Added an AAAA record to pihole:
ombi.mydomain.example 0000:0000::0000:0000
Now nslookup returns the correct ipv4 address, and ‘::’ as the ipv6.
We’ll see if that works.
🇨🇦
Added an AAAA record to pihole:
ombi.mydomain.example 0000:0000::0000:0000
Now nslookup returns the correct ipv4 address, and ‘::’ as the ipv6.
We’ll see if that works.
Crap, looks like that’s exactly what it is.
Now how to fix that…
I do have external acces to Ombi via cloudflare; but the device I’m seeing this problem on is permanently connected to a VPN hosted from the same server machine as ombi/nginx with ‘block all connections without VPN’ enabled. And this testing has been done from within the same LAN.
It should never see/reach cloudflare for this service.
/edit; I’ve also disabled ‘use secure DNS’ in chrome. I host a local DNS within that lan/vpn network.
You’ve done enough, keeping it behind your routers firewall.
You could block LAN access and require a VPN connection to that specific machine if you really wanted more, but I’m not that concerned about it.
Yup. Point is; if you’re not depending on just its login page to keep it secure, there’s not a whole lot needing ‘security patches’, so I wouldn’t be all that concerned about slow updates. As long as it remains bug free, I’m happy.
And security patches
Something with the power of dockge should be behind a seprate form of authentication imo.
I only access it via VPN, it’s not exposed to WAN.
I tend to just use FolderSync myself. To avoid battery issues, I have a schedule for most folders; but my DCIM/Pictures folders sync immediately upon changes. I then have a widget on my homepage that triggers a ‘sync all’. Anytime I need files synced immediately, it’s easy enough to click that button.
If you use usenet, many indexers have a requests section. I’ve had a couple filled at NZBgeek in the past.
I remember doing this with a group of friends at one point. It was late at night, and we wanted to make as much noise as possible; so we were absolutely pounding on people’s doors before running and hiding in their bushes or around the corner. Wherever we could be out of sight, but still see their reaction as they opened the door and raged into the darkness.
One of my friends decided to kick one door, and managed to break the latch literally kicking the front door in… (must have been pretty weak/damaged already, we couldn’t have been more than 13yo at the time) We didn’t manage to hide in time and got chased for like 6 blocks before the guy was too tired to chase us anymore and we lost him.
(I’ll note this was not in America; firearms were not a concern in the slightest)
Having to peal your ass cheeks apart to take a shit seems really unpleasant…
Just this week, I setup Homepage to monitor my server and its various docker containers at a glance, including cpu/ram/network usage and a whole bunch of information pulled from their APIs (such as how many itemes are actively downloading via sonarr+sabnzbd, or how many queries were blocked by pihole today).
That in turn lead me too Glances, both as various widgets in Homepage as well as a stand alone tool.
Note: Homepage doesn’t come with authentication. You’ll have to handle that yourself via a reverse proxy or vpn. Glances has an optional login page you can enable, but I haven’t explored that. I access services like these by connecting to my network through OpenVPN.
Find a problem they are experiencing and introduce them to a solution they can self-host to fix it. Expand from there.
I began my self-hosting journey 7ish years ago with media piracy and a desire to watch/access my files wherever I was. Learned of Plex, then Emby, Reverse Proxies, Domains, SSL, and on and on…
Today I’m running 24+ docker containers and some miscellaneous stuff, across 3 systems; that’s always accessible via my domain/vpn.
what does not work:
- i can not ping server.local (- for testing i have to stop the systemd-resolved.service to run the dnsmasq server, or else there are port collisions, but that should not be the problem i guess. I am happy to hear your solution :))
- i can also not use ssh to log in to server.local, ip address works
Have you added “server.local” as a DNS record in your dnsmasq container, pointing to your servers LAN IP? Sounds like dnsmasq isn’t resolving that name, which would lead to both of these ‘failures’.
Oh damn, I hadn’t noticed. My setup is still functioning just fine.
There is an alternative though: Orbital-Sync
I haven’t actually used it, so I can’t say much about it; but I’ll probably look into replacing gravity-sync with that.
https://docs.pi-hole.net/guides/dns/cloudflared/
I use this to translate DNS to DoH, and use cloudflare, and quad9 upstream.
environment:
- TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query,https://9.9.9.9/dns-query,https://149.112.112.9/dns-query
Haven’t really noticed any DNS based lag.
Why not both?
My primary DNS is pihole on a rpi dedicated to the task; but I run a second instance of pihole via my main docker stack for redundancy. Should one or the other be unavailable, there’s a second one to pick up the slack.
I just provide both DNS IPs to LAN clients via DHCP.
Gravity Sync is a great tool to keep both piholes settings/records/lists in sync.
Same, though I’m using acme.sh and DNS-01. (had to go look at the script that triggers it to remember, lol)
I check the log file my update script writes every few months just to be sure nothings screwy, but I’ve had 0 issues in 7 years of using LE now.
A paid cert isn’t worth it.
I can’t speak for OP; but I’m interested in exploring the entire toolbox, not just ‘the official family’/what the one set of developers make.
Even that’s an incomplete list though, for example:
I’ll look into that next if what I’ve done doesn’t work. (see other comments)