![](https://lemmy.procrastinati.org/pictrs/image/53aafb94-bd8e-4148-ba86-03fb455cd8e4.jpeg)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
DDOS protection is going to depend on the VPS. But for most services you could spin up a pretty lean Debian vm running a proxy like nginx proxy manager and run that over the tunnel. Something like opnsense seems like overkill.
Mastodon: @SeeJayEmm@noc.social
DDOS protection is going to depend on the VPS. But for most services you could spin up a pretty lean Debian vm running a proxy like nginx proxy manager and run that over the tunnel. Something like opnsense seems like overkill.
Still are if you don’t buy a select a size roll.
I gave it the old college try about 6 months ago. Found out how to send the req for a subnet to my ISP. Configured my opnsense. When it worked, it worked. But it would randomly stop routing regularly. After a lot of troubleshooting determined it was the isp and have up.
Maybe I’ll try again in another 6 months.
I also have one of these old Google apps accounts. I wish they would accidentally delete it so I could get the last couple stragglers off and take my domain elsewhere.
I’m fond of Beekeeper Studio and a sqlite DB.
However, if my VPS is compromised, wouldn’t the attacker still be able to access my local network?
That depends on your setup. I terminate my wireguard tunnels on my opnsense router, where I have explicit fw rules for what the vps hosts can talk to.
I’m using CheckMk for pretty much all of that. Personally I found zabbix to have too much overhead.
No but less power hungry than a full desktop. It’s a good trade-off between power and performance.
If you want the small footprint and power costs are a concern, look for a second hand mini computer. Dell, Lenovo, Intel nuc.
Something like this as an example.
I think that’s illegal in some places, like California and the EU.
Then you didn’t understand how the system uses swap.
I just wanted to say I loved your analogy.
Thanks I may give it a try if I’m feeling daring.
Media should exist in its own with a tuned record size of 1mb
Should the vm storage block size also be set to 1MB or just the ZFS record size?
That cheat sheet is getting bookmarked. Thanks.
I’m referring to this.
… using grub to directly boot from ZFS - such setups are in general not safe to run zpool upgrade on!
$ sudo proxmox-boot-tool status
Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace..
System currently booted with legacy bios
8357-FBD5 is configured with: grub (versions: 6.5.11-7-pve, 6.5.13-5-pve, 6.8.4-2-pve)
Unless I’m misunderstanding the guidance.
Proxmox is using ZFS. Opnsense is using UFS. Regarding the record size I assume you’re referring to the same thing this comment is?
You can always find some settings in your opnsense vm to migrate log files to tmpfs which places them in memory.
I’ll look into this.
I’ve done a bit of research on that and I believe upgrading the zpool would make my system unbootable.
I mean, if you spent the kind of scratch on an android phone you would on an iPhone and then not fuck around with it, you’d have a similar experience on Android.
Years ago I used to flash roms and generally tinker until I decided I needed my phone to be stable and stopped. My Note 20 is polished and stable, no complaints.
My wife has always had iPhones. I’ve used both and find iOS frustrating. These days, unless you’re scraping the bottom of the barrel, it’s mostly about comfort and preference.