It’s mostly so that I can have SSL handled by nginx (and not per-service), and also for ease of hosting multiple services accessible via subdomains. So every service is its own subdomain.
Additionally, my internal network (as in, my physical LAN) does not have any port forwarding enabled — everything is over WireGuard to my VPS.
For a while I thought the Google AI result had a pretty logical, well thought out, practical solution — use glue.
My method:
VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.
Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.
No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.
Isn’t this extremely genre dependent? And regardless, this has been going on for a long time.
The Supremes? Good looking gals (and great music IMHO).
Grateful Dead? Sure, rough around the edges.
The Doors? Um…ever seen a picture of Jim Morrison? Dude would make Derek Zoolander blush.
Out of curiosity, I asked Spotify for modern metal music, and I got The Black Dahlia Murder — frontman looks like a regular dude who I’d grab a beer with.
Yeah, modern pop places a ton of emphasis on looks, sure. But I think this has been pretty prominent in music for a very long time, be it the airbrushed R&B of the sixties, the androgynous glam of the eighties, or the metro sexual (guy)/model-esque looks of modern pop.
Getting TLS certs will be complicated
I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)
I’m guessing it wouldn’t work for a variety of reasons, but having cameras digitally sign the image+the metadata could be interesting.
Yeah I don’t expose Jellyfin over the Internet, so it doesn’t matter for me, and wouldn’t work at all over WAN (unless VPN’d to home network).
Also, it’s all reverse proxied, and there’s nothing preventing having two Jellyfin hostnames, e.g., jf-local.mydomain.com and jf-public.mydomain.com.
Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.
I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.
So long as your certs are for your fully qualified domain there’s no problem. I do this, as do many people — mydoman.com is fully qualified, but on my own network I override the DNS to the local address. Not a problem at all — DNS is tied to the hostname, not the IP.
The only flaw in Corel’s logic was that as soon as you’re running Linux, you lose all desire to run WordPerfect, and develop an irresistible need to align yourself with vim or emacs…
Or go full CW, and just transmit source code in binary as dits and dahs. (So long as you document what you’re doing it should be legal, though I’m not sure if you should use the CE portion of he band since it’s nonstandard…)
I think (?) it’s generally true that the root user should never mess with users’ files.
Imagine your home directory is shared across many systems on a network (my alma mater did this). It would be really bad if a sysadmin for alpha.university.edu removed a program, and suddenly your personal settings were removed from beta.university.edu — even though that computer still has the program.
This is one of the “UNIX on the desktop” issues — a lot is designed for a sysadmin/multiuser situation, and it has some gotchas when using it as a desktop machine (I’m used to/really appreciate the directory structure and settings management at this point, but it may take some getting used to).
Any chance you have a DMZ set up on your router?
On your router, are there any settings specific to any host (other than the server maybe)? For example, a static IP or a port forwarded rule.
Do you have a VPN on the phones? Can you traceroute from your phone to the server and post that? (I like PingTools for Android.) You should have 1 hop (you -> server, nothing in between).
Can you verify that you are on the same wifi including same wifi channel? Phone on 5GHz but Linux box on 2.4GHz, for example.
Some mobile clients make it easy to accidentally downvote. I sometimes see that I accidentally downvoted a comment from time to time.
PingTools has been useful for me (though I mostly just use it for iperf).
I have an old Nexus 6P, spiritually the Pixel 0.
Replaced the battery at some point, and it’s now entered service as the toddler’s entertainment on airplanes.
It’s old and slow, but the screen still looks really good.
Right, I just meant that you can’t sudo cat file > /dev/sda but you can sudo dd ..., because IO redirection isn’t elevated to root with sudo. I’m not saying anything too profound :)
Compiling a kernel yourself isn’t a big deal these days, especially with DKMS. Generally the type of people I’ve encountered who care about which kernel version they’re usiyare the type of people who are capable of compiling it themselves…
One caveat is that you will need write access to the drive, which probably means you need to run as root — can’t run that with sudo as-is, unlike dd.
I think an issue here is that taxonomic and colloquial definitions don’t always agree.
Spiders are colloquially bugs, but they’re not taxonomically “true bugs” (which is itself a colloquialism for Hemiptera). Tomatos are colloquially vegetables but taxonomically fruits…but afaik vegetable is a purely colloquial term anyway.
And as someone else in the thread mentioned, colloquial berries are not always taxonomic berries.
So…colloquially, “plants” sorta means, “macroscopic multicellular living non-animal thing,” but taxonomically it’s something else.