I definitely recommend it, particularly using docker compose. It’s made it incredibly easy to add, remove, and modify software installs; keeping everything independent and isolated from each other.

This also makes backups and rolling back updates to individual projects much easier when you do run into problems.

Hmm, I wonder if the failed updates are only direct installs vs docker.

I run two piholes, a primary on a rpi 3b running pios, and a secondary on my main server. Both are installed via docker and both updated without issue (besides the password thing).

I like having the primary DNS on a separate machine; it’s kind of important and I like to mess with the main server a lot…

Interesting; I’ll definitely have to keep that in mind. Much cheaper than getting basically a whole new set of hdds at almost $30/tb (new nas-grade drives, not referbs).

Thanks!

What hardware are you using to read/write tape, and what does that cost you?

I’ve got around 30tb that I need to shift off of a Drobo at some point so I can repurpose the drives into a proper RAID setup that isn’t a closed source black-box from a dead company (that was a poor choice, 6 years ago 🙁). Keeping an eye out for solutions for when I get around to fixing that mess.

I wonder why so many people had issues with the v6 pihole update.

I pulled the new docker container and it ran overtop the previous version just fine. The only issue I had was I had the admin password set to empty via an env variable and that variable name changed. Took like 10 min to find and fix. The rest migrated perfectly.

Now I’m just waiting on orbital-sync to add v6 support, but that’s just around the corner and not that critical.

95% of things I just don’t expose to the net; so I don’t worry about them.

Most of what I do expose doesn’t really have access to any sensitive info; at most an attacker could delete some replaceable media. Big whoop.

The only thing I expose that has the potential for massive damage is OpenVPN, and there’s enough of a community and money invested in that protocol/project that I trust issues will be found and fixed promptly.

Overall I have very little available to attack, and a pretty low public presence. I don’t really host any services for public use, so there’s very little reason to even find my domain/ip, let alone attack it.

Looking at openspeedtests github page, this immediately sticks out to me:

Warning! If you run it behind a Reverse Proxy, you should increase the post-body content length to 35 megabytes.

Follow our NGINX config

/edit;

Decided to spin up this container and play with it a bit myself.

I just used my standard nginx proxy config which enables websockets and https, but I didn’t explicitly set the max_body_size like their example does. I don’t really notice a difference in speed, switching between the proxy and a direct connection.

So, That may be a bit of a red herring.

Certainly; the hard part is getting high quality captures from high quality sources.

Some people are happy to watch CAM-rips, others won’t settle for less than full quality blu-rays.

On your update:

Ah, Linux. Forgot about that variable. Interesting to see you didn’t have to mess with it much, that used to be a hassle though doable.

Linux gives you a bit more freedom to get around these blocks; so to counter this Netflix and many other streaming providers limit the resolution and bitrate available to Linux clients. Often they won’t serve better than 720p to any linix client if I remember right, even with you paying the premium for 4k content.

Some people may be fine with that, others not so much. Louis Rossman made quite a fuss about that a while back.

There’s TONS of that available…

TPB, YourBittorrent, Limetorrents, Badasstorrents.

Those are just the free torrent trackers I use as backups that all return results for that show.

I’m sure you can find more. Take a look at the pile of free trackers available in prowlarr or jackett.

There’s even more on Usenet (my primary source).

You might have more luck with an AMD card, but Nvidia works closely with these DRM companies. It’s baked into the graphics drivers that you can only get from Nvidia. Doesn’t matter what recording software you use, they ALL have to go through the graphics drivers which will not release the video stream to them.

Without cracked drivers; you’re SOL going down that route.

DRM prevents that. Your graphics drivers will refuse to release the video info to the screen capture software leaving you with an empty black rectangle in the video. Otherwise a lot more people would do this.

You might be able to use either a capture card to grab the actual video signal being output by the machine; or a VM with the capture software running outside it on the host. I’ve never tried the latter, but I’m told it works.

While I haven’t tried this myself; I’ve been told streaming to a web browser that’s running in a VM will let you screen record the VM from the host machine.

If you try to just screen record the browser directly with screen cap software; the DRM + graphics drivers will prevent the recording from seeing the video, it’ll just show as an empty black rectangle. Supposedly this doesn’t work against a VM displayed to its host though.

Should check which ports.

Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)

I only really want 443 for simplicity, everything else can be random ports.

Public IPV4 here. It’s not static, but very rarely rotates. DDNS ftw.

Telus Residential in Canada.

DoH on the lan between devices is completely pointless; I’m talking about DoH between the lan and external dns which unbound does NOT do.

Honestly; pretty clever for a teen. Well done.

This part always confuses me, so I won’t be able to give specifics; just a general direction. Most guides explain how to route traffic from a vpn client to the lan of the vpn host. You need to route traffic from the vpn host/lan to a client of the vpn.

You need to change the routing table on the VPS, adding a static route to route traffic heading for your VPNs subnet to the VPN host instead of out the default gateway.

How exactly to do that I’ll have to leave to someone else unfortunately. Network config confuses the hell out of me.

I prefer cloudflared myself.

While unbound requests its answers from the authoritative servers for each domain; it does so using regular DNS queries, so it’s susceptible to monitoring and modification like any other DNS request. While adding latency by extending that request to several servers, instead of a single trusted provider.

That doesn’t really seem beneficial to me. I’d rather use DOH.

Many people advocate for Cloudflared as a tunneling solution, but it’s not a one-size-fits-all tool. Personally, I avoid it. Your VPS already functions as a firewall for your connection. Using Tailscale is also self-host and avoids reliance on third-party services like Cloudflare while maintaining security and the same functionality.

OPs not using cloudflareds tunneling or services at all; in this application, it’s purely a local tool for translating regular DNS to DOH using the chosen DOH provider. Mullvad in this case.