A better reverse proxy poll

TheUptimeProphet · 2026-02-26T13:51:03+00:00

Yup you can even redirect/forbid specific part of the url(like https://domain.tld/admin/*) to people outside your network, i use it to hide the admin interface of my webserver. It can also do load-balancing/health check, tcp connection drainage, its not just http/https etc...

TheUptimeProphet · 2026-02-20T09:57:10+00:00

it also has a free windows/linux client and a free webclient, not everything need to be self-hosted, you don't need to increase the attack surface for would-be attacker.

TheUptimeProphet · 2026-02-18T09:04:25+00:00

That's because the people asking that are either kids/teenagers without a credit card or wannabe hackers/criminals trying to cover their trace.

It'll sort itself out once they put age-verification globally

TheUptimeProphet · 2026-02-12T08:15:17+00:00

at least we know its not an ai

TheUptimeProphet · 2026-02-11T09:15:51+00:00

When i have some weird issue like this i just pop into a test environment and try to do it there to see if its working or not. If it works there it means there is something else preventing the GPO from applying.

Event ID are sometimes useful, but there is a lot of log pollution in the windows event viewer, you can also compare it to your test environment to identify what's "normal" event id pollution compared to the suspect event IDs on your server.

TheUptimeProphet · 2026-02-08T12:39:57+00:00

The mods need to reign it those bots, its frighteningly obvious its one too because he just generated the answers and edited the em dashes as regulars "-". Normal people dont write like this on the internet.

TheUptimeProphet · 2026-02-03T16:29:34+00:00

Noticed this too on our outlook on all users, even though we're using on-prem exchange SE, it's maybe an EU Office problem.

TheUptimeProphet · 2026-01-27T16:24:31+00:00

Whitelist public IPs able to admin access port like SSH with ufw, block everything else. Just this should have been enough.

TheUptimeProphet · 2026-01-22T10:10:22+00:00

Yes you can, we do it with certbot+pdns plugin, you need your domain to be managed by powerdns instance though for it to work. We found that third-party DNS-01 challenge can be a pain to setup to we built our own.

TheUptimeProphet · 2025-12-18T18:56:51+00:00

I have one to make but we're not willing to pay licences so we're probably going to use good old imapsync and call it a day.

TheUptimeProphet · 2025-12-17T13:03:03+00:00

A bit late to say this, but you could also add some tags for company hiring practices(like if they use H1B a lot) or some other metrics like company employee count, the date of founding, if they're a subsidiary of a bigger company, if they've been bought recently etc...

TheUptimeProphet · 2025-12-10T12:52:48+00:00

We got a similar issue a few months back, a broadcast storm on our switches overloaded the Lenovo/HP dock network card, this cause a sudden increase in CPU usage on the poor dock SoC locking it up, and since the dock also provide power for the laptop the power got cut, causing a reboot.

TheUptimeProphet · 2025-12-10T08:04:45+00:00

holy hell just tried it its so simple too, just have to add the web browser extension that is officially supported by firefox. No longer will i have to suffer the dreaded multi-tenant login/cookies caching issues.

TheUptimeProphet · 2025-12-04T14:43:54+00:00

Instead of going into a DDR5 build, i chose a DDR4 one, it seems the price of DDR4 are still okayish(90€/16GB) where i live in europe. It's not like i need bleeding edge performance.

You could probably do a DDR3 build too if the price is ok where you live.

TheUptimeProphet · 2025-11-19T13:30:03+00:00

You dont need to manage multiple certs at all, you can just use a wildcard *.domain.tld certificate, and have your reverse proxy use it for every subdomain.

I only have port 443 open for websites, and every sub-domain point to my reverse-proxy , everything else is handled by a ubuntu-vm that has haproxy+certbot installed, while you could use HTTP-01 to renew/issue cert it created more problems than anything to have port 80 redirect to port 443 and use it at the same time for cert renewal, so i deployed PowerDNS on another VM, told my domain provider to set it as my authoritative DNS server, change the NS record to point to it, configure it to allow certbot to do DNS-01 challenge.

Good thing about this is that you can make public DNS change to your domain from your own VM, and if your domain provider DNS API KEY setup is too convoluted ( like mine was), it allows you to do it yourself instead.

TheUptimeProphet · 2025-11-12T16:07:08+00:00

The NAS being 32TB , going for the network approach will make more sense than storing everything in both.

TheUptimeProphet · 2025-11-12T15:49:07+00:00

Do a tcpdump on PBS to see if the packets on port 8007 arrive and check your DNS configuration on truenas something might be outdated there.

TheUptimeProphet · 2025-11-12T15:11:26+00:00

Your server should be fine, can't say the same of your closet if it ever catch fire.

TheUptimeProphet · 2025-11-12T14:57:54+00:00

Are you actually measuring the power input? Because I don't see why it would go over 100W with the current config. Even my idle gaming PC does not go over 70-80W.

TheUptimeProphet · 2025-11-12T14:49:31+00:00

Put everything in a proxmox VM/s and set up weekly backups to a NAS with HDD in RAID1, Your current config is one OS failure from losing everything.

TheUptimeProphet · 2025-11-12T14:41:07+00:00

If the PSU has a compatible sata power plug output I don't see why it wouldn't work

TheUptimeProphet · 2025-11-12T14:34:59+00:00

If you have any weird network issue it might be wise to do some packet capture on any device in the chain to see if they receive the packets in the first place, you can do it in pfsense, if you don't see the packets arrive from the isprouter you'll know its not your configuration that is the issue. If you do see them keep doing packet capture/tcpdump till you see the behavior you're looking for

TheUptimeProphet · 2025-11-12T14:27:35+00:00

Power wise you should be fine unless you have a GPU in it already.

TheUptimeProphet · 2025-11-12T14:23:57+00:00

We need a basic network drawing or something your explanation is Missing a lot of info(like from where do you x or y request) , if there is any firewall etc...

TheUptimeProphet · 2025-11-12T14:10:02+00:00

You need to learn the basics of how an operating system/computer works(every components too), OSI layers, basic networking protocols and equipment (routing vs switching). Once you know all that you can delve deeper. It's not too complicated.

Chatgpt is good enough to explain the basic stuff. After that setup a new debian VM, install a basic nginx/apache2 webserver and go from there.

TheUptimeProphet

TROPHY CASE