cross-posted from: https://lemmy.blahaj.zone/post/16452222

Hello friends, I've been pulling my hair out trying to figure out how to get my service to properly play well with traefik.

My service is reachable at <host>/dnd-notes/page, but the service needs to fetch additional resources and fails to do so.

IE: user navigates to <host>/dnd-notes/foobar

foobar loads. foobar fetches <host>/.client/main.css foobar fails to find this resource.

Here is my static configuration:

## traefik-static.yml
providers:
  docker:     
    exposedByDefault: false
    
api:
  insecure: true
  dashboard: true

entryPoints: 
  web:
    address: :80
  websecure:  
    address: :443
    
log:
  level: DEBUG

Here is my compose:

services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/traefik.yaml:/etc/traefik/traefik.yaml"

  silverbullet:
    image: zefhemel/silverbullet
    container_name: "dnd-notes"
    volumes:
      - './dnd-notes/space:/space'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dndnotes.rule=PathPrefix(`/dnd-notes/`)"
      - "traefik.http.routers.dndnotes.service=dndnotes"
      - "traefik.http.routers.dndnotes.entrypoints=web"
      - "traefik.http.routers.dndnotes.middlewares=dndnotes_stripprefix"
      - "traefik.http.services.dndnotes.loadbalancer.server.port=3000"
      - "traefik.http.middlewares.dndnotes_stripprefix.stripprefix.prefixes=/dnd-notes"

I will start first

• I didn't notice my diy NAS motherboard had Pci-E Gen 2.0 (old gen) before buying it. It's not a great limitation (still 500MB/s) for the two spinning disks I have on it, but it'd be if I will decide to switch to SSDs
• I cheaped out on the PSU. I bought another one without waiting for that crap to burn down so I eventually spent more
• I often break the software. Sometimes I kill the OS or mess with some BTRFS pools

Sometimes I just feel not adequate for it. Does this kind of things happen to you too?

First, thank you in advance.

I'm having trouble with exposing my server, I think what I need is a better understanding, as opposed to technical help (though that would be appreciated)

At the moment I'm using the linuxserver.io suite of applications. I've got SWAG set up with DuckDNS, and I'm trying to set up Jellyfin and other applications. (they're all in the same compose.yaml).

I can access my applications on an external network via <user>.duckdns.org:<port> and it works fine (but no https).

Within my home network I can access jellyfin.<user>.duckdns.org - the https is valid and everything is working fine.

I suspect this means my router is not set up correctly? I'm using OpenWRT. What am I doing wrong?

This is more "home networking" than "homelab," but I imagine the people here might be familiar with what in talking about.

I'm trying to understand the logic behind ISPs offering asymmetrical connections. From a usage standpoint, the vast majority of traffic goes to the end-user instead of from the end-user. From a technical standpoint, though, it seems like it would be more difficult and more expensive to offer an asymmetrical connection.

While consumers may be connected via fiber, cable, DSL, etc, I assume that the ISP has a number of fiber links to "the internet." Those links are almost surely some symmetrical standard (maybe 40 or 100Gb). So if they assume that they can support 1000 users at a certain download speed, what is the advantage of limiting the upload? If their incoming trunks can support 1000 users at 100Mb download, shouldn't it also support 1000 users at 100Mb upload since the trunks themselves are symmetrical?

Limiting the upload speed to a different rate than download seems like it would just add a layer of complexity. I don't see a financial benefit either; if their links are already saturated for download, reducing upload speed doesn't help them add additional users. Upload bandwidth doesn't magically turn into download bandwidth.

Obviously there's some reason for this, but I can't think of one.

Has anyone else been called crazy for home-labbing front facing stuff?

I've always had this mindset of asking, "What am I really getting out of this?" But when it came to the internet and what I posted, I held onto a bit of innocence. Over the past two years, though, that innocence has been chipped away, but I think I’ve managed to reclaim it.

I don’t fault for-profit companies like Reddit for monetizing content; honestly, it was my own oversight for not reading the terms of service carefully. But since then, I’ve realized just how much I’ve unknowingly contributed to other projects for free.

There’s nothing inherently wrong with that, but does anyone else ever feel a bit... exploited?

It’s like when a recruiter asks for a .docx version of your resume instead of the .pdf I provide. Maybe it’s just to block your contact details, or maybe there’s something more dubious at play. I’ve experienced both, and each time, I’ve ended up feeling a bit... used.

Now, when a recruiter asks for a .docx , I ask them why. If it’s to hide contact details, I send an anonymized version. If they want to trim it down to two pages, I direct them to the summary section on my professional website. And if they want to add their bits to it, I guide them to my website, where they can explore my detailed posts.

For me, it’s about reclaiming control over what I’ve shared.

I was talking to someone about this recently, and they mentioned that they like to post everything on GitLab to showcase what they’ve been working on. But honestly, it’s just not the same as self-hosting your own Gitea or GitLab instance. But this guy thought I was crazy for hosting a single instance GitLab.

Okay so take X, for example. There, could have a super locked-down account like I do here, only contributing to communities when I want to by directly tagging them, but otherwise just using it as a personal journal like my Mastodon, but it’s just not the same. When X started monetizing posts, the platform's objective changed.

I don’t mind 'for-profit,' but when it’s driven by short-term gains like a monetized post, eventually all engagement is funneled towards that. It ends up feeling like you’re writing in someone else’s diary. That you tailor for engagement.

It’s also about the love of tinkering.. breaking things, fixing them, and getting everything back up to spec. It’s about embracing the original idea of the internet: a decentralized space where anyone can contribute, without your work being exploited.

It’s your own little corner where you can post whatever you want, for whomever you want. A Jellyfin server for my partner, a portfolio for the hiring manager, a GitLab for my playground. Enjoying the freedom to experiment without an ops exec pulling their hair out.

It's kinda magical.

Footnote: This is my first post to this community, if this post isn't a good fit, please let me know and I'll gladly adjust or remove it.

Tags for Federation: @homelab

#homelab #macroblog

I've been using PFSense for years, and it's been pretty great, but I also have some friends who are homelabbers that like their Unifi setups.

What do you guys prefer, and why?

I was gifted a new Raspberry Pi. I already have a previous pihole setup and now looking for other ideas to run on my network.

I was considering a network monitoring tool. Any other suggestions?

Is it possible to have about 4 PoE cameras attached to a PoE switch in a network closet which will be trunked to a L3 switch where the NVR will be also attached too?

Or would it be better practice to home the NVR in the network closet to supply the power natively.

A few months ago, I upgraded all my network switches. I have a 16-port SFP+ switch and a 1GB switch (LAGG to the SPF+ with two DACs). These work perfectly, and I'm really happy with the setup so far.

My main switch ties into a remote switch in another building over a 10Gb fiber line, and this switch ties into another switch of the same model (on a different floor) over a Cat6e cable. These switches are absolute garbage: https://www.amazon.com/gp/product/B084MH9P8Q

I should have known better than to buy a cheap off-brand switch, but I had hoped that Zyxel was a decent enough brand that I'd be okay. Well, you get what you pay for, and that's $360 down the toilett. I constantly have dropped connections, generally resulting in any attached devices completely losing network connectivity, or if I'm lucky, dropping down to dial-up speeds (I'm not exaggerating). The only way to fix it is to pull the power cable to the switch. Even under virtually no load, the switch gets so hot that it's painful to touch. Judging from the fact that my connection is far more stable when the switch is sitting directly in front of an air conditioner, that tells me just about all I need to know.

I'm trying to find a pair of replacement switches, but I'm really striking out. I have two ancient Dell PowerConnect switches that are rock solid, but they're massive, they sound like jet engines, and they use a huge amount of power. Since these are remote from my homelab and live in occupied areas, they just won't work. All I need is a switch that has:

• At least 2 SFP+ ports (or 1 SFP+ port for fiber and a 10Gb copper port)
• At least 4 1Gb ports (or SFP ports; I have a pile of old 1GB SFP adapters)
• Management/VLAN capability Everything I find online is either Chinese white-label junk or is much larger than what I need. A 16-port SFP+ switch would work, but I'd never use most of the ports, and I'd be wasting a lot of money on overkill hardware. As an example, one of these switches is in my home office; it exists solely so I have a connection between my server rack, two PCs, and a single WAP. I am never going to need another LAN connection in my home office; any hardware is going to go in the server rack, but I do need 10GB connectivity on at least one of those PCs.

Does anyone have a suggestion for a small reliable switch that has a few SFP+ ports, is made by a reputable brand, and isn't a fire hazard?

In the past, I've used nessus for vulnerability scanning my lab, but as my service count has grown, the 16 IP limit is becoming a little unwieldy.

Is anyone able to recommend an alternative that fits at least most of the requirements I have?

• Free (preferably in both senses of the word)

• Doesn't use Docker, even if containerized, I'd prefer to avoid having my scanner share a host with another service... and I'm not incredibly well versed with Docker

• Scans multiple systems (I tried Trivy, but as far as I can tell it only scans the system you install it on)

• Has a webui for management of scans

Alternatively, if anyone is willing to lend some advice for the configuration of Wazuh... I deployed the service months ago with the expectation that it could be used for vulnerability scanning (the Dev was in a few reddit threads suggesting that it had the capability), but i haven't been able to configure it properly.

I appreciate any advice people are willing to offer!

Edit: fixed formatting