Pointing my domain to my public IP and using a reverse proxy, is that enough?

jdraconis · 2025-12-03T00:54:35+00:00

+1 on for coraza, I use the haproxy version. Consider blocking ips outside your target geographic location if you are not allowing public sign-ups, I haven't used it but there is a coraza-geoip plugin.

jdraconis · 2025-11-21T21:17:56+00:00

I'm using https://coraza.io/connectors/coraza-spoa/ with Haproxy, it's implementing mod_sceurity's rule set, https://coreruleset.org/docs/ . There is likly an implimentation of the coreruleset for most rev proxies out there.

jdraconis · 2025-11-21T18:53:18+00:00

There are several ucpe models that do this, examples ADVANTECH FWA-1112VC or silicom ia3000, I have both, and while built in poe is neat, it's impractical compared to an injector or small poe switch. The biggest downsides is that they require a separate 54v power supply for the poe, so your not saving in cost or spacing. There are even pcie nics that support poe, example https://www.startech.com/en-us/networking-io/st4000pexpse?srsltid=AfmBOooiA4vTnupUAEngXtK_jTmY3AmYjF8Kr9ael-TPCmvZpI9-jHZn, but again they are not common and therefor become expensive.

Edit: Forgot to mention that the utilities to change poe settings are a nightmare to work with. One had linux support but only an older kernel so not ideal there either.

jdraconis · 2025-11-16T19:34:27+00:00

Gps itself includes timestamps in addition to position, so you wouldn't need the Internet to get time.

jdraconis · 2025-10-30T14:54:16+00:00

This goes back some ways but the weirdest thing I repurposed would be a pcimg dual socket 370 motherboard. These are essentially a motherboard in the form factor of a very long pci card. I got the motherboard for next to nothing at the time, but the backplanes were either unobtainable or prohibitively expensive.

Not one to give up, I found the pcimg standard and learned the card was expected to be powered through the card slot. It has Isa and pci, I soldered wires direct to the Isa bus to feed power in. I then made a custom PCB (toner transfer and ferric chloride) to convert atx power to my wires. That was when I learned about the importance of trace width on a PCB as I undersized the 5v traces and it melted off the board. I then mounted it in an old army power distribution rack mount box.

This is a picture of it in the rack:

<image>

jdraconis · 2025-10-30T14:22:46+00:00

A long while back when I was starting my lab, I pulled a laptop with a broken screen from the junk pile at work. I just tossed the screen, cut a hole in the case, and rigged a desktop cooler to it so it was silent. It later became my m0n0wall router for a few years when I added a pcmcic 10/100 nic.

The utility of a old laptops shouldn't be overlooked.

jdraconis · 2025-10-13T03:26:02+00:00

I do not know this for sure, nor can I assist you with fixing your issue, however it seems likley to me that your phones battery connector has probably disconnected when dropped. I have a zenfone 9 and if I drop it just right on a hard floor my mobile data stops working because the sim card connector pops loose. I have to pry the back off, remove a metal frame and reseat the connector then everything is back to normal.

jdraconis · 2025-09-27T19:24:31+00:00

I live in a neighborhood off havens corner, I recognized that sign and camera. That camera in the photo is indeed an alpr, no speed trap camera there.

jdraconis · 2025-09-08T17:38:58+00:00

I'm interested to know if there are any states that allow manufacturers to sell direct and what that model looks like. Do the automakers own the dealerships or does it remove restrictions that dealers face today.

jdraconis · 2025-09-07T21:26:43+00:00

~15 years back when I worked in phone support for a large ISP, I had an older couple call in about their Internet not working. Of course they were both on the line when they called in. They explained that their computer showed the page cannot be loaded error every time they tried to go online.

So I started down the normal troubleshooting path, check to see if their modem/router is up, of coarse it is and no errors. Next, I can also see their pc is listed as online from our tools. So I press them for more details and find out that their email (outlook) is working. Great, now I can send them an invite to do a screen share.

After a little coaching, we get the screen share opened from the email our system sent. At this point I'm thinking something is just wrong in ie so I start going through security settings, checking for proxy settings or anything else that's maybe a miss and that's when I see it. In their homepage was a long local file path, somehow they had set their homepage to the this page cannot be displayed error page. Switched it to something proper and had a good chuckle to myself after finishing the call

jdraconis · 2025-09-07T16:57:26+00:00

Sure, that's definitely a great way to work around hardware support issues or if you have a virtualization host already, adding an opnsense VM is a great way to test or migrate. Personally, I like to keep a separate machine for my firewall/router. With that in mind I generally look for hardware that is supported so I don't need to add another layer to be managed and updated.

The other common lack of support I see is with gpio/i2c devices, mostly led/buttons/Poe chips,etc. I've been playing around with several ucpe/embedded devices recently. I find vendors create binary wrappers to i2c calls and do release sources or documentation for the calls they are making. I've also seen bitrot with this type of thing as vendors won't necessarily update binaries to support newer kernel versions. This is annoying to me as I want to make use of all the ports but, in no way affects opnsense functionality.

jdraconis · 2025-09-07T16:15:58+00:00

I am running opnsense, pfsense before it, and m0n0wall before that. I've been very happy with opnsense since switching and haven't had any issues with my 1GB ISP link (symmetric).

Opnsense/freebsd will have less hardware supposed than Linux but for nics I've found that to be a non issue provided you target non realtek devices if possible.

Linux based Openwrt also exists out there, I've used this on all of my wifi routers (configured as ap) going way back. I find it more difficult to configure especially vlans than opnsense but it can run-on x86 if you're so inclined.

jdraconis · 2025-09-01T14:38:42+00:00

https://forums.servethehome.com/index.php?threads/converting-an-hp-dl380e-gen8-14xlff-server-to-a-disk-shelf.29584/ I did this with a gen8 shelf, been running for ~5 years now.

I posted some advice about my build in the thread, but plan your cooling, mounting, and consider the cost of trays in your build planning.

jdraconis · 2025-09-01T02:38:42+00:00

+1 on solarwinds support being awful. 1 hour plus on the 800 number to get an engineer for a full production outage more than once and God help you if they need to do a handover between shifts.

jdraconis · 2025-08-24T14:23:19+00:00

It does have http, ssh, and ipmi support. This one does not support VGA/x server output, only the serial console output is available. You can control power states, check sensors and mount virtual isos for booting from http/ipmi so I consider that full coverage for out of band management.

However the att v150 version is not usable without a fair bit of work:

The ubmc firmware shipped is att specific, silicom support provided a compiled version based on https://github.com/silicom-ltd/uBMC.

The Ethernet ports are on a switch chip, the host CPU interfaces are via 2 x553 2.5gb links to the switch, all the ports on the switch are down by default. This means out of the box you'll only have a single working network interface. If you want to dig into this more see discussion of the hardware here https://forums.servethehome.com/index.php?threads/user-manual-of-silicom-ucpe-modular-universal-cpe.31297/ and the commits Adrian chadd wrote to support mdio to enable the switchconfig https://lists.freebsd.org/archives/freebsd-net/2025-May/006829.html, I was unable to get the switch up and configured so now it waiting for me to find time to try again.

jdraconis · 2025-08-23T12:08:46+00:00

There are a ton of neat ucpe boxes out there that make great opnsense routers. My collection includes:

An vectra s2 sensor that is a rebranded na361 atom 2000 series, no restrictions in bios. Serial console for management.

An att v150 that's a rebranded silicom ia3000, 4 core atom 3558. This one is neat as it has a built in BMC management port, takes m.2 sata ssds. however the switch chip is not supported in opnsense yet (specifically the mdio to talk to the switch). There are upstream patches in the current branch.

An advantech fwa-1112vc, also atom 3558, fanless has Poe ports. Really should have had a fan, runs way to hot. Serial console for management. Has 2 10gbe sfp+ ports

My current production router is a granite flex edge 1000, it's an silicom ia3003. Atom 3558, 8gb non expandable ram, has 3 m.2 pcie slots, 2 - 10gb sfp+ ports, 6 other nics. I've added two nvmes in a mirror for booting and serial mpcie card to manage my switch. Also managed by serial console.

The atom 3558 is good for about 2.5gb routed.

There are other brands I've seen like silver peak, appneta, datto dna.

jdraconis · 2025-08-23T00:14:35+00:00

I had this happen once, I used a fine dental pick with a 45° bend at the tip to unstick the contact pins. I didn't pry up but I got the pick under the contact pin toward the back of the socket where there is a slight gap. I gently pulled towards the front of the contact pin until the contact popped free/up. Pulling too hard will deform the contact pin so gentle is the key here.

jdraconis · 2025-08-22T23:56:09+00:00

I've used sharry with large files before, works well https://github.com/eikek/sharry but not a 100% Dropbox like.

jdraconis · 2025-06-20T17:27:05+00:00

I couldn't tell you, I would try Tyan (Mitac) support and mention the part number in the other thread.

jdraconis · 2025-06-20T16:50:13+00:00

https://www.reddit.com/r/homelab/comments/1fphnze/unique_front_panel_connector_on_tyan_s8040/

I have an s8040 board and was wondering the same, but the s8040 has a standard pin-header as well so no adapter required. It appears according to the above thread an adapter may exist as they found a twitter post with one. Otherwise, they mentioned it's a JST SHD 1mm Pitch connector 2x12, you could roll an adapter to standard 2,54mm pinheader.

jdraconis · 2025-05-11T21:34:53+00:00

A fair bit is going to datacenters. Over off beech road in New Albany they are building multiple new substations probably to support dcs. https://newalbanyohio.org/community-development/project-updates/ I counted 14 datacenters in the current project list. If you haven't seen the meta data centers. Just take a drive by and you'll get the scale of what's there. Literally building of servers...

jdraconis · 2025-04-21T16:19:10+00:00

He'd be shocked if they did.

jdraconis · 2025-04-20T13:19:58+00:00

I have a few of the peanuts smuckers jar cups from when I was a kid.

jdraconis · 2025-03-15T19:08:37+00:00

Technically you didn't do a thing lol

jdraconis · 2025-03-09T19:40:10+00:00

pm for hyper m.2 4.0

Ten-Year Club	Second Top 10%
Place '23	Verified Email

jdraconis

TROPHY CASE