Semi-Hemi-Demigod

Knowing specific features of a language is one thing, but not being able to even pseudocode a FizzBuzz shows they lack the basic logical problem solving ability that programmers need.

That’s not entirely true. I’ve been a Mac user since 1989 and I also recommend Brother laser printers

“DNS never breaks. Nobody will ever have to type in an IP address”

• ipv6 inventors probably

192.168.1.0/24 = caffeine

10.0.0.0/8 = cocaine

It’s both of those, and a reference to Moana where the shiny crab calls Maui a “semi-demi mini-god”

I’d love to learn it, but my biggest hurdle has been getting a cluster actually running. Could you recommend a good tutorial?

I can absolutely see the benefit for really huge deployments or complex, highly-available systems. I’ve even sort of used it in my job working with those things. But I’m still just running commands I don’t understand that some sysadmin gave me.

I get that, and I thought the same until I started writing documentation myself and found people misinterpreting what I thought were very clear instructions. Every piece of writing has subtext and secondary meaning, even technical docs.

Even understanding that the person writing the docs didn’t speak English as a first language helps me find clues to fill in the gaps that exist in all documentation. And that’s a skill I first picked up in literature class.

But that’s just me.

I’ve got 20+ years of professional experience at all different levels. I can take an idea and turn it into a Docker image with fully automated CI/CD on myriad cloud platforms.

K8s is still black magic to me.

This is why nerds who don’t like literature class are missing out. If you can figure out the meaning of some inscrutable poem most documentation should be a breeze.

Mattermost is open source and has a ton of integrations with other open source tools like Gitlab and CircleCI.

I’ve been looking for something like this for a while. Calibre is great for managing it on a personal machine, but I want something that I can use on the web and then, with a click, send a book to a Kindle or whatever.

Pausing Gluetun might do that, or it might route the Torrent traffic over the regular network, in which case you might see a blip in the download rate before it goes up again.

Personally I prefere this docker-ized torrent client, since it’s got the VPN built right in, and I don’t need a VPN to do anything other than torrents.

Yep. Until customers can provide a clear, concise description of what they want there will always be jobs for programmers.

Also from that site: “Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or Amazon Route53” - I assume this is what Cloudflare is for instead of Duck or Amazon? I also assume it means "tell Cloudflare to take traffic on port 80 and 443 and send it to NGINX’s 80 and 443 as per the previous bullet) - but how?

Yes, this is configuring Cloudflare’s DNS to point to your home IP address. You shouldn’t need to tell it which port, because that’s on a different layer.

First of all, is that all correct or have I misunderstood something?

There’s a couple things you’ve got a bit wrong:

I think I’m correct in saying that mysubdomain.mydomain.com is actually an IP address and a public port, so something like 123.456.7.8:443, then Cloudflare - which is the reverse proxy - gets involved (somehow? how?) to say “ah, 123.456.7.8:443, you obviously want to go to funkless.raspberry.pi:NGINX (or rather something like 987.654.3.2:443)” and then NGINX - which is the proxy-proxy, not a reverse-proxy - goes (somehow? how?) “ah, 987.654.3.2:443, you obviously want to go to 987.654.3.2:8096 which is jellyfin”)

I’m not sure what Cloudflare product you’re using, but I use it as a DNS server for my domain. If you’re doing the same thing - you’ll have configured A records and such if so - then what’s happening is this:

1. You request subdomain.mydomain.com. Your device needs the IP to connect to, so it asks Cloudflare for the IP address. Think of this like calling information to find a phone number.
2. Then your device initiates a request to the IP address it gets back. This is where TLS gets used, and encrypts your connection to that IP address. It also includes the domain requested in a header for the request.
3. Nginx (which is a reverse proxy, meaning it handles incoming rather than outgoing connections) receives the connection and looks at the domain header. Then it looks in its configuration for the IP and port it should connect to, and forwards the request

However, if you’re using some other thing at Cloudflare to make a VPN this might be entirely wrong.

How does mysubdomain.mydomain.com know it’s me and not some random or bot?

Unless you’ve implemented some kind of filtering or authentication in Nginx, it doesn’t. I got around this by configuring HAProxy - which is like Nginx - to only allow requests from my local network except for specific domains that I want to be public.

Is this step “port forwarding” or “opening ports” or “exposing ports” or either or both? (I don’t understand these terms)

Exposing or opening ports is something you do with a firewall. The purpose of Nginx is to make it so you only have to open 1-2 ports, and Nginx will handle redirecting traffic based on its configuration.

If my browser when accessing mysubdomain.mydomain.com is always going to port 80/443, does it need to be told it’s going to talk to cloudflare - if so how? - and does cloudflare need to be told it’s going to talk to NGINX on my local machine - if so how?

If you’re using Cloudflare like I described above, you will only need to tell Cloudflare the public IP address of your Nginx server. Generally you do this by telling your domain registrar (where you buy domain.com) to use Cloudflare’s “nameservers” and then configure Cloudflare to point to your public IP address.

How do I tell NGINX to switch from local:443 to local:8096 (assuming I’ve understood this correctly)

You edit the Nginx config to add something like this:

server {
    server_name subdomain1.example.com;
    location / {
        proxy_pass       http://hostname1:port1;
    }
 }

Then, when Nginx receives a connection request for subdomain1.example.com for any location, it will proxy it to the configured hostname (or IP address) and port.

Is there a difference between an SSL cert and a public and private key - are they three things, two things or one thing?

There are two parts to an SSL cert: A public key and a private key. How SSL works is… complicated, but suffice to say the public key is shared with the connection, and the private key is hidden on the server. You can encrypt data with either one, and only the matching key can decrypt it. This allows both sides to trust the connection and for nobody else to see the data.

Doesn’t a VPN add an extra step of fuckery to this and how do I tell the VPN to allow all this traffic switching without blocking it and without showing the world what I’m doing?

The Internet is like an ogre: It has layers. HTTP and DNS are on one layer, VPNs are a different layer. HTTP and DNS traffic can travel over the Internet, or your local network or over the VPN.

If you’re just setting up a local Jellyfin server, you technically don’t need Cloudflare. Your home router will probably let you hard-code a DNS entry for a local IP address, which will keep all of that traffic on your local network. And if you do that right you won’t even need SSL.

Gluetun just looks like a text document to me (compose.yml) - how do I know it’s actually protecting me?

I’m not familiar with how Gluetun works, but it’s not just compose.yml. When you start it with docker-compose run it will download and extract the code to run Gluetun, and configure networking and other things.

I feel pretty secure in my job, because in the future I’ll talk to the customers so the AI doesn’t have to instead of the engineers.

If Jack was really the World’s Best Sysadmin the servers wouldn’t go down when the power is cut off.

Also, he wouldn’t rush to the security room. He’d hack into the servers remotely. No good sysadmin leaves their chair if they don’t have to.

1. I don’t run any of my containers as root
2. Dockerfiles aren’t hard to read so you can pretty easily figure out what they’re doing
3. I find managing dependencies for non-containerized services to be worse than one messy docker directory I never look at

Plus having all my services in a couple docker-compose files also means I can move them around incredibly easily.

As an IT professional with over two decades of experience I can say this meme is wholly inaccurate.

The first thing you try when you have computer problems is to turn it off and on again.

Then if it’s still broken, install a PDF reader.