mik

joined 2 years ago
[–] mik 2 points 1 month ago

It probably would be easier to just write an "update Caddy" script. They don't release updates very often, except for security fixes, so it's not much effort to do manually. I automated mine with Forgejo Actions, you could do the same with GitHub actions as a free option for example. Lots of neat ways to accomplish this!

[–] mik 2 points 1 month ago (4 children)

Xcaddy is a build tool. Caddy plugins are built into Caddy itself for optimization purposes, so xcaddy essentially makes you a custom version of Caddy. It only conflicts with Caddy so much as building a new version would conflict with the old version. You still get a normal "Caddy" executable after running xcaddy, just replace your existing Caddy with the new one created by xcaddy!

[–] mik 2 points 7 months ago

Unfortunately, newbies often aren't taught how to properly handle permission and capability issues, so the sledgehammer solution is running it as root. Just like chmod 777 is the sledge for file permissions problems...

[–] mik 5 points 7 months ago

It may be mostly "security theater" but it requires almost no extra effort and drastically increases the difficulty of compromise by adding privilege escalation as another requirement to gaining root access.

[–] mik 11 points 7 months ago* (last edited 7 months ago) (18 children)

It helps protect you because if the application in question is compromised in any way (or has a flaw, i.e. an accidental rm -rf /*), the only access it has is limited to the user it is run as. If it is run as root, it has full administrative privilege.

[–] mik 2 points 8 months ago

I run the setup you're aiming for, and as the other guy said, DNS challenge is the way to go. That's what I do, and it works beautifully. It even works with Caddy auto-https, you just need to build Caddy with the cloudflare-dns plugin.

[–] mik 3 points 2 years ago

I personally like ligatures when I'm programming. It took me some getting used to, but now I can't live without them due to how distinct it makes the code segments. I fully understand disliking them though. Thankfully fonts like source code pro allow disabling features like ligatures and their godawful handwriting styled italics, so you're able to use just the parts you like.

[–] mik 1 points 2 years ago

It's probably because the only "peaceful" resolution involves the eradication of the Ukranian population.

I'd wager the fight is less about defeating Russia and more about holding out until they defeat themselves from within. As long as it's not an external aggressor that "triggers" the defeat, they are unlikely to use nuclear weaponry.