• 1 Post
  • 264 Comments
Joined 1 year ago
cake
Cake day: April 27th, 2024

help-circle

  • The comments here are awful. I am sorry for the abuse you are receiving.

    I’m a staunch atheist myself, and even for some of the same reasons others are mentioning in their rage-comments. That being said, hating a person for their religious beliefs alone is baffling, and yes, makes you a bigot.

    The exception I would make here is for situation and people where they, based on their religious beliefs hate you, and there’s nothing that can be done about it.I also would not call it bigoted to hate religious institutions for the discord and pain they inflict on the world.

    But hating people because “well I was able to see through religion, so I am justified in hating everyone that did not and is still religious” is just such a disingenuous take. It denies the reality of indoctrination-like upbringings, of the differing educations people receive, and puts all religious people into a single “enemy” group.

    I’m not US-American, as I assume many of these commenters are; where I live, the proportion of religious people is a lot lower, and the religiosity is… less pronounced, let’s say. It is much more difficult to find someone here who would, for example, go “Homosexuality is a sin according to the bible. Therefore I hate you.”; most religious people seem to have a differentiated opinion about these things, usually being more in line with “I believe there’s a God that loves us. The bible was written by fallible humans whose biases are present in the texts”.

    Don’t get me wrong, I still think they are wrong in this and pity them for the time and energy lost on pleasing an imaginary being, and for the pain their beliefs can inflict upon themselves; but ultimately, that’s up to each individual person, and it does not justify hate.











  • TBH, it sounds like you have nothing to worry about then! Open ports aren’t really an issue in-and-on itself, they are problematic because the software listening on them might be vulnerable, and the (standard-) ports can provide knowledge about the nature pf the application, making it easier to target specific software with an exploit.

    Since a bot has no way of finding out what services you are running, they could only attack caddy - which I’d put down as a negligible danger.


  • My ISP blocks incoming data to common ports unless you get a business account.

    Oof, sorry, that sucks. I think you could still go the route I described though: For your domain example.com and example service myservice, listen on port :12345 and drop everything that isn’t requesting myservice.example.com:12345. Then forward the matching requests to your service’s actual port, e.g. 23456, which is closed to the internet.

    Edit: and just to clarify, for service otherservice, you do not need to open a second port; stick with the one, but in addition to myservice.example.com:12345, also accept requests for otherservice.example.com:12345, but proxy that to the (again, closed-to-the-internet) port :34567.

    The advantage here is that bots cannot guess from your ports what software you are running, and since caddy (or any of the mature reverse proxies) can be expected to be reasonably secure, I would not worry about bots being able to exploit the reverse proxy’s port. Bots also no longer have a direct line of communication to your services. In short, the routine of “let’s scan ports; ah, port x is open indicating use of service y; try automated exploit z” gets prevented.


  • I am scratching my head here: why open up ports at all? It it just to avoid having to pay for a domain? The usual way to go about this is to only proxy 443 traffic to the intended host/vm/port based on the (sub) domain, and just drop everything else, including requests on 443 that do not match your subdomains.

    Granted, there are some services actually requiring open ports, but the majority don’t (and you mention a webserver, where we’re definitely back to: why open anything beyond 443?).