Looks like most of that install script is just creating a letsenceypt cert for you. If it’s not working, you can probably just create one yourself or use a wildcard cert if you already have one.

The rest is just an nginx instance being used to proxy a connection. If you’re already using NPM, anyway, you might as well just use that. No reason to run extra instances.

Or start with the signal one and add your other proxy config files to that.

Since you’re asking on the Fediverse, an Activitypub server would be an obvious choice.

Git repos would be another good (and easy) choice.

In my opinion, “self-hosted” means that you host it yourself.

Running services in the cloud (i.e. someone else is hosting it) isn’t the same as hosting it yourself.

Just have fun, though. Not everyone is in a situation where they can self host. Just do what works for you.

“Nice” is entirely subjective. I think my site is nice, but someone else might think it’s garbage.

I use Hugo to generate my site. It’s not wysiwyg, but it supports markdown for pages, which is even simpler than html. It also has a live server mode, where you can see changes immediately.

The community has a created whole gallery of themes (templates) that you can use. It might be worth looking through the gallery to see if you think any of them look “nice” to you.

I’ve mentioned this before, but I’ll say it again: I like the concept, but I can’t help but feel that the presentation has been consistently poor.

The earlier releases left a sour taste for some by highlighting connections to cryptocurrency, and now it’s literally being rebanded to “bitsocial”? With Bitcoin being the widest known cryptocurrency in the world, it’s definitely not alleviating the concerns that this is some sort of cryptoscam.

My only question, which I feel wasn’t clearly explained in the video, is whether he did any extra work on the Windows machines. He explains his “fresh install” mythology for the Linux tests, I don’t recall him explicitly saying that he did the same for the Windows machines.

I’d be surprised if Windows actually ships with the newest drivers for the newer cards. For apples to apples, either run both OSes out of the box, or get proper driver’s both.

Fun video regardless!

I have two domains through Cloudflare. They don’t mark up to price at all, so they’re basically the lowest price you’ll find that isn’t a gimmick.

I pay $6.50 for one and $10.46 for the other. Privacy is free and by default.

No harm in getting your domain from them. Just beware that when you create a DNS entry, they default to proxying the incoming connections. It is super easy to turn that “feature” off, you just have to remember to do it whenever you create a new record.

Yes, both the standalone quickstart and the quickstart section of the readme (which are both different).

Is it possible to get the static sites without spinning up a DB backend?

Can anyone figure out what the minimum process is to just use the SSG function? I’m having a really hard time trying to understand the documentation.

ufw is just a fancy frontend for iptables, but hasn’t been updated for nftables, yet.

Firewalld is an option that supports both, and if you happen to be running cockpit as well, the cockpit-firewall plugin provides a simple GUI for the whole thing.

He does refer to the pi as a gateway, so you would be right about it coming before the router. In that case, the pi would be the device handling NAT and forwarding ports.

So I think he’s describing it accurately… it’s just not a common setup to see these days.

I have my reverse proxy in a cluster, so it’ll survive one of the nodes going offline. My router is still a SPoF, though, as is my modem. Not to mention the physical stuff, like a tree falling on the cable lines.

For a home environment, there’s realistically always going to be a couple SPoFs, you can just move it around a bit.

You’ll need a single DNS request, known as a “bootstrap” request. Your ISP will see a single DNS request to Google or Cloudflare or whatever, then everything after that will just look like normal https traffic.

That said, if your ISP is blocking and denying ALL dns requests for some reason (making the bootstrap request impossible), then you could still define the address locally. At that point, though, the ISP is likely blocking the IP addresses, too, so resolving the address is a bit moot.

Are you trying to send the DNS request through the tunnel?

I use DoH, which sends DNS requests through https. It essentially looks like normal https traffic (encrypted), so your ISP shouldn’t be able to hijack it and no additional tunnels are required. CF supports doh at the usual 1.1.1.1 address, even, if you want to keep using them. Otherwise plenty of other providers support doh, as well.

Why are you extracting the data from the video?

For 700+ games, wouldn’t you have needed to keep a spreadsheet or something to make the video from in the first place?

On my router

Typically on their free accounts they use your cert for communication between them and you, and use cert they issue for communication between them and everyone else.

User -> CF cert -> CF -> your cert -> your server.

That’s why I suggested examining the cert on your external facing page.

Regardless, one way or the other, they need to be able to decrypt your data in order to apply their services (WAF, etc).

Unless, again, you’re just using DNS (grey cloud).

Consider what a DDOS attack looks like to Cloudflare, then consider what your home server can actually handle.

There’s likely a very large gap between those two points.

For me, my server will start to suffer long before traffic reaches the level of a modern DDOS attack.

Are you using their proxy or just DNS ?

If you have the little orange cloud (proxy) on your DNS entry, go to your public facing webpage and examine the cert. Chances are it’s not what you think it is.

Saying something is “self hosted” when it’s actually hosted by a cloud provider is sort of like saying something was “self coded” when it was actually coded by an LLM.