In-reply-to » i'm pretty sure i'm running this all off sqlite so if i get too many users on here i might be cooked but oh well i can always try to migrate (<-- has heard migrations from sqlite to mysql/postgres are hell)

@movq@www.uninformativ.de ooooh interesting!!! i am a mysql liker because postgres syntax confuses me (i know its faster but whatever) but i will look into this…

⤋ Read More
In-reply-to » i'm pretty sure i'm running this all off sqlite so if i get too many users on here i might be cooked but oh well i can always try to migrate (<-- has heard migrations from sqlite to mysql/postgres are hell)

@kat@yarn.girlonthemoon.xyz I think it is kind of impossible to switch from sqlite to Postgres. I have run GtS on sqlite from get go, no issues. Granted, single user instance, but still…

⤋ Read More

my fucking second drive for plex isn’t auto mounting with fstab on reboot for some reason and i keep accidentally discovering this it’s super annoying

⤋ Read More
In-reply-to » @kat i'm reading this and i already have a gts server that i could secure with this but i'm thinking it'd be best for most of my public sites https://ovelny.sh/blog/a-complete-guide-for-your-gotosocial-server/

@kat@yarn.girlonthemoon.xyz wow, thanks for sharing that guide! I have now used it on my better tuned instance. Woot!

⤋ Read More

i’m pretty sure i’m running this all off sqlite so if i get too many users on here i might be cooked but oh well i can always try to migrate (<– has heard migrations from sqlite to mysql/postgres are hell)

⤋ Read More
In-reply-to » i thought about making a chill little vlog putting together my new pi4 for KVM purposes but unless i make it go fast somehow i'd probably quickly exceed the 30 mins on the last mini DVD i have for recording lol

@kat@yarn.girlonthemoon.xyz i still need to put it together so either i’ll do it off camera or i’ll wait till i get my memory card

⤋ Read More

i thought about making a chill little vlog putting together my new pi4 for KVM purposes but unless i make it go fast somehow i’d probably quickly exceed the 30 mins on the last mini DVD i have for recording lol

⤋ Read More
In-reply-to » hmmm i really should set up crowdsec and maybe a WAF like coraza or something. i don't look at my logs as much as i should because they scare me and ignorance is bliss but i should probably cut out as much false traffic as possible especially to my biggest site (superlove)

@kat@yarn.girlonthemoon.xyz i’m reading this and i already have a gts server that i could secure with this but i’m thinking it’d be best for most of my public sites https://ovelny.sh/blog/a-complete-guide-for-your-gotosocial-server/

⤋ Read More

hmmm i really should set up crowdsec and maybe a WAF like coraza or something. i don’t look at my logs as much as i should because they scare me and ignorance is bliss but i should probably cut out as much false traffic as possible especially to my biggest site (superlove)

⤋ Read More
In-reply-to » Any idea What's this "twtxtfeevalidator/0.0.1" UA about? I thought I could ask before throwing a 1000GB file at it 🪤 could it be the same 'xt' thing @lyse was talking about the other day?

OHHH THIS IS EPIC YALL TY i’d love to try this!!!

⤋ Read More
In-reply-to » Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)

Hmm, yeah, I am doing something wrong. Same is happening with any site to which I apply the this.

Is there a reason you forked this from mholt? What was added, or changed? Your “Initial commit” throws an error.

⤋ Read More
In-reply-to » Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)

On a test I ran, with a static site that is a PWA, like this:

example.com {
        root * /web/example.com
        route / {
             rate_limit {path} 20r/m
             file_server
        }
}

It works (as limiting rate), but when rate isn’t reached, the page doesn’t render. Not sure what could be going on.

⤋ Read More
In-reply-to » Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)

Note for reference I was trying to write and fix this rule (fixed version below):

# Ignore Content-Type restrictions for Git
SecRule REQUEST_HEADERS:Host "@streq git.mills.io" "id:101,phase:1,t:none,nolog,ctl:ruleRemoveById=920420"

⤋ Read More
In-reply-to » Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)

I’ll try to add a README for caddy-waf soon™ (going back to bed now) at least document the customizations I’ve made to this WAF (which I forked from caddy-coraza)

⤋ Read More
In-reply-to » Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)

This is how I build my caddy:

proxy-1:~# cat build.caddy.sh
#!/bin/sh

xcaddy build \
	--with github.com/caddy-dns/cloudflare \
	--with github.com/caddyserver/cache-handler \
	--with git.mills.io/prologic/caddy-ratelimit \
	--with git.mills.io/prologic/caddy-waf
proxy-1:~#

⤋ Read More