You can’t always use the dev tools. Sometimes the sites have JavaScript that detects when you open the dev tools and then lock stuff up more.

Harden your server first

Do you have any tutorials or guides on this handy?

Use your router/server to block some counties using geoip

Yeah, definitely all my users are in the same town/region/country as me. So this could be doable.

Configure rate limits in Nginx

Hm, currently using Caddy as my reverse proxy. I guess there’s some module for this.

only open ports in your firewall you really want to open

The only port I need open is 443 for accessing Jellyfin and Immich. I can definitely block 22 from the public internet. And fuck it no automatic redirects from 80 to 443. TLS or bust.

GAAH! OK! I’M NOT CRAZY!

The exact same thing is happening to my wife’s phone. We’re both on Pixel 8s, have the same VPN settings, but for some magic reason Tailscale breaks only her phone. She has to turn off Tailscale and reboot her phone to regain connectivity.

These shenanigans is why I’m considering just exposing things to the public internet. I’m using Tailscale on several device types and Tailscale adds friction to all of my devices (except Arch where everything always works).

I understand the friction is there for a good reason, but my family doesn’t. They just see that Jellyfin doesn’t work and that all of this is buggy and maybe they just should sign up for Netflix instead of dealing with all of these bugs.

“roaming” device is always connected to their “home” network by VPN

Ah, right. Well, currently I do have my wife’s and my phone on the Tailscale VPN. The issue I’m trying to solve is that the VPN app on Android (and other environments) isn’t 100% bug-free. For some unknown reason, my wife frequently has issues with Tailscale. It’ll break her entire networking on her phone. The only way to fix it is by rebooting her phone. I have no idea why because we have the same phone and the same settings and it works fine on my phone. I’ve tried turning off Tailscale, logging out, and back in, and the network won’t recover. Sometimes the Tailscale app won’t even trigger the SSO page to sign in. So it just stays permanently logged off.

The Nvidia Shield also has similar issues where I have to fuss around with the VPN.

So at this point, I feel like I’m done debugging VPN apps and maybe it would be easier for users if I expose stuff to the public internet. Obviously, it makes management for me harder, but that’s ok if everything Just Works for everyone without extra steps or without having to reboot your phone every week.

site-to-site VPN configurations between routers at each location … the router itself handle routing of specific traffic over the VPN connection, instead of needing each device to connect to the VPN individually.

Interesting. This could help with my home network and my parent’s, but I also need to handle cases where I don’t control the network. I have clients that are phones. My family would expect that the services keep working even if they’re in a different city on cellular or at a friend’s house.

What kinds of things are you planning to expose?

Primarily Jellyfin and Immich.

What I expose I hide behind a reverse proxy with IP whitelists.

Do all your clients have fixed IPs? I have some clients that are phones or laptops, but I would imagine those change as people drive around to different cities or connect to different coffee shop WiFi.

I am kinda interested in WireGuard, but how does it work with multiple non-PC devices on different networks? Tailscale runs seamlessly on my Arch laptop, but Android, TVs, and streaming sticks have hiccups from time to time.

I have services that I want to share with my non-techie family. If a service stops working, they suck at debugging and fixing the issue on their own.

Awesome! There’s a tooon of stuff to learn, but Vim is eternal, so it’ll be a good investment.

Big problem: I’ve spent too much time trying to install Seafile in my environment.

Prevent it from getting worse: Maybe just use Filebrowser?

Difftastic is fantastic!

the tradition is

LOL! Booking a meeting now! Tradition is tradition!

^^^^ get to posting, OP! These comms aren’t gonna fill themselves!

ALBANIA!

OK, now I’m updating.

LogSeq and RDE, but I gotta add more. Thanks for reminding me.

energy-efficient mainboard

How did you go about selecting one of these?

Nice! Just what I was looking for! My old server would idle at 60W (with 4 HDD). My new server seems to be idling at around 45W. I haven’t looked into any tweaks I could make yet. This will be a good starting point.

*where “idle” means it’s running a bunch of Docker containers, but they’re not being actively used.

Looks cool. Good job!

I know the MIT license tends to be the default… buuuuutttt… there are other licenses too like AGPLv3 or others.

I just bought some recertified Western Digital drives on eBay. First time.

3 out of 4 of the drives weren’t detected by the OS… I’m in the middle of RMA right now. They received my broken drives last week, but I haven’t heard anything back yet…

DO NOT UPGRADE TO FORGEJO v13.0.0.