They are also, apparently, banning users that have never been to their instance.

That’s literally impossible; every action taken has to be against an entity known to the instance. However, I can ban people from communities that have never posted there (which is what you’re seeing). That is to close a loophole where someone is instance banned here but can still interact with the local copies of communities on their home instance.

In such a case, those local interactions would not be moddable on that instance except by the admins. Any reports for that user would not be seen by the mods on my instance, and no mod actions could be taken by them. I think 0.19.4 or 5 addresses that, but that’s’ not the version we’re on right now, so this is how we’re handling that.

Is .ca running a similar poll? Because I feel like they’re the ones that are getting the short end of that stick.

Usually soft guitar instrumentals:

Playlists:

• Andy McKee
• Antoine Dufour

:sigh: So i’ll just put all the cards on the table here.

1. I was subscribed to the community, so it wasn’t a drive-by downvote.

2. I’m pretty positive (99.9999999% sure) language barrier was not the issue. What was stated in the comment was very clear, ignorant, and broadly stereotyping (not to mention offensive).

3. I didn’t even downvote the post. I downvoted the ignorant, broadly stereotyping, offensive comment by the OOP.

4. I didn’t even reply to the offensive comment because I don’t have time, energy, or enough fucks to give for such an ignorant take.

5. OOP decides to put anyone who downvoted them on blast.

6. OOP of that (which I am still tactful enough to keep anonymous), has DM’d me twice and insulted me.

7. OOP deletes the whole post and pops in here to play the victim. But that’s on me for letting them get away with that. I was trying to be tactful and not call anyone out when I should have taken screenshots of the whole thing.

The real Fedidrama was the drama we made along the way 😂

You can search for the text if you want (which should find it for you), but I’m not here to out anyone. I just thought the crazy-ass response was hilarious and worthy of a post here.

You can, at least partially.

If your instance is on 0.19.0 or above, you can block instances at the user level. You won’t see posts from any community there, but you will see posts from users there to communities on other instances, and you will still see comments from users on that instance.

It basically works as a “block all communities from this instance”.

(Clicks to original post, looks at who OP is)

Ohhh, it’s that guy (who has been banned on my instance for the better part of a year as a frequent poster of misinformation)

That whole post is a wall of crazy

Them: You apologize too much.

Me (instinctively): Sorry I’m such a broken person…oh.

Task failed successfully? lol

🤦‍♂️ Yep. Updated comment.

Got nothing to suggest but just wanted to call out that you’re an awesome dad parent.

The last few updates to nextcloud and PHP 8 have drastically improved performance for me. I’m not using the Mail app but SnappyMail, and everything works pretty well.

Older versions and PHP < 8 were pretty slow even with all of the optimizations.

I haven’t but I definitely should. Just refreshed my laptop with pop os and have been using the default mail client with it (Geary?). It is really responsive and works well with the tiling plugin.

Same for me. I’m a die-hard Thunderbird fan (it’s ugly but it works lol).

Used to use TB at work until we switched to Google Workspace and they globally disabled IMAP access. Now I’m stuck with webmail and my productivity went to absolute shit.

I use SnappyMail which is a fork of Rainloop. It works great, has a version available for Nextcloud, AND it has a working sieve editor.

Will that work for US split-phase “220” where the voltage is 110v on each leg? I was always worried that would fry the PSU since it’s not true 220V.

Let’s see what all my bullshit detector finds on just the title and description alone:

1. Telling me I need what they’re pitching: ✔
2. Mentioning that it’s free: ✔
3. “Free” is in all caps: ✔
4. Free money? ✔

Gonna go ahead and pass on whatever that is.

Just to confirm, is the -o eth0 in the second command essentially the interface where all the traffic is coming in?

That is the interface the masqueraded traffic should exit.

You may be able to do it through the client, yes, but I have it pushed from the server:

I’ve no experience with Zerotier, but I use a combo of WG and Openvpn. I use OpenVPN inside the Docker containers since it’s easier to containerize than WG.

Inside the Docker container, I have the following logic:

1. supervisord starts openvpn along with the other services in the container (yeah, yeah, it’s not “the docker way” and I don’t care)
2. OpenVPN is configured with an “up” and “down” script
3. When OpenVPN completes the tunnel setup, it runs the up script which does the following:

# Get the current default route / Docker gateway IP
export DOCKER_GW=$(ip route | grep default | cut -d' ' -f 3)

# Delete the default route so the VPN can replace it.
ip route del default via $DOCKER_GW;

# Add a static route through the Docker gateway only for the VPN server IP address
ip route add $VPN_SERVER_IP via $DOCKER_GW; true
ip route add $LAN_SUBNET via $DOCKER_GW; true

LAN_SUBNET is my local network (e.g. 192.168.0.1/24) and VPN_SERVER_IP is the public IP of the VPS (1.2.3.4/32). I pass those in as environment variables via docker-compose.

The VPN server pushes the default routes to the client (0.0.0.0/1 via <VPS VPN IP> and 128.0.0.0/1 via <VPS VPN IP>

Again, sorry this is all generic, but since you’re using different mechanisms, you’ll need to adapt the basic logic.

See my other response.

You may need to move the logic from netplan to a script that gets executed when the VPN is brought up. Otherwise, it will likely fail since it won’t have the VPN tunnel interface up to route traffic to.

Forgot to ask: Is your server a VPN client to the VPS or a VPN server with the VPS as a client? In my config, the VPS is the VPN server.

Not sure about the netplan config (all my stuff is debian and uses oldschool /etc/network/interfaces), but you’d need logic like this:

Server is VPN client of the VPS:

  routes:
    # Ensure your VPS is reachable via your default gateway
    - to: <vps public ip>
      via:  <your local gateway>
    # Route all other traffic via the VPS's VPN IP
    - to: 0.0.0.0/0
      via:  <vps vpn ip>

You may also need to explicitly add a route to your local subnet via your eth0 IP/dev. If the VPS is a client to the server at home, then I’m not sure if this would work or not.

Sorry this is so vague. I have this setup for 2 services, and they’re both inside Docker with their own networks and routing tables; I don’t have to make any accommodations on the host.

Is there any solution (program/Docker image) that will take a port, forward it to another host (or maybe another program listening on the host) that then modifies the traffic to contain the real source IP. The whole idea is that in the server logs I want to see people’s real IP addresses, not the server in the cloud private VPN IP.

Not that I’m aware of. Most methods require some kind of out-of-band way to send the client’s real IP to the server. e.g. X-Forwarded-For headers, Proxy Protocol, etc.

If your backend app supports proxy protocol, you may be able to use HAProxy in front on the VPS and use proxy protocol from there to the backend. Nginx may also support this for streams (I don’t recall if it does or not since I mainly use HAProxy for that).

Barring that, there is one more way, but it’s less clean.

You can use iptables on the VPS to do a prerouting DNAT port forward. The only catch to this is that the VPN endpoint that hosts the service must have its default gateway set to the VPN IP of the VPS, and you have to have a MASQUERADE rule so traffic from the VPN can route out of the VPS. I run two services in this configuration, and it works well.

iptables -t nat -A PREROUTING -d {VPS_PUBLIC_IP}/32 -p tcp -m tcp --dport {PORT} -j DNAT --to-destination {VPN_CLIENT_ADDRESS}
iptables -t nat -A POSTROUTING -s {VPN_SUBNET}/24 -o eth0 -j MASQUERADE

Where eth0 is the internet-facing interface of your VPS.

Edit: One more catch to the port forward method. This forward happens before the traffic hits your firewall chain on the VPS, so you’d need to implement any firewalls on the backend server.

What you’re describing is known as a PWA (progressive web app).

Open webapp in Chrome(ium)-> Menu Button -> More Tools -> Create Shortcut -> Check box for open as window.

I used to have to rely on satellite internet, so I always avoided cloud services in favor of self-hosted options. Even without the draconian data caps, a literal cloud would cut me off.

I’ve got a decent ISP now, but I’m too invested in my on-prem stuff to change course. lol

Typically, yes. It could be due to either a flaky SATA cable/connection/controller, so you might try moving it to a different port if you are able, clearing the error, and seeing if it reoccurs.

Regardless, just make sure you have a good backup of the data or are confident in the other two disks.

I grew up in the 90s and I also learned that underwater the fish don’t stink.

Don’t give them any ideas. lol Otherwise, cable boxes around the world are likely to receive a firmware update that blocks you from changing channels during commercials.

Edit: and in before the person that claims they have been self-hosting email for 20 years already… yes exactly! That is why yours still works.

You’re out of line, but you’re right. Lol

They have to get a warrant to demand it, yes. But if they show up with a bag full of money, the companies will just turn it right over.

🤣 Ain’t that the truth?

I’ve used Nextcloud and DAVx⁵ for years (back when X⁵ was still called DAVDroid). Works great.

That works for me since I use Nextcloud for other things. If you want to sync just contacts and calendars, I’d go with Radicale as I used that successfully before implementing Nextcloud.

If you use an instance just for yourself, it doesn’t actually decrease the load on the main servers in any way.

That’s not completely true. Yeah, it still loads another server a bit, but the server-to-server federation traffic is much more lightweight than the client-to-server traffic that would be involved with you having an account on that server and accessing it that way.

But yeah, multiple, equally-sized communities on different instances is the ideal situation. The only sticky part right now is FOMO because you’d have to constantly watch for new SelfHosted communities and join them. Hopefully some frontend tools come along soon to make joining/managing multiple communities like that more streamlined.