Here you go: certbot
ElevenNotes
joined 2 years ago
How shallow in cm?
A simple webserver secured by htaccess is not inherit insecure, but there are a lot of steps you can take to improve security further: Like proper authentication via OICD or something similar. Only access to the server via VPN, files encrypted, and so on.
This is not true sorry. Even in k8s any container has access to any other container in the same pod or in dockers case on the same host. In k8s you can at least add network profiles. If its a host or MACVLAN container it gets worse if no proper isolation is configured on the network level.
Just out of curiosity: Whats the use case to download videos from surveillance to your phone?
This is the frist time I hear of that. Plex alway worked offline. Did you forget to add your subnet to the "no authentication" list?
My Plex is offline except for Metadata downloads. What does not work on your end? Why do you need an offline Plex? Plex works offline too, you just get no Metadata unless you have it in the folder of the file.
Solid burn, here have an upvote.
If the service is strictly only for you: don't. Use VPN to access your service remotely. If its a service for everyone (like a blog or such) there is no way around it. It does not break any security, but you should make sure that the containers/servers exposing this service are secured as much as possible.
DNS blockers (AdGuard or PiHole).
Container in the same network namespace can communicate with each other but only if run by the same user. Why do you feel the need to run pods with different users? Podman is by default rootless, that rootless gives you the best in security when it comes to container isolation from the host. If you want to isolate containers from each other simply use different pods or network namespaces, whatever you prefer. Any reason to prefer caddy over the likes for Traefik or Nginx?