• 3 Posts
  • 124 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle

  • douglasg14b@lemmy.worldtoSelfhosted@lemmy.worldMozilla grants Ente $100k
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    1 month ago

    The issue here is that these are solvable problems, release compat isn’t a new problem. It’s just a problem that takes dedicated effort to solve for, just like any other feature.

    This is something FOSS apps tend to lack simply due to the nature of how contributions tend to work for free software. Which is an unfortunate reality, but a reality none the less.


  • douglasg14b@lemmy.worldtoSelfhosted@lemmy.worldMozilla grants Ente $100k
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    3
    ·
    1 month ago

    People really underestimate the value of stability and predictability.

    There are some amazing FOSS projects out there ran by folks who don’t give a crap about stability or the art of user experience. It holds them back, and unfortunately helps drive a fragmented ecosystem where we get 2,3,5 major projects all trying to do the same thing.


  • Because the majority of my traffic and services are internal with internal DNS? And I want valid HTTPS certs for them, without exposing my IP in the DNS for those A records.

    If I don’t care about leaking my IP in my a records then this is pretty easy. However I don’t want to do this for various reasons. One of those being that I engage in security related activities and have no desire to put myself at risk by leaking.

    Even services that I exposed to the internet I still don’t want to have my local network traffic go to the internet and back when there is no need for that. SSL termination at my own internal proxy solves that problem.

    I now have this working by using the cloudflare DNS ACME challenge. Those services which I exposed to the internet cloudflare is providing https termination for, cloudflare is then communicating with my proxy which also provides https termination. My internal communication with those services is terminated at my proxy.



  • I stated in the OP that cloudflair HTTPS is off :/

    I’m not using cloudflare for the certificate. I also can’t use the cloud for certificate anyways for internal services through a loopback.

    Similarly you can have SSL termination at multiple layers. That’s works I have services that proxy through multiple SSL terminations. The issue that I’m having is that the ACME challenge seems to be having issues, these issues are documented and explained in various GitHub threads, however the set of solutions are seemingly different and convoluted for different environments.

    This is why I’m asking this question here after having done a reasonable amount of research and trial and error.


  • I am doing SSL termination at the handoff which is the caddy proxy. My internal servers have their SSL terminated at caddy, my traffic does not go to the internet… It loops back from my router to my internal Network.

    However DNS still needs to have subdomains in order to get those certificates, this cloudflair DNS. I do not want my IP to be associated with the subdomains, thus exposing it, therefore cloudflair proxy.

    You’re seeing the errors because the proxy backend is being told to speak HTTPS with Caddy, and it doesn’t work like that.

    You can have SSL termination at multiple points. Cloudflare can do SSL termination and Cloudflair can also connect to your proxy which also has SSL termination. This is allowed, this works, I have services that do this already. You can have SSL termination at every hop if you want, with different certificates.

    That said, I have cloudflair SSL off, as stated in the OP. Cloudflare is not providing a cert, nor is it trying to communicate with my proxy via HTTPS.

    Contrary to your statement about this not working that way, cloudflair has no issues proxying to my proxy where I already have valid certs. Or even self signed ones, or even no certs. The only thing that doesn’t work is the ACME challenge…


    Edit: I have now solved this by using Cloudflair DNS ACME challenge. Cloudflair SSL turned back on. Everything works as expected now, I can have external clients terminate SSL at cloudflair, cloudflair communicate with my proxy through HTTPS, and have internal clients terminate SSL at caddy.











  • douglasg14b@lemmy.worldOPtoAutism@lemmy.worldHow to "unmask"?
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    3 months ago

    This had me thinking a lot about it… Damn.

    I grew up having to mask within my family who were, and still are, strict traditionalists. Extremely formal, I learned to “hide” myself probably before I was even 10.

    I started to express more in my teens in school, but relentless bullying taught me how to mask better. And home was a strict and unforgiving environment alongside.

    I’m only starting to discover the trauma I’ve been causing myself over the last 25+ years.

    I can’t even express myself freely, in a room by myself, I feel self conscious and a need to “control” myself to fit norms even when I’m the only one in the bloody room. “But what if someone sees me?!?”

    Gah, what a mess.






  • That’s a great take.

    It just feels like some people just by default are standoffish and hesitant till they actually meet you. Then they’re buddy-bud.


    The scene is fuckin hard:

    • 1/10 have the (broad) personality types I’m attracted to
    • Of those 4/5 don’t actually follow through to the point of actually meeting
    • Of those maybe 1/3rd share enough of an interests and world-view overlap to strike up good, flowing, conversation. Someone to build a solid friendship with.

    So you’re talking 1/125 actual people (Just to get to the starting line), 125 people that required effort to chat with, get to know their personality, showed interest in, and generally had some level of investment in to build a friendship.

    And honestly, I’m not even picky, I’m not mentioning body type here, I didn’t even mention gender. Primarily I want a strong intellectual attraction, something you can often even sus out over chat.

    It’s a crap shoot, stumbling upon the right kind of person seems easy in theory. But it’s incredibly difficult in practice as I’m finding out. Statistically there is an insane, incredibly high, number of people out there that match up well for each of us. However actually finding them is a seemingly insurmountable task, with countless barriers in the way.


    All that said. I agree with your take but also I think that some of the people who end up ghosting are not necessarily bad people they’ve just been similarly influenced by “the game”, and are probably similarly burnt out.