Imo it’s hosting stuff for yourself or your family. In cloud or closet. If you have an advanced nas and you set up shares so everyone in the house can use it, it’s self-hosted storage. If you set up an iCloud account its not. If you rent vps, manage firewalls and reverse proxies and host your stuff there it’s selfhosting. If you use digital ocean or aws and do it for yourself its selfhosting. Saas isnt self hosting
I do like it though and we ran a cluster for lab at work for a year or so
Linux knowledge is broader, especially since truenas went core. For most enthusiasts Linux gives more Google answers than bsd ones. Also the gui is harder to install for non paying users. Linux is even got gamers these days
You must be expert!
Based on what? The number of attacks you see thwarted by the shiny new update?
I’d say you keep at least one out-of-date honeypot, so you can get some hard data on how important those ai «updates» are
Custom onion protocols are a totally different thing though. Also my ISP don’t fulfil 3.2 of that paper.
I would guess using an app that fills up unused bandwidth over vpn could create a pretty steady stream of data not too far off these flowlet data.
From my understanding this taranet would be kinda like a vpn, with an ingress endpoint and egress endpoint. If this all powerful ISP can watch both endpoints would it not be able to trace you outside of the taranet network?
I wont claim this gives protection without analysis of the data they create. But if «they» can «deep packet inspect» my https traffic what makes vpn any different? If “they” have capabilities to trace my packets outside of their own network too that means they can follow me through the vpn server too.
Probably cheaper to just ask mossad for the vpn logs though.
Fake traffic has been used by military equipment for at least 25 years for obscuring real traffic.
Depends on what you’d want. A dockerfile defines how the image is built. If you want to mimic this then you need scripts.
But I think you could benefit from learning how docker works from the ground up if you want to recreate docker inages in lxc.
Better use is a dedicated docker host (a vm) and run your non-docker on lxc. Treat lxc as a minimal vm for one ( or a few) services/apps per lxcontainer
That depend on how much work you have to do to keep it working.
Let’s take a fairly common webserver like Caddy. Now you can install this through docker, or natively on linux.
If the app only exists as docker image then it cones down to your ability or recreating what the dockerfile does to get it installed on your lxc container.
Fun fact: early editions of docker used lxc for its containers.
Lastly there is podman that some people love for container management. It’s not my cup of tea, but it might fit you.
Install on a vm though, not lxc
Backup of docker would either be full host - for a simple and inflexible setup, or you do data and config backup (volumes mounted in docker), and rely on docker rebuilding the images.
This last type is more overhead in configuration of backup, but you can restore your containers on any host, individually
There are big differences between these two technologies. LXC is closer to a virtual machine than a docker setup. You could mimic most of a dockerfile if you wanted, but it’s not a replacement.
Most of us will use a mix og docker-hosts(vm’s running docker) and lxc. Reasons for this is that some stuff is easier to maintain in docker as it’s the preferred release channel.
You can also move vm’s to other datacenter hosts if needed - and with shared storage this is quick and mean no downtime. Lxc are stuck on the host.
So someone is paying - theres allways a cost
Like most things in life theres no free cpu cycles. They all have a cost somehow
OOM_DISABLE on $PID or echo -17 > /proc/$PID/oom_adj
Or you can use something like caddy that will set up certs automatically using tls-alpn-01 challenge, so no need for dns challenge .
Perhaps you can rewrite but that would have to include both ways + html source.
Best bet is serve at what path it prefers or can be configured to
I like caddy for flexibility and ease with handle_parh. I believe there was some example on the tailscale website for a tcp caddy proxy.
Some sites cant be rewritten and have to be served on their expected path. Like some http file will refer to a css or something with absolute path.
Also you can get chatgpt or similar help you and ask it to explain whats being done and why. Just be stern and let it know what you’re using for software + versions. They know a lot of old shit too these LLMs
It can be done but I’d advice to rather set up a reverse proxy and funnel that. Then set up your reverse proxy accordingly.
Issue with the funnel is that its reverse proxy is a bit limited in rewriting. So if your service has a native url of 127.0.0.1:8000/service1 then you serve it under /service1
If you have several services that expects to be served at root you might find it difficult to do this way. Some services might have “url/path” option in config for this purpose. In that case you enter the url you want to use for your service and it will behave.
What a shitty website - i cant make it past the «we will track all kinds of shit from you»