More adventures in self-hosting the fediverse
from ragingHungryPanda@piefed.keyboardvagabond.com to selfhosted@lemmy.world on 06 Aug 13:41
https://piefed.keyboardvagabond.com/post/24434

Usually I post updates like these on my gotosocial account, but my computer/server is at my parents house and their modem has been having a moment for the past day and a half and they’re not the best sys-admins. I have more posts and updates that would normally be found on mastodon, but again - parents modem haha.

Anyway, for background I’ve been renting a couple of VPS servers out of the Netherlands and I’m running Talos OS and kubernetes. I’m in the works of standing up some digital-nomad / backpacker oriented instances called “keyboardvagabond.com” and eventually I’ll get a landing page, etc. There’s still more work to do before going live even though the services are running.

The lates bit of work came after a meetup at my job where no one came for official discussion, so we talked about self-hosting. I was strongly encouraged to get off of using external-dns and dns routing to use Cloudflare’s tunnels instead. I had avoided them because I felt a bit intimidated. I got the first test pod running in like 15 minutes and then began migrating all of the application endpoints. I still need to seal off the k8s and talos ports, for which I might use warp.

The adventure part came to me realizing that I wasn’t pulling in images on the piefed instance, so I figured that something was wrong. I checked k9s and there was about 50 cron jobs the send queue all in ImgePullBackoff. When I migrated harbor registry, I just went to the landing page, but didn’t sign in. It took a bit of figuring things out, but I had to switch the backend in nginx to use https, port 443, and tls no verify, then change cloudflare to use HTTPS with a different host name than a host name for a specific pod (the new one is harbor-registry.harbor-registry.svc.cluster.local:443).

Anyway, it’s all working now and the jobs slowly cleaned up, but it’s fun seeing that the latest jobs can’t be made due to “not enough memory” (crying with sunglasses emoji here). The piefed-worker pod is screaming along at its maximum of 1cpu core and 60% maximum memory, so it’s all looking good.

Edit

Event MORE fun in self hosting. The ISP blocked my ports! Thankfully I was talking with my manager about cloudflare tunneling. I just moved my domain names over to cloudflared and everything is back up again. Took about an hour or so to migrate everything.

#cloudflare #fediverse #harbor-registry #keyboardvagabond #kubernetes #selfhost #selfhosted

threaded - newest

poVoq@slrpnk.net on 06 Aug 13:47 next collapse

Selfhosting and using the centralized MitM service from Cloudflare seems directly contradictory to me 🤷

non_burglar@lemmy.world on 06 Aug 14:43 next collapse

You’re free to have that opinion, and I share it personally.

However, self-hosting doesn’t have to be all-or-nothing, and some ppl have requirements that make cloudflare a sensible option.

ragingHungryPanda@piefed.keyboardvagabond.com on 06 Aug 16:31 collapse

the ISP blocked my ports and cloudflare got me around it. I'll accept the compromise ;)

poVoq@slrpnk.net on 06 Aug 16:43 next collapse

There are other options to achive the same goal 🤷

rtxn@lemmy.world on 06 Aug 21:52 collapse

Please share those options, don’t keep them secret.

poVoq@slrpnk.net on 06 Aug 22:38 next collapse

Rent a cheap VPS and run Wireguard on it.

lepire@lemmy.world on 06 Aug 23:03 collapse

Pangolin also potentially relevant

possiblylinux127@lemmy.zip on 06 Aug 22:15 collapse

Just use a VPN tunnel

It actually isn’t bad to setup

possiblylinux127@lemmy.zip on 06 Aug 22:15 collapse

Please don’t expose things to the internet

3dcadmin@lemmy.relayeasy.com on 07 Aug 12:21 collapse

Using Cloudflare so they aren’t

possiblylinux127@lemmy.zip on 07 Aug 14:48 collapse

They are though

Putting Cloudflare in between can help but it is certainly not a silver bullet. You are still putting it on the public internet. (Unless Cloudflare has some sort of authentication that I’m unaware of)

3dcadmin@lemmy.relayeasy.com on 07 Aug 16:22 collapse

Cloudflare tunnels so yes it does, as long as you do it right.