ssh -p 12345 would leave your boxes accessible from anywhere too. Other blocks of IPs receive 10 times or more requests, as scanners can focus on blocks of ips from major providers.

Considering the small audience and purpose, I would not have any problem using the always free offerings of either Oracle or Google (the latter especially if located in the US).

I don't know, wouldn't the Hypervisor be able to track resources usage by itself without anything else?

I see your point, but now I do not think it is FreeDNS fault. DNSChecker.org shows my domain name properly resolved worldwide, and so it has been for months. I also created a second subdomain just now, exactly as the non-working one, and was properly resolved within seconds at my work pc. So I do not blame FreeDNS, I think it is our internal DNS server that is messed up or even hijacked.

If postmarket os works on that device maybe you can go full Linux (alpine), there will be no systemd which might be a problem and I am not even sure about docker compatibility. You can look it up though.

The server is clearly overloaded, as soon as I start using some 10% of CPU frequently for some minutes (due to swap operations), the Hypervisor starts to throttle my instance and this of course makes the thing worse with an avalanche effect. When this happens steal time displayed from top can go literally as high as 90%.

Yes, this is a possibility. the ARM VPS is already running something else, but if I manage to run netbird behind a reverse proxy I can also move it there. BTW there are also 1 GB free VPS on azure (for students) and Google Cloud, but you guessed right.

I forgot to mention, I had plenty of swap available, now I disabled swap to force zram usage. I still need to see what happens running with both, it's hard when each trial takes 12-24 hours to show its result.

I disagree, you'll have your backups, so even if everything breaks you will have a failsafe. If you get compromised it's still not an issue: Everything server side is encrypted, the safety is in the clients and your master password length.

So, I see no particular differences with other services. Considering I hear of some issues with bitwarden servers that are constantly under attack, selfhosting could even increase the availability.

Hi, to check attacks you should look at the logs. In this case auth.log. Being attacked on port 22 is not surprising neither really troublesome if you connect via key pair.

My graph was showing egress traffic, on any kind of server the traffic due to these attacks would have been invisible but on a backup server which has (hopefully) only ingress you can clearly see the volume of connections from attackers from bytes teansmitted

Running without docker is out of question, is a bundle of 6 docker containers. Deployment and management without it would be too complicated. Luckily somebody in another reply made me realize that the RAM eating container (cockroach DB) is far less essential than I thought and I can look for a replacement.

The one managing my VPS, controlled solely by Oracle corporation

Sorry, it's the built-in console of Google Cloud. But there are so many monitoring solution around that you can probably find one of your liking. Look on awesome-selfhosted for "monitoring"

Next time

Here the answer

I’ve got a hacked pyqt5 script that does this, I doubt it’s what you want. Adding mysql support and eventually want to be able to have something like limited math functions so you can add all the values in a tree for stuff like total cost.

If you find something better I’d be real interested, I really want web and preferably app support.

I have heard of several cloud screw-ups as well, leading to charges of several thousands.

On one side this can happen if you experiment something outside of the free machine(s), on the other side you have all the reporting and notification tools to avoid surprises.

Nonetheless, I still see your point, reason why I prefer to use an almost dry revolut prepaid for all the cloud accounts instead of my main credit card.

Thanks for the detailed answer, a lot of suggestions are great but unfortunately a bit unpractical. Changing etc/hosts is at the moment the only think working and if the issue is not fixed soon I will suggest to the users that are willing to do so. I would not go as far as asking people to install VPNs and I am pretty sure that buildin a rogue wifi/LAN network will be against any corporate policy and I will be fired :D

The IP is static, and is resolved properly everywhere outside my university network

I believe it's a shared VCPU intentionally, I will recheck the terms and conditions, but I think I am not in the position to claim much.

Thanks for sharing your experience, indeed the distribution is relevant here. I am running Arch (BTW) on this VPS which idles at about 300 MB with dockerd and containerd, I am not sure how does exactly compare to Debian on RAM usage (I have a couple of other VPS running debian which seem to use a little bit more RAM but it could be because those images are bastardized by the addition of cloud provider services). In any case my setup is pretty minimal, to get some large benefit there I fear I should use something without systemd :/

Nice, I am routed to sinkhole.paloaltonetworks.com I am a malicious domain apparently.

Yes, this is a possible fallback plan.

Thanks, this is a really good point, I can try to replace the identity provider! I did not realized that cockroachDB was only a Zitadel requirement! There are many great alternatives for mesh VPNs, netmaker, nebula, and headscale as you mentioned and all of them are much lighter. I ended up hosting netbird as it is natively able to traverse my corporate NAT (maybe headscale could do it as well, I did not try it since I do not like having to configure registry keys on windows clients and losing the kernel wireguard speed on linux clients) .

Yes exactly, burstable instances it's common jargon for AWS and GCP, but applies to all major providers.

Thanks for the suggestion, but my 24 GB are well employed already. I wanted at least to outsource the VPN manager to a smaller VPS.

Thanks again, I will look into your suggestions, never heard of neither Talos, RKE or Burmila. Indeed I should also look if I can do in the containers. The problem is only this database "CockroachDB" which is extremely memory hungry, maybe I can change something there.

I already had contacts with our IT. I originally asked if they could host this service for us as it seemed the normal thing to do. They do not support anything custom (i.e. anything which is not a wordpress site) and just to give me a fourth level subdomain they wanted signatures from half the administration above me. That's why I'm rogue with selfhosting also work stuff. But I think I can still complain just because their DNS gives back random IPs. This could even be hijacking, no?

Well, the main point is I would need to manually change this for tens of pcs and its not my job, moreover other people should to the same on theirs. Nevertheless, I just tried 8.8.8.8 on a couple of PCs and I have the same issue! It appears that my DNS setting is irrelevant as it is overwritten down the chain, the only way I can reach the site is put the line in etc/hosts. Could it be?

I like it, it was released a couple of days ago so something might require a bit more polishing but overall it looks better to me.

Sorry for the double post that appeared for a while, lemmy was slow/malfunctioning, I deleted the other post and unfortunately by doing so also the answer of @InverseParallax@lemmy.world sorry.

I never looked into LDAP, I will do so now, thanks. Hopefully there could be something out there starting from the right keywords

I do use it, but it is a desktop app. I was looking for something that could be used in a browser, I am so in need for that that I actually deployed treeline on alpine as a Kasm workspace for remote operation. Setting up a virtual desktop just for this seems a real overkill, besides that, I was hoping that a hosted solution could allow an easier collaboration between multiple users.

Quite not the same, the definition of what I am looking for seems either "Personal Information Manager" or "Outliner". Still a niche market it seems

I see, it gets complicated enough for me, I cannot imagine for some of the other users I would like to target... I will probably look into it as a last resort. Thanks

I tried to set it to 8.8.8.8 but I have still the same result. Can it be overridden at the router level? So far the only solution is to manually add the damn line to etc/hosts.

Interesting, thanks. I think this is what it is happening. Feels like I can put whatever DNS server and still end up with an internal one.

I think this is exactly the case, they have some issues with the DNS server and, as some other comments indicate it is possible, they reset my settings for DNS servers at router level. So nor cloudflare or others can help, only the line in etc/hosts works

What does it mean?

nslookup my.domain.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    my.domain.com
Addresses:  ::1
          xx.x.xx.xxx (wrong IPV4 address from the other side of the world)

If I use 8.8.8.8 at home addresses is first of all "address" and is correct.

Now it's pretty clear, I am mistaken for a malicious site (probably because many different computers in the lab started to exchange data with this obscure freedns subdomain) by this software from Palo Alto Networks https://www.gavstech.com/palo-alto-firewall-dns-sinkhole/ which rewrites the DNS response

So it seems. Do you think this was from the detected user activity? A colleague reported it was using it and it stopped working from one second to the next. Maybe some of his traffic looked suspicious? I am opening a ticket in any case today.