from ragingHungryPanda@piefed.keyboardvagabond.com to selfhosted@lemmy.world on 06 Aug 13:41
https://piefed.keyboardvagabond.com/post/24434
Usually I post updates like these on my gotosocial account, but my computer/server is at my parents house and their modem has been having a moment for the past day and a half and they’re not the best sys-admins. I have more posts and updates that would normally be found on mastodon, but again - parents modem haha.
Anyway, for background I’ve been renting a couple of VPS servers out of the Netherlands and I’m running Talos OS and kubernetes. I’m in the works of standing up some digital-nomad / backpacker oriented instances called “keyboardvagabond.com” and eventually I’ll get a landing page, etc. There’s still more work to do before going live even though the services are running.
The lates bit of work came after a meetup at my job where no one came for official discussion, so we talked about self-hosting. I was strongly encouraged to get off of using external-dns and dns routing to use Cloudflare’s tunnels instead. I had avoided them because I felt a bit intimidated. I got the first test pod running in like 15 minutes and then began migrating all of the application endpoints. I still need to seal off the k8s and talos ports, for which I might use warp.
The adventure part came to me realizing that I wasn’t pulling in images on the piefed instance, so I figured that something was wrong. I checked k9s and there was about 50 cron jobs the send queue all in ImgePullBackoff. When I migrated harbor registry, I just went to the landing page, but didn’t sign in. It took a bit of figuring things out, but I had to switch the backend in nginx to use https, port 443, and tls no verify, then change cloudflare to use HTTPS with a different host name than a host name for a specific pod (the new one is harbor-registry.harbor-registry.svc.cluster.local:443).
Anyway, it’s all working now and the jobs slowly cleaned up, but it’s fun seeing that the latest jobs can’t be made due to “not enough memory” (crying with sunglasses emoji here). The piefed-worker pod is screaming along at its maximum of 1cpu core and 60% maximum memory, so it’s all looking good.
Edit
Event MORE fun in self hosting. The ISP blocked my ports! Thankfully I was talking with my manager about cloudflare tunneling. I just moved my domain names over to cloudflared and everything is back up again. Took about an hour or so to migrate everything.
#cloudflare #fediverse #harbor-registry #keyboardvagabond #kubernetes #selfhost #selfhosted
threaded - newest
Selfhosting and using the centralized MitM service from Cloudflare seems directly contradictory to me 🤷
You’re free to have that opinion, and I share it personally.
However, self-hosting doesn’t have to be all-or-nothing, and some ppl have requirements that make cloudflare a sensible option.
the ISP blocked my ports and cloudflare got me around it. I'll accept the compromise ;)
There are other options to achive the same goal 🤷
Please share those options, don’t keep them secret.
Rent a cheap VPS and run Wireguard on it.
Pangolin also potentially relevant
Just use a VPN tunnel
It actually isn’t bad to setup
Please don’t expose things to the internet
Using Cloudflare so they aren’t
They are though
Putting Cloudflare in between can help but it is certainly not a silver bullet. You are still putting it on the public internet. (Unless Cloudflare has some sort of authentication that I’m unaware of)
Cloudflare tunnels so yes it does, as long as you do it right.