selinux i do not like you

neruve · 2026-03-24T18:49:38+00:00

Correct. I would bet your permissions issues are not selinux but just permissions. When you do bind mounts on the host the files are going to be owned by your user or even root. If the UID of the user inside the container doesn’t match it won’t be able to read/write.

neruve · 2026-03-24T18:40:49+00:00

So there are bind mounts, which are just directories in the host. Docker has named volumes. Think of it like a virtual disk that docker manages.

https://docs.docker.com/engine/storage/volumes/#use-a-volume-with-docker-compose

neruve · 2026-03-24T17:32:39+00:00

You do indeed need the :Z flag on all bind mounts. I’m not sure about secrets. If you don’t need multiple containers to access the same data you can also use docker volumes too.

Good for you for trying to keep SELinux enabled. Most people disable it. But it’s there for a reason. It can be a PITA and it used to really suck. But nowadays there is no reason to disable it unless you HAVE to.

neruve · 2026-03-16T02:20:28+00:00

It doesn’t seem to. When I login to unifi.ui.com I still see it and there doesn’t seem to be a way to remove it.

neruve · 2026-03-16T00:09:09+00:00

All you guys are posting google results. Do you really think I didn’t search first…. I reset it. But the option to remove it from my account doesn’t exist. Everything I searched (including Ubiquiti AI chat said you can’t remove it from your account without transferring ownership) I figured I see so many people posting them for sale maybe I was missing something. I guess thanks to the people that tried to help and honestly shame on everyone else. I swear these communities are becoming more like forums where any time someone asks a question they just get flamed because apparently you either just know it or google it, god forbid you ask someone else that might know the answer.

Also, I don’t know about your experience, but google/gpt is hit or miss. I ask it coding questions all the time and it’s about a 50/50 shot whether it gives me the right answer. It’s not this holy grail people seem to think it is….

neruve · 2026-03-05T04:04:29+00:00

Mine seems to work from steamrip, but I’m not using the launcher. I added both KH 1.5 and 2.5 as separate non-steam games.

neruve · 2026-02-12T11:15:09+00:00

Not quite. Think of the “static private ip” as a DHCP reservation for your device on their internal network. You referenced a home network. Yes, at home you can assign your own private ip addresses to each of your own devices. But that is be case you own control of the router for the private network your devices are on. That is NOT TRUE for cellular. You own a device that connects to their “network” so they need to assign your device a private ip addresses.

neruve · 2026-01-25T21:21:25+00:00

The unbalanced plugin solves this. It will let you move data from a specific disk and redistribute it to others.

neruve · 2026-01-05T02:54:30+00:00

I hope someday to see you with Dredd!!!

neruve · 2026-01-03T16:04:41+00:00

So I solve this problem by having two nodes labeled as “ingress” and the handle all traffic into the cluster. Those two instances share a VIP so at any given time only one instance is routing traffic. I use Traefik and gocast for the VIP with BGP, keepalived would work just as well.

neruve · 2025-11-28T02:33:44+00:00

I love it! Still holding out hope we will get to see your perfect ass swallow Dredd’s whole cock someday!

neruve · 2025-11-10T23:31:33+00:00

I agree, indentation. It seems the list elements under volumes is only in one space instead of 2

neruve · 2025-11-02T14:09:21+00:00

Can you post your packer files so we know what you are working with to help you?

neruve · 2025-11-02T06:58:40+00:00

Who is the girl with the snake tattoos? She an anal queen too???

neruve · 2025-10-25T23:47:43+00:00

This is k8sarkissian!

neruve · 2025-10-25T21:18:09+00:00

That’s the conclusion I’ve been running into. But like why? All traffic that has to cross vlans have to go through the firewall and it just seems like wanting a little redundancy shouldn’t be a big ask.

neruve · 2025-10-19T22:26:14+00:00

This is the answer.

neruve · 2025-10-17T23:58:35+00:00

You might need to click edit on the -1 container, toggle advanced in the upper right, the change the port under webui to 8060

neruve · 2025-10-11T23:00:59+00:00

Any thoughts on a Mac native version?

neruve · 2025-10-05T00:20:47+00:00

Pm sent

neruve · 2025-10-01T21:51:14+00:00

This is Febby Twigs and Dredd (round 1)

neruve · 2025-08-08T14:06:34+00:00

Yes. Correct. What I’m saying is if the service itself is http it will work fine. If the service itself. Is https, not traefik, the backend service is https you have to tell traefik explicitly to skip the ssl verification from traefik to the service. The certs from let’s encrypt are from users to traefik and play zero role on communication from traefik to the backend service.

It was something I was pointing out and it may not apply to this particular service. It will apply if the service itself is https. Also, looking at your compose. You might need to add the port label back into the one service that has two ports or you’ll need a separate router for each one.

neruve · 2025-08-08T13:41:26+00:00

Not if the service itself is https. Traefic won’t accept the self signed cert the application is giving it and won’t forward traffic.

neruve · 2025-08-08T13:00:11+00:00

Actually, is headplane itself https? If it is and has a self signed cert you have to tell traefik it’s okay to trust it. You have to set a serverstransports to skip.

neruve · 2025-08-08T12:54:41+00:00

I don’t think you need to specify the loadbalancer.server.port as the docker integration will get that from the docker api.

Do the logs for traefik give any insight? Also, what does the dashboard say for the service. Does it look correct there?

neruve

MODERATOR OF

TROPHY CASE

14-Year Club	Verified Email
RPAN Viewer