• 5 Posts
  • 61 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle






  • I can recommend some stuff I’ve been using myself :

    • Dolibarr as an ERP + CRM : requires some work to configure initially. As most (if not all) features are disabled by default, it requires enabling them based on what you need. It also has a marketplace with a bunch of modules you can buy
    • Gitea to manage codebases for customer projects. It can also do CI but I’ve not looked into it yet
    • Prometheus and its ecosystem (mostly promtail and grafana) for monitoring and alerting
    • docker mail server : makes it quite easy to self host a full mail server. The guides in their doc made it painless for me to configure dmarc/SPF/other stuff that make e-mail notoriously hard to host
    • Cal.com as a self hostable alternative to calendly
    • Authentik for single sign-on and centralized permission management
    • plausible for lightweight analytics
    • a mix of wireguard, iptables and nginx to basically achieve the same as cloudflare proxying and tunnels

    I design, deploy and maintain such infrastructures for my own customers, so feel free to DM me with more details about your business if you need help with this






  • What I did is use a wildcard subdomain and certificate. This way, only pierre-couy.fr and *.pierre-couy.fr ever show up in the transparency logs. Since I’m using pi-hole with carefully chosen upstream DNS servers, passive DNS replication services do not seem to pick up my subdomains (but even subdomains I share with some relatives who probably use their ISP’s default DNS do not show up)

    This obviously only works if all your subdomains go to the same IP. I’ve achieved something similar to cloudflare tunnels using a combination of nginx and wireguard on a cheap VPS (I want to write a tutorial about this when I find some time). One side benefit of this setup is that I usually don’t need to fiddle with my DNS zone to set up a new subdomains : all I need to do is add a new nginx config file with a server section.

    Some scanners will still try to brute-force subdomains. I simply block any IP that hits my VPS with a Host header containing a subdomain I did not configure






  • They told me about hosting their own tile server earlier today. I’m really impressed by how fast they moved !

    A pull request for a privacy page during the onboarding is in the works, and I’ve been working with them to update the settings page and documentation (with the goal of providing an easy way to switch map providers). They are also working on a privacy policy, and want to ship all of this in a few weeks as part of a single release.

    Once again, I’m really impressed with how well they’re handling this