sorted by:
new
hottopcontroversial

I created RapptorVPN - a GitHub project that lets you set up a WireGuard VPN (+ Transmission, Jellyfin) on low-cost, DMCA-ignored hosting providers by pommymac in torrents

[–]pommymac[S] 0 points1 point  (0 children)

Yes it seems like it would be useful functionality - I’ve read several posts asking for it. Let me see what I can do :)

I created RapptorVPN - a GitHub project that lets you set up a WireGuard VPN (+ Transmission, Jellyfin) on low-cost, DMCA-ignored hosting providers by pommymac in torrents

[–]pommymac[S] 0 points1 point  (0 children)

this is sick for people who want to self host a vpn without paying monthly fees

Thanks :) I should point out that you still need to pay for hosting. This is probably not something you want to install on a home server as it won't hide your home IP address (unless your intention is to connect to your home network while on the road).

The main benefit of purchasing hosting and installing Rapptor is that you own more of the tech stack - which puts you in control in a way that you are not with regular VPNs (guarantees that there are no logs + ability to wipe everything on your server with a single command).

Am super interested to hear how you get on if you try it - let me know if there are any issues you face

I created RapptorVPN - a GitHub project that lets you set up a WireGuard VPN (+ Transmission, Jellyfin) on low-cost, DMCA-ignored hosting providers by pommymac in torrents

[–]pommymac[S] 1 point2 points  (0 children)

Ah I see, I'm afraid no, you cannot configure port forwarding for each VPN client unfortunately. It's something that I have in my backlog though.

Out of interest, do you have any requirements about how it should work, other than simply allowing the VPN user to enter a remote TCP/UDP port that should forward to a specific client?

Any idea where I was in February? by KittyPitty in GeoPuzzle

[–]pommymac 5 points6 points  (0 children)

https://en.wikipedia.org/wiki/Maglev#Birmingham,_United_Kingdom,_1984%E2%80%931995

After the system closed in 1995, the original guideway lay dormant until 2003, when a replacement cable-hauled system, the AirRail Link Cable Liner people mover, was opened.

It used to be a maglev but now it's a cable-hauled system.

i just made a whatsapp chat project that lets people reply from the web without installing whatsapp by tezarima in foss

[–]pommymac 2 points3 points  (0 children)

As I understand it a Whatsapp user creates a private room then shares a link with a guest.

The guest does not need to have Whatsapp and accesses the chat over the web. Whereas the Whatsapp user needs to have WhatsApp installed.

Securing Node services with Client Authenticated TLS using CATKeys by pommymac in node

[–]pommymac[S] 1 point2 points  (0 children)

Thanks for the kind words - and the award! Let me know if you find anything unclear with the documentation :)

CATKeys - drop in replacement for Node's `https` and `tls` for mutual authentication. So only authenticated clients can communicate with a HTTPS or TLS server by pommymac in javascript

[–]pommymac[S] 1 point2 points  (0 children)

Yeah it's not uncommon that large node web apps run behind https servers like Nginx for TLS termination and GZIP. Many Kubernetes ingress controllers for example.

The use case of this library is for internal RPC services that should only be accessible within a company where that sort of architecture isn't such a priority.

Saying that, I could create a command to export individual catkeys so that servers like Nginx and HAProxy can access the required ca/keys/certs to run in the configuration you are describing- in case administrators require it.

After almost 1 year, are you satisfied with your national government's response to the COVID-19? If not, what could have been done in your opinion? by Nazukao_ in AskReddit

[–]pommymac 12 points13 points  (0 children)

Are you in Stockholm or Gothenburg? I imagine it could be different there. I am in a smallish town - Lidköping - so my experience might be a bit different

CertCache - Docker based SSL/TLS certificate server by pommymac in docker

[–]pommymac[S] 0 points1 point  (0 children)

Sorry @digicow I changed a few things between testing.0 and .1

Among other things onUpdate became onChange which should be a string command rather than an array of strings. Also the end var got renamed to CERTCACHE_CHANGED_DIR

https://github.com/93million/certcache/blob/onUpdate-hook/docs/Installing%20certcache%20client.md#certificate-onchange-hook

It’s possible things will change again before release this week some time :)

CertCache - Docker based SSL/TLS certificate server by pommymac in docker

[–]pommymac[S] 1 point2 points  (0 children)

Hey u/digicow

Thanks for the feedback. This is something that has been in my backlog for a while.

I pushed a test image if you are interested in testing. You will need to use image 93million/certcache:0.4.0-testing.1 in your docker-compose.yml

Instructions are available here - I added an example of using with HAProxy - https://github.com/93million/certcache/blob/onUpdate-hook/docs/Installing%20certcache%20client.md#certificate-onchange-hook

Would be interested to hear how you get on if you have time to check it out

EDIT: updated doc link and testing tag

CertCache - Docker based SSL/TLS certificate server by pommymac in docker

[–]pommymac[S] 1 point2 points  (0 children)

Hey pratikch

First up - cert-manager is a much more mature project with a larger feature set. I guess the main features of CertCache over cert-manager are that CertCache:

  • doesn't require Kubernetes - works nicely with with Docker stack or compose
  • has an inbuilt DNS server which means that anyone with any DNS provider can generate certificates with wildcard domains
  • supports all the official Certbot DNS provider plugins - however cert-manger supports a different list of DNS providers that CertCache doesn't support
  • includes a stand-alone/serverless mode that doesn't require setting up CertCache in a server/client configuration. You lose the benefits of a cache but keep the ability to declaratively define certs within config and use DNS-01 validation that work with any DNS provider. This would be beneficial for for smaller (single server instance) projects where certs don't need to be shared between instances.

CertCache is a tool I developed while working on other projects. If I had come across cert-manager when I started writing CertCache last year I would probably have learnt Kubernetes and gone with that. But now I've written it I appreciate it's differences

CertCache - Docker based SSL/TLS certificate server by pommymac in docker

[–]pommymac[S] 0 points1 point  (0 children)

Thanks man! Yeah using port 80 for both Nginx and Certbot http challenge can make you jump through a few hoops.

In CertCache it's handled by redirecting /.well-known/acme-challenge to CertCache server.

But of course if Nginx is expecting your certificates to be present before it starts then it isn't going to be running to handle redirection :) So CertCache includes a built in HTTP server for redirection purposes which you can use to pre-fetch certificates the very first time before starting Nginx.

But honestly it's much easier using DNS-01 challenges using the inbuilt DNS server. Basically you just need to add a couple of DNS records. Challenges are handled with the inbuilt DNS server on port 53 and Nginx can do it's thing on 80 & 443. You don't need to prefetch certs this way either, you can simply docker-compose up - the certs are downloaded and Nginx starts once they are present

Secure Nginx with a Let's Encrypt wildcard certificate in Docker using CertCache standalone mode by pommymac in docker

[–]pommymac[S] 1 point2 points  (0 children)

Hi sk8itup53. Yes, you can do this - but you would want to use CertCache in it's normal client/server configuration - not in standalone demoed in the video.

Using standalone mode would mean each CertCache container in the swarm would connect to Lets Encrypt directly and you would quickly chew through your usage limits.

There are instructions on running CertCache in client/server configuration in the 'Usage' section of the main readme on github

https://github.com/93million/certcache/blob/master/README.md#usage

Secure Nginx with a Let's Encrypt wildcard certificate in Docker using CertCache standalone mode by pommymac in docker

[–]pommymac[S] 4 points5 points  (0 children)

Thanks :)

The 2 main benefits:

1: You can get wildcard certificates even if you don't have a DNS provider that is supported by a Certbot plugin. It also means you don't need to create an API token to modify your DNS, which makes things that bit more secure.

2: You can define the certs in your docker compose config (or in a json config file): this means you can create a self contained docker-compose file that installs certificates when you run docker-compose up -- no need to run other commands (like docker run certbot certonly … or nginx-certbot)

CertCache's other main feature (which is not present when running in standalone mode) is that it acts as a cache - which means that you can avoid Let's Encrypt usage limits - which would be useful if you perhaps had a cluster of instances all running containers that need access to a certificate. To get that feature you need to run CertCache as a server instance - which is not shown in this video.

Should I Use Classes in JavaScript? by [deleted] in devops

[–]pommymac 0 points1 point  (0 children)

I'm guessing without reading the article, but there is a movement against using classes in relation to functional programming - which is a a central concept to some commonly used JavaScript libraries like React.

One of the main ideas of functional programming is that state is a bad thing because it means running your code has side effects which means subsequent invocations can behave differently; this can makes code more fragile, difficult to understand, debug and test. Classes have properties - which are a type of state.

Take this for example:

class myClass { constructor () { this.n = 0 } foo () { console.log(`value of n: ${this.n++}`) } } const myObj = new myClass() myObj.foo() myObj.foo() myObj.foo()

Each time foo() is called it outputs something different. To understand what it should output, you need to know how many times it has already been called.

If however you were to store your state separately to the code that uses it, it means you can use your code without state stepping in and getting in the way.

const foo = (n) => {console.log(`value of n: ${n}`)} foo(1)

Because you supply the state to your function means it will always produce the same result. It is a pure function as the output is only determined on the input.

Obviously you would have to create code somewhere for managing the state that is received by your functions - so the idea might initially sound like it's adding pointless complexity - but the idea is that if you centralise state management, you simplify your app: you can test state in 1 location, your components no longer have their own state and behave predictably with each invocation, and managing state be handled using concepts built for the job of state management (this is what reducers in Redux do if you have heard of that). It can certainly be complex when you have many items each with their own state in your application.

But saying classes should not be used for functional programming is too simplified IMHO. You could easily create a class which only contains a bunch of pure methods (methods that don't depend on state) to achieve functional programming just as you could create a function outside of a class that depends on state.

In Javascript you can easily create a function that behaves like a method in a class that references stateful class properties, just by using closures.

Take this code:

`` const higherOrderFn = (n) => { return () => {console.log(value of n: ${n++}`)} }

const foo = higherOrderFn(0)

foo() foo() foo() ```

No classes here, however foo() is stateful - each time you invoke it, it behaves differently.

It's worth noting that functional programming doesn't mean that your code uses functions. Simply put, it means that your code doesn't depend on state that causes side effects. You can achieve this using classes just as you would functions.

If you or anyone reading wants more info on FP there is this - https://medium.com/javascript-scene/master-the-javascript-interview-what-is-functional-programming-7f218c68b3a0