Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech

I see you too are a man of elliptic curves culture

Screenshot_20210104-124429995×2048 434 KB

That A+ was difficult ish to figure out. I kept getting stuck on A like wtf

@Novasty you know what’s strange?

Last night we were talking about letsencrypt not doing CSR by themselves at SHA256 but you could self create higher. I did at 512 and the sign still ended up at 256 lol.

512 is more efficient on modern CPUs. I know we were both shocked

Weird that it lost my 512

This may be worth looking into if you’re curious, I would, but not now.

image976×139 6.83 KB

Let’s Encypt is big gay. It wont do what I asked, I may purchase a cert.

You use namecheap right? Might as well stop being poor. Was a cool learning process lol!

To be fair beggers cant be choosers.

Im not buying one. Thats expensive for what I am using it for. Ill wait for letsencrypt to stop being gay

What?

Testing of the yubikeys begins soon ™

Really want to try one of these

hey all… New pi a 2gb version with the grey heatsink. Her purpose will be wireguard to a Linode for a dual NGINX proxy front end to make sure im not using my home IP for hosting! Cheaper than cloudflare!

IMG_20210108_142013~23024×4032 2.65 MB

hostname = nanna.yggdrasil

Wife of baldr

She is the tunnel
He is the DNS pipe

I totally didnt plan that

Doesn’t Cloudflare have a free plan, or did they get rid of it?

it does but I think im fine with this because I can control the certs and stuff. I dont like having to use cloudflare

So the reason PhaseLockedLoop doesn’t like Cloudflare is it doesn’t allow a client to control certs. What are the other drawbacks to using Cloudflare’s services? I was considering using their services; I might have to reconsider using them.

I’m not fully familiar but I like having control of my stuff

That and I think learning what I’m doing is important

You’d have to ask people more familiar

You can get your own certs from letsencrypt if you are using cloudflare DNS for your domain. Acme.sh and certbot both have support for the cloudflare api, so it’s pretty easy to setup DNS verification.

I mean, if you are wanting to use their proxy, then yep, it uses their certs, but if you are just using their DNS then you can run your own.

Its their proxy id be using and yes that uses their certs … I’m setting up my own linode frontend proxy using wiregard

Thanks for the advice; I haven’t gotten to the point where self-hosting makes economic sense yet. In other words, using a hosting service is cheaper than self-hosting for me right now. Also, my internet service provider (Cincinnati Bell won’t let me self-host anything under my current plan, to have that option, I would have to upgrade to a Business plan, and right now, a business plan would cost too much.

Cloudflare is working pretty hard at being a single point of failure for the Internet.

They’re great.

I’ve got the USB A variant.

I really cant wait but let me sort some budget stuff for it. I head you can integrate cockpit with it with kerberos… not sure yet though