Somewhere between Linux woes, gaming, open source, 3D printing, recreational coding, and occasional ranting.
🇬🇧 / 🇩🇪
Authentication with NPM is pretty straightforward. You basically just configure an ACL, add your users, and configure the proxy host to use that ACL.
I found this video explaining it: https://youtu.be/0CSvMUJEXIw?t=62
NPM unfortunately has a long-term bug since 2020, that needs you to add a specific configuration when setting up the ACL as shown in the video.
At the point where he is on the “Access” tab with all the allow and deny entries, you need to add an allow entry with 0.0.0.0/0
as IP address.
Other than that, the setup shown in the video works in the most recent version.
How do you handle SSL certs and internet access in your setup?
I have NPM running as “gateway” between my LAN and the Internet and let handle it all of my vertificates using the built-in Let’s Encrypt features. None of my hosted applications know anything about certificates in their Docker containers.
As for your questions:
I remember ZoneMinder.
A full-featured, open source, state-of-the-art video surveillance software system.
Is this still a thing nowadays?
It’s absurdly complex and annoying and lacks proper documentation.
There currently is no sane way to deploy it via docker since it needs half a dozen of different containers and volumes and networks to barely work at all - overwriting/ruining your already existing setup while doing so.
The cleanest would likely be setting up a VM where you set up docker in and let Lemmy do whatever it wants.
Big international corporate, IT security hired by personal connections instead of skill, IT security never worked in daily business.
The fun thing is, that they refer to NIST guidelines. Which is even funnier because NIST says 12 digits are enough, user-generated 8 digits are fine, no complexity rules, and password changes only “when necessary” (i.e. security breaches).
They are so heavy on security I have a Citrix environment that takes me 3 logins
My daily routine:
They also have plans to make MFA mandatory for laptop login, too.
Passwords need to be at least 15 characters long for laptops and 30 for servers and 10 for the business-specific application. All need to have uppercase, lowercase, numbers, and special characters and need to be changed every 60 days (for the server login) and cannot be the last 30 passwords.
Yes, Freenginx should/would/will be a drop-in replacement, at least int he beginning. We’ll see how this works out over time. Forks purely out of frustration never lived long enough to gain a user base and attract devs. But it’s an “anti corporate bullshit” fork and this alone puts it on my watchlist.
You need to reimplement TOTP on a per-service base. There are hardware tokens available, so you could use one of them (Token2, maybe?) instead on user side. You still need to allow custom secrets for your services so you can enter the token ID there. Are you sure you meant a (TOTP) token and not single sign-on?
Have a look at Forgejo which is a soft fork run by a nonprofit organization of Gitea which is owned by a for-profit company.
It need very little system resources and still gives you all the common features you know from commercial Git hosting providers.
And yes, you can mirror existing Git repos using a web UI.
I STILL can’t get it my own instance of Lemmy running. The instructions are unclear. They have bugs in their docker-compose.yml file. It’s really bad.
It’s a whole mess, yes. Also they want to create random containers and random volumes all over the place with random IDs for names and by default suggest messing with upstream files and configuration before creating the containers.
I hope the devs will one day provide a proper container with environment variables for configuration.
and a Mastodon instance
A Mastodon Mastodon instance, or just something to interact with Mastodon-compatible services? For the later maybe have a look in GoToSocial, especially when you host it as single-user instance just for you.
It needs very low resources and fits in a single Docker container with a single volume. All you need to keep in mind is that it is alpha software and not every single feature is fully supported yet. You also need a client because GoToSocial is just a server/back-end.
how much time investment do you think is needed to keep everything running smoothly
For GoToSocial it took me around a weekend, including learning how to use Docker and trying things out a lot.
There – of course – won’t be a singular official source stating “Hey guys, we’re open core now”. You need to put this together bit-by-bit.
Here are some links for research