skorous
skorous
About
- Username
- skorous
- Joined
- Visits
- 15,904
- Last Active
- Roles
- Member, OG, Senpai
- Thanked
- 1431
Comments
-
I wonder if something like https://github.com/StreisandEffect/streisand might work for you. It's a bit heavier than some of the simple Wireguard install scripts but it sets up a couple different vpn/proxy methods as well as different user profiles a…
-
(Quote) I was going to argue relevancy but since you specified "old and unpatched stuff" I figured learning the wrong way to do things was kinda on target. :P
-
(Quote) If you're not using the caching pieces of nginx I they're about the same and personally I find HAProxy config files easier to read.
-
I'm used to doing it with dedicated certs but there are documents on how to set it up with HAProxy. Didn't look too bad to do but I, uh, might've cheated and used my webhost to create a wildcard. I'm waiting to see if when they renew it I have to re…
-
(Quote) Something like this: frontend https bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem acl sonarr_url hdr_beg(host) sonarr. acl radarr_url hdr_beg(host) radarr. acl lidarr_url hdr_b…
-
(Quote) You use SNI and set up ACLs to route traffic via the http header.
-
(Quote) What do you mean only works for non-ssl?
-
(Quote) Both his frontend and backend are running in tcp mode so ... ( confused) there's ... nothing injecting an x-forward-for header. Umm, is option forwardfor even valid in tcp mode? I just accepted you needed tcp mode and didn't question it.
-
I'm not an HAProxy expert but I don't think there's an easy way to do that with straight TCP requests. There's just no provision for it in TCP. There is the PROXY protocol if your application supports it but I'm not sure what services do to be hon…
-
(Quote) Guessing he tried.
-
(Quote) Please, please, PLEASE let it be this.
-
(Quote) And Higher Ed.
-
(Quote) It better be otherwise I don't know what I'm paying him for. Um, I mean .... followed.
-
In case there's any left. Thanks for the giveaway! 0b0d5a301a8b3aa21bc9717c63888021
-
It's a fairly new. Came online around the same time as Japan and Italy I believe.
-
(Quote) To be fair, what they claim and what actually happens in practice don't always coincide. Unless they plan for drone strikes to take out a corporate office it may be unenforceable.
-
(Quote) Now that's what I call a collision domain.
-
(Quote) Operative word being safer. Anytime you eliminate a substantial portion of bad actors you are safer - just not safe. The same way taking an armored car to work while wearing riot gear makes you safer. It just makes no difference when you get…
-
Just so the question has been asked, this is the same OS just migrated over to the new OVZ7 node or were you re-provisioned?
-
Ah, so iptables as a whole does work. Just the string matching doesn't. ( Edited: because I didn't read the whole post )