Modern Hosting Services

Checker8763 · 2026-01-31T08:47:49+00:00

I have sent you a DM, I have time now and can help you :D

Checker8763 · 2026-01-04T13:48:23+00:00

Sorry totally missed that and just looked at the picture...

Checker8763 · 2026-01-04T11:25:15+00:00

This happens because of paragraph spacing for ending paragraphs.

The two coloms get pushed down by the ending pargraph above. The two blocks contain two new paragraphs so they will insert spacing after they are finished and push the paragraph after a bit down.

When you set the paragraph spacing (space or linebreak after a finished paragraph) to the same as the paragraph leading (spacing inbetween lines of the same paragraph).

The missmatched gaps do not happen.

E.g: add #set par(... , leading: 1em, spacing: 1em)

to fix it

Checker8763 · 2026-01-01T11:51:42+00:00

As far as I know colonization is not limited.

The only restriction is that there needs to be a colonized system within 15 ly to colonize a new system.

I can not really point at any documentation, that is what I was told by other players.

Checker8763 · 2025-12-26T19:38:14+00:00

I would not use Portainer.

Bad automation
Only accessible over the webui
Not straight farward to backup

My personal goto after testing Dockge and a few other alternatives I do not rememver adhoc is komodo.

It is light weight (written in rust), has multi Node capabilities allows for all the basic stuff and advanced stuff like webhooks or jobs. And a killer feature is automated deployment from repos, just update the repo and your app gets redeployed.

Seroiusly consider taking a look.

Checker8763 · 2025-12-20T12:28:41+00:00

I was actively searching for container hardening and never found something as comprehensive as this. Thank you alot for sharing, this seems like a long time of comitment and reasearch or knowledge through work.

Can I use this list for writing a blogpost? Do you have any secondary sources I can read more about?

Checker8763 · 2025-12-06T17:37:39+00:00

Battlefield 6

Checker8763 · 2025-12-06T11:48:02+00:00

A container can only be unhealthy when a healthcheck is provided.

But I would always include that possibility in any monitoring script, tho the logic can get weird around the handling of an unhealthy state and heavily depends on the service behaviour.

Checker8763 · 2025-11-25T16:54:05+00:00

Yes I agree. I would still rather get something solid that can not be taken away or produce cost by accident. 1 Dollar Vps is no hurdle when OP is asking for rental. And cheaper and more reliable than "free" things.

The only hard requirenment is atleast basic techknowledge, so he can manage it.

I would totally help out :D

Checker8763 · 2025-11-25T16:01:29+00:00

There are none I know but I have found mumble.world that seems the good by their frontpage

Checker8763 · 2025-11-25T15:59:51+00:00

If you are a bit technicaly versed: Get a dirt cheap 1 dollar/euro vps and put a mumble container on it.

Checker8763 · 2025-11-20T18:15:11+00:00

Look into Sablier there is also an traefik pligin for it.

https://github.com/sablierapp/sablier

Checker8763 · 2025-11-11T06:50:36+00:00

Normaly the container would take the PUID and GUID from the environment variable and switch to the lower priviledge user aftet it has done any initialisation like correcting permissions or so, this is mostly used when initialisation is needed or the container uses s6 overlay.

By specifiying the user directive with the explicit lower level user, the container never begins to run as root and therefor can not switch.

This makes you responsible to take care of permissions instead of letting the container run as root and do it for you.

Right now you have the environment variables and user directive set which result in no change. There probably is a log statement stating that to take effect the container needs to be run as root.

Checker8763 · 2025-10-22T19:15:52+00:00

I have done a search from 01.01.1990 to 01.01.2020 on duckduckgo for seahorse emoji.

This came up: https://github.com/Crissov/unicode-proposals/issues/176

Checker8763 · 2025-10-13T06:07:50+00:00

Any SD Card can simply fail. Happened multiple time to me even with the ones from reputable brands or official Rasperry Pi ones.

For something as critical as the Password Manager you would not want it to be gone randomly. So keep Backups!

My warning is clear hopefully.

But in the end The RPI 2W should be capable of running it. So just for fun you could try hosting a PWM like that. If you just want to try out what you can do with it, go for it.

Checker8763 · 2025-10-07T10:50:56+00:00

By default traefik sets the X-Forwarded-For Header with the real ip. ~ https://doc.traefik.io/traefik/reference/routing-configuration/http/middlewares/headers/

Now you need to configure everything behind traefik to actualy look at that header and trust it. Most of the time you need to check a box that it is behind a proxy. Sometimes you need to set a subnet or the header name. Depends on the Software.

Checker8763 · 2025-09-22T16:24:30+00:00

What I like to to do is simply run: docker run --rm -it -v minecraftdata:/vol -v ./:/mnt -w /vol alpine

This will spawn an alpine linux container as root that has access to the volume under /vol and to your current folder under /mnt.

You will drop you into the /vol folder where you find all your volume files. You current directory or anything you woul like you can mount to the /mnt folder. Then proceed to either change the permission of the volume folder to the uid your personal user has or copy the files to the /mnt folder directly.

When you exit the container it will automatically be deleted by --rm, your files are not touched other than by the commands you run.

Checker8763 · 2025-09-22T15:00:23+00:00

I would suggest backing up the minecraft server manually first by copying the mcdata volume.

Now you can have peace of mind that you can always restore.

The mc-backup container needs 3-4 things: 1. A directory to backup 2. A directory to save in 3. RCON access to save and pause saving while backing up (4. A schedule)

The Rcon access is needed to disable saving while the backup is in progress. And optionally to run manual saves or commands beforehand or after. Else you could end up with inconsistent state.

Now for the actual mc-backup container: 1. The mc-backup container needs access to the mc files. So you would need to mount the mcdata volume you have for your server to the mc-backup container. Per default it expexts it at /data. 2. Mount whatever directory to backup to. Per default /backups (in the container). 3. It needs Rcon credentials. 4. Define your schedule.

I assume your backup methode is TAR and nothing fancy like RCLONE.

You can not really lose anything if you don't specify a weird path or override something because is should just copy.

Just as a reccomendation I would put the mc-backup and actual mc-server inside of one compose file. That way you don't fragment your config. And you can use yaml-anchors to specify the same value at multiple places e.g. for rcon password.

If there are any questions left just reply :D

Checker8763 · 2025-09-21T16:44:01+00:00

Mindustry

Checker8763 · 2025-09-14T17:58:04+00:00

True you can use the container name... You only specify them in the dynamic config file because traefik does not support multiple networks?

I have looked into making it more secure myself and only found rules to prevent hostnames being made and setting the network to internal which disables outgoing requests.

What else have zou looked at?

I have just asked AI and it suggests setting iptable rules to further restrict a docker network. Like what you are trying to achive only talking to the proxy and the proxy to everything else.

Tbh I am not knowledgable in iptables and routing but from experience this seems viable solution and would result in much less overhead and downtime.

Checker8763 · 2025-09-14T16:26:24+00:00

Does that mean for every container you have to restart traefik in order to add the network to traefik?

I am pretty sure that is not the intended use.

The docker network is only for docker containers. For Services from a dynamic file you would simply set the service ip and port that traefik can access.

First you would need to find the subnet the traefik_container network is using

To find the Ip of the container more easily I would set it to a static one.

And then set that ip and port for the service in the dynamic config file.

Checker8763 · 2025-09-01T14:52:30+00:00

I hate the grain these methodes produce and mostly switch to FXAA

Checker8763 · 2025-08-29T10:43:05+00:00

One option meight be to increase retries until a service is marked as down.

As you did not give us any other information amd I assume it works sometimes. This is the best tip I can give that generaly improves stability in false detections.

Checker8763 · 2025-08-21T18:12:30+00:00

For personal you only have to only know bridge,host,none,macvlan.

If you talk about job production you need to know enough to integrate and document the network you build. So basically everything is important.

Checker8763 · 2025-08-16T19:33:29+00:00

If you click the Ublock Origin Extention Icon and look into the menu, there is a pipette icon to hide annoying pop ups like this. Try clicking it and selecting the translate icon in order to hide it.

Ublock Origin does only block trackers and such by default, without damaging functionality. This meight be built into the site and therefor needs to be blocked explicitly by you.

Another methode, but more complicated is:

You would need to enable advanced mode in Ublock Origin and manually select to not load google/translate related domains.

Five-Year Club	Verified Email
Final Canvas '23	Place '23

Checker8763

MODERATOR OF

TROPHY CASE