#TIL Shell Output in `| ts` pipen um Timestamps für die Ausgabe zu bekommen.
(moreutils nötig)
#SysAdminLife
had to log into GoDaddy for work to get copies of invoices and now I must clear my browsing cache because ewwww that was gross #sysadminlife #yuck
Wenn man sich selbst die Firewall so hart falsch einstellt, dass DNS Anfragen nicht durchgehen, ne.
Einfach nicht wundern, dass nix geht. 🤷♂️
It's a casually fiddling with sql in prod day. #SysAdminLife
Today I want to thank the teams and communities behind
- #Forgejo [1]
- #Garage [2]
- #Kopia [3]
for delivering (major) updates of their software (which if course is Open Source) that consistently JustWork™ in my experience, making the update process simple, reliable and, yes, fun! I know how hard that is and I tip my hat to all of you and many other projects that do the same.
[1] https://forgejo.org
[2] https://garagehq.deuxfleurs.fr
[3] https://kopia.io
Garage (Open Source, AGPL licensed S3 compatible Object Storage) has just released V2.2.0. The upgrade went without a hitch. My single node instance and the three node cluster are now happily running it. What I do notice however is that 2.2.0 comes as a 42MB binary, whereas 2.1.0 was "just" 26MB. That's quite a hefty growth in size.
#Note2Self: Always. Update. The. Version. Number. In. Bind. Zone. Files. After. Any. Change.
(written after removing dozens of tmp-* files in /var/named that suddenly showed up, together with weird permission denied entries in the log files ;)
Using this to host static websites is more or less a "nice to have" for me. The more important thing is that I can now freely create S3 buckets that are always reachable as `https://<bucketName>.s3.homelab.jhw` over the standard port 443, which is called "Virtual-hosted–style requests" in S3 lingo [1]. So all S3 traffic in my home network is encrypted and it JustWorks™ the way many applications expect it to work :)
2/2
Continuing my exploration of using garage S3 storage in my homelab [1], I managed to do a lot of things today. I can now use the certbot dns01 challenge on my own step-ca based Certificate Authority to generate wildcard certificates for my homelab and I reconfigured nginx to reverse proxy web pages, straight from S3 buckets as https://<BucketName>.web.homelab.jhw. Yay! This will be explained in Part 3.
1/2
[1] https://jan.wildeboer.net/2026/01/1-Local-S3-With-Garage/
Orbene, ho aggiornato Mastodon a Glitch Soc 4.6, ho modificato Authentik per fornire lo username al posto dello UUID a Mastodon, manipolato il database postgres per riagganciare le identità e ricostruito le timeline. Direi che posso anche dormire -.- #sysadminlife
New blog post: Garage part 2: adding nginx as reverse proxy to my private S3 Storage
https://jan.wildeboer.net/2026/01/2-S3-Garage-Behind-Nginx/
Replies to this post will show up as comments under the blog post.
Instead of `listen [::]:443 http2 ssl;` you now need:
`listen [::]:443 ssl;
http2 on;`
in your nginx conf files. But only if you *really* need http2 for that route. I don't and have simply removed all mentions of http2 in my nginx config files. And everything JustWorks™. You're welcome :)
The amount of manuals/howto that seemingly haven't been updated in years and give you the wrong config for #nginx reverse proxy setups. Le sigh. No, you don't add `http2` to a `listen`directive. It is deprecated and causes a warning when trying to start nginx.
"nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/s3.conf:16"
I have written down a raw version of how I did this at https://codeberg.org/jwildeboer/gists/src/branch/main/2026/2026-01-12-Nginx-Garage-Reverse-Proxy.md
After some simple tests, this setup is still fast enough to saturate my network connection to the storage server, so all is good :)
When all parts come together ;) I now have S3 compatible storage with #garage in my homelab, using #nginx as reverse proxy and secured with a certificate from my own #StepCA based CA (Certificate Authority) that gets auto-renewed by #certbot. And this all works without any internet connection, as I also have a DNS server for my home network with the correct CNAME entry for s3.
well... time for an alias
#Linux, #Debian, #RaspberryPi #sysadminlife #FOSS #fosstodon
Updated all my machines with a `dnf update` followed by a reboot, upgraded my 3 #Forgejo runners to V12.5.0, moved them to `/usr/local/bin` for more simplicity, updated my forgejo container to the new V13.0.4. All remotely from my parents, because I can switch the machines in my homelab on and off. reported a bunch of Trezor phishing mails to Sendgrid. Everything OK and running as desired, weekend can come.
Made some bigger edits to my gist on how to run your own (single node) S3 object storage in your homelab using garage [1] and will now start writing an even more complete blog post. But first I need to try the reverse-proxy via nginx thing :)
https://codeberg.org/jwildeboer/gists/src/branch/main/2025/20251226-GarageSetup.md
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst