• 0 Posts
  • 24 Comments
Joined 11 months ago
cake
Cake day: February 1st, 2024

help-circle

  • My method:

    VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

    Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

    No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.




  • Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.


  • I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.

    So long as your certs are for your fully qualified domain there’s no problem. I do this, as do many people — mydoman.com is fully qualified, but on my own network I override the DNS to the local address. Not a problem at all — DNS is tied to the hostname, not the IP.







  • I think this is the real question.

    Did they quit and join a competitor who offered a better WFH option? Or did they get a taste of the good parts of white collar pandemic life — no commute, flexible hours, work from anywhere — and decide that actually, their entire identity is not just their professional life, and maybe they should retire to see the world/spend time with family?

    There are definitely some high profile rage quits over return to office, but I think there are a lot more of the “hey this was fun but time to take care of myself” quits.



  • 403 Forbidden doesn’t necessarily mean a bad login attempt. Are you sure that’s the error? My troubleshooting steps would be to access directly (no nginx), and look at the logs for a successful login. Then, look try to login with nginx, and look at those logs (both access.log and error.log on nginx, and any/all logs from syncthing). Find out where the two cases diverge and go from there.

    Does syncthing have a domain name specified? If it doesn’t know its domain name it may work from IP directly but not via reverse proxy. Just a hunch.




  • Some false premises in this thread — corporations are not required to maximize profits. Even if maximizing profit was mandatory, this is a pretty subjective topic — is short term profit while pissing off your customers “maximizing profit,” or is sacrificing short term gains for long term customer loyalty “maximizing profit”? It’s not a rhetorical question, and I think you can find examples of both.

    Corporations are also not all pursuing endless growth; in addition to “growth stocks” there are “dividend stocks.” Some companies aren’t aggressively pursuing growth, but are making profit, and the stock reflects this. It feels almost antiquated in the “to the moon” era, but these companies do exist.