Seems like a very reasonable reason to switch to another isp well established in the 21st century

Fuck, there is a law in internet (which name I cannot recall) about the impossibility of distinguish an ironic message.

I felt in that trap completely!!

What a lot of nonsense. Of course the technology exists and of course it can be done. But in reality is not done because it simply doesn’t bring any benefit.

And in addition a address translation is not nat ™ because the server can be hit from the outside.

Today in ipv4 we have likely 2 Nats, 1 after your router and the other by the carrier (cgnat) and ipv6 those are non existent

Ipv6, get an ipv6. There is not nat in ipv6

Kasm, you only need kasm.

It is a docker engine with the streaming already incorporates. Try that.

It is true that it relies in wine, so perhaps you will need to experiment a bit and pin down a specific wine version. But if I recall correctly I saw an old version of ms office running in wine

It is about the quality. Pretty sure there is not a quality upgrade and then the format is not applied.

It is contra intuitive for the arr stack. What triggers the format is the quality and then the rest of parameters.

I find it annoying because you can not make a format that you prefer a 1080 HD movie in multilanguage over a 4k in just English…

Usually 2.5" hdd tends to be more silent. But they are definitely worse from a nas perspective and not so in the ratio €/gb.

The solution with non mechanical disks is by far the most silent, but prepare the wallet and probably a kidney too.

Honestly, every hw that is not going automatically into a power save mode when not used is utterly crap, even my home grade switches are able to do so.

So, the only thing you need to do is to buy recent hw and of course not over size your hw necessities. But recent hw tends to be more expensive, so in the end, it is an excel driven decission.

And once this is said, be careful, some hw suffer more for a on/off cycle than from a continuous power on mode. Think in hdd power cycles or condensation/ salt-rust problems in high humidity areas.

Still it is not clear to me how the internal reverse proxy may get a valid certificate when the domain name is pointing to the vps. Do you copy later manually to the internal proxy?

And if so, how do you overcome the invalid certificate warning when you are accessing your services locally?

Question, how do you deal with the certificates if you have an external vps doing passthroy?

Because that certificate will not match the domain name of the vps and then everything will fail or at least trigger a lot of alerts.

I really fail to see how an internal backend in a different subnet can send the right certificate

Ey! congrats for the donation. I hope your personal project succeeds!

This could be funny if you have a d event computer, specially for od games

https://games-on-whales.github.io/

If you are interested in the photo storage then start… With the storage.

So pick up a nas or something similar, pay a bit more for the super intuitive fancy gui product and the start from there.

Learn what is nas and how to connect to a pc Thne learn how to do the same with your smartphone Then learn a bit about networking Then… Continuous for the hardest itch and try to Scratch it

And if you need support, come back here, check videos and web pages or even chatgpt, for the basic stuff is quite acceptable

Ehmmmm I still don’t grasp what you mean.

In any case, mandos has a possibility to do it automatically via rsa encryption, so you have the possibility of totally unattended restart.

Because the server is (ideally) in a different location, if one of yiur systems is stolen / compromised then you only delete / revoked the certificates ID and then that machine would not be able to decrypt its own luks system.

I never deployed this system on my own, but I know a few guys who did it

Regards

I am afraid I don’t get the question.

What do you exactly mean?

Chech here, I think is a more sensible way of doing things https://www.recompile.se/mandos

Nginx is considered battle tested.

Very few products have this level of puic scrutiny and and a good record of being safe.

Once this is said, the majority of problems come from misconfigurations, so triple check the things

OK I understood that the request came from internet and tailscale was to link the reverse proxy and the server.

In this case try ipv6, pretty sure you have ipv6 and you will have a public address.

But for this case you will need a dns in your network so example.com can be resolved and then your proxy will make the right request.

Yes doable.

Yes, it is possible, but you need a domain (example.com) that I guess you want to be resolved from internet and a public face ip.

After that, yep, if the reverse proxy can resolve tailscale names (basically it has tailscale installed in the same machine) and the service is reachable via tailscale, then it is perfect.

In fact in my setup I have a public domain name that is translated into a private domain name in the reverse proxy (exactly what you want with the addition of tailscale)

It is almost impossible to achieve those numbers, specially the idle, and the load we can only to be close to them when we use the watt/ per-useful-instruction metric.

recentest hw will have decent idle consumption (n95 is around 2w) but the rest of the hw will consume more and usually you attach more powerful/energy hungry devices so expect <10w in idle and perhaps <25w under load.

Older hw could not be so bad under load but they will idle less and will consume more