Perhyte

@Perhyte@lemmy.world

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

Perhyte , (edited )

It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware.

For TLS-based protocols like HTTPS you can run a reverse proxy on the VPS that only looks at the SNI (server name indication) which does not require the private key to be present on the VPS. That way you can run all your HTTPS endpoints on the same port without issue even if the backend server depends on the host name.

This StackOverflow thread shows how to set that up for a few different reverse proxies.

Perhyte ,

If there happens to be some mental TLS handshake RCE that comes up, chances are they are all using the same underlying TLS library so all will be susceptible…

Among common reverse proxies, I know of at least two underlying TLS stacks being used:

  • Nginx uses OpenSSL.
    • This is probably the one you thought everyone was using, as it's essentially considered to be the "default" TLS stack.
  • Caddy uses crypto/tls from the Go standard library (which has its own implementation, it's not just a wrapper around OpenSSL).
    • This is in all likelihood also the case for Traefik (and any other Go-based reverse proxies), though I did not check.
Perhyte ,

Then they probably wouldn't say it was okay to make another alt though.

Perhyte ,

This is probably the only type of rules violation that could be fixed by creating another account, so this was exactly my thought.

Perhyte ,

Small correction: Pi lies between 2^1 and 2^2, so its floating-point exponent is 1. With all the mantissa bits cleared you'd be left with 1 * 2^1, not 1 * 2^0.

Perhyte ,

It's nice in theory, but I've had very little luck using it for the last few days.

I wouldn't be surprised if whatever instances it picks to send people to are soon afterwards rate limited because demand is too high relative to supply.

Perhyte ,

Assuming they went to signed 64-bit time, it should be about 3:28:32 pm UTC on Sunday, December 4, 292277026596. Yes, that last number is a year.

Perhyte ,

!distrohopping - no posts yet though.

Perhyte ,

I believe so, but in addition it is also a "the original meaning of 'barbarian' is non-Greek person" joke.

Perhyte OP ,

I do have some good news on the dotted letters being friends though: ij is considered a single letter in Dutch. Go ahead, try selecting just one of them there.

The same is of course true for the upper-case variant IJ, but that form unfortunately leaves out the dots.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •