As someone runnings things out of my basement computers, i have a lot of problems with my hosting provider

There are certainly are bigger issues in the world right now, sure, but it isnt about “rights for software”, it is about the ability people to talk about what they want (in this case, software)

Ooo, interesting.

I am going for public access here, so it wont work. But i think this is how some routers are set up. Like i think asusrouter.net is set to 192.168.0.1, so anyone with the router can go to the same url / domain and itll send them each to their own router. Found that out the other week and thought it very clever.

So i had done this (with Adguard rather than pihole) and i think i was getting caching issues. Whether or not i was, though, i removed it and it looks like my router is handling it all just fine without the rewrite on the local DNS server.

Some folks mentioned “hairpin NAT” - i was reading the wiki on NAT last night but didnt get to hairpin, but that appears to be what is happening.

The conclusion is - my setup had been doing what i want the whole time without any DNS fiddling. I updated the original post with the speedtests.

I guess I should say that I think there were caching issues, but the problem was coming from an iphone and the Bitwarden app (connecting to the self-hosted vaultwarden).

i think this is what I was doing with Adguard and using the re-write rules, but then the client (my phone, for example) would cache the IP address and it would fail when I was out of the house/network.

Or am I misunderstanding what you are saying here?

ok, well that’s easy to set up if that is how it just works! i wonder if maybe i should (at least temporarily) self-host some sort of speedtest app on the server and check the speed from my phone while i’m on wifi using the IP, wifi using domain name, and off wifi using domain…

A “TLD” is a Top-level Domain, examples of which are .com and .org. They sell names within their domains.

You’d just be buying a “domain name” within some TLD and redirecting traffic from that domain name, not from the TLD.

For a domain name:

You go to something like NameCheap.org and buy a name (hackers4life.xyz or something cool like that). Then their web interface has a place for you to enter the IP address that you want associated with that name. Whenever someone then types “hackers4life.xyz” there will br a series of computers asking other computers “do you know the IP address for this?” until they do.

If you have that Pi in your house, there are (at least) two steps for you then: (1) Getting your home IP address (2) Forwarding the port

(1) Your router admin panel may have this, or else if you search the web for “what is my ip” there are sites that will tell you (basically, you connect to their webpage and they just print out the IP they are sending data back to). There are two concerns here, though.

(a) Do you have a unique IP? There arent enough IPv4 addresses in the world for all the computers connecting to the internet. To get around this, ISPs will essentially group customers together under the same IP and then they figure out how to get the traffic to the right place. If you dont have a unique IP, you might be screwed (but i havent looked into dealing with that much).

(b) If you have a unique IP, you still probably dont have a stable IP. Your ISP might reallocate all the addresses in their network every day/week/month/whenever. This is the case for me. Namecheap (or whatever other domain vendor) has a process for you to use a script to send them your IP address, and so you make a script to recheck it and send namecheap updates every hour or something like that.

(2) Forwarding the port

Some other machine on the web knows your IP (because it is associated with hackers4life.xyz) and so they try to connect. This comes down the wire from the street into the side of your house/apartment, into the modem, and into your router. If your router isnt expecting it (or prepared to do something with it), itll just ignore it. You want the router to instead send it to your Pi. To do this, you go to your router’s admin settings and forward the messages based on the port they are coming in on. The standard ports for HTTP and HTTPS are 80 and 443, and so you can forward those ports to the Pi. Making sure that then the Pi does the right things with those is outside the scope of me writing right now.

it is indeed infrequent, but the modern world has trained me to expect convenience and instant-ness. Last time i wanted a 12-year-old email I was in the car with friends and and to pull it up. it wasn’t anything important at all, to be clear, but i’m hoping to search my 12-year-old emails with the same convenience as last month’s.

I think that that is right that I fundamentally want an archive, not what a normal mail server provides. Part of my thought on looking at mail servers is that those would integrate directly with whatever other front-end/client that I’d normally use, whereas an archive maybe would not.

And regarding archive-specific stuff, I am seeing some things on a search, but I guess i’m wondering if folks here have any recommendations. When I look at , for example, nothing comes up for email archive, just for email servers. That, plus what I see when searching, makes me think that the archive-specific stuff is either oriented to business or oriented to a CLI (like NotMuch, which was mentioned in the discussion here and does look cool).

This looks like a good backend for sure, but the web frontends look a little lacking and I’m not seeing anything about a mobile frontend (other than if a web one was up, which would be fine). Have you tried any of the web frontends?

It sounds like you have a heavy duty door lock to be very secure, but you are essentially trying to backdoor all that security with a new internet-connected thing. An adversary only has to break the weakest link here, rendering the physical door lock obsolete.

If you are just going to have some digitally-connected device ultimately controlling access to the house, I’d go with just some standard door lock that does that (i haven’t used em but they exist). The physical lock on those is surely less what you have know, but with your proposed solution the physical lock probably isnt what people who crack anyway.

Unrelated to your actual post (plan to read later), but is your RSS busted? The rss link on the webpage gives a 404 and my RSS reader is erroring on it as well…

Ive got this working with Caddy and Adguard

I use Caddy as my reverse proxy. It is running on the machine in the basement with all the different docker-container-services on different ports. My registrar is set up so that *.my-domain.com goes to my IP.

Caddy is then configured for ‘service-a.my-domain.com’ to port 1234, and the others going to their ports. This is just completely standard reverse proxy.

For some subdomains (i.e. different services) ive whitelisted only the local network. There is some config for that.

Im pretty sure that I also have to have adguard do a dns rewrite on the local network as well. That is, adguard has a rewrite for ‘*.my-domain.com’ to go to 192.168.0.22 (the local machine with caddy). I think i had to do this to ensure that when the request gets to caddy it is coming from the local whitelisted network rather than my public IP (which changes every couple months, but could be more).

When i was doing a headless install, i spend a hour or two trying to figure out how to pre setup configs for the debian installer or how to do it over network or what before i finally lugged the new machine to the other room and plugged it into the monitor and keyboard of the main rig, installed it all (and set up ssh so i can later get into from the main rig), and unplugged it.

My point is, even if it isnt trivial to have the keyboard and monitor, it may be much easier to get them than to really do an install without them.

Ive got some stuff that i think is similar to what you are trying where i have an excel file template and use python to read from the database and populate cells in excel and then save a pdf.

There are a couple different options for python libraries - openpyxl, xlwings, or pywin32.

It is annoying and goofy, but works. Excel can be very flexible with getting everything sized just right for what your final output/pdf should look like.

Ive started using homebox and i like it. Granted, i only use it for myself right now, not sure how it works for multiple people and public vs private repos

Thanks!

If im doing this right, the url is just the releases page for the repo with a .atom at the end. So for Vaultwarden it is https://github.com/dani-garcia/vaultwarden/releases.atom

Tyty