@gotwf said in Setup NodeBB on Fedora 33 with PostgreSQL and Nginx with HTTPS only:

@JaredBusch So... now that you've had this up and running for a while, care to report on how that is going? Inquiring minds are curious. Particularly w.r.t. resource utilization comparison, performance differences, etc. comparatively. I think you were on Mongo previously, correct? Cuz I am right there with you on the license bullshit. All it takes is one bump in the road, merger, and wham, history repeats and next major version changes license again - only this time to something closed. Have no interest in betting on community to fork and continue. Need a safer bet. It would appear that percona may have already done so w/their percona mongodb offering but I wonder if that would continue as a full fork if/when upstream became closed source.

TIA-- o/

Well 2 years in, i do not run any NobeBB instances with heavy traffic so performance is not even something I look at. I have like 5 of these running for tiny personal projects that people I know have asked for my help with.

@flaxking said in SSL/TLS client certificates questions:

Domain name doesn't matter, unless you're signing with a public CA. I'd think self-signed vs internal CA vs public CA would depend on what the authentication mechanism supports and how you have to manage the certificates. (i.e. if there are going to be a ton of them it might be easier for the authentication mechanism just to trust certificates signed by a certain internal CA rather than having to make each certificate trusted.

From what I've seen so far, I've come to the same conclusion.

Didn't we have one of these threads last year?

tags - please?

we use Kemp to publish Skype for Business and SharePoint. Their guides are excellent!

And this person has a full guide https://xcp-ng.org/forum/topic/3775/xen-orchestra-from-source-with-let-s-encrypt-certificates

@jaredbusch said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:

The entire concept is just stupid.
You cannot hide from your provider.

I'd agree with you, at least for now. This is just one small step in the right direction. It won't really make much difference until it's supported by all endpoints.

Not particularly good, actually. Good to spread awaremenss, but the information was mostly spotty with a chance of confusion.

@tim_g
Do you know what tools and scripts that is available when installing hyperv-tools?

@zubairkhanzhk you're welcome!

This way you can share the config(s) under conf.d between multiple machines using the same roles (or whatever Salt calls them) and have different main NGINX server settings.

@scottalanmiller

Thanks Scott. That jogged my memory to enable ssl module. That was what I missed.

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

Now one might argue that the solution provider does take this into consideration and fully expects their customers to rebuy when "required to" because the underlying software is considered a security risk. But we all know that this is rarely if ever the case.

Yes but... it makes it the customer's fault 🙂

What's just as bad is often the vendor doesn't have a new solution either.

No different than offering no solution at all. It means that the vendor no longer offers a supported product. Time to move on.

SSL and TLS protect people from spying on an existing communications channel, but does nothing to protect the end points. It's just a service that has to respond to any incoming request.