One end is a local VPS with insanely good peering pretty much round the damn world, other end is my opnsense router. I actually pass a block of ipv6 through the vpn and my router hands it out to devices which is a nice little bonus

That sounds like a lack of port forwarding on at least one side. Ensure the vpn port is properly open on both sides. There is also an option you can add to the wireguard config for keepalive set it to something like 1min

I feel like im missing something here. This is pretty trivial and the comments i see are over complicating the hell outta everything. All you need is your VPN tunnel working. Personally i use wireguard for this. Then you just use nginx as the reverse proxy it talks to services on the other side of the VPN.

The nginx server config looks like

server { listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; server_name my.domain.tld; http2 on; http3 on; quic_gso on; tcp_nodelay on; error_log /var/log/nginx/jellyfin.access.log; ssl_certificate /path/to/ssl/fullchain.pem; ssl_certificate_key /path/to/ssl/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; add_header Alt-Svc ‘h3=“:$server_port”; ma=86400’; add_header x-quic ‘h3’; add_header Alt-Svc ‘h3-29=“:$server_port”’;

location / {
    proxy_pass http://10.159.4.12:8096/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
}

}

I have no idea how to do the proper code block i guess so have a paste from my reverse proxy hosted pastebin lol https://paste.kitsuna.net/upload/snail-seal-pig

Have you never used a modern-day LED flashlight they can make them tiny with small dials and still make them brighter than the goddamn Sun lol

Can you not just setup an nginx reverse proxy at the network edge to handle the ssl for the domain(s) and not have to worry about the app itself being setup for it? That’s how I’ve always managed all software personal or professional

No but there is a semi work around.

When using the app if you select all images one of your options will be delete from device when you click on that it will say hey some of these might not be backed up and one of your option is to only delete the things that have been backed up. It’s not automatic but it is a way you can kind of just Mass do it to everything

Kernel ac is pretty much the only one that doesn’t work. The vast majority of other anti cheats work perfectly fine under proton.

Like I said I play almost exclusively multiplayer games on Linux if that wasn’t clear, the only ones that don’t work are things like valorant, destiny, fortnite that are using kernel ac

The majority of multiplayer games do not require kernel level anticheat. I play almost exclusively multiplayer games I just don’t play the dumb mainstream ones like fortnite or destiny

In its default state i think thats fair. Example docker bypasses most firewalls as it runs before iptables rules process. So if you don’t either use 127.0.0.1:port:port (many compose files offered by projects do not do this) or add specialized iptables rules to fix that up you can end up directly exposing services with meaning to or even realizing.

And yeah privilege escalation etc. There are solutions like what you mentioned but it can be a lot of work to set all that up so most people won’t

There is literally a thread somewhere on my Lemmy I need to try and find just recently that shows this perfectly. Someone made a thread asking how they can self host their images for backup from their phone and naturally everyone pointed them to immich. And they immediately started complaining and bitching that they could not access it from outside their local network. Instead of asking how to fix that they were like what the hell is the point if I have to be on the same Wi-Fi this is stupid. And they basically did not want to engage with the people being like hey you need to either make a reverse proxy or open a port on your router. They should not be self hosting

You need to open a port on your router for it to be accessible from the outside world (example your phone on LTE or a different wifi) , this is not a limitation of the software but a security feature of your router

To be fair until very recently immich would have been a horrible recommendation for someone that is completely new to self hosting because almost every other update was a breaking change that required you to carefully read before updating.

And even if you tried if your installation was old enough eventually your compose file would Drift Away from what main line was and you basically had to seek the help of the developers to fix it up.

It only just recently released what is supposed to be the stable line that should hopefully no longer need these large breaking changes

I mean technically so are repos to some extent. Many of them have very few maintainers and you are basically just blindly trusting that they won’t both miss anything malicious nor be the cause of it.

A little safer but not some ultimate Bastion of safety

The problem is that by the time I have said that to them it’s already to desktop. I cursed Myself by having an operating system that is fast and efficient and I also did not install 18 different applications that open at boot. So now I just feel left out from the group not waiting for my computer to finish booting :(

Anyone who genuinely thought that privacy was going to be perfect was an idiot. But they’re going to be better than Gmail and they are. The only way to achieve any type of true privacy would be to start up your own Data Center , run your own email , and then be the one that’s dealing with the government knocking on your door. Have fun with that.

Put frankly privacy on the internet does not exist and anyone that thinks it’s achievable on the modern internet is honestly an idiot. We can only select the least shitty option there is no good option. And the problem is even that is a moving Target I’m not going to keep changing my email provider every couple years to whatever the new current popular privacy option is.

Downloading the torrent so i can seed it on 2.5Gb fiber

https://a.co/d/c6MX9uj

Yes but that doesn’t mean it’s a far left topic. This is the problem in politics nobody has the ability to understand that even an individual political system is an entire political Spectrum onto its own. Be it right or left.

kickstarter

Oh damn that’s unfortunate, wake me up when it’s a real product

Pivoted off a cliff with swift lmao.