I haven’t looked terribly far into it but zrok (SP?) is based on openziti
- 0 Posts
- 27 Comments
Joined 1 year ago
Cake day: June 13th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
6·2 months agoFor anyone with ZFS related issues I’d honestly recommend just going to Jim’s site- https://discourse.practicalzfs.com/ which is invaluable. Lot more help and a trove of valuable info already exist there.
This is a great point. Thanks for taking the time and great app.
I really want to like one of these. I’ve tried it before but can anyone using this or similar tell me how it differs and improves upon just using Firefox sync?
Dendrite iirc is essentially in maintenance mode. I run a small one but I don’t think it’s expected to get any new features until there is more funding.
I might give this a go. Have been using bog standard ingress nginx for my k8s but have wanted to try a gateway supporting ingress product for a while.
Thanks op.
deleted by creator
deleted by creator
Could simplify it by making a 28 block at most. That is 14 IPs per bridge which seems like way more than one would generally need anyhow.
{ "default-address-pools": [ { "base":"172.16.0.0/12", "size":28 }, ] }
I will have to check. Still willing to try again. I’ll update if i get it going better on round 2.
Thanks for the hint about the docs. I hadn’t thought of that.
0e2475ba-882a-4f61-8938-2642ca80193b WARN │ ┝━ 🚧 [warn]: WARNING: index "displayname" Equality was not found. YOU MUST REINDEX YOUR DATABASE 0e2475ba-882a-4f61-8938-2642ca80193b WARN │ ┝━ 🚧 [warn]: WARNING: index "name_history" Equality was not found. YOU MUST REINDEX YOUR DATABASE 0e2475ba-882a-4f61-8938-2642ca80193b WARN │ ┝━ 🚧 [warn]: WARNING: index "jws_es256_private_key" Equality was not found. YOU MUST REINDEX YOUR DATABASEI had to drop it for a few days. I got that at some point though. It’s all brand new so I wouldn’t know why. Seems a bit rough around the edges so far. I’ll try to reindex and attempt again. I really want this to be the product I use since it’s a nice AIO solution but we’ll see.
Edit:
[~]$ podman run --rm -i -t -v kanidm:/data \ kanidm/server:latest /sbin/kanidmd reindex -c /data/server.toml error: unrecognized subcommand 'reindex'Phew boy. Straight from the docs. Same with the vacuum command.
Looks like the docs need updated to specify the command is
kanidm database reindex -c /data/server.tomlAnd further upon trying to login…
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO handle_request [ 188µs | 0.00% / 100.00% ] 300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO ┕━ request [ 188µs | 72.94% / 100.00% ] method: GET | uri: /v1/auth/valid | version: HTTP/1.1 300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO ┝━ handle_auth_valid [ 50.8µs | 25.54% / 27.06% ] 300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO │ ┝━ validate_client_auth_info_to_ident [ 2.85µs | 1.51% ] 300e55b7-e30a-42a5-ac3e-ec0e69285605 WARN │ │ ┕━ 🚧 [warn]: No client certificate or bearer tokens were supplied 300e55b7-e30a-42a5-ac3e-ec0e69285605 ERROR │ ┕━ 🚨 [error]: Invalid identity: NotAuthenticated | event_tag_id: 1 300e55b7-e30a-42a5-ac3e-ec0e69285605 WARN ┕━ 🚧 [warn]: | latency: 204.504µs | status_code: 401 | kopid: "300e55b7-e30a-42a5-ac3e-ec0e69285605" | msg: "client error"I think I’m gonna have to just nuke it and start fresh but yeah, this is not a great first impression at all.
I could do this but sadly even just the trial did not work. I’m using podman but it gives me “invalid state” just trying to login with a user per the quickstart, etc. Can’t reset the password cleanly, can’t add a passkey via bitwarden, etc.
Unsure if I’m doing something wrong or if it’s very alpha/beta.
Awesome. Thank you.
Now to see how i make this work in k8s since they evidently mandate the cert inside instead of just allowing the ingress to have it.
Does this do it all? It seems that it holds all your users like LDAP and can auth that way too. But it can also do simple oidc integrations too? Basically just want to see if it is the all in one. Looks like it does which is why i wonder why you use oauth2-proxy in addition.
I’ve otherwise been trailing keycloak/authelia as the oidc portion and lldap/freeipa as the ldap Backend that actually holds the users. Would love to simplify if possible.
Yep. I’ve got a test instance working with keycloak. Post up the problem you’re having and i can check it against mine. I think all of it was configured via UI on both except there are two changes in the gitea config.INI that allowed that auth and auto created users if they didn’t exist yet.
Maybe give photoview a shot.
You are like the most miserable poster with so many axes to grind.
Relax man.
You know, you can recommend lxd and whatever without putting out FUD about proxmox and other tech.
Maybe. I found that using redis, the php cache, and disabling unused apps (like photos) sped it up. Personally it just provides a lot to me and is only one thing to manage.
Great for my use case. Maybe not anymore for yours but food for thought. Good luck on whatever you choose. Lot of good programs recommended here.
Exactly. I don’t know if the AIO image was used and how that all works (I stay away from that and the snap which is just an abomination) but no one should try to selfhost anything for prod unless they know exactly how it works. That and have a staging env. If you’re not up to the task then just pay for some commercial hosting (even if it’s just Nextcloud that is hosted elsewhere.)
I’ve run the nextcloud image (just docker.io/nextcloud IIRC) pinned for years with k8s and it’s durable and fine. It stays put and I just take the time to update my testing instance, make sure it all works with some cheap smoke tests, then upgrade prod.