shrugal

joined 1 year ago
[–] shrugal@lemm.ee 8 points 5 months ago* (last edited 5 months ago)

I agree with everyone here that self-hosting email is never easy, but if you still decide to go down this route then here are two tips that I personally found very helpful, especially when you decide to host it at home:

The first is to get an SMTP relay server. That's just another mail server that yours can log into to actually send its mail, just like an email client would. That way you don't have to worry about your IP's sending reputation, because everyone will only see the relay's reputable IP.

Second is to configure a Backup MX. That's an additional MX DNS entry with lower priority than the primary, and it points to a special mail server that accepts any mail for you and tries to deliver it to the primary server forever (or something like an entire week). So when your primary server is unreachable other sending servers will deliver mail to the backup, and it delivers the mail to the primary as soon as that's back online.

You can get these as separate services, but some DNS providers (like Strato for example) offer both with the base domain package. It makes self-hosting an email server much simpler and more reliable in my experience.

[–] shrugal@lemm.ee 23 points 5 months ago

Welcome to the Linux community. :)

You will probably never understand everything about Linux and all of its included and associated systems. That's completely fine, no one does! That's why we are many, and it's what asking for advice or help is for. You can just learn whatever interests you at your own pace, and know that there will always be interesting things you haven't seen yet.

[–] shrugal@lemm.ee 31 points 5 months ago

The thing is, Reddit also has money and lawyers. LW doesn't, so it's understandable that they play it safe imo.

[–] shrugal@lemm.ee 2 points 5 months ago (1 children)

Good to know I guess, but yea that's a bit too speculative for my taste.

[–] shrugal@lemm.ee 4 points 5 months ago* (last edited 5 months ago) (3 children)

Looks ok to me, what in particular do you take issue with?

[–] shrugal@lemm.ee 5 points 5 months ago* (last edited 5 months ago) (5 children)

This UsenetServer discount link gives you 1 trial month for $1, then $50/year after that, and includes a 1TB TweakNews block and a paid PrivadoVPN account.

[–] shrugal@lemm.ee 1 points 5 months ago

Completely agree! There are solutions for letting Lidarr download from Deezer and Tidal, but afaik no other music streaming services for some reason.

[–] shrugal@lemm.ee 3 points 5 months ago (1 children)

I'm transcoding everything to 320kbps MP3s. It's much much smaller than flac, and I can't hear the difference even if I try.

[–] shrugal@lemm.ee 2 points 5 months ago

Fedora, I usually wait 1-2 weeks for the last bugs to be found+fixed and extensions to catch up, and then just upgrade in-place. Haven't had a major upgrade problem for years now, it's mostly as smooth as any other offline update. And I don't feel like I have to reinstall the OS every few years on Linux either.

[–] shrugal@lemm.ee 15 points 6 months ago

One of us One of us One of us! :)

[–] shrugal@lemm.ee 6 points 6 months ago (1 children)

No! I prefer ______, and you are WRONG for thinking otherwise!

[–] shrugal@lemm.ee 9 points 6 months ago
 

Hey everyone,

My personal server of choice is a DiskStation right now, and I'm using the default reverse proxy for all my subdomains. I went through a few stages to secure them, and now that I'm finally finished (famous last words heh?!) I thought I'd document my approach and provide some configs and code. I've seen a few unanswered questions here and there about how to do this on Synology, so hopefully this helps a few people.

The guide covers limiting access to local IPs, as well as adding Basic or SSO authentication. The main goal is to integrate well with the GUI and access control profiles, and to leave all existing and autogenerated files untouched, so updates and changes via the GUI still work as expected.

Here is the basic idea:

The nginx server config is located in /etc/nginx/, and the reverse proxies are defined in the sites-available/server.ReverseProxy.conf file inside that folder. There's one server directive for every proxied site, and the DSM config adds a include .acl.<random string>.conf* directive if you set up an access control profile for a site. That * at the end there is crucial, because it means we can manually add more configuration files with the same prefix, and they will automatically be included and applied to all sites using this access control profile.

There are also include directives for the main and http scopes, as well as for the default DSM server directives. This means we can inject configurations in these places, just by adding correctly named files to the conf.d folder.

For Single Sign-On (SSO) authentication we run a Vouch-Proxy instance to handle the communication between nginx and the OIDC server. We also need to spin up another nginx reverse proxy and forward requests to it, because the built-in one doesn't support the required auth_request directive. Its container script just copies the default reverse proxy configuration with some modifications, and it is set up to reload whenenver the original file changes.

Link

 

So I know what AC3 means of course, but what does AC3D mean in some releases?

view more: next ›