|
Hughlander posted:Greetings from the past. I'm still catching up on a few months of the thread I missed so sorry if this was covered recently... Interestingly, AsrockRack do make a 6-SATA port Ryzen, but ironically enough it's limited to 32GB memory. So the only real option they have is a Threadripper Ryzen board.
|
#
?
Sep 26, 2019 12:24
|
|
|
|
| # ? May 16, 2024 09:04 |
|
|
I think my hp microserver gen8 has finally given up the ghost - flashing red 'system critical' light on it that just won't go away and doesn't power on. Looks like psu failure I think but I doubt I'm going to be able to get that part. If I'm in the market for a replacement, what are my options? I note the reviews for the gen10 are less than glowing; does anyone make a product similar to this any more?
|
|
#
?
Sep 28, 2019 18:55
|
|
|
I feel like I'm shilling for Supermicro at this point, except I'm not even getting paid.  They have something that looks very much like the microserver and comes in three SKUs. Of those three, this one is the one closest to the microserver in that it's CPU comes pre-affixed. There are also other SKUs but they either use the old Avaton CPUs which have a risk of failing due to a known bug (in case you end up buying old stock that's been sitting in a warehouse, not recalled), or don't seem appreciably different from the models I linked. BlankSystemDaemon fucked around with this message at 20:22 on Sep 28, 2019 |
|
#
?
Sep 28, 2019 20:17
|
|
|
D. Ebdrup posted:Interestingly, AsrockRack do make a 6-SATA port Ryzen, but ironically enough it's limited to 32GB memory. That's per module. In the specs it states " Support up to 128GB DDR4 ECC/UDIMM"
|
|
#
?
Sep 28, 2019 23:27
|
|
|
Actuarial Fables posted:That's per module. In the specs it states " Support up to 128GB DDR4 ECC/UDIMM"  "DIMM Size Per DIMM - ECC/UDIMM: 32GB, 16GB, 8GB" Jam that bad boy full of 32GB DIMM's and make sure your PSU can handle it.
|
|
#
?
Sep 28, 2019 23:55
|
|
|
D. Ebdrup posted:Interestingly, AsrockRack do make a 6-SATA port Ryzen, but ironically enough it's limited to 32GB memory. I have this board with an R7 2700 and 64gb in it and it works fine. The modules I’m using are Crucial CT16G4DFD8266 16 GB. Edit: meh, the rest of the replies were not showing when I posted this. JockstrapManthrust fucked around with this message at 13:21 on Sep 29, 2019 |
|
#
?
Sep 29, 2019 13:19
|
|
|
Holy lol, I'm bad.  I looked at the summary next to the picture instead of the specs below. It makes a lot more sense that it supports 128GB, though. I do wonder if it has better retail availability than Supermicro.
|
|
#
?
Sep 29, 2019 15:14
|
|
|
D. Ebdrup posted:I do wonder if it has better retail availability than Supermicro. Got mine off Amazon UK, good availability here. As it was from the Amazon Global store it shipped, quickly, from Amazon US so it should be on there too. Got an M1015 card on it for boat loads of storage. JockstrapManthrust fucked around with this message at 19:31 on Sep 29, 2019 |
|
#
?
Sep 29, 2019 16:09
|
|
|
D. Ebdrup posted:I feel like I'm shilling for Supermicro at this point, except I'm not even getting paid. this seems really great, thanks! it does seem like in the uk buying the enclosure and the motherboard separately actually works out cheaper too. do supermicro make any socketed mini itx boards that support ecc? i want to stick with freenas and probably go with an i3 for the ecc support that i presume still comes highly recommended for that os. looking thru their website every one of the its boards i can find specifically mentions that it’s non-ecc. see: https://www.supermicro.com/products/motherboard/Core/index.cfm no socket h4 itx board supports ecc . any other manufacturers i could try or is this too niche a feature? am i better off looking at the embedded boards?e: then again the ones with the embedded atom look very good, and i’m probably putting the cart before the horse trying to jam an i3 in there anyway Generic Monk fucked around with this message at 15:40 on Sep 30, 2019 |
|
#
?
Sep 30, 2019 12:22
|
|
|
FYI - I was moving data around and on that dataset that causes ZoL to poo poo itself, I found a directory that I think might have had corrupt metadata. The directory name had a newline in it, I have no idea how that occurred and it passed scrubs just fine, but I wouldn't be surprised if ZoL couldn't handle that file. So it ended up being my fault after all Thought for a little bit I wasn't even going to be able to delete it, couldn't delete it as my normal user and had to go to root to kill it.
|
|
#
?
Oct 1, 2019 18:12
|
|
|
Paul MaudDib posted:FYI - I was moving data around and on that dataset that causes ZoL to poo poo itself, I found a directory that I think might have had corrupt metadata. The directory name had a newline in it, I have no idea how that occurred and it passed scrubs just fine, but I wouldn't be surprised if ZoL couldn't handle that file. So it ended up being my fault after all
|
|
#
?
Oct 1, 2019 20:19
|
|
|
Just poking around eBay/Amazon thinking about upgrades, it's kind of incredible you can get these specs and storage for the price: Supermicro CSE-846BE16-R1200B - 24 Bay 2x E5-2670 V2 (2.5 Ghz 10-Core) 128 GB DDR3 ECC $1123 shipped from eBay (unixsurpluscom) 24x WD 10TB My Book Desktop $4463.76 on Amazon today (can go as low as $3840) Just under $5000 total if you catch the My Books at $160 That gets you 220TB of space with 2-disk redundancy, so $22.72 per TB. Nuts.
|
|
#
?
Oct 1, 2019 20:52
|
|
|
I have an Unraid NAS with Sonarr/Radarr that i'd like to be able to access remotely. A lot of people are VPN or nothing but I don't really want to have to gently caress around with anything before accessing either of the services (unless there is some sort of 1 click method on iOS). I also see people suggesting a reverse proxy with letencrypt and DDNS but there are usually people hollering about that being insecure and whatnot. I also saw Guacamole and VNC web browser being suggested as well. Is there a sweet spot for easy to use while still not exposing myself to brute force intrusion?
|
|
#
?
Oct 3, 2019 22:14
|
|
|
IPsec offers one-click solutions for every OS including iOS, and algo makes it so easy to setup that you don't need people like me who might've sacrificed a bit of sanity to learn it the hard way.
|
|
#
?
Oct 3, 2019 23:35
|
|
|
Teabag Dome Scandal posted:I have an Unraid NAS with Sonarr/Radarr that i'd like to be able to access remotely. A lot of people are VPN or nothing but I don't really want to have to gently caress around with anything before accessing either of the services (unless there is some sort of 1 click method on iOS). I also see people suggesting a reverse proxy with letencrypt and DDNS but there are usually people hollering about that being insecure and whatnot. I also saw Guacamole and VNC web browser being suggested as well. Is there a sweet spot for easy to use while still not exposing myself to brute force intrusion? Wireguard is the new hotness. VPN or die.
|
|
#
?
Oct 4, 2019 02:07
|
|
|
JockstrapManthrust posted:I have this board with an R7 2700 and 64gb in it and it works fine. The modules I’m using are Crucial CT16G4DFD8266 16 GB. I have been eyeballing that board with a 3700x for my next home server build. How is the IPMI on it? Never used ASRock Rack's IPMI stuff. Never had IPMI at home!
|
|
#
?
Oct 4, 2019 16:02
|
|
|
Moey posted:I have been eyeballing that board with a 3700x for my next home server build. How is the IPMI on it? Its real solid, never had an issue with it (the IPMI) for firmware/BIOS updates, console access, power control, etc.
|
|
#
?
Oct 4, 2019 16:31
|
|
|
ok so it seems like people are in the VPN or nothing camp wrt remotely accessing Sonarr and Radarr on Unraid
|
|
#
?
Oct 4, 2019 16:35
|
|
|
Teabag Dome Scandal posted:ok so it seems like people are in the VPN or nothing camp wrt remotely accessing Sonarr and Radarr on Unraid It's really dangerous not to, it's one of those things where if you have to ask you definitely need it. Otherwise you have to stay on top of CVE's for every exposed package, which could be dozens for a single web ui, update them immediately, and pray you don't get hit in the interim by something new that hasn't been disclosed yet. Bots update their automated exploit scripts in hours to days. Plus none of this crap is hardened for internet exposure, it's a bunch of pet projects you are likely using to steal Linux iso's not WordPress.
|
|
#
?
Oct 4, 2019 16:53
|
|
|
You don't need a VPN if you set up a reverse proxy with ssl.
|
|
#
?
Oct 4, 2019 16:56
|
|
|
Thermopyle posted:You don't need a VPN if you set up a reverse proxy with ssl. How does this mitigate exploits in whatever lovely php / ruby / Python ui they are using?
|
|
#
?
Oct 4, 2019 17:06
|
|
|
H110Hawk posted:How does this mitigate exploits in whatever lovely php / ruby / Python ui they are using? Nginx reverse proxy with basic auth over https is what I do. I don’t see a down side.
|
|
#
?
Oct 4, 2019 17:08
|
|
|
I use an nginx based reverse proxy and have basic auth set up in front of radarr/sonarr/other services, so in theory an attacker would not be able to exploit a vulnerability in an exposed app unless they could get past that. I'm using the linuxserver/letsencrypt container to do it so it adds TLS and fail2ban. It's not as secure as a VPN but I think it's secure enough for what it protects, I think the bigger risk is someone managing to sneak something malicious into the docker containers which I have auto update.
|
|
#
?
Oct 4, 2019 17:13
|
|
|
H110Hawk posted:How does this mitigate exploits in whatever lovely php / ruby / Python ui they are using? It depends on what kind of exploit you're imagining. Just like a VPN, the traffic between your browser or app and your instance of Radarr or whatever is encrypted, so they're not accessing anything that way. They have to get past your reverse proxy's (99% of the time nginx) auth system to actually access anything.
|
|
#
?
Oct 4, 2019 17:40
|
|
|
THF13 posted:I use an nginx based reverse proxy and have basic auth set up in front of radarr/sonarr/other services, so in theory an attacker would not be able to exploit a vulnerability in an exposed app unless they could get past that. I'm using the linuxserver/letsencrypt container to do it so it adds TLS and fail2ban. this was the setup I was looking at doing
|
|
#
?
Oct 4, 2019 18:00
|
|
|
Thermopyle posted:It depends on what kind of exploit you're imagining. Hughlander posted:Nginx reverse proxy with basic auth over https is what I do. I don’t see a down side. THF13 posted:I use an nginx based reverse proxy and have basic auth set up in front of radarr/sonarr/other services, so in theory an attacker would not be able to exploit a vulnerability in an exposed app unless they could get past that. I'm using the linuxserver/letsencrypt container to do it so it adds TLS and fail2ban. So these are all much better setups than just "nginx with reverse proxy" (ignoring that you autoupdate your docker containers ). You still need to stay up on nginx cve's but it's an order of magnitude better as it's designed to be exposed to the internet. One reason I harp on VPN's is anything else is a gamble of completeness of a solution which for a novice is potentially a bad gamble. One wormed crypto virus and your family photos are toast. Sounds like hyperbole but that's what is out there on the internet right now. Does the user have offsite backups? Are they protected from changes or have versioning - aka will your backup software blow over your pictures on the remote side with the now encrypted ones? Does the person understand all of the nuances needed to keep their system secure? For example, TLS adds almost nothing to the equation except protection from your ISP snooping or coffee shop snoopers. There is a caveat - do you do TLS mutual authentication with client certs? If so - awesome. Do that. It's way better than a password. Do they understand that the login screen on radarr/sonarr/whatever is not as well made and means likely nothing compared to the login screen on the nginx proxy module? Do they understand the importance of banning clients who get the password wrong too many times (fail2ban above, use it)? The internet was a mistake. That's my soap box.
|
|
#
?
Oct 4, 2019 18:10
|
|
|
Pfsense router running OpenVPN server makes my home network janitor life easier. Use it. Make your life easier too! I followed the video that Laurence Systems (or something like that) has on YouTube. I have multiple things running on my network and it's nice that it takes care of all of them. Also, I can VPN from whatever garbage internet hotspot/hotel and have people not sniffing my packets.
|
|
#
?
Oct 4, 2019 18:34
|
|
|
If whatever your NAS is can use Docker, you can use Traefik as your reverse proxy. It automatically monitors one of the docker files for when new containers get spun up with specific config lines at run and handles all the proxying config for you. It can also be used as a simple reverse proxy like nginx without the automation either, I'm not sure what the config is like though
|
|
#
?
Oct 4, 2019 18:36
|
|
|
I like when people are like "hey I'm looking for something simple and better then leaving my rear end in the wind but don't feel like wearing armor plate". Which is inevitably followed up with "but full plate armor is more secure". Be scared be afraid buy NORDVPN!!!!! I wonder how secure Plexes system is for connecting remotely.... whatever. On another note gently caress docker/permissions. I kind of wanted to try Sonarr in it but it seemed to be too much of a hassle to interact with sabnbz unless it too is in a docker container. Duck and Cover fucked around with this message at 19:38 on Oct 4, 2019 |
|
#
?
Oct 4, 2019 19:02
|
|
|
H110Hawk posted:So these are all much better setups than just "nginx with reverse proxy" (ignoring that you autoupdate your docker containers Ehh, I think a VPN is just as much a gamble of completness as a reverse proxy setup. Setting up a VPN has traditionally been a joke of complicatedness...algo is making that better, but still not great. One real downfall of a VPN setup is getting your wife, dad, little sister, best friend, to correctly configure their client side. People who set this stuff up all the time have a very hard time groking the hurdle this is. Reverse proxy setups require them to have a username/password...which is definitely good enough for most setups. Thermopyle fucked around with this message at 21:36 on Oct 4, 2019 |
|
#
?
Oct 4, 2019 20:28
|
|
|
It's not exactly a VPN, but I love ZeroTier for this sort of stuff
|
|
#
?
Oct 4, 2019 20:52
|
|
|
You understand you're bouncing other people's traffic through your own system when you're running zerotier right?
|
|
#
?
Oct 4, 2019 21:41
|
|
|
Thermopyle posted:One real downfall of a VPN setup is getting your wife, dad, little sister, best friend, to correctly configure their client side.
|
|
#
?
Oct 4, 2019 22:40
|
|
|
Thermopyle posted:One real downfall of a VPN setup is getting your wife, dad, little sister, best friend, to correctly configure their client side. If you have read my posts and thought I was making this sound like a good idea you should re-read them and pretend little bits of spittle are coming out of my mouth. Overall I think it's an awful idea to try to interconnect home internet connections as it's setting you up to be tech support when plex doesn't work at your sisters/brothers/mom/dads house. Or your internet goes down so theirs does too until the VPN gives up and withdraws routes. If you want to, make a profile and set it up yourself on their side so it only routes what they need over to your house. You can make one click-ish profiles for openvpn where if they use the installer you can just doubleclick the file and it will connect no password needed. Wireguard is supposed to make this stuff better.
|
|
#
?
Oct 4, 2019 22:59
|
|
|
Thermopyle posted:One real downfall of a VPN setup is getting your wife, dad, little sister, best friend, to correctly configure their client side.
|
|
#
?
Oct 5, 2019 00:33
|
|
|
D. Ebdrup posted:That's one advantage of IPsec via algo, it can generate profiles that lets your wife, dad, little sister, and best friend just go into Settings and flip the 'VPN' toggle, and they've got privacy. Yeah, I started a thread on algo here. I've used it extensively. There's two main downsides to it compared to a username/password situation: 1. I've got to set it up on their devices for them. Wireguard with algo all sounds so simple to us tech people, but it's mostly beyond regular users, or at least beyond what they care to try. 2. It's still hard to get regular users to keep it on. Inevitably something breaks because it doesn't like the VPN, so they turn it off and then two weeks later I'm looking at their device for whatever and they've had it off ever since. I mean, I haven't gave up on the idea. I still use it and try to keep people I have some responsibility for using it.
|
|
#
?
Oct 5, 2019 00:39
|
|
|
Jesus people, just don't open up your internal network to the outside world. There are only shades of "how bad is it?" in every single option.
|
|
#
?
Oct 5, 2019 01:09
|
|
|
Volguus posted:Jesus people, just don't open up your internal network to the outside world. There are only shades of "how bad is it?" in every single option. Also don't turn on your computer because of the same reason.
|
|
#
?
Oct 5, 2019 01:23
|
|
|
Thermopyle posted:Also don't turn on your computer because of the same reason. Certainly. However, the shades of insecurity are quite a bit dimmer if you don't just open up your internal network to the internet. Being connected to the internet is a risk. Inviting everyone into your home (even if you lock your door with a lovely lock) is ... well quite a different beast now, isn't it? You cannot ever have 100% security. But when you open a hole in your firewall to connect internally from outside you better be sure it's worth it, because the exposure is immense.
|
|
#
?
Oct 5, 2019 02:58
|
|
|
|
| # ? May 16, 2024 09:04 |
|
|
I have a few port open to specific items all with security, but I also use a openvpn internally and externally, I mean VPNs are nice, but I would say that for the average person, even having a firewall that has ports not just blindly opened or DMZed to some piece of equipment is pretty high bench mark. Also I would say that it just provides another layer of authentication, and pretty much you should update like mad anyway. God help them if they have IoT poo poo. I've worked with some of those where the only thing I can say is that they are just attack vectors. Some you can Telenet right into without password authentication and get root access. 
|
|
#
?
Oct 5, 2019 15:20
|
|
