Elvith Ma'for

No, that’s just another hypothetical app that you’re using a reverse proxy for. I just included it to show how you can also set settings for a single subdomain/reverse proxy entry that isn’t used globally on all domains that get served. I used a hypothetical REST API that needs a CORS Header that other apps don’t need (or maybe serve themselves).

admin off disables Caddy’s admin interface (which shouldn’t be public and if you’re using config files this usually isn’t needed. So just a bit of gardening)

servers sets some general server options.

and then I just inserted several blocks that each define a reverse proxy to a different app / backend to show that you can just dump them all in a single Caddyfile. And the last example to show that you can set specific settings only for a specific subdomain instead of globally. As I set headers mostly used by REST APIs, I just called that api.example.com instead of app3.example.com.

If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.

But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)

Something like this should work:

admin off 

servers {
		client_ip_headers X-Forwarded-For X-Real-IP
}

app.example.com {
    reverse_proxy 127.0.0.1:8080
}

app2.example.com {
    reverse_proxy 127.0.0.1:8081
}

api.example.com {
    reverse_proxy 127.0.0.1:8082
    header {
        Access-Control-Allow-Methods "GET, OPTIONS"
        Access-Control-Allow-Origin "*"
    }
}

I mean… Is it really spying? Your company can detect which AP or Switch you’re connected to (or if you’re using a VPN from home), so they do have that data anyways.

Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)

It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.

I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 your registrar to find some documentation.

Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.

Wasn’t it also some kind of DNS problem on top?

Just use the terms as every layman does:

• Dumb X <- offline/manual/no app (or none that works if you’re not in your home network/no cloud
• Smart X <- requires a increasingöy more costly monthly subscription, spies on you and shits itself on the thought of losing internet access. Usually yields worse results than Dumb X

Hey everyone has a learning opportunity. Some even have a separate production system!

@maki@discuss.tchncs.de - I finally got around to be on my PC, so… Maybe this helps? Thats basically my setup on podman. I hope I didn’t break anything, when I scrubbed the files from secrets and also removed everything related to all other deployments (especially the Caddyfile). See the included Instructions.md

https://gist.github.com/elvith-de/fecd13bb05209fb7abf5ae473483534b#file-instructions-md

I’m also using podman to host SearXNG on a cloud vps. If you’d like, I can provide you my quadlet and config files to get it running with podman’s systemd generator.

With those you can just systemctl enable/disable/start/stop/restart searxng. Also my files do have podman’s auto update activated for the SearXNG stack.

Edit: There’s also a matrix room for SearXNG if you need help: https://matrix.to/#/#searxng:matrix.org

uwsgi isn’t used anymore since a change from about 2 months ago IIRC, so this file will probably not be created.

Please wipe verification ass to continue

In store:

Clerk: "Well, then… I’d guide you to ShinyBrand. They tick all the marks for what you’re looking for and…

Customer: aren’t those the guys that made me watch a 7 minute unskippable ad, when I was in town on a public toilet suffering a spontaneous and explosive diarrhea, while waiting for a new piece of toilet paper to wipe my sore ass from all that shit?!

Oooohhhh, those memories - back then, when I googled and the results always linked to ExpertSEXchange - but the company proxy server blocked that because it obviously is a porn site… 🤦

It looks like you’re trying to brake. You’ve used up this months braking quota. Braking will be enabled again in two weeks. Please enter credit card details to upgrade your subscription to allow unlimited braking*.

*Fair use policy, limitations apply. Braking is not available on all roads. If you’re using the brake to often, an additional braking fee might be applied to your credit card for each use. Braking fee and subscriptions do not include mechanical wear, new parts or checks by a mechanic.

How it started:

Or you need a customer service agent, but don’t actually care about your customers and don’t want to pay someone

How it’s going:

IKEA

Chevy

…

GPE is only Pro and higher. No luck on home.

I have a Copilot license at work. We also have an in house „ChatGPT clone“ - basically a private deployment of that model so that (hopefully) no input data gets used to train the models.

There are some usecases that are neat. E.g. we’re a multilingual team, so having it transcribe, translate (and summarize) a meeting so that it’s easier to finalize and check a protocol. Coming back from a vacation and just ask it summarize everything you missed for a specific area of your work (to get on track before just checking everything chronologically) can be nice, too.

Also we finetuned a model to assist us in writing and explaining code from a domain specific language with many strange quirks that we use for a tool and that has poor support from off the shelf LLMs.

But all of these cases have one thing in common: They do not replace the actual work and are things that will be checked anyways (even the code one, as we know there are still many flaws, but it’s usually great at explaining the code now - not so at writing it). It’s just a convenient method to check your own work - and LLM hallucinations will usually be caught anyway.