Way too much for sure.

Just the business internet to get the foot in the door for a static IP 5x’s the cost of my Internet.

It’s actually cheaper to just have DC IPs and proxy through hosted containers. Which is kind of crazy.

Negative aspect is that DC IPs aren’t treated very nice.

It’s frozen for features and changes. Even bugs & issues are shrugged off and closed unless they are big. PRs from others as well I’ve seen.

The maintainer is semi active, but they’re kind of a dick, and tend to minimize problems and downplay others in ways that are borderline toxic.

It’s a shame :/

Guessing it’s not a dead/halted project?

The Reddit space is just a bunch of pictures of people’s home Labs it’s not really a self-hosted community at all.

It’s not interesting to explore and read like this one is.

It’s suffered from a common phenomena of any community that grows in popularity where it caters to the lowest common denominator and loses its niche.

I didn’t really mention immich directly here.

This is a problem which is endemic to casual software development like many FOSS projects. It’s a reality of how free software tends to be built in general vs commercial software.

The issue here is that these are solvable problems, release compat isn’t a new problem. It’s just a problem that takes dedicated effort to solve for, just like any other feature.

This is something FOSS apps tend to lack simply due to the nature of how contributions tend to work for free software. Which is an unfortunate reality, but a reality none the less.

People really underestimate the value of stability and predictability.

There are some amazing FOSS projects out there ran by folks who don’t give a crap about stability or the art of user experience. It holds them back, and unfortunately helps drive a fragmented ecosystem where we get 2,3,5 major projects all trying to do the same thing.

Because the majority of my traffic and services are internal with internal DNS? And I want valid HTTPS certs for them, without exposing my IP in the DNS for those A records.

If I don’t care about leaking my IP in my a records then this is pretty easy. However I don’t want to do this for various reasons. One of those being that I engage in security related activities and have no desire to put myself at risk by leaking.

Even services that I exposed to the internet I still don’t want to have my local network traffic go to the internet and back when there is no need for that. SSL termination at my own internal proxy solves that problem.

I now have this working by using the cloudflare DNS ACME challenge. Those services which I exposed to the internet cloudflare is providing https termination for, cloudflare is then communicating with my proxy which also provides https termination. My internal communication with those services is terminated at my proxy.

I stated in the OP that this is off :/

I stated in the OP that cloudflair HTTPS is off :/

I’m not using cloudflare for the certificate. I also can’t use the cloud for certificate anyways for internal services through a loopback.

Similarly you can have SSL termination at multiple layers. That’s works I have services that proxy through multiple SSL terminations. The issue that I’m having is that the ACME challenge seems to be having issues, these issues are documented and explained in various GitHub threads, however the set of solutions are seemingly different and convoluted for different environments.

This is why I’m asking this question here after having done a reasonable amount of research and trial and error.

I am doing SSL termination at the handoff which is the caddy proxy. My internal servers have their SSL terminated at caddy, my traffic does not go to the internet… It loops back from my router to my internal Network.

However DNS still needs to have subdomains in order to get those certificates, this cloudflair DNS. I do not want my IP to be associated with the subdomains, thus exposing it, therefore cloudflair proxy.

You’re seeing the errors because the proxy backend is being told to speak HTTPS with Caddy, and it doesn’t work like that.

You can have SSL termination at multiple points. Cloudflare can do SSL termination and Cloudflair can also connect to your proxy which also has SSL termination. This is allowed, this works, I have services that do this already. You can have SSL termination at every hop if you want, with different certificates.

That said, I have cloudflair SSL off, as stated in the OP. Cloudflare is not providing a cert, nor is it trying to communicate with my proxy via HTTPS.

Contrary to your statement about this not working that way, cloudflair has no issues proxying to my proxy where I already have valid certs. Or even self signed ones, or even no certs. The only thing that doesn’t work is the ACME challenge…

Edit: I have now solved this by using Cloudflair DNS ACME challenge. Cloudflair SSL turned back on. Everything works as expected now, I can have external clients terminate SSL at cloudflair, cloudflair communicate with my proxy through HTTPS, and have internal clients terminate SSL at caddy.

The comment two above this links to a tool that literally does live syncing on a line by line level. Unless you’re editing the same lines at the same time you’re not going to get sync conflicts.

I use it as well and it works wonderfully in real time.

I very specifically want an app that collates all the information that can possibly be gathered about me in a way that I can utilize and abuse it myself. For me there is a lot of utility and value to be found with this sort of thing.

Of course the security posture of said app needs to be rather robust. And instead of it being an app it should instead be an SDK that I can then choose and control my own storage medium for.

Never not

That doesn’t answer the question.

Domains can expire, be sold, have their hosting (nameservers) changed…etc it’s very conceivable given the current climate that it could be a malicious site used for data exfiltration from prospective voters. The security posture, if any, of the owner are also unknown, meaning it may be unknowingly compromised.

Especially when you have people willing to drop tens of millions of dollars on voter suppression.

Plain and simple, don’t enter your personal information into a 3rd party site. Use your official government provided ones for this purpose.

Yeah that’s the problem is guessing what they meant.

Another risk with Monitor, which may get better with time. Is that FOSS rust projects have a tendency to slow down or even stall due to the time cost of writing features, and the very small dev community available to pick up slack when original creators/maintainers drop off, burn out, or get too busy with life.

To be clear: I have nothing against rust. It’s a fantastic language filling in a crucial gap that’s existed for decades. However, it’s I’ll suited for app development, that’s just not it’s strength.

Why are you here if you’re just going to insult hobbyists in the community dedicated to hobbyists.

This isn’t the kind of vibe /c/selfhosted needs

Fascism is spreading there as well unfortunately.

And will continue to do so as long as corporations have and continue gaining power to rival your governments. Manipulating public opinion is easy when you own all sources of information dissemination.

Because the lowest common denominator is much MUCH lower than you think it is.

This means it’s easy to indoctrinate and easy to maintain that for a massive number of people.

Scientific illiteracy is extremely high, and actual “6th grade reading comprehension” is the highest level of literacy for > 50% of a country like the U.S. and ~20% are low literacy or actually illiterate.

This means that half of everyone in the U.S. can read and understand what they read at or below a 6th grade level. This isn’t “reading big words”, it’s “tell us about what you read”, “what is the relationship between x & y” type questions.

This comment for example, up to this point only, would be difficult to understand & comprehend for > 50% of people in the U.S. (it demands an 11th grade reading comprehension). And may be misread, misunderstood, or not understood at all.

People are driven to religions to cults and alt conspiracy theories when they don’t understand how the world works around them. They latch onto extremely simple often misleading or incorrect ideas of how the world works because they can understand it and it “makes sense” within their sphere of ignorance (we all have one, this isn’t meant to be a disparaging term).

This means that the problem is that humans are just not smart enough to escape religion yet. It’s the simplest answer, and it appears to be correct.