SeeJayEmm

SeeJayEmm, 27 days ago

Kinda feel dumb that my answer is no. Let me do that and report back.

SeeJayEmm, 27 days ago

Short test completed without error.

SeeJayEmm, 27 days ago

I would start by making sure you have good recent backups ASAP.

I do.

Could be as simple as a service logging some warnings due to junk incoming traffic, or an update that added some more info logs, etc.

Possible. It’s a really consistent (and stark) degradation in performance tho and is repeatable even when the opnsense VM is the only one running.

SeeJayEmm, 27 days ago

While you’re waiting for that, I’d also look at the smart data and write the output to a file, then check it again later to see if any of the numbers have changed, especially reallocated sectors, pending sectors, corrected and uncorrected errors, stuff like that.

That’s a good idea. Thanks.

SeeJayEmm, 27 days ago

It’s an old Optiplex SFF with a single HDD. Again, my concern isn’t that it’s “slow”. It’s that performance has rather suddenly tanked and the only changes I’ve made are regular OS updates.

SeeJayEmm, 27 days ago

I’m trying to think of anything I may have changed since the last time I rebooted the opnsense VM. But I try to keep up on updates and end up rebooting pretty regularly. The only things on this system are the opnsense VM and a small pihole VM. At the time of the screenshot above, the opnsense VM was the only thing running.

If it’s not a failing HDD, my next step is to try and dig into what’s generating the I/O to see if there’s something misbehaving.

SeeJayEmm, 27 days ago

I’m starting to lean towards this being an I/O issue but I haven’t figure out what or why yet. I don’t often make changes to this environment since it’s running my Opnsens router.

<span style="color:#323232;">root@proxmox-02:~# zpool status
</span><span style="color:#323232;">  pool: rpool
</span><span style="color:#323232;"> state: ONLINE
</span><span style="color:#323232;">status: Some supported and requested features are not enabled on the pool.
</span><span style="color:#323232;">        The pool can still be used, but some features are unavailable.
</span><span style="color:#323232;">action: Enable all features using 'zpool upgrade'. Once this is done,
</span><span style="color:#323232;">        the pool may no longer be accessible by software that does not support
</span><span style="color:#323232;">        the features. See zpool-features(7) for details.
</span><span style="color:#323232;">  scan: scrub repaired 0B in 00:56:10 with 0 errors on Sun Apr 28 17:24:59 2024
</span><span style="color:#323232;">config:
</span><span style="color:#323232;">
</span><span style="color:#323232;">        NAME                                    STATE     READ WRITE CKSUM
</span><span style="color:#323232;">        rpool                                   ONLINE       0     0     0
</span><span style="color:#323232;">          ata-ST500LM021-1KJ152_W62HRJ1A-part3  ONLINE       0     0     0
</span><span style="color:#323232;">
</span><span style="color:#323232;">errors: No known data errors
</span>

SeeJayEmm, 27 days ago

That very much depends on what you want to do.

The self hosted mailing list has a directory of apps they track.

There’s also the Awesome Self hosted.

SeeJayEmm, 27 days ago

Zabbix & Grafana for supervision

@foremanguy92_ personally I prefer CheckMk over Zabbix. I found Zabbix to be an absolute pig. Both are on the complex side. But really, you probably just need something like Uptime Kuma.

SeeJayEmm, 27 days ago

Yes. That’s why it’s called the Internet of things. Every “smart”, wifi connected, device you have uses that connection to communicate with a remote server. The app on your phone does the same to control the light.

Check out Zigbee for an example local control.

SeeJayEmm, 29 days ago

I wish I’d seen this before the minor hell I went through learning how to geoip block via iptables. 😁

It looks interesting. I think my only real concern is security. There’s a lot of people using and working on nginx so, presumably, more people to identify bugs and squash them.

SeeJayEmm, 29 days ago

I’m still curious tho. I’ll probably set it up for some internal only sites to test.

SeeJayEmm, 29 days ago

Nightly backups to a repurposed qnap running pbs. I’m fully aware it’s overkill but it gives me some peace of mind.

SeeJayEmm, 29 days ago

I’ve got PBS setup to keep 7 daily backups and 4 weekly backups. I used to have it retaining multiple monthly backups but realized I never need those and since I sync my backups volume to B2 it was costing me $$.

What I need to do is shop around for a storage VM in the cloud that I could install PBS on. Then I could have more granular control over what’s synced instead the current all-or-nothing approach. I just don’t think I’m going to find something that comes in at B2 pricing and reliability.

SeeJayEmm, 29 days ago

A newbie should be running AIO in docker, which in my experience, has been pretty solid.

SeeJayEmm, 1 month ago

And even if you do everything 100% right, your emails will mostly get flagged as spam if not outright blocked anyway. Esp. if you’re using a residential IP.

SeeJayEmm, 1 month ago

I miss the joy of StumbleUpon back when the web was exciting and unique.

SeeJayEmm, 1 month ago

Alternatively, I could have a reverse proxy in the DMZ only for the public service and another reverse proxy on the LAN for internal services.

I do exactly this now. Public facing services sit in a dmz vlan with a rev proxy. I almost did a 2 tiered dmz but decided it was overkill.

Private services sit on an inside vlan.

SeeJayEmm, 1 month ago

Plus, the internal and external services are running on the same box. Is that where my real problem lies?

It’s one of them, yes.

If you want to limit exposure in the case of a compromise you need to put everything public facing in it’s own vlan that cannot initiate traffic into your lan.

SeeJayEmm, 1 month ago

I agree with everything everyone else has said here but if you looking for the most basic solution it’s already in NPM. You can configure basic auth in an access list and apply it to the site.

SeeJayEmm, 1 month ago

Nah. Your question was fine. The person who responded to you was just wrong. Hopefully you’ve seen the other replies to their comment.

SeeJayEmm, 1 month ago

Redundancy is really important when it effects other people, IMO. Personally I use 2 piholes kept in sync with gravity-sync.

SeeJayEmm, 1 month ago

Route 53 does. I’ve got a couple there now.

SeeJayEmm, 1 month ago

You can do most of not all of this with CheckMk but it’s probably overkill.