overview for Ooops

Easiest distro for elderly parent in c/linux@lemmy.ml

[–] Ooops@feddit.org 0 points 2 days ago (1 children)

with Cinnamon DE: very Windows-esque UI

While I support the general advice, "very Windows-esque UI" is not a benefit for less tech-literate people. It's the former Windows-users that conditioned themselves to expect Windows UI with all it's shortcomings. The average elderly relative who doesn't use anything but ~3 pre-installed programs does not care normally and can get much eaiser and more intutive UIs than those close to Windows.

Does Arch or Cachy OS force you to keep up to date until your hardware cant match it? SOLVED in c/linux@lemmy.ml

[–] Ooops@feddit.org 8 points 2 days ago* (last edited 2 days ago)

Yes, the system expects regular updating. But Arch is entirely pragmatic. What has enough popularity and a mainainer to do the work will be kept in the repositories, even more if you include the AUR (also stuff moving between them when popularity and/or demand of packages changes). And because it is constantly moving on with new packages a lot is kept in parallel: There are a lot of packages in the repos in different versions, one being cutting edge, one being the lower version dependency for other packages not upgraded yet.

For reference: Yes, Arch for example expected you to update to the new open source NVIDIA drivers the day NVIDIA dropped the Volta, Pascal and Maxwell cards (GTX 1080 and below). But at the same moment the nvidia-580xx driver was introduced to the AUR, including explicitly being supported officially still. And the same happened every time a set of hardware got dropped (nvidia-470, nvidia-390, nividia-340), still kept unofficially for legacy reasons as long as it's technically feasible. So I can in fact still run graphics cards from 2006 20 years later...

Or for another example: Yes, Arch runs kernel 7.0.12 right now and updates the kernel on a weekly basis. Yet it also has the LTS version 6.18 (guaranteed to get support until end of 2028 upstream) fully supported in the repos. And again, including the AUR I can still run the oldest still officially supported (until end of this year) long-term-support Linux kernel 5.10.

And those are basically the most extreme examples in terms of losing support, one being the constantly developed core of the whole system, the other on proprietary drivers of a private company. Otherwise the amount of 1990s tech still support by Linux is actually insane.

Written on an ancient toaster (AMD FX series from 2011, gtx750ti from 2014, non-EFI motherboard) running Arch... which nowadays runs -given: older- games with better performance than years ago, because "the newest stuff" does introduce constant improvements and optimisation instead of new drains on your ressources like you are used to because they want you to buy new stuff.

where to buy large Tux sticker in Germany/Europe? in c/linux@lemmy.ml

[–] Ooops@feddit.org 5 points 1 week ago

While I understand the idea in general Tux, the penguin, is basically freely available, do whatever you want with it, and you are explicitly encouraged to integrate the design into Linux related projects... as long as you mention the author should someone ask (source)

I wouldn't even buy a pre-fabricated sticker but do one myself. But that wasn't the question...

PS: the Impressum here or here, down at the bottom labeled "Impressum"?

where to buy large Tux sticker in Germany/Europe? in c/linux@lemmy.ml

[–] Ooops@feddit.org 2 points 1 week ago* (last edited 1 week ago) (2 children)

https://www.linux-shop.info/aufkleber/maxi-aufkleber/maxi-sticker-tux-pinguin?number=LI18700.9

oder

https://www.linux-fan-shop.de/aufkleber/maxi-aufkleber/maxi-sticker-tux-pinguin?number=LI18700.9

Radicale: Can someone please offer any guidance on usage and security. Om abit lost in c/selfhosted@lemmy.world

[–] Ooops@feddit.org 2 points 1 week ago* (last edited 1 week ago) (2 children)

While you are right in general, you are just creating a file with a : line without any identifying context. So have fun searching the world for where I might have actually used it. Sounds like a really bad use of ressources to create list of passwords.

PS: Yes, as an Arch user I am still pissed that this tool is not available in the repos beside installing the complete Apache server...

Radicale: Can someone please offer any guidance on usage and security. Om abit lost in c/selfhosted@lemmy.world

[–] Ooops@feddit.org 2 points 1 week ago* (last edited 1 week ago) (7 children)

The options to password protect it are in the (usually /etc/radicale/)config file under [auth].

For proper security you could use

type = htpasswd

htpasswd_filename = /etc/radicale/users

htpasswd_encryption = bcrypt

then create a users file with apache tools (htpasswd -c -B users User1) or one of the million online htpasswd file creators.

*Permanently Deleted* in c/linux@lemmy.ml

[–] Ooops@feddit.org 1 points 2 weeks ago* (last edited 2 weeks ago)

You could click the link already provided above. Just the Table of Contents at the top gives you a good overview about issues with Brave without reading anything else...

debian 13.5, kernel Linux 6.12.90+deb13.1-amd64 and Dirty Frag (CVE-2026-43284, CVE-2026-43500). Do I need to patch? in c/linux@lemmy.ml

[–] Ooops@feddit.org 3 points 3 weeks ago (1 children)

upgrade to next kernel version != patch the kernel with backported security fixes

Systemd v261-rc1 is out with the 'birth date field' in c/linux@lemmy.ml

[–] Ooops@feddit.org 10 points 1 month ago* (last edited 1 month ago) (3 children)

Debian daring to suggest that using your real name to identify yourself on the system is a reasonable choice for most people. So get the torches and pitchforks...

Also don't tell those people about the fact that such fields for additional information (like real name, address etc) exist in most user-handling parts of their software since forever.

You get asked for your real name when creating a new user for longer than Linux even exists. It's just that noone actually cares. But now that's suddenly an horrific anti privacy policy because the narrative demand that it is.

Systemd v261-rc1 is out with the 'birth date field' in c/linux@lemmy.ml

What do you use for selfhosting cloud storage? in c/selfhosted@lemmy.world

[–] Ooops@feddit.org 2 points 1 month ago

Occasionally I need to run an “occ” command after an install to fix some indexes

That then fails and breaks it (in about 1 out of 3 cases). Which requires rolling back everything, running the commands again pre-update, then updating and praying to not have to do another re-install (~ 1 out of 5).

What do you use for selfhosting cloud storage? in c/selfhosted@lemmy.world

[–] Ooops@feddit.org 6 points 1 month ago* (last edited 1 month ago) (5 children)

I actually moved away from classical self-hosted cloud storage solutions after trying the usual suspects like opencloud, nextcloud etc.

And for me the time and effort (also the ressource-hogging if you don't use quite overpowered servers) just weren't worth it. Not when the used interfaces most of the time are open standards anyway and simpler solutions do the job:

Radicale for contacts and dates via a webdav subset. Webdav concidently being widely supported for integrating online storage into any filesystem (or as the backend for several other things like for example syncing my bookmarks over several devices and browsers). SFTP or the million tools being just a frontend for it.

One shiny platform like for example Nextcloud to do it all might be nice for a lot of users when they have someone dedicated to maintain it. But for selfhosting (as in: mainly for myself) the constant attention needed to fix stuff was quite tedious.

When I think of "Google Drive" or "Dropbox" alternatives nowadays it's just a drive hooked up to some low-spec device and accessed via one (or several) already existing open standards.

(Bonus point: that lost phone is simply cut off by deleting its keys - unlike so many dedicated platform where you have to manage -if you even can- multiple dedicated users and their rights just to easily separate your personal access from your devices that are by design not all equally secure.)

26

Need some ELI5 on proxy_pass in Nginx, in particular regarding having Anubis in the chain (feddit.org)

submitted 2 months ago* (last edited 2 months ago) by Ooops@feddit.org to c/selfhosted@lemmy.world

11 comments fedilink

As this will -thanks to me being quite clueless- be a very open question I will start with the setup:

One nginx server on an old Raspi getting ports 80 and 443 routed from the access point and serving several pages as well as some reverse proxies for other sevices.

So a (very simplified) nginx server-block that looks like this:

# serve stuff internally (without a hostname) via http
server {
	listen 80 default_server;
	http2 on;
	server_name _; 
	location / {
		proxy_pass http://localhost:5555/;
                \# that's where all actual stuff is located
	}
}
# reroute http traffic with hostname to https
server {
	listen 80;
	http2 on;
	server_name server_a.bla;
	location / {
		return 301 https://$host$request_uri;
	}
}
server {
	listen 443 ssl default_server;
	http2 on;
	server_name server_a.bla;
   	ssl_certificate     A_fullchain.pem;
    	ssl_certificate_key A_privkey.pem;
	location / {
		proxy_pass http://localhost:5555/;
	}
}
#actual content here...
server {
	listen 5555;
	http2 on;
    	root /srv/http;
	location / {
        	index index.html;
   	} 
    	location = /page1 {
		return 301 page1.html;
	}
    	location = /page2 {
		return 301 page2.html;
	}
        #reverse proxy for an example webdav server 
	location /dav/ {
		proxy_pass        http://localhost:6666/;
	}
}

Which works well.

And intuitively it looked like putting Anubis into the chain should be simple. Just point the proxy_pass (and the required headers) in the "port 443"-section to Anubis and set it to pass along to localhost:5555 again.

Which really worked just as expected... but only for server_a.bla, server_a.bla/page1 or server_a.bla/page2.

server_a.bla/dav just hangs and hangs, to then time out, seemingly trying to open server_a.bla:6666/dav.

So long story short...

How does proxy_pass actually work that the first setup works, yet the second breaks? How does a call for localhost:6666 (already behind earlier proxy passes in both cases) somehow end up querying the hostname instead?

And what do I need to configure -or what information/header do I need to pass on- to keep the internal communication intact?