The Zen Cow Says Mu

the wildcard certificates make a huge difference. I had my services all on servicename.mydomain.com each with an individual certificate, and those certificate registration scrapers make them public and they got hit a lot (but blocked by crowdsec). since moving all my services to servicename.app.mydomain.com with a wildcard dns record and cert for *.app.mydomain.com, they’re completely not-public and my crowdsec logs have gone silent.

would running everything thru my tailscale be better? yup, but there’s a lot of situations that I want to access home that I can’t use with a vpn, where I can’t install my own software.

laptop & desktop: both fedora silverblue

home server: fedora server