I like it, it was released a couple of days ago so something might require a bit more polishing but overall it looks better to me.

I have heard of several cloud screw-ups as well, leading to charges of several thousands.

On one side this can happen if you experiment something outside of the free machine(s), on the other side you have all the reporting and notification tools to avoid surprises.

Nonetheless, I still see your point, reason why I prefer to use an almost dry revolut prepaid for all the cloud accounts instead of my main credit card.

As you wish, indeed the only free offer without credit cards is the one of azure for students. In any case you are not anonymous.

Considering the small audience and purpose, I would not have any problem using the always free offerings of either Oracle or Google (the latter especially if located in the US).

I don’t know, wouldn’t the Hypervisor be able to track resources usage by itself without anything else?

Thanks for the suggestion, but my 24 GB are well employed already. I wanted at least to outsource the VPN manager to a smaller VPS.

The one managing my VPS, controlled solely by Oracle corporation

I forgot to mention, I had plenty of swap available, now I disabled swap to force zram usage. I still need to see what happens running with both, it’s hard when each trial takes 12-24 hours to show its result.

I am experimenting with ZRAM, it is indeed better than ZSWAP, that’s why i am asking if any other kernel features can help.

This service consist of several docker containers, without docker I would not even know where to start for deploying it. Maintainance as well would be a mess, totally not an option

Yes, this is a possible fallback plan.

Yes, this is a possibility. the ARM VPS is already running something else, but if I manage to run netbird behind a reverse proxy I can also move it there. BTW there are also 1 GB free VPS on azure (for students) and Google Cloud, but you guessed right.

Hi, to check attacks you should look at the logs. In this case auth.log. Being attacked on port 22 is not surprising neither really troublesome if you connect via key pair.

My graph was showing egress traffic, on any kind of server the traffic due to these attacks would have been invisible but on a backup server which has (hopefully) only ingress you can clearly see the volume of connections from attackers from bytes teansmitted

ssh -p 12345 would leave your boxes accessible from anywhere too. Other blocks of IPs receive 10 times or more requests, as scanners can focus on blocks of ips from major providers.

I disagree, you’ll have your backups, so even if everything breaks you will have a failsafe. If you get compromised it’s still not an issue: Everything server side is encrypted, the safety is in the clients and your master password length.

So, I see no particular differences with other services. Considering I hear of some issues with bitwarden servers that are constantly under attack, selfhosting could even increase the availability.

Next time

Sorry, it’s the built-in console of Google Cloud. But there are so many monitoring solution around that you can probably find one of your liking. Look on awesome-selfhosted for “monitoring”

In all the cases for me is sufficient to backup the folder which host the volume for persistent data of each container. I typically do not care to stop and reload containers but nothing prevents you to do so in the backup script. Indeed if a database is concerned the best way is to create a dump and backup that one file. Considering tools, Borg and restic are both great. I am moving progressively from Borg to restic+rclone to exploit free cloud services.

So it seems. Do you think this was from the detected user activity? A colleague reported it was using it and it stopped working from one second to the next. Maybe some of his traffic looked suspicious? I am opening a ticket in any case today.

Now it’s pretty clear, I am mistaken for a malicious site (probably because many different computers in the lab started to exchange data with this obscure freedns subdomain) by this software from Palo Alto Networks https://www.gavstech.com/palo-alto-firewall-dns-sinkhole/ which rewrites the DNS response