nutbutter

I bought an Optiplex 5040, with an i5-6500TE, and 8 GB DDR3L RAM.

When I bought it, I installed Fedora Server on it. It got stuck every few days but I could never see the error. The services just stopped working, I couldn't ssh into it, and connecting it to a monitor showed a black screen.

So, I thought let's install Ubuntu Server, maybe Fedora isn't compatible with all of its hardware. The same thing is happening, now, but I can see this error. Even when there's nothing installed on it, no containers, nothing other than base packages, this happens.

I have updated the bios. I have tried setting nouveau.modeset=0 in the grub config file. I have tried disabling and enabling c-states. No luck till now.

Would really appreciate if anyone helps me with this.

UPDATE:

• I cleaned everything and reapplied the thermal paste. I did not see any change in the thermals. It never goes over 55°C even under full load.
• I reset the motherboard by removing that jumper thing.
• I ran memtest86, which took over 2½ hours. It did not show any errors.
• I ran a CPU stress test for over 15 hours, and nothing crashed.
• I also ran the Dell's diagnostic tool, available in the boot menu of the motherboard. The whole test took over 2 hours but did not show any errors. It tested the memory, CPU, fans, storage drives, etc.

This repo is also mirrored to Codeberg.

I made an easy to use ToDo app, just to learn a bit about programming and Flutter. It does not really provide any benefits over other ToDo apps, but I am glad that I was able to make this.

You can download the APK for Android, rpm for RHEL/Fedora or just use the AppImage.

I am willing to work more on this, you can read the roadmap in the link provided.

Any guidance, criticisms, or comments will be greatly appreciated.

🐈

Even after enabling JS, all I saw waa a white/blank page. They probably want me to enable cookies and/or DOM storage.

Someone DM me, I have no friends. 👉👈

Car going off-road, accidentally, labelled as “Your sadness”.

Cat near the tyre, pushing the car on road, labelled as “Me doing my best to make you smile, one meme at a time”.

Websites like ipv6-test.com and test-ipv6.com say that my browser is using IPv4 by default.

This happens on Firefox and LibreWolf. I have tried creating a new profile without add-ons as well. Ungoogled Chromium uses IPv6 by default. If I go to ifconfig.io using Firefox, IPv4 is displayed. But if I use Ungoogled Chromium, IPv6 is displayed.

Is there a way to force IPv6?

I am not bothered by this, but using tools like ping6 and traceroute6 assures me that IPv6 routing is faster for, at least, one of my ISPs.

What are your favourite, or least favourite but necessary, cost-cutting methods?

I feel I am spending too many resources on unnecessary stuff.

Edit: I feel the need to reduce both – the resources, to host multiple things on one system, and cost, to buy/pay for multiple systems. Currently, I have 2 ARM VPSes and 1 old MacBook Air as a home server.

Currently, I am using Montserrat. Even though it is licensed under Open License Font, I do not feel comfortable using it anymore, probably because it is used in over 17 million websites and is considered overused.

Another reason is that I have to load multiple font weights, as bold tags do not work as intended. A single weight is over 20kb in size (after removing unused glyphs). I want to keep my site lightweight, and good looking.

Also, after looking at motherfuckingwebsite.com and perfectmotherfuckingwebsite.com, I feel sad about loading any external fonts.

I want a sans font, and I am also using -webkit-text-stroke with transparent fill to give some text outline effect.

What are your suggestions, fellow lemmings? What is your favourite font? Should I just stick with Liberation Sans?

Until yesterday, I didn’t even know you could use the docker images and the same docker-compose configs with Podman.

The UI you are looking at is Cockpit, which can be installed on almost any Linux Server. I have used it before but I am amazed by its integration with Podman.

Seriously, consider trying this, once.

Here's another screenshot of Cockpit:

TL;DR - option forwardfor and http-request set-header X-Real-IP %[src] are not working.

My setup is slightly complicated. I have a homeserver, with HAProxy installed and some docker containers. My homeserver is, then, connected to a VPS via WireGuard which also has HAProxy installed. HAProxy on homeserver forwards the docker containers with an SSL certificate to the VPS. The VPS, then, just does TLS pass through to the clients.

The issue is, if I do not use option forwardfor in either of the 2 HAProxy configurations, I get the internal IP address of the docker container (172.XX.XX.1). If I add option forwardfor on the homeserver's HAProxy config, I get the internal IP of the WireGuard of the home server (10.0.0.2). And if I add option forwardfor to the HAProxy config of the VPS as well, I get the internal IP of the WireGuard tunnel (10.0.0.1). And as far as I know, http-request set-header X-Real-IP %[src] has no impact. I have also tried using send-proxy and send-proxy-v2, but then the whole setup stops working.

HAProxy config on home server:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20>
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

listen rp
        bind *:443 ssl crt /path/to/cert.pem

        acl service1 hdr_sub(host) -i service1.domain.me
        acl service2 hdr_sub(host) -i service2.domain.me

        use_backend service1_backend if service1
        use_backend service2_backend if service2

backend service1_backend
        server service1_server 127.0.0.1:8080

backend service2_backend
#       option forwardfor
#       http-request set-header X-Real-IP %[src]
        server service2_server 127.0.0.1:9090

HAProxy config on VPS:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        tune.ssl.default-dh-param       4096

defaults
        log     global
        mode    tcp
#       option  forwardfor
        timeout connect 5000
        timeout client  50000
        timeout server  50000

listen http
        bind *:80
        mode tcp
        server default 10.0.0.2:80
listen https
        bind *:443 alpn h2,http/1.1
        mode tcp
#       option forwardfor header X-Real-IP
#       http-request set-header X-Real-IP %[src]
        server main 10.0.0.2:443

I have to resort to this because I am behind CGNAT, and want TLS pass through on the VPS for privacy.

What am I doing wrong?