In this case I run pfSense instead of my ISP provided router. This allows me to have my own DNS resolver, which I can then resolve various domains to internal addresses.

All devices on my network point to my router for DNS allowing them to resolve internal addresses from all of these.

That’s a good call out.

There are a few things I do right now:

1. All of my public DNS entries for the certs point at cloudflare, not my IP.
2. My internal Network DNS resolver will resolve those domains to an internal address. I don’t rely on nat reflection.
3. I drop all connections to those domains in cloudflare with rules
4. In caddy, I drop all connections that come from a non-internal IP range for all internal services. Additionally I drop all connections from subnet that should not be allowed to access those services (network is segmented into VLANs)
5. I use tailscale to avoid having to have routes from the Internet into my internal services for when I’m not at home.
6. For externally accessible routes, I have entirely separate configurations that proxy access to them. And external DNS still points to cloudflare, which has very restrictive rules on allowable connections.

Hopefully this information helps someone else that’s also trying to do this.

I just:

1. Have my router setup with DNS for domains I want to direct locally, and point them to:
2. Have a reverse proxy that has auto- certbot behavior (caddy) connected to the cloud flair API. Anytime I add a new domain or subdomain for reverse proxine to a particular device on my network a valid certificate is automatically generated for me. They are also automatically renewed
3. Navigation I do within my local network to these domains gives me real certificates, my traffic never goes to the internet.

Even better, it’s now a nice database of who companies and governments can go after when they want or need to!

Let’s not mention the abysmal performance for servers. Making it largely infeasible to scale.

It’s not the solution, not even remotely close, unfortunately.

Except that relay nodes often get out onto proxy lists.

Which means you now get to solve capchas for absoluty f-ing everything now.

Cool, lots of information provided!

This is the way.

I do this. PFsense DNS resolver, and have loopback enabled.

DNS for all the domains points at a reverse proxy (Caddy) that handles valid HTTPS termination. So all my services have valid HTTPS certs, and devices on my network can access them normally.

Way too much for sure.

Just the business internet to get the foot in the door for a static IP 5x’s the cost of my Internet.

It’s actually cheaper to just have DC IPs and proxy through hosted containers. Which is kind of crazy.

Negative aspect is that DC IPs aren’t treated very nice.

It’s frozen for features and changes. Even bugs & issues are shrugged off and closed unless they are big. PRs from others as well I’ve seen.

The maintainer is semi active, but they’re kind of a dick, and tend to minimize problems and downplay others in ways that are borderline toxic.

It’s a shame :/

Guessing it’s not a dead/halted project?

The Reddit space is just a bunch of pictures of people’s home Labs it’s not really a self-hosted community at all.

It’s not interesting to explore and read like this one is.

It’s suffered from a common phenomena of any community that grows in popularity where it caters to the lowest common denominator and loses its niche.

Damn, that’s just cancerous

Yeah I had literally no idea what you were talking about until you mentioned the actual name in the comments.

NPM almost universally refers to node package manager in any developer or development adjacent conversation in my experience. Given that both the site, the command, the logo, and the binaries are “npm” makes that more appropriate.

Nginix proxy manager is far to niche to be referred to universally by acronym when it’s only ever used as an acronym when the context for it’s usage has already been defined (ie. In it’s documentation).

This becomes much more clear when you Google the acronym.

It is, but also it’s worrisome since it means support is harder, which means risk of abandonment is higher and community contributions lower. Which means “buying in” is riskier for the time investment.

Not really criticizing, 10/10 points on making something and then putting it out there, nothing wrong with that. Just being a user who’s seen too many projects become stale or abandoned, and have noticed that the trend has some correlation to the technology choices those projects made.

I’ve been looking a platform for personal blog, portfolio, and what not that’s kind of fun to play with without having to build the whole thing myself.

What’s your opinion of this project?

As of today I’m actually in a lucky position where I am now able to set up a secondary NAS at my brother in laws and use that as a backup server that I can back up to essentially in real time.

All it’ll cost me is the hardware and the electricity.

Yes.

I’m sure one can reasonably infer that I do not mean 30 meters.

Conveniently at highway speeds 30 minutes and 30 miles away are essentially equal.

I’ll try and use appropriate notation next time

I might be crazy but I have a 20TB WD Red Pro in a padded, water proof, locking, case that I take a full backup on and then drive it over to a family members 30m away once a month or so.

It’s a full encrypted backup of all my important stuff in a relatively different geographic location.

All of my VM data backs up hourly to my NAS as well. Which then gets backed up onto the large drive monthly.

Monthly granularity isn’t that good to be fair but it’s better than nothing. I should probably back up the more important rapidly changing stuff online daily.

The error posted in the app is from the website itself. It’s likely that the password manager is injecting something into the page which is causing errors.

There are many ways for this to go wrong, it has nothing to do with the web service itself.