Privacy/security: Cloudflare terminates HTTPS, which means they decrypt your data on their side (e.g. browser to cloudflare section) then re-encrypt for the second part (cloudflare to server). They can therefore read your traffic, including passwords. Depending on your threat model, this might be a concern or it might not. A counterpoint is that Cloudflare helps protect your service from bad actors, so it could be seen to increase security.
Cloudflare is centralised. The sidebar of this community states “A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.”, and Cloudflare is for sure a service you don’t control, and arguably you’re locked into it if you can’t access your stuff without it. Some people think Coudflare goes against the ethos of self-hosting.
With that said, you’ll find several large lemmy instances (and many small ones) use cloudflare. While you’ll easily find people against its use, you’ll find many more people in the self-hosted community using it because it’s (typically) free and it works. If you want to use it, and you’re ok with the above, then go ahead.
In addition to the above, most of the percieved advantages of CF are non-existent on the free tier that most people use. Their “DDoS protection” just means they’ll drop your tunnel like a hot potato, and their “attack mitigation” on the free tier is a low-effort web app firewall (WAF) that you can replace with a much better and fully customizable self-hosted version.
They explicitly use free DDoS protection as a way to get you in the door, and upsell you on other things. Have you seen them “drop your tunnel like a hot potato”?
Now obviously if their network is at capacity they would prioritise paying customers, but I’ve never heard of there being an issue with DDoS protection for free users. But I have heard stories of sites enabling Cloudflare while being DDoSed and it resolving the problem.
Any stories you’ve heard about websites enabling CF to survive DDoS were not on the free tier, guaranteed.
Please re-read the description for the free tier. Here’s what “DDoS protection” means on free tier:
Customers are not charged for attack traffic ever, period. There’s no penalty for spikes due to attack traffic, requiring no chargeback by the customer.
Will they use some of their capacity to minimize the DDoS effects for their infrastructure? Sure, I mean they have to whether they like or not, since the DNS points at their servers. But will they keep the website going for Joe Freeloader? Don’t count on that. The terms are carefully worded to avoid promising anything of the sort.
They also say “Cloudflare DDoS protection secures websites and applications while ensuring the performance of legitimate traffic is not compromised.”, with a tick to indicate this is included in the Free tier.
You are honestly the first person I’ve heard complain about Cloudflare failing to protect against DDoS attacks. However, I have no doubt that not having Cloudflare, I would fare no better. So still seems worthwhile to me.
The first point is only when you use the tunnel function, right ?
Because I noticed, if use the tunnel function (hiding your private ip) the sites gets an Cloudflare certificate, but if just using it as DNS (without tunnel) the page has my certificate.
If you use DNS with proxy it still applies, you should get a Cloudflare certificate then. But yes, if you use Cloudflare as DNS only, then it should be direct. I believe you get none of the protection or benefits doing this, you’re just using them as a name server.
The Cloudflare benefits of bot detection, image caching, and other features all rely on the proxy setting.
Also if proxying is enabled, your server IP is hidden which helps stop people knowing how to attack your server (e.g. they won’t have an IP address to attempt to SSH into it). You don’t get this protection in DNS only mode either.
Basically if you’re using DNS only, it’s no different to using the name server from your domain registrar as far as I can tell.
There’s a third point which is: Things in CloudFlare are publicly accessible, so if you don’t put a service on front for authentication and the service you’re exposing has no authentication, a weak password or a security issue, you’re exposing your server directly to the internet and bad actors can easily find it.
Which is why some services that I don’t want to have complicated passwords are only exposed via Tailscale, so only people inside the VPN can access them.
I have a cloudflare tunnel setup for 1 service in my homelab and have it connecting to my reverse proxy so the data between cloudflare and my backend is encrypted separately. I get no malformed requests and no issues from cloudflare, even remote public IP data in the headers.
Everyone mentions this as an issue, and I am sure doing the default of pointing cloudflared at a http local service but it’s not the ONLY option.
I’m not quite sure I get what you’re getting at. If you’re using Cloudflare (for more than just a nameserver), then the client’s browser is connecting to Cloudflare via a Cloudflare SSL certificate. Any password (or other data) submitted will be readable by Cloudflare because the encryption is only between the browser and Cloudflare. They then connect to your reverse proxy, which might have SSL or it might be unencrypted. That’s a second jump done by re-encrypting the data.
How does the reverse proxy help, when the browser is connecting to Cloudflare not to the reverse proxy?
The spirit of Self-Hosting is trying things and then asking specific questions when you get stuck (stuck includes having no luck using a search engine).
Please let me know what you find for jellyfin with arrs and VPN. I have found that the VPN always interferes with jellyfin and other stuff and haven’t been able to figure out gluetun.
Stuff like this is why I moved my docker from unraid to a VM where I can use docker compose. Docker compose is really the only way to get a clean setup with complex stuff like this. That being said I recommend beginners use unraid. You don’t need a full vpn for torrents, a socks5 proxy will be fine and doesn’t require and special docker settings.
My setup uses traefik reverse proxy. Internal HTTPS (let’s encrypte wild card) and external HTTPS depending on what I want.
It uses authentik for single sign on and in this case provides LDAP for jellyfin and also provides web authentication for arr services.
The glutun container can be configured with any VPN and all services can only access the internet via the VPN.
My NAS is unraid, my docker host is a VM on proxmox. Media files are stored on HDDs on unraid and everything else is on on the docker SSD. Volumes are connected to where they need to be via NFS shares.
There are limits for cpu and ram so one container can’t bring everything down.
The containers themselves all communicate via their own docker network and only the reverse proxy (traefik) allows access to the UI.
For Headscale, I don’t have any direct experience but unRAID has a decent Wireguard plugin, and should get you up and running in a pinch.
And for your self-hosted services (especially Bitwarden) ensure you’re not exposing this on the net, by VPN is the only option I’d recommend. Even so, I prefer to use Bitwarden’s hosting with a family plan, for peace of mind and resiliency. It’s also much easier for my family.
UnRAID is a great place to start - it allows you to scale cheaply as you need and is easier to fix mistakes. Good luck, and happy homelabbing!
I agree Reddit is toxic. I’d argue reddit actually stopped being Reddit around 2016. But it’s posts like this that clog it all up and are partially why it is the way it is today.
I gotta agree with this. The toxicity in any reddit thread increases dramatically when the poster pre-emptively complains about all the toxicity they expect to receive. Whereas when you just ask straight without going into a whole speech about comment quality, you get much better replies. Particularly because it's hijacking your own thread; changing it from whatever question you wanted to ask into an analysis of the comments.
To your point, I clicked on this post hoping to see what OP was going to use and why because I would like to build my own NAS some day. But like you said, this post is a waste of everyone’s time.
I believe it doesn’t really matter much whether you want to protect the environment from vibrations of the machine vs. protecting the machine from vibrations of the environment - in both cases, decoupling the systems is what you want to achieve.
I personally had to deal with the case of a large format CNC machine transferring stepper motor vibrations into an adjacent office via the wall-mounted brackets it was sitting on. People started to complain shortly after installation since the noise was very audible in the otherwise quiet working environment.
The solution involved placing the machine on a plate mounted via rubber decouplers (see www.dayco.com/en/product/decouplers) which in turn was mounted to a shop-built TMD using a rubber core sandwiched between two foam plates. The rubber core works as both mass and absorbs additional vibrations. It was built following a paper, but unfortunately, that was around 7 years ago and I’m not sure I’ll be able to dig the publication out again.
You can in fact simulate the TMD and do the tuning (see for example mathworks.com/…/mass-spring-damper-in-simulink-an… , though dedicated software packages also exist) but in all honesty, that will probably be overkill for your case.
Having your NAS sit on a 1/2" board of baltic birch plywood resting on a foam sandwich is probably going to do the trick in your case. You can easily create such a sandwich using foam, a rubber mat and some spray glue. Different foam densities will give different results and yield different “tunings” - you may have to play around with this a bit. I could imagine you’ll most likely even be able to skip the second decoupling step (rubber feet/decouplers), in the aforementioned case the second decoupling allowed for another set of frequencies to be dampened (via a different overall rubber hardness) but also brought overall amplitude down.
Don’t use super soft foam, as this will yield a wobbly base, something you probably want to avoid for your NAS. Also, make sure not to attach the base board to anything else apart from the foam, or you’ll transmit vibrations again. If you don’t like the appearance of the foam, you can build a small fence around it that goes up to the top of the base plate.
All that being said, there are also ready-made solutions like speaker dampening feet available: www.amazon.com/…/B09QC2L7N3
Most of them are made to decouple subwoofers, so they might fit into the frequency spectrum you specified. Those couls certainly be an affordable and rather quick way to solve the problem.
Awesome, thank you for taking the time to include so many details. I can see myself easily building the aforementioned plywood+foam sandwich platform, sounds like a more solid platform to put the NAS case on (mid tower).
The subwoofer feet also look fun, I remember reading about them back in the reddit days. After revisiting my notes and the post, there were some concerns about harmonic vibrations and oscillations from the drive having an negative impact. But reading it again, I don’t think that this will be a problem.
I think I’ll start with the feet and see how they perform while I source the plywood and foam. Maybe there are also some foam / rubber mounts for the disks themselves, I should be able to find suitable one as it’s a more common problem to have.
Do you have recommendations for how I should best measure the results? Preciously I looked into the raw acceleration data to see how strong the vibrations are, and then I looked into the spectrum to find the vibration frequencies. All with consumer / noob friendly tools (phyphox), hoping that the change will be measurable and the results - meaningful.
Honestly, I think your approach using the MEMS accelerometer in your smartphone is fine - just make sure to tape the back of your phone firmly to the board to get a rigid connection. This will be of particular importance if you want to do any kind of tuning, as you might measure spurious frequencies if the device is not properly attached.
Smartphone accelerometers are actually used in civil engineering / industrial applications to determine frequencies of e. g. bridges or check for bearing wear. If you are interested, here are some papers:
That being said, the accuracy of the frequency readings is not super important for your application, as what you are after is pretty much only a reduction in amplitude. I would assume spinning hard drives show different responses to different vibrational frequencies, but I did not have the time to research this myself. However, here are two papers that explore what you are trying to do, which I will link since they also mention a few related papers that show the impact of vibrations on hard drives:
This would in theory incentivise to optimize dampening certain frequencies, but I suspect you will quickly get into the realm of overengineering / premature optimization, as the dampening might be good enough to tune out all relevant frequencies without simulations or tuning etc. However, it’s still certainly a worthwhile effort for educational purposes though.
As for a practical approach, I’d probably simply start out with some super cheap foam obtained at the nearest home improvement or crafts store and see how a sandwich using that affects signal amplitude. You could even introduce artifical vibrations using a DC motor with a weight mounted off-center on the shaft, which you can get ready-made for next to nothing on eBay (“vibration motor”, ~ $2).
If you want to get into tuning / experiment / analysis territory, I would like to include additional motivation. Not only might proper decoupling increase the lifetime of your drives, but it could also improve performance. I will include the following video as humorous proof of that:
P.S.: I firmly believe that research should be freely accessible, so I feel obligated to mention that all papers linked above are, if not available for free on their respective webpages, obtainable via a certain scientific hub.
I work in railway noise and vibration mitigation, and @scrion has given you a great starting point. When we build rails and want to mitigate ground-borne noise and vibration (typically up to ~200 Hz), we generally mount the rails on soft pads and add extra mass to isolate the rails from the surroundings. The exact same approach will work at your computer. We don’t typically use tuned mass dampers for ground-borne vibration, so I think that will be overkill for you, but you can try if you like.
I wanted to suggest that, in addition to the feet/foam/plywood, you can also add a big chunk of something heavy to help with isolation. Like put a heavy rock on top of the foam, and your computer on the rock. The trick is this: if k is the stiffness of your foam, and m is the mass of everything on top of the foam, then your isolating frequency is at √(2k/m). All frequencies above the isolating frequency will by mitigated (the further above, the more they’re mitigated), while all frequencies below will be amplified.
(Quick aside if you actually want to calculate frequency with √(2k/m): check that your units for k and m are compatible, you should end up with a result in units of 1/s, which is actually radians per second, then multiply by 2π radians per cycle to convert to Hertz).
When it comes to measuring results, since your problem is in low frequencies, you can probably use your phone’s accelerometer assuming it reads fast enough (the sample rate must be at least double the highest frequency you care about). Mount it as rigidly as you can to your computer, since if the connection is soft, the phone will be in its own isolating system. The quickest way to test your isolator would be to hit close to the base with a hammer; impacts excite a wide range of frequencies equally, so in the frequency domain you should see vibration amplitudes following a shape https://commons.wikimedia.org/wiki/File:Amplitudenfrequenzgang.tif.
But as @scrion notes below, you don’t really care about your isolator’s response, you care about what trains are doing to your computer. However, he said one thing I disagree with: it’s not the amplitude of the acceleration that you care about, it’s the amplitude of energy, and therefore velocity. This article gives a good introduction to ways you could analyze that. But now we’re getting way in to the weeds on what should be a simple project!
One last aside: if the vibrations in your building are bad enough, you could raise it as an issue with the metro operator. The US Federal Transit Administration sets standards that are commonly followed even outside of the US (see Table 8-1 in their Noise and Vibration Manual); if your measurements show vibration exceeding those limits then they might pay me to fix it :D.
Hey, great that you chimed in, I agree with the points you’re making. As for my remark regarding amplitude, what I wanted to convey was: in the measurement scenario using the PhyBox smartphone app, OP should see an overall smaller signal envelope if the NAS was properly decoupled, compared to the previous plot.
As for your comment regarding the Nyquist theorem, PhyBox maintains a list of devices and their sensors so it would be possible to lookup the available sampling frequency. There are other factors potentially limiting the sample rate (e. g. switching offl microphone access for the app on Android), but it’s a good starting point.
I’m wondering, now that you’ve seen the app, do you have some practical advice on how to measure the difference without having to spend a few hours researching and refreshing on high school physics? It seems that my only option is to run the “Acceleration without g” experiment and work on the csv export.
A probably naive approach would be to filter out values below a certain threshold (a ‘low pass filter’ of sorts to deal with a noisy sensor) and then try to meaningfully sum the acceleration by time period. But just as I wrote this I realized that I can’t simply sum a few values from several rows and call it a day.
The article you linked explained the idea behind the pseudo velocity well, I’m wondering if I can… “sum the area” (assuming interpolated data) under the various measurement points. Without completely nerding out and investing too much time :D My sensor seems to have a rate of 200Hz, so it should be good for measuring vibrations up to 100Hz.
Edit, it’s integrals, right? This is actually exciting, haven’t touched math since university. Also here’s an example of how the acceleration graph looks like when the phone is on the heating / radiator (more or less worst case): Screenshot from phyphox with acceleration sensor data
None of the included experiments look to be exactly what you need. For characterizing your isolator, the included Acceleration Spectrum is close, though it records continuously, making it difficult to use to record impact response. For evaluating actual train vibrations, the user-defined Integrated Acceleration might be a start, but it doesn’t include the filtering needed to get good information. You could define your own experiments, but that’s probably even harder than analyzing the CSV data on your computer. At least on your computer you can change your analysis freely and immediately see results, rather than re-running the experiment every time.
I’ve been a bit busy so I haven’t had the time to figure out what and how much I need to compensate so the sensor data is more useful. One of the sensors seems to be detecting something reminiscent of a sine curve, so this will involve some extra high school math to find a function to cancel it out. Busy dad etc, maybe next week. In the mean time I started putting together the case and ordered the springy subwoofer legs. Here is how a simple plot of the raw acceleration looks like.
It’s obvious which one is the before and after. The second one even includes two trains arriving back to back.
Now I need to figure out a few things:
repeatable experiment (hammer? dropping something heavy from the same height?)
make the Z-axis reading more useful and compare velocities
add some foam/plywood and rubber feet on the disks
Thanks for the update and graphs. That is an amazing improvement. In the “after” plot, it looks like any acceleration from the train is well below the noise level of your accelerometer. So, within the limits of your measuring equipment, you’ve effectively eliminated all train vibration. If I were in your place, I would declare success and move on with life! Don’t even bother with foam and rubber feet, because this configuration is working great.
But you could analyze further if you really want; there could be some train signal hiding in all that noise. Since there’s periodic noise in the Z axis, you could take a reading during a still time (computer off, no trains) and see where your spikes are in the frequency domain. Then you could apply a filter (or filters) to cut out that periodic noise.
But unless you’re really into learning about signal analysis, I’d say you could skip it.
I dunno what you guys are doing that makes your nextcloud die without touching it. Mine runs happily until I decide to update it, and that usually goes fine, too. I don’t use docker for it, tho.
I’ve been reading nextcloud forums/reddit/lemmy/etc. for years now, and i feel like 90% of the problems are from people using docker or whatever easy one-click solution is out there
I’ve been running NC the old fashioned way for years now and i’ve never had problems of NC dying for no reason.
Have i had issues? Of course… Not not like the ones people keep coming here and shitting on NC
The only times i’ve had major issues and it was actually a problem with nextcloud, is buggy major version releases… So i never install a new major release until X.0.1 these days. Havent really had problems since
I’ll let folks with more security experience dive into your specific question, but another option is to host your website on something like Github pages (using a static website generator like Jekyll) and point Cloudflare at it. That way you don’t need anything pointed at your local network, get the uptime of Github, and still benefit from your own domain name.
That’s what I’m doing with my own blog and it’s been great. Github provides the service for free but if they ever charge for it I’ll just start hosting it locally.
That’s what I’m doing! I used it to make a “blog” of all the things I had to learn to switch to Linux for my home drives and daily gaming rig. Complete with copy buttons on the code blocks so I can do a complete reformat in minutes!
Or take github out of the equation and directly use cloudflare pages. It has its own pros and cons, but for a simple static blog it’ll be more than enough, and takes out the CNAME hassle.
Updating from my experience is not Russian roulette. It always requires manual intervention and drives me mad. Half the time I just wget the new zip and copy my config file and restart nginx lol.
Camera upload has been fantastic for Android, but once in a while it shits its brains out thinking there are conflicts when there are none and I have to tell it to keep local AND keep server side to make them go away.
The update without fail tells me it doesn’t work due to non-standard folders being present. So, I delete ‘temp’. After the upgrade is done, it tells me that ‘temp’ is missing and required.
Other than that it’s quite stable though… Unless you dare to have long file names or folder depths.
People are shitting on them because the price point for arm sbcs has risen, while the price point for small x86 computers has come down. Also, x86 availability is high and arm sbc availability has become unreliable. They also aren’t generally supported nearly as well. If you don’t need more power and you already have them on hand there’s no reason not to use them.
I’m curious, what’s an example of a mini x86 machine comparable to a raspberry pi? I just did research and ended up buying a RPI 5. I may have not known what to look for, but what I found in the x86 space was $200+ and seemed pretty underwhelming compared to a $80 SBC on arm.
In 2022, when Pi4s were going for $150-200, I managed to get a 7th gen NUC for about $150. I was looking to start Home Assistant, so both were viable options, but even the Pi5’s coming close to $100 retail, spending 50% more gets you a lot more performance for a 7th gen intel i5/i7 mobile chip, 16gb of RAM and a 256GB NVME.
I don’t know what a pi5+ is, unless you mean orange pi 5+?
I just bought a RPI 5 8GB (base price $80), all accessories in, for like $115. It never occurred to me that this would’ve been considered “expensive”, but a lot of people in this thread are saying so because rpis used to be $30. I mean the price has increased, but hasn’t the price of literally everything increased noticeably at the same time?
Pi5+ just because I’d originally written Pi5+PS/case/SD.
And you’re right that everything has gotten more expensive, but $35 in 2016 (Pi-3) is only $45 today (and you can still get a 3B for $35). The older Pis hit, for me, a sweet spot of functionality, ease, and price. Price-wise, they were more comparable to an Arduino board than a PC. They had GPIOs like a microcontroller. They could run a full operating system, so easy to access, configure, and program, without having to deal with the added overhead of cross-compiling or directly programing a microcontroller. That generation of Pi was vastly overpowered for replacing an Arduino, so naturally people started running other services on them.
Pi 3 was barely functional as a desktop, and the Pi Foundation pushed them as a cheap platform to provide desktop computing and programming experience for poor populations. Pi4, and especially Pi5, dramatically improved desktop functionality at the cost of marginal price increases, at the same time as Intel was expanding its inexpensive, low-power options. So now, a high-end Pi5 is almost as good as a low-end x86, but also almost as expensive. It’s no longer attractive to people who mostly want an easy path to embedded computing, and (I think) in developed countries, that was what drove Pi hype.
Pi Zero, at $15, is more attractive to those people who want a familiar interface to sensors and controllers, but they aren’t powerful enough to run NAS, libreelec, pihole, and the like. Where “Rasperry Pi” used to be a melting pot for people making cool gadgets and cheap computing, they’ve now segmented their customer base into Pi-Zero for gadgets and Pi-400/Pi-5 for cheap computing.
I really was asking. I did a little research and concluded any x86 machine I could buy would be too slow for reliable video playback unless I spent over $200. I am open to actually being wrong there though.
No idea, honestly, what the popular perception of N100 platform is. It only came to my mind because I’d watched www.youtube.com/watch?v=hekzpSH25lk a couple days ago. His perspective was basically the opposite of yours, i.e.: Is a Pi-5 good enough to replace an N100?
You’d be looking at used mini PCs. I’ve heard really good things about lenovo. It’s not necessarily exactly comparable in price, but the reason people are souring on arm SBCs, and especially PiS, is that it’s only a little more for a more powerful lenovo, and there are never any supply issues.
I bought an old Intel NUC with a 2.x GHz i3, 8gb ram and 120gb nvme used for $65, upgraded it to 16gb of ram and 1tb nvme for another $50. I run everyting from that in either VMs or LXCs (HA, jellyfin, NAS, CCTV, pihole) and it draws about 10W
A reverse proxy takes all your web-based services, e.g.
plex on port 32400
octoprint on port 8000
transmission on port 8888
and allows you to map these to domain names, so instead of typing server.example.com:32400 you can type plex.example.com. I have simplified this quite a bit though - you need DNS configured as well, and depending on your requirements you may want to purchase a domain name if you intend on accessing content from outside your home without a self hosted VPN.
Cloudflare is a DDoS mitigation service, a caching web proxy, and a DNS nameserver. Most users here would probably be using it for Dynamic DNS. You can use it in combination with a reverse proxy as a means to mask your home IP address from people connecting to your self hosted web-based services remotely, but on its own it cannot be used as a reverse proxy (at least easily - would not recommend attempting to). Do note that Cloudflare can see all the data you transmit through their systems, something to bare in mind if you are privacy conscious.
In my opinion though, it would be much better for you to use a self hosted VPN to access your self hosted services (can be used in combination with the reverse proxy), unless there is a specific need to expose the services out to the internet
Edit: fix minor typo, add extra info about cloudflare
So a reverse proxy is a way to manage subdomains? I read somewhere that it allows multiple different services to be hosted on the same port and I think I know that that is probably a lie.
Depends what you mean by same port. A reverse proxy would allow you to expose everything of 443 and then the proxy would route to particular app ports and hosts.
Each service runs/listens on its own port, including the proxy (typically 80/443). When you connect to the proxy using its port, it will look at the domain name you used and proxy your connection to the port for the service that name is setup for.
So when you go to expose these to the network/internet, you only have to expose the port the proxy listens to and the clients only ever use that port regardless of how many services/domains you host.
Edit: whoops, got a little bit sidetracked and didn’t talk about cloudflare at all. I’ll leave it up nonetheless as it contains info.
The reverse proxy only listens on port 80 and 443, so yes, all your services will be accessible through just one/two ports.
The reverse proxy will parse the http request headers and ask the appropriate upstream service (e.g. jellyfin) on localhost:12345 what it should send as a reply. Yes, this means that you need to have a http header so that the reverse proxy can differentiate the services. You don’t need to buy a domain for that, you can use iPhone to make your made up domain map to a local IP address, but you need to call the reverse proxy as sub.domain.com. 192.168.0.123:80 won’t work, because the proxy has no idea which service you want to reach.
I found it really easy to set up with docker compose and caddy as a reverse proxy. Docker services on the same network automatically resolve their names so the configuration file for caddy (the reverse proxy) is literally just sub.mydomain.com { reverse_proxy jellyfin:12345 }. This will expose the jellyfin docker, which is listening on port 12345, as sub.mydomain.com on port 80.
That’s halfway correct - I’ll try and break it down a bit further into the various parts.
Your subdomains are managed in using DNS - if you want to create or change a subdomain, that happens here. For each of your services, you’ll create a type of DNS entry called an “A record”, containing your service’s full domain name, and the IP address of your reverse proxy (in this example, it is 10.0.0.1)
The DNS records would look like the following:
plex.example.com, 10.0.0.1
octoprint.example.com, 10.0.0.1
transmission.example.com, 10.0.0.1
With these records created, typing any of these domains in a browser on your network will connect to your reverse proxy on port 80 (assuming we are not using HTTPS here). Your reverse proxy now needs to be set up to know how to respond to these requests coming in to the same port.
In the reverse proxy config, we tell it where the services are running and what port they’re running on:
plex.example.com is at server.example.com:32400
octoprint.example.com is at server.example.com:8000
transmission.example.com is at server.example.com:8888
Now when you type the domain names in the browser, your browser looks in DNS for the “A record” we created, and using the IP in that record it will then connect to the reverse proxy 10.0.0.1 at port 80. The reverse proxy looks at the domain name, and then connects you on to that service.
What we’ve done here is taken all 3 of those web-based services, and put them onto a the same port, 80, using the reverse proxy. As long as the reverse proxy sees a domain name it recognises from its config, it will know what service you want.
One thing to note though, reverse proxies only work with web-based services
Another user already gave you the answer, but one thing to bear in mind is that Cloudflare only “speak” HTTP(S), and nothing else. So if for example you want to run Minecraft, CloudFlare’s free plan will not allow you to route it through port 80/443 as they don’t know how to “speak” the Minecraft protocol.
So far, I have WireGuard set up, and activate it when I need access.
This year I have considered Cloudflare tunnels to enable them only to issue SSL certificates (instead of signing my own like I did last year). But not sure if it is worth it or if I should just keep signing myself.
(Cert is mainly to avoid SSL warnings on iOS and browsers, so far I am the only one using what I host)
Might also be nice to not have to configure each device to use a different dns server (my own), but not sure the benefit is worth having that dns record “out there” and Cloudflare “in here”.
The DNS-01 challenge [1] allows for issuing SSL certificates without a publicly routable IP address. It needs API support from your DNS provider to automate it, but e.g. lego [2] supports many services.
I personally leave my Wireguard VPN always on, but as its only routing the local subnet with my services, it doesn’t even appear in my battery statistics.
But yea, the plural of code in the context of programming scripts is just code, but if you were to talk about codes like a code to get into a door pin-pad, it has an “s” at the end for plural. To be honest, I’m sure there’s plenty of native English speakers not in the tech world that would likely also call it “codes” when talking about programming.
I definitely do not count it against them as long as they know how to human at the interview. I just review the code as I would any repo.
The only thing is that with regular projects I tend to go “I noticed on your GitHub you have project X that uses technology Y, etc etc”. With H projects I just go “do you have experience with Y” and let him choose how much he wants to share about the project. So far they remain vague on the non technical details and I let them leave with their dignity intact.
So, ranked, way ahead of candidates without visible projects, but slightly behind people with projects we can discuss in detail in front of the people from HR ;)
Your instance will still exist, and federation should continue as normal if you manage to reclaim the original domain.
If you have to switch to a new one, however, federation will be very awkward. Other instances will essentially treat you as a brand-new instance, and mirrors of old content will be “orphaned” and no longer sync.
Porkbun is sort of the darling of the self hosting community. I settled on them after doing a huge comparison of prices and features of all the different registrars available to me. Porkbun was by far the best.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.