@teezeh hab ich mir auch gedacht, werden von Glinet produziert, die produzieren aber bald auch den Flint 3, bin mit Flint 2 schon sehr zufrieden, der kann schön reibungslos zwischen shared und dedizierten Glasfaseranschluss switchen, ein Wifi7 Upgrade wäre was. Der Comet KVM von denen wird auch von mir ausgiebig getestet werden an meinem rpi400.
Heard of *massive* improvements so I tried latest stable kernel 6.13.9 over the default 6.1 kernel on debian, this time around the ipv6 stack works. Maybe the new 10gbit nic is less glitchy. idk.
I've reduced the workers parallelization (as I've read too much parallelization is just bad) and noticed that some shared memory and wal size options were mentioned multiple times in the config, fixed.
Okay 3x20 threads busy each on ingress and pull made the postgres db very, VERY sad, so i culled a couple of workers. 90k backlog gone already. I'm now sleepy and a bit sweaty doing all the ip replacements in a timely manner, used replace command on the dns zonefiles, quite handy and easy to remember command. Now on yummy 10gbit again. Well I'm off to dreamland. Have a nice night/evening!
Hey y'all, sorry for the short notice, but I'm doing a bandwidth update for the server, which will happen in 2 hours and will take approximately 2 hours to finish. Includes ieji.de and rel.re.
Hab mir mal suricata+CrowdSec combo angeguckt. Jetzt läuft auch noch suricata+rulesets neben ein paar neuer premium blocklists+threat detection die man bei CrowdSec für erschwingliche $31 pro Server mieten kann. Wenn irgendwas Richtung VPN oder proxy ging bin ich von block auf captcha (lokal) gegangen.
Okay so my gf stays here for the rest of the month and a week into her visit I get quite sick. Asking her to buy a COVID test and a thermometer. Been to Winterswijk with her.
Another test, this time if after setting S3_ALIAS_HOST image stuff still works as expected. Images are now getting delivered via ftp.ieji.de proxy so you have no external connections to the s3 bucket when viewing or uploading images.
@trektor so previously I've set all ip entries to 127.0.0.1, this was the "maintenance" ip which was excluded from rate limiting. They have removed that trick a while ago because it poses a risk if you had the internal processes openly accessible which you really should not. So now there was a global request limit every user shared. I've now told the webserver to give mastodon a different ipv6 on each request. Afaik this is only for logging so it shouldnt cause issues.
If you go to the ieji.de account page you will now see a super random (i made sure it uses a considerable amount of randomness) ipv6 each time you refresh the account page. Now there should be no issues, well except if this way of switching ipv6 frequently causes unexpected issues. You surely get "login from new ip" more often. #anonymous#mastodon
Experimenting with using openresty and a lua calls on each request to send a different IP to circumvent the rate limiting. Ieji might be off for a minute while I *drop in replace* nginx with openresty.
@wilms@BlippyTheWonderSlug its an ongoing issue with the anonymization, rate limits getting triggered randomly, sorry about that. Still trying to figure it out.
Altruistic, liberal FOSS lover, Tor/Ygg/I2P advocate, LGBTQIA+ allyWell versed linux admin which also hosts this here and the https://rel.re relayMr. Nutz Progamer