sunset at Minehead

Matt The Horwood@lemmy.horwood.cloud · 6 hours ago

I have my portainer behind an oath proxy, using keycloak as the Auth provider

Matt The Horwood@lemmy.horwood.cloud · 1 day ago

I would have a cron that runs a script to pull the list and update IPset, this might not work.

make a file on your docker server with the below in it, set the file to execute chmod +x file.sh

#!/bin/sh
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

Then add a cron file in /etc/cron.d that runs the script every 24 hours

10 3 * * * root /root/file.sh

Matt The Horwood@lemmy.horwood.cloud · 1 day ago

Some thing like this

iptables -I DOCKER-USER -m set --match-set ipsum src -j DROP

Should do what you need

Matt The Horwood@lemmy.horwood.cloud · 1 day ago

I use pihole as my home DNS to do that

Matt The Horwood@lemmy.horwood.cloud · 3 days ago

not sure your example domain is the best, can you lookup hrowood.biz?

Matt The Horwood@lemmy.horwood.cloud · 3 days ago

this might be what your looking for -> https://docs.pi-hole.net/guides/dns/unbound/

Matt The Horwood@lemmy.horwood.cloud · 6 days ago

noted

Matt The Horwood@lemmy.horwood.cloud · 6 days ago

This is now sorted - https://forum.proxmox.com/threads/upgrading-pve-tries-to-remove-proxmox-ve-package.149101/post-675259

Matt The Horwood@lemmy.horwood.cloud · 6 days ago

not tested this, but you might want to look at DHCPv6 Relay to get an IP from your ISP router

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

He needs to get in the ocean, I don’t want windows. If I did, I would install windows.

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

Ok, Aws is 24/7. But they will just help you spend even more money

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

Quick do a polybridge and get it on the RCE YouTube channel

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

That also featured on the RCE YouTube channel

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

That’s just like Aws, you pay for better and longer support. But they don’t make it clear support is only 9-5

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

That is true of any hosting provider, I have backups backblaze.

Matt The Horwood@lemmy.horwood.cloud · 10 days ago

Nextcloud deck, with the mobile app

Matt The Horwood@lemmy.horwood.cloud · 11 days ago

Have checked out OVH yet?

Have a VPS and a dedi with them

Matt The Horwood@lemmy.horwood.cloud · 15 days ago

If your looking to allow that kind of traffic in and out of opensense, then yes if you use it. Just be mindful of what you need and only allow that in, outbound is normally everything.

Matt The Horwood@lemmy.horwood.cloud · 21 days ago

That’s not container orchestration, that’s infrastructure orchestration. Depending on your use case docker swarm could just the right tool for the job.

You’ve been using Aws and they will happily let you add more nodes to your container runner of choice

Matt The Horwood@lemmy.horwood.cloud · 21 days ago

not sure I understand you, in docker swarm your containers are started on n number of works from a single compose file on a manager. you can add any number of work nodes to scale your service as needed