It’s listed as a privacy option on my pixel. It may be different for others but you could try searching the settings for “vpn” or “privacy.”

All SSDs will die too. Not saying you meant or implied that they wouldn’t, just clarifying for anyone who may not be aware. You’re spot on with “plan for failure”.

Dunnon about iOS but some Android phones have a “network protection” config which uses a Google VPN, so it tends to block viewing the local network.

I’ve been waiting for “Create common.json” and “refactor collection store”!

You’ll be hard pressed to match Zoom. Audio and video quality are very good. There’s even a mode for musicians, so it won’t try to filter the instrument out as ‘noise’.

I took lessons over zoom for years, and it works fine. Is not a recording session, you don’t need to play together.

If you think about what the “S” in “NAS” is you’ll realize why they prioritize storage…

You want a general purpose server.

Only? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.

No worse than protecting your ssh key. Just keep it somewhere safe.

Docker doesn’t make a difference. Containers run natively and with no emulation.

No - you’re not installing an app from the App Store. You’re running services now. There needs to be some minimum assumed knowledge about what that entails. And if you don’t have that knowledge you should expect to seek it out separately.

And if you’re too lazy or think “gee that’s difficult” then guess what? Self-hosting’s not for you. No shame - go pay for a service instead.

It’s not their job to teach you how to use docker.

His router is tri-band though meaning it has 2 5ghz transceivers. With an extender usually you use one of them as a backplane for ap->ap communication so it doesn’t interfere with your performance.

Nginx scales better than Apache does for static content and proxying, so it started to take over market share.

A home gamer handling a handful of users is unlikely to ever notice a difference.

But the configuration for nginx is simpler nout of the box for most things which is probably the real reason people use it at home.

Kubernetes is super easy with k3s and easier to maintain than Docker

I don’t think I’ve ever heard anyone say this… Kubernetes is a massive pain in the ass to learn, maintain and troubleshoot. If you find it easy that’s great, but it’s not for everyone.

Sorry - was ambiguous and thought you were saying the “cron” thing sounded best.

It’s fairly obvious I feel.

You’re saying rather than use a system tool that does the exact thing that you want you should bodge together a cron job that accomplishes your goal but doesn’t actually do what you want.

Like say you want to stop the docker service for some reason? systemctl stop docker will do that. Then your cron job will restart it. That’s not the desired outcome. You want the service running IF the service SHOULD be running. Which is a different thing than “always running”. And its’ exactly what you get for free with systemd without any silly custom BS.

Seems like the best solution.

Over using a system tool designed to monitor and restart services that stop?

I don’t know the best way

Apparently…

Don’t do this. Either don’t go OOM to begin with (somebody else told you how to limit container memory usage} and/or configure systemd to restart docker if it quits. I’m surprised systemd isn’t already.

VRAM. Not system RAM. LLMs run best entirely on the GPU.

I was just about to reply that I liked supporting the developer of the original code and that it wasn’t too expensive (I bought a “lifetime premium” for something like $30 USD I think) . But it seems the licensing has gotten ridiculous since then and is now a subscription. :-(

Subsonic is perfect for this. Interface is a bit… dated, but the functionality is there.

If you want to use the PI as a router you’ll probably end up with a double NAT situation which isn’t ideal

Just don’t do NAT on the Pi then…

Depends on how you like to roll. If you enjoy waking up to a service not working then go for it.

But it very much depends on what containers you’re using and what tags you’re pulling.

Fella, you have a huge knowledge deficit for what you’re trying to do here…

Docker does make running services easier and isn’t overkill for what you’re doing. But it’s not necessary and it’s fine if you don’t want to use it.

Debian is fine as well.

You need to get some experience before you continue self-hosting. Start firing up some vms or something. If that seems like “too much work” then perhaps this hobby isn’t for you. Running servers isn’t like grabbing an app from the app store. You’re going to need to invest some time here.

‘apt purge’ does a fine job of cleaning up.

Docker has other advantages though.

Millions of database have run on hdds for decades just fine. They didn’t know what they’re talking about.

Nothing to do with it being an hdd.

No point talking to you then.

… You’re joking right?

I’m positive that F5’s marketing department knows more than me about security and has not ulterior motive in making you think you’re more secure.

Snark aside, they may do some sort of WAF in addition to being a proxy. Just “adding a proxy” does very little.

They may offer some sort of WAF (web application firewall) that inspects traffic for potentially malicious intent. Things like SQL injection. That’s more than just a proxy though.

Otherwise, they really don’t.

HDDs don’t do well when rotated

The original iPod had an HDD in it. You can rotate HDDs. Sharp impacts may be risky though, especially for a non-laptop drive.

Put your reverse proxy in a DMZ, so that only it is directly facing the intergoogles

So what? I can still access your application through the rproxy. You’re not protecting the application by doing that.

Install a single wildcard cert and easily cover any subdomains you set up

This is a way to do it but not a necessary way to do it. The rproxy has not improved security here. It’s just convenient to have a single SSL endpoint.

There’s even nginx configuration files out there that will block URL’s based on regex pattern matches for suspicious strings. All of this (probably a lot more I’m missing) adds some level of layered security.

If you do that, sure. But that’s not the advice given in this forum is it? It’s “install an rproxy!” as though that alone has done anything useful.

For the most part people in this form seem to think that “direct access to my server” is unsafe but if you simply put a second hop in the chain that now you can sleep easily at night. And bonus points if that rproxy is a VPS or in a separate subnet!

The web browser doesn’t care if the application is behind one, two or three rproxies. If I can still get to your application and guess your password or exploit a known vulnerability in your application then it’s game over.

My reverse proxy setup allows me to map hostnames to those services and expose only 80/443 to the web,

The mapping is helpful but not a security benefit. The latter can be done with a firewall.

Paraphrasing - there is a bunch of stuff you can also do with a reverse proxy

Yes. But that’s no longer just a reverse proxy. The reverse proxy isn’t itself a security tool.

I see a lot of vacuous security advice in this forum. “Install a firewall”, “install a reverse proxy”, etc. This is mostly useless advice. Yes, do those things but they do not add any protection to the service you are exposing.

A firewall only protects you from exposing services you didn’t want to expose (e.g. NFS or some other service running on the same system), and the rproxy just allows for host based routing. In both cases your service is still exposed to the internet. Directly or indirectly makes no significant difference.

What we should be advising people to do is “use a valid ssl certificate, ensure you don’t use any application default passwords, use very good passwords where you do use them, and keep your services and servers up-to-date”.

A firewall allowing port 443 in and an rproxy happily forwarding traffic to a vulnerable server is of no help.

Reverse proxies don’t add security.

I like Subsonic. The interface is a bit dated but it supports multiple users and has excellent android apps.

IP was invented in the '70s. Sometimes older protocols that work are just fine.

I picked up a second hand monitor from a goodwill shop for like $7USD. It would be worth having a display of some sort for troubleshooting.

Thanks! Updated.