chiisana

joined 1 year ago
sorted by: new top controversial old
How does hypixel have their website and minecraft server on their root domain? (I would like to do something similar) in c/selfhosted@lemmy.world
[–] chiisana@lemmy.chiisana.net 67 points 4 days ago* (last edited 4 days ago) (7 children)

The amount of confidently incorrect responses is exactly what one could expect from Lemmy.

First: TCP and UDP can listen on the same port, DNS is a great example of such. You’d generally need it to be part of the same process as ports are generally bound to the same process, but more on this later.

Second: Minecraft and website are both using TCP. TCP is part of layer 4, transport; whereas HTTP(S) / Minecraft are part of layer 7, application. If you really want to, you could cram HTTP(S) over UDP (technically, QUIC/HTTP3 does this), and if you absolutely want to, with updates to the protocol itself, and some server client edits you can cram Minecraft over UDP, too. People need to brush up on their OSI layers before making bold claims.

Third: The web server and the Minecraft server are not running on the same machine. For something that scale, both services are served from a cluster focused only on what they’re serving.

Finally: Hypixel use reverse proxy to sit between the user and their actual server. Specifically, they are most likely using Cloudflare Spectrum to proxy their traffic. User request reaches a point of presence, a reverse proxy service is listening on the applicable ports (443/25565) + protocol (HTTPS/Minecraft), and then depending on traffic type, and rules, the request gets routed to the actual server behind the scenes. There are speculations of them no longer using Cloudflare, but I don’t believe this is the case. If you dig their mc.hypixel.net domain, you get a bunch of direct assigned IP addresses, but if you tried to trace it from multiple locations, you’d all end up going through Cloudflare infrastructure. It is highly likely that they’re still leaning on Cloudflare for this service, with a BYOIP arrangement to reduce risk of DDOS addressed towards them overflow to other customers.

In no uncertain terms:

  1. Hypixel.net has Cloudflare DNS for their domain.
  2. For their website, it has orange cloud enabled to proxy traffic through CF’s global CDN and DDOS protection service.
  3. For their Minecraft server, they advertise mc.hypixel.net, but also have a SRV record for _minecraft._tcp.hypixel.net set for 25565 on mc.hypixel.net
  4. The mc.hypixel.net domain has CNAME record for mt.mc.production.hypixel.io. which is flattened to a bunch of their own direct assigned IP addresses.
  5. Traceroute towards those direct assigned IP addresses goes through Cloudflare infrastructure but final destination is obscured, just like their website, to protect them from DDOS attacks.
Self-hosting LLMs in c/selfhosted@lemmy.world
[–] chiisana@lemmy.chiisana.net 5 points 1 week ago (1 children)

Using Ollama to try a couple of models right now for an idea. I’ve tried to run Llama 3.2 and Qwen 2.5 3b, both of which fits my 3050 6G’s VRAM. I’ve also tried for fun to use Qwen 2.5 32b, which fits in my RAM (I’ve got 128G) but it was only able to reply a couple of tokens per second, thereby making it very much a non-interactive experience. Will need to explore the response time piece a bit further to see if there are ways I can lean on larger models with longer delays still.

Okanagan Nation Alliance calls for ejection of B.C. Conservative member in c/britishcolumbia@lemmy.ca
[–] chiisana@lemmy.chiisana.net 3 points 2 weeks ago

Neither ignorance towards, nor or malice against, the people they’re supposed to represent should be permitted. Politicians should only ever argue policies against the policies’ merits, and not antagonize the people the policies affect.

WebStorm and Rider Are Now Free for Non-Commercial Use in c/technology@lemmy.world
[–] chiisana@lemmy.chiisana.net 15 points 3 weeks ago

It was never to your definition of free, so you were never going to be using it in the first place. Don’t need to say goodbye when you were never here.

WebStorm and Rider Are Now Free for Non-Commercial Use in c/technology@lemmy.world
[–] chiisana@lemmy.chiisana.net 22 points 3 weeks ago (3 children)

If you’re going to use it, you’d be paying for it one way or another; either through money or privacy. Par for the course.

Apple quietly deletes nearly a hundred VPNs that allowed Russians to get around censorship in c/technology@lemmy.world
Apple quietly deletes nearly a hundred VPNs that allowed Russians to get around censorship in c/technology@lemmy.world
BC Polls for 29/9/2024 in c/britishcolumbia@lemmy.ca
[–] chiisana@lemmy.chiisana.net 7 points 1 month ago

Don’t forget to register and go out to vote people! This looks closer than ever :(

All Of Apple’s Foldable iPhone Prototypes Have Visible Creases, Which May Explain The Company’s Apprehension Towards A Launch in c/technology@lemmy.world
[–] chiisana@lemmy.chiisana.net 12 points 1 month ago

This is Apple; they value different things than most people… sometimes warranted, results in offering a much better experience, and pushes everything forward (see MagSafe -> Qi2 for recent example), other times they’re just regarded as late adopters. The detraction of visual aesthetics from folding crease is apparently one of such things that they care about.

Low Cost Mini PCs in c/selfhosted@lemmy.world
[–] chiisana@lemmy.chiisana.net 2 points 1 month ago

Amazing stuff. Thank you so much!

NIST proposes barring some of the most nonsensical password rules in c/technology@lemmy.world
[–] chiisana@lemmy.chiisana.net 1 points 1 month ago

The LM password hash (predecessor to NTLM) was calculated in two blocks of 7 characters from that truncated 14 characters. Which meant the rainbow table for that is much smaller than necessary and if your password is not 14 characters, then technically part of the hash is much easier to brute force, because the other missing characters are just padded with null.

A courts reporter wrote about a few trials. Then an AI decided he was actually the culprit. in c/technology@lemmy.world
[–] chiisana@lemmy.chiisana.net 1 points 1 month ago* (last edited 1 month ago)

If memory serves, 175B parameters is for the GPT3 model, not even the 3.5 model that caught the world by surprise; and they have not disclosed parameter space for GPT4, 4o, and o1 yet. If memory also serves, 3 was primarily English, and had only a relatively small set of words (I think 50K or something to that effect) it was considering as next token candidates. Now that it is able to work in multiple languages and multi modal, the parameter space must be much much larger.

The amount of things it can do now is incredible, but our perceived incremental improvements on LLM will probably slow down (due to the pace fitting to the predicted lines in log space)… until the next big thing (neural nets > expert systems > deep learning > LLM > ???). Such an exciting time we’re in!

Edit: found it. Roughly 50K tokens for input output embedding, in GPT3. 3Blue1Brown has a really good explanation here for anyone interested: https://youtu.be/wjZofJX0v4M

50
Self hosted SSH key repository? (lemmy.chiisana.net)
 

I have too many machines floating around, some virtual, some physical, and they're getting added and removed semi-frequently as I play around with different tools/try out ideas. One recurring pain point is I have no easy way to manage SSH keys around them, and it's a pain to deal with adding/removing/cycling keys. I know I can use AuthorizedKeysCommand on sshd_config to make the system fetch a remote key for validation, I know I could theoretically publish my pub key to github or alike, but I'm wondering if there's something more flexible/powerful where I can manage multiple users (essentially roles) such that each machine can be assigned a role and automatically allow access accordingly?

I've seen Keyper before, but the container haven't been updated for years, and the support discord owner actively kicks everyone from the server, even after asking questions.

Is there any other solution out there that would streamline this process a bit?

4
Lemmy via Docker Compose, using Traefik and CloudFlare (lemmy.chiisana.net)
submitted 1 year ago* (last edited 1 year ago) by chiisana@lemmy.chiisana.net to c/selfhosted@lemmy.world
0 comments fedilink
 

Disclaimers:

First thing first, I'm new to the whole Fediverse, and Lemmy thing, so please don't hesitate to point out any problems you're foreseeing.

Secondly, I'm by no means saying this is the ideal implementation, something something see above. Please don't hesitate to make recommendations for improvements.

Lastly, I'm not sure if it is completely working. I'm still noticing a few issues that I will document and monitor towards the end of the post. If you know of the cause or how to debug further, please do let me know!

Notes and Assumptions:

  1. I am using an ARM server. So I'm using ARM images, you will need to make sure you're using the correct architecture image.
  2. I assume you have Traefik up and running in a separate network. I used docker compose to bring traefik up, minimal configurations, and I'm just hijacking the default network there (project folder was gateway so the complete network name is gateway_default)... there's probably better ways to do this.
  3. On note of networks, I really don't like the fact that the default postgres was left wide open on the lemmyexternalproxy network. I think I've locked my down, but you may wish to double check my work.
  4. I'm not sure if what I am doing with the hostnames are correct, but it seems to work for the most part, so I'm not complaining. If there is a better way, please do advise!
  5. I used an override file for docker compose to apply extra settings. This allows me to keep the original docker-compose.yml untouched, and I can just pull in new changes (theoretically).
  6. Since I'm using traefik, I don't need nginx running doing nothing. I replaced it with a light weight alpine image that just shuts down successfully, so it doesn't use resources.

Without further delays, here's my files:

docker-compose.override.yml:

version: "3.3"

networks:
  lemmyexternalproxy:
    internal: true
  lemmygateway:
    name: gateway_default
    external: true

services:
  lemmy:
    image: dessalines/lemmy:0.17-linux-arm64
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.lemmy.entrypoints=websecure"
      - "traefik.http.routers.lemmy.rule=Host(`lemmy.chiisana.net`) && HeadersRegexp(`Accept`, `^application/`) || Host(`lemmy.chiisana.net`) && Method(`POST`) || Host(`lemmy.chiisana.net`) && PathPrefix(`/{path:(api|pictrs|feeds|nodeinfo|.well-known)}`)"
      - "traefik.http.routers.lemmy.tls=true"
      - "traefik.http.services.lemmy-svc.loadbalancer.server.port=8536"
      - "traefik.docker.network=gateway_default"
    networks:
      - lemmygateway
  lemmy-ui:
    image: dessalines/lemmy-ui:0.17-linux-arm64
    environment:
      - LEMMY_UI_HOST=0.0.0.0:1234
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.chiisana.net
      - LEMMY_UI_HTTPS=true
      - LEMMY_UI_DEBUG=false
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.lemmy-ui.entrypoints=websecure"
      - "traefik.http.routers.lemmy-ui.rule=Host(`lemmy.chiisana.net`)"
      - "traefik.http.routers.lemmy-ui.tls=true"
      - "traefik.http.services.lemmy-ui-svc.loadbalancer.server.port=1234"
      - "traefik.docker.network=gateway_default"
    networks:
      - lemmygateway
  proxy:
    image: alpine:latest
    command: "true"
    entrypoint: "true"
    restart: "no"
  pictrs:
    image: asonix/pictrs:0.4.0-rc.3

lemmy.hjson:

  setup: {
    admin_username: "chiisana"
    admin_password: "password-redacted-duh"
    site_name: "chiisana lemmy site"
  }
  database: {
    host: "postgres"
    user: "lemmy"
    password: "password-redacted-duh"
    database: "lemmy"
  }
  email: {
    smtp_server: "smtp.mailgun.org:587"
    smtp_login: "lemmy@chiisana.net"
    smtp_password: "password-redacted-duh"
    smtp_from_address: "lemmy@chiisana.net"
    tls_type: "tls"
  }
  pictrs: {
    url: "http://pictrs:8080/"
    api_key: "API_KEY"
  }
  hostname: "lemmy.chiisana.net"
  bind: "0.0.0.0"
  port: 8536
  tls_enabled: true
}

Known issue(s)?

  1. ~~I have my registration disabled as the instance is supposed to be just for my own auth not be depended on other instances. In my /admin section, I'm seeing a ton of users from endlesstalk.org pop up as banned users. I have no idea what that is about, as endlesstalk.org seems to also be used only by one user. I'll be monitoring this and see what's to come of it.~~ Edit: Looks like this is just the way the system is designed, and not a configuration error on my part! All good here. Thanks for clarifying it @lemmy@endlesstalk.org !
  2. I'm not sure if I'm getting all the messages federated. In this community, for example, I can see most if not all recent threads. However, most threads have no comments in it. Some newer threads, I see comments, but it seems to be incomplete. I'm not sure if I'm only supposed to receive new messages, or if something else is happening. I'll be monitoring this, and hoping the federation will just catch up over time.
  3. Edit: It would appear this post itself is not federating to !selfhosted@lemmy.world for some reason... I'm partially hoping it is just caught in some kind of moderation queue, but seeing other posts made after this appear on the list leads me to believe there's still something amiss.

If you encounter any other issue, please do post back so we can try to debug it together. Hope this helps someone!

view more: next ›