Retro-tech saavy privacy focused Linux r0ckstar

  • 2 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 4th, 2023

help-circle
  • Alright, I wanted to come back now that my setup is complete… special thanks to those of you who suggested nginx-proxy-manager - its very nicely put together and really makes reverse proxies a breeze…

    Long story short, I just created a brand new VM… started with the proxy manager and built on top of that. Next up was my static Hugo website; it was too easy to point change Apache2’s ports.conf to 8097 instead of 80, and use nginx-proxy-manager for the SSL certs… that one was basically plug and play.

    The Bitwarden bit was a bit more involved, but not too bad… at first I just redirected traffic to the original (other machine) Bitwarden VM - but no one wants an extra VM to backup and support… so I went with a fork Docker of bitwarden_rs/vaultmaster - it comes w/ e-mail setup in the container, so one less thing to worry about… I had to swap around some docker-compose.yml ports and just point nginx-proxy-manager at it… this time, tho, I used the SSL certs from the docker; I didn’t wanna dig in and remove what they already had running.

    In the middle I was still fighting with myself and not taking ya’lls good suggestions - I tried to go the Cloudflared route; which is a cool service… but you can’t tunnel root domains unless you’re a paid user. Cloudflared tunnels would be great for exposing the Plex, TrueNAS, etc’s of the world… but I didn’t NEED/want subnets.

    Thanks to the Beehaw community… TechHeart.life is up and running. :P (Don’t worry, the Bitwarden is on a private domain. Phhhbbbbtttt.)


  • Everyone here is awesome for ALL the replies. :P Thank you!!

    I decided to try a Cloudflared tunnel, but that didn’t work out because I can’t get the main domain1.com domain to go thru the tunnel… only ‘apps’, like blog.domain1.com. :P

    And, I’m still ironing out how to pass nginx to another local IP on my network; I just haven’t gotten it to click yet. All the info needed is right here - I promise to come back when I iron out the setup and post how I managed to do it…

    I can figure out how to pass nginx [or apache2, for that matter] to another PORT on the same local IP - I think I have both domains listening on ports 80/443 - and I’ll have to change that in order to route the data correctly… let alone getting out to another local IP.

    Again appreciate all the info - sometimes I just have to learn a bit more since I have all the documents right here. :P



  • LOL… it’ll be easy, I tell ya!

    So I dove in this afternoon, thinking I had all the info I needed to easily get a setup w0rking… I changed my port forwards to the domain2.com machine - the one running apache2 on a webiste; leaving the bitwarden.domain1.com not seeing traffic. Then, I created a new virtual host file on the domain2.com machine;

    cat bitwarden.domain1.com.conf

    <VirtualHost *:80>

        ServerName bitwarden.domain1.com
    
        ProxyPass / http://10.0.0.155/ nocanon
    
        ProxyPassReverse / http://10.0.0.155/
    
        ServerAdmin paulie420@domain1.com
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    

    RewriteEngine on

    RewriteCond %{SERVER_NAME} =bitwarden.domain1.com

    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    </VirtualHost>

    And ran certbot to get https certs - certification would only be on the domain2.com machine; all proxied data would be sent over http, but I figured that was OK as its just me accessing the domain1.com service.

    BUT alas, the setup didn’t work; I have some suspicions… bitwarden is running inside a docker container, so… I dunno if that has something to do with how its listening, and its running nginx; what I thought was that apache2 would simply send all traffic from the bitwarden.domain1.com domain over to my local IP 10.0.0.155 machine and that machine would just pick it up simple pimple and display to the user going to that domain. Another thought - maybe its because Docker/Bitwarden HAS https in that container - ohhhh, thats a thought; however it still didn’t function correctly before I ran certbot on the domain2.com setup.

    UGH… more to come - I’m trying options. :/ Grrrrrr. :P

    PS; posting code in Lemmy doesn’t work so great, does it? I used a backtick but didn’t get the results I’m accustomed to…




  • I’m no pro here, but I think the underlying ‘issue’ is that soon these types of sites will be driven by AI. Mods will just look over the content, but sadly I think the days of mods being the most intelligent person in the room are numbered.

    I don’t trust AI output/answers today, but tomorrow they’re going to be spot-on and answer better than we can. :/

    I think the Inc. [corporations] know the writing on the wall and are just getting everyone ready for the inevitable asap.

    What say you?


  • Theres plenty of replies with options of decent, current NAS setups - so I’ll reply with my 1st NAS instead…

    You could start with a Pi-NAS to save a lot of $$coin$$… start with a Raspberry Pi 4 8GB; it has gigabit ethernet, so it meets that baseline… since you’ll be running over the USB-3 BUS regardless, you can get away with buying cheap USB drives; there are many brands, but Western Digitals are pretty cheap… they go up to like 40GB now a days, but 4TB drives are only $100 or so… I went with two 8TB drives. Its better, IMO, to go with the larger 3.5" versions because they come with external power supplies. I found with the smaller 2.5" drives, the Pi could only power one sucking power over USB…

    I used no RAID, as you have to jump thru a few extra hoops to get RAID setup over drives on the USB-3 bus… backup was done thru my Proxmox PBS server - but we’re not here for the safe backup talk, right?

    All this was running OpenMediaVault, which is a pretty decent NAS software. It has support for all the connection types you want - and believe it or not, I also ran Plex in docker and got decent results; while I wasn’t able to do any transcoding, wireless playback worked quick enough for me - and I could even watch movies remotely…

    I mention this setup b/c a 16TB Pi-NAS can be had for $300, all in… you can see speeds of 100MB/s but I found 40-50MB/s was an average because of WiFi or other bottlenecks.

    Its cool to have options when building a NAS; I’ve since moved my NAS to a Proxmox VM on my Dell Poweredge server, but the Pi-NAS ran without fail for four years…

    • pAULIE42o
    • . . . . . . . . . . .
    • /s