• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: October 8th, 2023

help-circle


  • My primary ‘backup’, or easy recovery method is that I use ZFS, and take snapshots via sanoid frequently. I have a mydumper jump making backups of my mariadb server. I use syncoid to doing sends to external storage. So most things can just be fixed by copying the files from an older snapshot.

    I also have a completely separate backups of my system made using borg to storage I have at borgbase.com, but this only happens a couple times a week, and is only my ‘important’ data and not large things like downloaded video/music/etc. I am thinking about switching borg out for restic though, since restic is also compatible with borgbase.


  • There are risk, that a newer version of an image will accidentally, break things, apply breaking changes and so on.

    Good, frequent, tested backups, could be a mitigation to this. If an image breaks, you just restore your data from the backup, and pull the older image.

    I use the klausmeyer/docker-registry-browser, and that recently broke, but it just needed me to provide an additional configuration variable.

    I use advplyr/audiobookshelf, which upgraded to a different database engine and schema a couple months ago. For some small subset of people (including me) the migration to the new database didn’t go well. But I had a backup from 6 hours before the update, so restoring and then using the older image until the fixes were released was easy.

    Even with the occasional issues I prefer letting watchtower automatically update most of my images for my home. I don’t really want to spend my time manually applying updates when 98% of the time it will be fine. But again, having a reliable and tested backup system is an essential part of why I am comfortable doing this.



  • Well enterprise content filters are able to do something like this.

    I don’t know of any set of tools that would give you a full setup, but you would probably need to start doing the same kind of setup as a squid+squidguard content filter. You have to run it in interception mode, which means generating and distributing your own CA.

    After you get all that configured, you swap out the squidguard with some magical tool that does content editing.


  • From the perspective of the stuff you are transporting over the VPN tunnel or ssh proxy. There is not much difference. The payload is encrypted and can’t be seen in transit assuming the underlying VPN, or SSH tunnel is secure.

    There are functionality difference. For an SSH proxy, you have to be able to use a different IP port, or you have to use a browser and configure a SOCKS proxy.

    There are potential performance differences. Last time I tried using them for large transfers, I found the performance over a SOCKS via ssh tended to kinda suck. At least compare with a transfer over a VPN. It is possible this had nothing to do with SSH, and was problems with the browser I was using at the time. But this might not matter much for your usage.

    How things could potentially leak might be different with a proxy. Depending on how you configure SSH and the implementation, your DNS might be resolved on your original DNS servers, or via the tunnel.