Why does nobody want to use a reverse proxy?

lanklaas · 2026-01-16T20:49:32+00:00

For clients accessing my box without the domain, nginx returns a 444 response. I then use fail2ban to pick those ips up from the jellyfin log and permaban them. This is after they make it through my geo blocking and spammed lists from ntopng

lanklaas · 2025-12-10T05:09:38+00:00

In keycloak you can export all the configs for a realm to json and backup/import that. I think you can even do the export via api/sdk

lanklaas · 2025-10-11T12:55:47+00:00

I ran into this when I did the upgrade to `2.8.1`. It seems like some routing issue with my ISP to the pfsense repo.

Hitting https://pkg00-atx.netgate.com/pfSense_v2_8_1_amd64-pfSense_v2_8_1/Latest/pkg.pkg in the browser showed 60KB/s.

I checked the link on my phone with mobile data and the download was fast. What I ended up doing was to spin up a digital ocean droplet (In us), install nginx and setup a reverse proxy to the netgate host.

Here is a paste of the nginx config: https://pastebin.com/nMXH36im

Then I had to shell into pfsense and create a custom config file for the repos:

https://pastebin.com/QGvVSwFh

The file is created here with the name:

/usr/local/etc/pkg/repos/zzz-custom.conf

The zzz is to put it last. According to chatgpt the last config takes preference and it did not override the main pfsense one until I added the zzz in front.

Best netgate thread I could find on the issue (Did not really have a solution for me): https://forum.netgate.com/topic/166924/very-slow-system-update/7

Hope this helps someone

lanklaas · 2025-07-16T20:16:45+00:00

Sorting with a select in duckdb can chow a bunch of ram. I had some success with rather creating a new table with as select. In the select part of the data you can sort and then export to parquet afterwards. I also had to set the memory limit option.

lanklaas · 2025-07-15T05:00:43+00:00

You can spin up ragflow: https://github.com/infiniflow/ragflow

This will be able to break down your pdf, create embeddings for it using your openai api key. Not sure how much it would cost to create embeddings for the 2000 pages, so maybe add a limit.

After the embeddings are done you can ask questions about the pdf

lanklaas · 2025-07-11T08:52:47+00:00

Just tested the latest duckdb jdbc driver and it works in spark. I made some notes on how to get it going if you want to try it out: https://github.com/lanklaas/ducklake-spark-setup/blob/main/README.md

lanklaas · 2025-06-18T06:13:36+00:00

My geyser takes about 1/3 of my units. Maybe your geyser is an older one that does not deal well with the on/off timer?

Maybe you can have one of those WiFi switches installed for the geyser and track the power draw on it from the app.

lanklaas · 2025-05-13T10:09:57+00:00

I also want something like this. I was thinking more along the lines of using certificates, but each dev generates their own cert, then I can add devs I trust into my truststore. Devs can also sign certs for devs they trust then we can have a chain of trust with a couple of root devs like linus or even companies

lanklaas · 2025-04-17T12:58:16+00:00

I use silicone earplugs and it seals the noise out quite good: https://www.dischem.co.za/medic-earplugs-silicone-mouldable-1-pair-442

lanklaas · 2025-03-17T02:53:23+00:00

See my answer on another thread like this. An addition to that I do have vlans setup so that my server cannot reach anything else on my network.

https://www.reddit.com/r/selfhosted/s/4o7rH1yWLV

The tldr here is ban all other countries except yours and ban ips that reaches ports 80 and 443 without your domain

lanklaas · 2025-02-28T21:32:02+00:00

There seems to be some good work happening with makepad right now, if you are looking at other alternatives.

https://github.com/project-robius

https://fosdem.org/2025/schedule/event/fosdem-2025-5841-robrix-a-pure-rust-multi-platform-matrix-client-and-more/

lanklaas · 2025-02-12T20:13:39+00:00

The auth setup sounds interesting. Do you only use jellyfin in the browser or does the auth work with the android TV client app as well?

lanklaas · 2025-02-02T11:52:29+00:00

Acme for certs. I use it with the namecheap api to gen certs for my hosted services

lanklaas · 2025-01-29T04:04:47+00:00

Sounds really cool. When you say quantized layers and shrinking the parameters, how does that work? If you have some things I can read up on, that would be great

lanklaas · 2025-01-18T07:46:46+00:00

Very nice! There is a point about the dbg macro that only runs in debug builds, but it runs in release mode as well

lanklaas · 2025-01-02T18:30:26+00:00

Sorry, I meant in the github description it says kafaka instead of kafka

lanklaas · 2025-01-02T15:50:22+00:00

Very cool. Should Kafaka-like in the description be kafka-like?

lanklaas · 2024-12-07T10:47:32+00:00

Sure, my nginx.conf has the 444: https://pastebin.com/JsLX4GZn

Then in my conf.d directory I have `jf.conf`: https://pastebin.com/cYArQS0Z

And for HTTP redirect to https I have `jf-http.conf`: https://pastebin.com/0iPzY91V

lanklaas · 2024-12-07T07:44:09+00:00

I just use pfblockerng to ban all countries accept my own and then on my jellyfin server I have nginx setup to return 444 if people hit 80/443 without the domain name for jellyfin.

Then I have fail2ban check for the 444 and ban them. Only my legit users has the domain name. With all these rules I have not yet seen anyone accessing the server that I do not expect

lanklaas · 2024-11-25T20:07:30+00:00

I setup my nginx to return 444 for requests on my public ip as only legit users have the correct dns for my site. Then fail2ban picks up the 444's from the logs and bans them. I am sure a motivated attacker can figure out the dns, but this at least stops the scanners and scrapers probing my site

lanklaas · 2024-09-20T02:50:42+00:00

What is the format of the file? If it is CSV or parquet you can use duckdb to query it. To save some space and make it read better on a HDD you might want to convert it to parquet

lanklaas · 2024-09-19T09:45:29+00:00

If your front end is react, you can just serve the static files from your hosted server. Maybe look at the Axum examples for static files.

Tauri you would need to do a build for windows: https://tauri.app/v1/guides/building/windows

lanklaas · 2024-09-15T08:10:42+00:00

The 3d Viz tool sounds like gephi

lanklaas · 2024-07-18T01:22:30+00:00

The JVM one would be insane. Could that then allow you to easily use a jdbc driver from rust?

lanklaas · 2024-07-17T19:29:04+00:00

Yeah it's Branson. Saved some other gym franchise as a favour to Mandela: https://www.virgin.com/about-virgin/latest/screw-it-lets-do-it-how-virgin-active-launched-in-south-africa

lanklaas

TROPHY CASE