• 24 Posts
  • 79 Comments
Joined 4 years ago
Cake day: September 14th, 2021
  • dragnucs@lemmy.mltoNo Stupid Questions@lemmy.worldCan I block Tiktok purely by DNS?
    9·
    2 months ago

    I have tried. It is very difficult. In fact tiktok and Instagram have so many domanin names and IP addresses that it is hard to list them all and block them.

    Blocking the main domain would prevent you from accessing the web site, but the mobile app would work. Then you can block the api and stuff, but clients already connected would still work because they rely on the CDNs. When you block a good bunch of the network, the app would just feel Brocken, not blocked. When users keep reloading they will find a CDN you have not blocked yet. Also, they will still get notifications because they are pushed via Google services. They won’t see them in the app however.

    So you just need to monitor the logs to keep blocking tiktok domains that pop up.

    If you can block via regex or joker chars (*) then, it would be easier for you.

    You can look up domains list of tiktok on the internet for a good start.

    For my experience, I just managed to make tiktok and Instagram broken enough to frustrate the users and discourage its use over the network.

  • dragnucs@lemmy.mltoSelfhosted@lemmy.world[Solved] How do I debug network issues, regarding caddy in podman?English
    2·
    6 months ago

    The only two important columns are “Local address: port” and “process”. The later is what process is listening whille the former is the interface that process is listening on and the port.

    So you see that I don’t have any process listening on any port other than 80 and 443 iin the host and the regular ones.

    That said, you containers will still listen on the ports you want but only on a virtual network interface.

    Basically you only need to publish ports 80 amd 443 on the container or pod you have your reverse proxy on. Other containers need to only be attached to the same network as you already did.

  • dragnucs@lemmy.mltoSelfhosted@lemmy.world[Solved] How do I debug network issues, regarding caddy in podman?English
    3·
    6 months ago

    It is good you have solved you initial issue. However, as you say, your rules are too permissive. You should not publish ports from containers to the host. Your container ports should only be accessible over reverse-proxy network. Said otherwise <my domain>:3000 should not resolve to anything.

    This can be simply acheive by not publishing any port on your service containers.

    Here is an example of my VPS:

    Exposed ports:

    $ ss -ntlp
State                Recv-Q               Send-Q                             Local Address:Port                             Peer Address:Port              Process                                                  
LISTEN               0                    128                                      0.0.0.0:22                                    0.0.0.0:*                  users:(("sshd",pid=4084094,fd=3))                       
LISTEN               0                    4096                                     0.0.0.0:443                                   0.0.0.0:*                  users:(("conmon",pid=3436659,fd=6))                     
LISTEN               0                    4096                                     0.0.0.0:5355                                  0.0.0.0:*                  users:(("systemd-resolve",pid=723,fd=11))               
LISTEN               0                    4096                                     0.0.0.0:80                                    0.0.0.0:*                  users:(("conmon",pid=3436659,fd=5))                     
LISTEN               0                    4096                                  127.0.0.54:53                                    0.0.0.0:*                  users:(("systemd-resolve",pid=723,fd=19))               
LISTEN               0                    4096                               127.0.0.53%lo:53                                    0.0.0.0:*                  users:(("systemd-resolve",pid=723,fd=17))

    Redacted list of containers:

    $ podman container ls
CONTAINER ID  IMAGE                                        COMMAND               CREATED        STATUS                 PORTS                                     NAMES
[...]
docker.io/tootsuite/mastodon-streaming:v4.3  node ./streaming      2 months ago   Up 2 months (healthy)                                            social_streaming
docker.io/eqalpha/keydb:alpine               keydb-server /etc...  2 months ago   Up 2 months (healthy)                                            cloud_cache
localhost/podman-pause:4.4.1-1111111111                            2 months ago   Up 2 months            0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  1111111111-infra
docker.io/library/traefik:3.2                traefik               2 months ago   Up 2 months            0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  traefik
docker.io/library/nginx:1.27-alpine          nginx -g daemon o...  3 weeks ago    Up 3 weeks                                                       cloud_web
docker.io/library/nginx:1.27-alpine          nginx -g daemon o...  3 weeks ago    Up 3 weeks                                                       social_front
[...]
  • dragnucs@lemmy.mltoNo Stupid Questions@lemmy.world*Permanently Deleted*
    3·
    7 months ago

    Why should the drives be sneakily deposited. If he trusts his relative or friend he may just tell them to keep it safe until new gets out.

    However the bigger challenge would be to read the files using newer technology since those drive connectors might get obsolete. Maybe you need to store technology you can read it with. For example an external disk drive with USB 3 cables and Somme USB C adapters. If using internal drives this gets a bit complicated since you would need also some cables and motherboards. So external hard drives would be easier.