4·
2 days agoFor what OP is asking DNS has no part in DNAT, they need a load balancer.
Personally, asking about high uptime on a residential ISP is the larger issue here, but alas.
Linux & Azure cloud engineer. Sometimes a wolf, or a fuzzy dragon.
- 0 Posts
- 7 Comments
Joined 1 year ago
Cake day: December 27th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Every “plug and play” NAS I’ve had has been garbage, riddled with adware and had to be firewalled from the internet. After a year they just get insanely slow because they put the worlds’s cheapest ARM SoC in there.
Personally just take your drives out and stick them in an old PC and install truenas, or just straight ZFS on Debian. Then you can run your containers on the same machine like Jellyfin, etc.
9·3 days agoPeople downvoting you can’t do a quick search:
TSMC is absolutely up and running already in the US.
fyi you can get a wildcard from letsencrypt for free
There’s nothing bad per se, but obviously not sharing the inner workings of your internet facing server is just another step to protect yourself.
You mention in the OP this is for a business, my opinion you should be working on a professional resource/developer to manage this for you and not random Lemmy users.
On the use of Caddy, your configs here host a lot of sites with many specific configurations, I’m not sure caddy can support all of this. nginx is the tool of choice for a wide majority of the internet for a good reason.
idk what nonsense the other commenter is posting but essentially your network flow should look like this:
internet user -> your IP (found via dynamic DNS) -> firewall/router DNAT port 443 -> proxy (nginx/caddy) listening on 443, backend set to port 80 -> vaultwarden port 80
You’d load your SSL certificate into the reverse proxy, I’m not familiar with caddy but I use nginx for this purpose.
My personal opinion, as soon as you’re charging and providing SLAs you’ve exceeded what you should be doing on a residential ISP.
I’d really recommend putting your app in a real cloud solution, which can provide actual load balancing via DNS natively for regional failover if you desire.