DevOps dude, self-hoster, space nerd.

  • 1 Post
  • 63 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle


  • I wouldn’t want to host anything on Windows unless you have to, or you want to learn more about Active Directory / Exchange / etc to help with a day job (assuming your day job is sysadmin / IT). Even then I’d do that inside Windows VMs on a Linux / ESXi host.

    I personally wouldn’t (and don’t) host authoritative servers externally to the internet. I do split-horizon DNS, so that my internal BIND server handles my LAN, but I have outside DNS handled by someone that has an ACME (Let’s Encrypt) module, so that I can do wildcart certs.

    One thing to look into as you spin up services at home would be some sort of VPN like Tailscale, WireGuard, or even something like Cloudflare Tunnel so that you’re not exposing services directly to the internet if you don’t absolutely have to. I believe some of these projects/products let you specify DNS servers so that when your phone (for example) is connected to the VPN, it uses your home DNS servers instead of public ones.

    Your very own self-hosting legend is about to unfold! A world of dreams and adventures with self-hosting awaits!



  • I’ve actually done this for a Microsoft owned IP before. Someone was Wordpress-scanning a particularly fragile application of one of my clients (which was not Wordpress) which was causing it to fall over. The scan stopped within an hour of sending the abuse email.

    Edit to add: I used to work in a NOC for a tier 1 ISP. We had an “abuse department” (a couple people) that investigated these and opened tickets with the NOC. I’ve emailed customers and disconnected circuits as a result of abuse emails, so I wouldn’t say they’re totally useless, but I’m sure it depends on the company involved.











  • This is a change with 0.17.4. You cannot have both federation enabled and the private instance box checked. You might try downgrading to the 0.17.3 image (so that you can get into the UI) and unchecking either the private or federation boxes (whichever way you wanna go). I’d also suggest pinning the docker image versions, as I bet you’ve got latest set (or nothing set, which I believe also grabs latest), and the vm reboot prompted docker to go grab the latest image on startup. Surprise upgrades probably aren’t what you want.




  • Couple questions:

    • What’s your ISP at home?
    • What’s the ISP of the remote IPv6 server?
    • Are the other networks you’ve tried from the same or different?

    I’d start with traceroute and see how far your IPv6 traffic gets before it fails. It could very well be some peering or routing issue between some of the ISPs in between you and wherever that IPv6 address lives. If this ends up identifying where the traffic dies, a lot of the tier 1 ISPs have BGP looking glass servers so you can get an idea of what they know about that subnet.


  • ESXi is a full OS, not sure if you have the option of swapping out the OS on your server. I’m also not sure it will help in this case.

    You are very constrained in what you can do by your networking situation. I think your fundamental problem is that you have a single IP that has to be both the management IP of the server, and also handle all the VM network traffic.

    The ideal topology for this would be firewall using the public IP for it’s WAN interface, then your VM host and VMs all on its LAN interface (using DHCP or not). With another IP address, you could run a firewall as a VM.

    Any way you slice it, I think you’re either an IP or a networking device short.