup-nfs-for-proxmox-backups.20525/
If you’re thinking of encryption you need to think about how that could impact data recovery.