Being concerned about security while using free VPN sounds like an oxymoron.

Wait. I got the format warning in caddy, so does this mean it could contain substantial error? I gotta check

Thanks! I gotta get my hands on Ansible, was reluctant as I’ve heard it can be complicated. Should see myself!

Codeberg sounds like a good way! I was concerned about server config being stored on self-hosted forgejo (which is configured by the very server config), turns out that need not be the case.

Fortunately my VPS (oracle) has set SSH authentication to be default. Disallowing root login sounds good, gotta try that as well.

Thanks, I will try fail2ban. I am using ED25519 for ssh keys, it seems like it’s the best defense on the ssh side. Do you happen to know why this kind of attack is so prevalent?

Thanks a lot! Geoblocking makes a lot of sense, will try!

Is there no tutorial for mapping docker compose into .container, .network, .volume file at all? That’s unbelievable, one would expect there surely is one.

Thanks, though Shorewall looks intimidating. Do you have any good resources to go over how to set it up?

It seems permanently unavailable, how did you get an instance?

Thanks, I am running rootful containers so I don’t think this applies.

Thanks, but I am worried about relying on small repo like this. EDIT: But it did made me realize Goodnotes support WebDAV, thanks!

Ah, this explains why linux kernel grew to be quite large. Thanks!

Same, I wonder how the economics work out.

I got

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
...
tcp       51      0 0.0.0.0:11000           0.0.0.0:*               LISTEN      155359/conmon

It is listening at the right port. But Recv-Q is nonzero, which seems quite strange.

Thanks for looking into it. I am not publishing any ports other than Caddy, and forgejo’s ssh port that I think cannot be forwarded. You mean I should block port 3000 from my VPS as well, right?

I am having trouble reading ss -nltp output, could you explain what each entry means?

Also I am concerned that allowing access to podman1 private network interface could be too permissive. How do you think?

Yes, they are running on the same server. I am hoping to communicate through host network, maybe that’s not working well

I am a male, yet I am weirdly offended by the adjective “female”…

Thanks a lot for on-point answer! I wish the answered in the issue wrote a blog post, it would have been of great help.

Thanks! Adguard seems like a good fit for me, gotta set it up soon.