Woo!

I do. My gaming PC is also my most capable server.

Why? The website works fine.

Project zomboid Boltgun Civ6

Bold of you to assume if I own a house I’ll pay any of those.

Wtf am I gonna use credit for? Redo my roof. I’ll put out a bucket.

Let them be confused. They’ll learn eventually. Or they won’t. Computers are too user friendly today anyway.

ProtonMail. 100%.

I set up custom DNS and catchall so yourcompanyname@saltycowboy.org is really how I filter spam.

Please note, saltycowboy.org isn’t really my domain.

1. Debian, unless I’m doing something specific like Home Assistant OS
2. Yeah, usually. The GUI uses so much system resources just to sit there and be unused. That said I do have a Windows VM for Quicken that I remote into to manage my families finances. Of course that isn’t headless.

Hover includes whois privacy for free

This is how I get books to my Kindle. So, take that to the bank for what it’s worth.

Second. I used to self-host Bitwarden. Then I realized it’d be too devistating to lose all my passwords, even with backups. So I moved to their cloud service and paid for my families accounts too.

Joplin tho, Joplin stays on the server with no backup. I should really, really make a backup this weekend.

Why does Kirk climb a mountain?

Because it’s there!

I host in the way that you describe: “service.domain.com”. I use Cloudflare, docker, and Caddy.

I don’t remember any pit falls off the top of my head. Make sure to use HTTPS (port 443). Everything on http is basically open for everyone to see. Caddy should set that up for you automatically, tho. I recently moved to Caddy from Traefik, it’s an awesome tool.

Oh, here’s a pitfall. One time I opened a port, #22, for ssh access to my server. I installed fail2ban on my server. One weekend I looked at my logs and found I’d banned hundreds of IP addresses. Some bot found my open port and then begun attacking the login with some kinda rainbow table. I moved the port from the ssh default to something else and never had a problem since.

Also, and this isn’t a requirement but just useful, I set up a VLAN for my selfhosted server. It’s firewalled from my local network. That way, if someone access’ my server they don’t have access to my whole network.

So, tldr, have fun and midigate risk where you can.

I’m reading about Caddy and playing around with it. It seems pretty straightforward. I’ll have to see if I can’t implement it.

This is valuable feedback. In retrospect I didn’t explain my problem at all. I’m really good at reading instructions, pretty poor at asking for help.

I’m going to take another crack at this, after I read up on and learn all about Caddy. At first glance it looks like it takes away a lot of my pain points from Traefik.

As soon as they stop using DRM to force you into a specific ereader ecosystem, you’ll have an argument.

Until then, I’m going to strip the DRM off of a book I buy on Amazon and read it on my Nook. All other parties involved can fuck all the way off.

That’s a tuff ask, and it’s been awhile since I looked.

My kids phone is Android, computer is Windows, and I couldn’t get away without Googles Family link.

The PC was easier. I use Pihole to primarily block ads, but it can also log DNS requests from my kiddos PC, and I use my switch to kill his internet. It’s a desktop and doesn’t have wifi. So it’s just a Ethernet cable to his room. Kill the port or unplug the cable for dramatic effect. Any OS he’s on he’ll have restrictions and monitoring as long as he doesn’t spin up a VPN or learn how to change the DNS host. But much to my dismay I don’t think he’ll ever love Linux, or networking.

The phone was harder. Android gives up a random MAC address so blocking him from wifi was difficult, and it didn’t matter anyway since he had cell service. Eventually I came to realize that if he’s in the Google ecosystem, I have to play with Google if I want parental controls on his phone. It sucked. But, again much to my dismay, he doesn’t seem to think a big company knowing literally everything about him matters all that much so… Whatever. Maybe I’m the one that’s crazy.

From what I’ve read about Cloudflares Zero Trust Tunnel thing it’s actually more secure than hosting it with a public IP address.

To be clear I haven’t done it. So idk for sure. But it sounds like they use some kinda 2fa system to get to your services, you don’t expose a public IP, and it’s all behind Cloudflares service. Which is great for security. If you trust Cloudflare. I trust Cloudflare, but some folks might not.

I might check this out as a weekend project tho. See how it differes from my setup with vlans, VM’s, firewalls and fail2ban.