It’s set up on the same box as my caddy install. I believe it’s getting passed the real IP because that’s what gets banned, and what I type in to unban it.

It just sees normal operations as http probing. Like if some other service goes down, my GetHomepage will then 404 and that’s seen as probing. It bans surprisingly quick. Even after just one or two events (normal for someone just visiting the homepage) it’ll just kick em right out

I’ve been having to inspect every alert and hand write whitelist parsers to whitelist 404s or whatever it may be for that app. Slowly accumulating a workable collection… but seems like I’m missing something as no one else seems to complain about this in threads like these

Another example is my brother got banned for normal audiobookshelf usage. He just thought the server was buggy. It was just blocking him without us really noticing or thinking much of it at the time. Not great

I’ve been using crowdsec … but I’ve yet to see anyone banned but myself so far. Is everyone else having to write tons of whitelist parsers? I could whitelist my IP but I feel like that’s sidestepping the issue and doesn’t address friends/family also getting banned, coffeeshops, etc.

Feels like I’m missing something as so far it’s been quite a pain to configure

It has a git repository option that I use. So every compose file I add to define a service goes into the repo as a commit.

I’ve only tried Komodo, but I like that it’s open source and not trying to squeeze money for extra features

Yeah, it’s an alt to portainer

Check out Komodo for doing docker UI work. Pretty new, but already awesome and making lots of progress

Ah! I’ll blame it on being filling into sleep checking on my phone. Coulda swore GitHub didn’t load any comments, but I see it now!

Been trying to get involved as I’ve been wanting to work on a recommendation engine for music for a while.

~~I made a discussion pitching ideas, since that was the listed recommendation for getting involved… which just got closed with no comment https://github.com/MediaWolfOrg/MediaWolf/discussions/17~~

joined the discord and there seems to be zero channels or chatter besides the welcome feed

Where is the active discussion happening for this project? I must be missing something

I’ve been using silverbullet! Been good to me, aside from the sync feature being a bit unreliable. I’ve had a few occasions where it reverted text I was actively typing, and/or didnt save my edits as I closed the window. Hoping they fix that soon as otherwise the app has been great

Definitely a cool project! Can crack it open to get some API insights. The goals don’t quite line up for me, as I eventually want to actually get the tracks into my Plex setup. Additionally, I’m after a more “assisted curation” where I actively consider new artists and thumbs 👍👎 to let them through, rather than trying to make a radio type feature that passively plays new stuff.

It’s on my “short” Todo list to write an app that looks at your current library (Plex, for me) and finds related artists through other apis (like Spotify) and exposes a UI to show what things to check out. Maybe some tracking of what you’ve accepted as interesting and still missing so you can grab off Bandcamp or wherever else you get your music. But at least it would help track/expose WHAT bands to seek out

Thanks for the insight! Does running this in a docker container help limit the damage at all? Seems like they’d only be able to access the few folders I have the container access to?

Gotcha. Thanks for the insight!

It’s annoying, as I’d like to expose things for other people in my family (like Overseerr or whatever) without hassling them to also start a VPN or other stumbling block steps.

I was hoping that reverse proxy to overseerrs login screen would be safe enough. 8(

Does docker help limit things at all? I’m running my services through docker, which seems to limit the folders the container can hit. Feels like that would limit the damage someone could do even if they bypassed the login page of Overseerr or whatever app it is?

Edit: thanks for all the replies! Always more to learn and do, haha

Just out of curiosity, is the tail scale part of this required? If i just reverse proxy things and have them only protected from there by the login screen of the app being shown, that’s obviously less safe. But the attackers would still need to brute force my passwords to get any access? If they did, then they could do nasty things within the app, but limited to that app. Are there other vulnerabilities I’m not thinking about?