If you want to PM me your docker-compose.yml and Caddyfile I’m more than happy to take a look at them for you. I’ve been using Caddy as my rev-proxy for 10+ app stacks for a few years now.

I recommend adding hostname: app-name lines for each container then you can just use the hostname and the native port (even if you don’t pass it through with a port: line).

It’s super useful if you want to expose any apps with a reverse proxy like Caddy. That way the ONLY way to access an apps web interface is via the reverse proxy. Then look at filter rules to deny access unless the client has a LAN IP.

Poof, you’ve got SSL and custom subdomains for all your apps, but still only on your LAN or personal VPN (like Wireguard or Tailscale).

I’ve been using Caddy instead of nginx for years now. As long as your port forwarding is already setup, it’ll pull TLS certs for every domain in the config automatically and keep it up-to-date forever.

It’s also super easy to use as a reverse proxy, so you can run one caddy server for all your sites on the same machine pretty easily.

I have an off-grid Linux box that hosts a local Wi-Fi network and some communication and entertainment apps. I want to host a chat service for asynchronous off-grid comms. Briar looked like the perfect option if I could just add the mail-box to my Linux box.

Simplex looks like it might do something similar, but it doesn’t look like it does comms over direct Bluetooth.

I just checked and you’re right! I looked into Briar a while ago and ignored it because I couldn’t run the Briar-Mailbox program on Linux.

I thought it was something like that. What I really want to see is an open-source version of Briar.

Signal is great, but it was unclear if I would be able to self-host my own Signal server if I wanted to support the public network and provide redundancy to my local LAN and connected networks.

Every time I look at Matrix it looks really cool and sounds great. But each time I try to setup a client or actually use it, nothing works, apps crash, and I can’t actually use the dang thing. I tried setting up my own server, even tried using a public server with the Element web-app and still nothing worked, couldn’t join rooms, etc.

Love the idea, haven’t seen a decent implementation yet. Honestly kinda wish there was PGP for sms or something like that. I couldn’t care less if the transport is insecure, as long as I can trust that only the intended recipient and myself can read/modify my messages.

Thank you, I didn’t see that thread.

I assumed you’d have to interface with Google to get messages to/from other RCS users using their app, but does that not happen via a bridge-server?

Is there any reason these browsers would be more functional than regular Firefox with Sideberry or the Tree Style Tabs extensions?

I use Sideberry at work and at home. Between the containers, folder sorting, tab sleeping, and snapshots, I haven’t found another browser configuration that’s as flexible and functional.

Not to mention it works with any release or flavor of Firefox. So I don’t have to worry about weird issues with non-standard browsers.

*Bonus points if you take the 10 minutes to setup a stylesheet to hide the default horizontal tabs.

They have a platform and process for selling digital access to audiobooks and ebooks. Selling access to that type of content in an way that circumvents those DRM requirements is against their Terms of Service.

Here’s an example of what I use across multiple networks, with roaming and static devices. They all use a common /24 subnet (that doesn’t overlap with any of the common LAN subnets), and each gets it’s one /32 address in that subnet. That way each one accepts traffic from any other WG clients in the same subnet as local traffic to the host device. Essentially each PC, server, or phone thinks it’s on the same local network as every other WG client.

[Interface]
PrivateKey = XXX
ListenPort = 51820
Address = 10.172.43.11/24
### Every client gets an address in the 10.172.43.x network

[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.15/32
### This device is a roaming phone or laptop, so it will be able to talk to the server when it wants to, but must initiate all traffic.

[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.11/32, 192.168.1.0/24 
#### This device is a router which is configured to NAT any traffic from WG to the LAN, so any WG device can talk to the LAN as if it's local 

Endpoint = my.dynamic.dns.addres:51820
#### Use dynamic dns for any device that has a semi-permanent public IP and hosts ANY amount of content, files, or needs to be accessible to SSH

WireGuard is **WAY ** faster than any other VPN I’ve tested, and much more flexible. But at the cost of a little extra setup.

I recommend Restic. It’s fast, it supports snapshots and compression, written in Go so it’s much quicker than most other solutions I’ve tested. It also supports multiple different backends for transporting and storing the files so you can use one you’ve already got or use the restic-server (which is pretty easy to setup).

Make sure the Allowed-IPs is as small a subnet as possible. Your device will only route traffic over your VPN that has a destination IP in that subnet.

That way you’re only tunneling the traffic that needs to go over it. Everything else will go out the normal route.

Having your device package up and encrypt every packet takes some overhead and will inherently lower your bandwidth throughput, so it’s worth minimizing the number of packets that have to go through that process.