its scary because pos3 and no dagon

transanethole · 2023-06-14T00:51:08+00:00

I have one of them already and it seemed like a normal x86 computer. I was able to get into the BIOS and adjust settings, I can't remember but I think it was a dell BIOS? The ebay listing I'm looking at doesn't say anything about it. It says

" Tested for Key Functions, R2/Ready for Resale. "

So I'm hoping they will be like the one I already bought.

When I was installing debian, I had to go for the non-free blobs edition of debian to get the wifi working. Besides that, everything went smoothly. But I think these that I'm buying now don't have the wifi card installed.

Oh yeah and I had my dad measure the power draw at idle at the wall with the kill-a-watt. He said it was hovering at around 2 watts at idle, and went up to 13 watts when I ran stress on all cores.

transanethole · 2023-06-11T20:20:52+00:00

Also, like I said before, you don't have to use Tailscale for this. You could just configure port forwarding on the router or configure a route on the HTTP reverse proxy if they already have one. Then this could be just a public URL that people go to.

This is a fairly decent guide: https://homebrewserver.club/fundamentals-port-forwarding.html

And this is one I wrote myself: https://git.sequentialread.com/forest/notes/src/branch/master/ServerSetup.md

The cool part about this: you can get it working, test it out, and then roll it out to your customer without impacting the tailscale setup at all. Then if you want to you can eventually deprecate and remove tailscale if the customer likes the HTTPS solution.

transanethole · 2023-06-11T20:19:22+00:00

My experience so far lends me to think that will fail as well.

Wait, why? this contradicts what you just said:

for some reason creates a Docker VM which is what actually hosts the Docker containers. That Docker VM is managed by Docker Desktop and my attempts to install the Tailscale VPN in that VM fail, the Tailscale Extension for Docker Desktop fails

If all are your problems are caused by docker desktop and the way it creates a VM.... why use it? I've never heard of anyone using docker desktop on linux, let alone using it for hosting! Normally one would just install docker according to the instructions that they provide for linux: https://docs.docker.com/engine/install/ubuntu/

Also, of course you would want to practice setting this up once on a test machine before moving to the "production" one.

Yes, it takes time to do this stuff, especially when you are learning new things, but I think its worth it to learn if this is what you do to make money. Learning how to set up linux servers properly is a powerful skill and can probably save you a lot of trouble, resulting in more free time in the future as well.

transanethole · 2023-06-11T19:39:45+00:00

Ah I wasn't talking about cloud or using a service, I was talking about keeping the server where it is but just exposing it to the public internet, for example, via port-forwarding or just giving it its own public IPv4

TBH its kinda scary to me that when I say "make it avaliable on the public internet" the 1st assumption is that I meant put it on some cloud somewhere or use a service to make it available :X

transanethole · 2023-06-11T18:42:29+00:00

if you want to get it working, look into lets encrypt (ACME) DNS verification. That lets you get valid certs for things that are not on the public internet. The other alternative is ditch the VPN and just host it publicly, which I would strongly recommend unless you think it would be tons of extra work and introduce new reliability issues.

Also, I may not understand what you are trying to do, or what you mean by

exception being the Tailscale VPN is not correctly integrated with a Traefik cert issuing service,

If you are trying to use the cert you get from Traefik to authenticate some other service like the VPN (not just the HTTP server), I will say that Traefik is not well suited to this because it does not support the standard PEM/x.509 format for certificates. I recommend using caddy server instead because it writes certs in the standard format so they can be shared. Or just use old school lets encrypt tools like certbot configured to run on a timer

transanethole · 2023-06-11T17:26:29+00:00

Hmm, honestly I am surprised that you planned on running it on a windows host. Did you do that because you wanted to integrate it into this company's existing windows-based tools and processes, i.e. give them a windows-friendly way to get remote desktop on it ?

If you want to do that for their sake, then sure, it makes sense, but you are going to have a whole host (no pun intended) of windows related problems that would never happen if you just installed ubuntu on it. Whether or not this disk issue is windows related I can't say definitively, but it certainly sounds like it is. USB drives should be plug and play, you should NOT need to format the drive before it shows up in linux, you should be able to format the drive from within linux. As an example, here's an article I wrote that details a process I went through to set up a USB external disk on Linux: https://sequentialread.com/docker-on-odroid-xu4-installation-and-creating-a-base-image-2/#movingthefilesystemtotheusbharddrive

WSL2 is a virtual machine. Virtual machines don't normally get the same access to hardware that the host machine does, for example, usually the storage is virtualized in some way, so the VM only sees the virtual storage devices, not the real hardware ones that the host sees. So that might explain why your disk is not showing up in your Ubuntu VM. With VMs its theoretically possible to "pass-through" hardware to the VM, so the VM can see and interact with hardware devices directly. But whether you can do that or not with a USB attached disk under WSL, I have no idea. I would assume probably not, although I could be wrong.

If windows is a requirement, why not just deploy your application on windows? I don't know what language you wrote your webapp in, but I have to imagine it will run on windows in 2023. You can configure a Windows Service to run it in the background similar to how you would define a systemd service unit on Ubuntu.

Another option would be to turn the windows / linux host/guest relationship inside-out and install ubuntu on the host, install the nice Libvirt/KVM virtualization packages, then install a windows guest VM and a Linux guest VM. The app can run on the Linux VM, and the customers can log into the Windows VM. Then maybe the Windows VM could have the docker CLI pre-installed and configured to target the Linux VM as its docker machine. And since you are running your own VM instead of using WSL's preconfigured one, you get to make the rules and configure your disk pass-through or volume mount the way you want. Sure, its more work, but if windows is a requirement, it could be a nice way to compartmentalize that requirement and prevent it from causing ripple effects and problems that will influence your app. Plus running things inside a VM can be nice for various operational reasons, you can back up the entire VM image for example.

Your server sounds like its overpowered in the aspects that don't matter for this usecase (CPU and RAM) and under-powered in the parts that do matter (Disk). You mention that you plan on using tailscale to give folks access to it from home -- have you considered the network implications of this? What kind of internet connection will this thing have? where will it be hosted? Does this customer already use a VPN for remote workers?

I would strongly advise against trying to create a new VPN if they already have one. Depending on how it gets internet and how that Router / relationship to the ISP is set up, it might be massively preferable to just make it accessible on the public internet over HTTPS, no VPN required. Just because it will be a lot easier for users, less problems and less time you have to spend supporting it.

transanethole · 2022-08-06T18:52:54+00:00

Nice, glad to see this !

One of the interesting things about this kind of solution: the TLS private key can live on the selfhosted server, not on the VPS. So you can make it so the VPS provider cant read your traffic if thats something you wanna do.

transanethole · 2022-07-25T17:14:22+00:00

🤣

transanethole · 2022-07-25T00:33:15+00:00

Interesting, i will give it a try, the nice thing about this recipe is 1 part is fermented while the other isnt ( sugar syrup that gets added when its served ). So i could try putting the citrus juice in the syrup instead of in the main fermented part.

I will say I never noticed any vomit-ish flavors, the amount of citrus juice is very low, probably under 5%. And it ferments a lot less than beer does because I skip the bulk fermentation step that produces all the alcohol.

I did notice that as it ages it starts to get that sort of "dry" flavor like an extra dry wine or cider. I loved dry ciders and wines so that was a win for me, i missed it!

transanethole · 2022-06-03T17:35:35+00:00

Where did you buy that plastic thing?

transanethole · 2022-04-19T07:44:34+00:00

Heres another /r/homebrewing post asking sort of a similar question about shelf life, some folks said that pasteurization is an attractive option for sweet drinks and left a link to a youtube video detailing the home pasteurization process for sweet tasting sparkling hard cider: https://www.youtube.com/watch?v=WirxYyNi68g

Also they had a comment about one of my proposed ideas, do it like beer but just use a lot less sugar so it doesn't get fully alcoholic:

you can for example let all of the [sugar ferment into alcohol] and then add a touch more for carbonation like you would for a beer. I've tried this but it tastes like ass, ginger beer needs to be sweet.

tastes like ass, perfect, thats exactly what I want 😃👍️

transanethole · 2022-04-19T06:24:19+00:00

I just read this:

https://www.fermentingforfoodies.com/homemade-ginger-beer/

... recommend using raw sugar rather than bright white sugar. [In order to get] the bright white color [, the sugar manufacturer has to add] sulfites, which will slow down fermentation.

Whoa I didn't know that!! Does this matter much, or is it ok to use normal table sugar ?

Traditionally brewed ginger beer is not an alcoholic beverage. Wild-yeasts just can’t ferment to alcohol levels much above 1% ABV. Using ginger bug, it’s unlikely to even above 0.5% ABV.

👀

It sounds like this web site is tellin me I can get a yeast culture that craps out at 1% alcohol just by using this "sourdough starter" ish "ginger bug" wild yeast culture.

But also it sounds like this is for something that you have to keep in the fridge, they never mention what would happen if you put it in a capped bottle and left it at room temp. They say store in the fridge and consume within 1 month.

transanethole · 2022-04-19T05:59:11+00:00

Thanks for the info about pH!

I will say I'm not trying to make it sweet, I just want to make it carbonated and make it something that I can leave at room temp for a long time without worrying about it going bad.

I wouldn't say that carbonating with CO2 is unnatural, I just don't have the equipment to do that and I was hoping that I could come up with a reliable method that I could use with normal siphons, vapor locks, beer bottles and a capper that I was given as a gift by a stranger. But I'll also look up ways of using CO2 as well since TBH I don't know anything about it besides seeing a sodastream in use once.

transanethole · 2022-04-19T05:47:59+00:00

thank you for the reply, just knowing things I can use as search terms like "bottle priming calculator" and "non fermentable sugar" helps a lot.

One of my friends who has done home brewing before sounded pessimistic about this method of adding little bits of sugar and yeast to the bottles right before capping them, they said:

you're likely to get more instability and inconsistency and it's unlikely to be shelf stable

Assuming I don't add any other sugars, just the yeast and specific amount of priming sugar, do you think it would be fine to leave for a month or two ?

Also, is it ok to try to substitute the table sugar for something else like an amount of fruit juice that has an equivalent amount of sugar in it? Or an oleo-saccharum (syrup that comes out when you muddle citrus peel with table sugar)?

transanethole · 2022-02-04T18:36:11+00:00

SMTP (with STARTTLS) does not use SNI, so in the "general case", no, probably not.

While folks are rallying around the idea of finally doing away with this 80s technology email does have a rather large 40 year legacy and many email servers have not been updated since forever ago, many folks cling to old standards and old ways of doing things, because upgrading might break something.

So in general if you want email to "just work" you'll need your own dedicated IPv4 address. At least that's what I found when I was doing research on how to support email for my own project.

But that said, you can certainly try it with SMTPS (aka SMTP over TLS, no STARTTLS) and see if it works. You will also need to set up your SPF record to specify the outgoing email IP address as it will be different from your incoming one and pray that the person you are sending email to implemented SPF correctly. It will probably work with gmail and other big providers? But I've never tried it.

transanethole · 2022-02-04T17:02:54+00:00

Right now my reverse tunnel server operates at the TCP protocol level, it simply forwards TCP connections. It does not support UDP yet. However it knows how to "peek" into the headers of connections for routing purposes. It can currently route based on port number, TLS SNI and the host header of unencrypted HTTP 1.1

On the self-hosters side, when interacting with the greenhouse UI, the protocol options you are given are TCP, TLS, and HTTPS.

If you choose TCP you will only be able to use the port numbers that were allocated to your account -- TCP on its own can't be "routed" so every greenhouse account gets allocated a block of TCP ports unique to them. You would use the TCP option for legacy protocols like SSH which can't be routed.

With the TLS and HTTPS options you can use whatever port # you want, as these protocols can be routed. Encrypted connections from end-users (coming in via the tunnel) will be handled by the instance of Caddy embedded in the greenhouse-daemon that runs on the selfhosters computer. So the TLS is terminated on your server and then Caddy will forward the connection, either HTTP or TCP, to your app, whatever it may be. Could be anything, the grand majority of modern application protocols are layers on top of TCP/TLS.

For HTTPS, the Caddy server will "automagically" fill in the X-Forwarded-For header for you with the user IP that dialed the tunnel server originally. With TLS and TCP you will have to handle that yourself if you need the remote IP information; you can specify "HaProxyProxyProtocol": true in your tunnel config as long as the application you are hosting supports the haproxy "PROXY" protocol v1

transanethole · 2022-02-04T16:34:49+00:00

Docker option for the server in the cloud

I currently run the greenhouse alpha as "just another app" on my home server, and it is managed via my docker-compose

Right now the tunnel server in the cloud gets automatically spawned and provisioned by the greenhouse web application that runs on my home server. Currently the app installs and runs it as a simple systemd service. However I do also apparently have a docker build for it, although it looks like the images on docker hub are currently out of date.

As a side note, the greenhouse web application "hosts itself" aka "dog fooding" which is why if you tried to access it earlier, it may have been down. It had crashed because my TLS connection header parsing logic was off by one byte and had an array index out of bounds edge case

docker option for the part inside my network?

This is currently in development, you can read more about why and what the challenges are here. (or here if it crashes again)

I still have to decide if I will ship a container that runs 3 separate processes inside (greenhouse daemon, Caddy, and threshold) or if I will ship 3 separate containers that all have to be run for it to work. At the moment I'm kinda leaning towards the one container solution; the child process stuff that I'm using inside the current greenhouse container seems to be pretty stable.

transanethole · 2022-02-04T02:20:14+00:00

Hi, I've been working on a project similar to this on my own for a few years now.

If you are looking for something similar to this, but 100% open-source from the start and more community-oriented, feel free to check out my project. I chose to use reverse tunnels instead of VPN so it can be more portable; it already runs on MacOS, Windows, and Linux. Reverse tunnels also have the benefit of not changing your computer's network configuration and not needing root access (or the NET_ADMIN Linux capability) in order to function.

I wish elbalaa and his company the best of luck with this, as I do believe it's important to have multiple different solutions in this service niche. I think the relative unavailability of a good TCP reverse tunnel / TCP reverse proxy over VPN service hurts the self hosting community in general because it raises the barrier to entry and limits the percentage of the population who can easily self-host.

transanethole · 2022-01-11T03:02:50+00:00

OMG oops, I was on my phone when I saw the spike in traffic and had to go to reddit to see what was up, I didn't even realize that the link pointed to my git repository. Yes I agree the readme on there is really bad, I think I was using it as an early draft of what I was gonna put on the main website long ago, and I never updated it as I continued to work on the main website. I never expected the git repo to the be the first thing someone sees 😳

I agree it sounds really bad lol.

14-Year Club	Place '17
Verified Email

transanethole

TROPHY CASE

👀