• 0 Posts
  • 18 Comments
Joined 1 年前
cake
Cake day: 2023年6月28日

help-circle




  • the idea is that: all your applications work under the same user. or at least under the same group. because this is exactly how the differentiation of rights is applied.

    A good plan is to create some kind of user in all three containers and run qbittorrent, samba and the third application under it.

    A bad plan is to run everything under a random user with 777 rights, but this is a really bad plan.

    Create a user in all three containers and work under it. That is not hard. Run qbittorent with that user. Config will be there: /home/user/.config . Then set that user for samba. I don’t know third app , but I think you can find how change user in manual.




  • You need to create an MX record in the DNS zone of your domain. Something like:

    @ IN MX 10 my.zome.
    @ IN MX 20 server1.my.zome.
    

    You can create 1 MX record or more. 10 and 20 server priority for input mails.

    Then you need to create an spf record. There are several options here. For example

    @ IN TXT "v=spf1 +a +mx -all"

    allows you to send emails from A domain records, then from MX domain records and prohibits from all other hosts.

    Theoretically, you can only create an SPF record with A but without MX and dont create MX DNS records. Although I have not tried this configuration.

    This is the minimum set after which you will get into spam, but at least the letters will reach.

    You also need to make a PTR record to avoid spam folder, but this is not possible on a dynamic IP.


  • interesting facts about LVM:

    1. You can make a volume snapshot of the system before a major change (for example, an update).

    2. You can enable caching and use HDD together with SSD cache

    3. You can build raid 0,1,5 directly on LVM (you still need modules from mdraid)

    4. Even without a raid, you can expand the partition beyond one disk to another or migrate the partition from disk to disk (without even disabling it)

    However, all this is done from the console and I do not know if there is a GUI.








  • On DNS you need A record if you have ipv4 only or A and AAAA records if you have ipv4 and ipv6.

    You DNS outside you home servers? If you have dynamic IP at home you can’t host DNS on home server.

    You have only 1 IP? You need port forwarding on you home gateway to home servers if you use somerhing like SSH. If you want access to something web based you need proxy. NGINX for example.

    How it exactly work:

    • Somewhere someone write youdomain.com in browser.
    • Browser ask local dns: who is youdomain.com
    • local dns ask another dns, and another and in one iteration request go to you dns. Or maybe some of dns have cached answer. But imagine that not.
    • You dns send answer youdomain.com is 111.222.333.444 for example. That is A record.
    • DNS work stop on that.
    • Browser send request to 111.222.333.444 with HTTP header “Host: youdomain.com” and some path. / or /something maybe.
    • Some balancer should get request and send in to right server in you home network.

    UPD: don’t show to internet something risky interfaces. Proxmox web panel or something like that. This is a real bad idea. For that type of services VPN extremely greatest. Send you DNS to public without protection not a great idea too. Including pihole. I think you will get into some botnet already on the 3rd day of work.