It’s mostly about performance. Caddy’s Go-based garbage collector starts to negatively impact performance at high load. It looks something like:

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate     /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;

    location / {
        proxy_pass http://localhost:3000/;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

I prefer nginx to Caddy myself for reverse proxies. As far as VPN technologies go, Tailscale and WireGuard are where it’s at.

Not sure why we’re comparing Caddy to Tailscale though.

I’m just using WireGuard on a VPS with multiple interfaces. I’m still doing heavy ad/tracking blocking via DNS too.

As for App Connectors I’m working on a script (compiled program hopefully down the road) that can query a specific hostname using a specific interface (say, a US-only website using DNS over a US-based VPN) then create a virtual IP address that directs to that same IP using the correct tunnel.

My reasoning for the virtual IP address is that I don’t want to redirect every website on the host to the other tunnel—lots of servers have an array of websites on them.

What I found disappointing about Tailscale is I had to do a lot of “hacks” to make things work—DNS on each exit node had to match perfectly (despite using different exit tunnels)—then the shit would only work like 20% of the time. One day traffic for the US tunnel worked, the next day it was going out of the exit node. I also never got it working correctly in Docker so I was running multiple VPS servers.

If I remember correctly with App Connectors your client would query the App Connector for the domain, then it would return an IP address. The IP address would be set up to always go through the defined exit node. So if your DNS was off or you were accessing another website on the same server you were screwed. On top of that, it just didn’t work.

I loved Tailscale for about a year but am moving away from it because having multiple exit nodes with each redirecting traffic via commercial VPNs with DNS-based ad blocking and App Connectors grew way too complex.

I’m not saying you’re doing all this but if you do get to a point where you’re directing traffic to multiple countries Tailscale turns into nightmare to manage.

Not being a Python developer myself I’d almost go the Docker route simply to avoid the hell that is Python package management.

While I can’t suggest anything specifically helpful (I’ve forgotten) I’d say check the project’s Dockerfile. It’ll give you an idea of how they’re handling it in Docker therefore a provide some hint as to what to do.

I resolved the issue and edited the post.

I resolved the issue and edited the post.

I found the domain names (edited the post) and essentially yes, it does route through their servers.

Another vote for Postgres, MySQL kind of blows.

It sure does, but I don’t log my family and friends’ queries so I’ll probably MITM myself using a travel router.

Good point, I’ll be on the lookout for that.

I’m blocking primarily with my self-hosted, non-logging DNS server (Unbound).

I might just use my travel router to MITM myself while Tailscale is disabled on the iPhone to glean more information that way.

I agree. Most of my duplicates came from the raw disc files. I too dump some content to MKV (mainly TV episodes) but those files likely have much less duplication, though I do recall some of the duplicates coming from The Office in MKV.

(I do wonder if those The Office duplicates were something like the opening title, or scenes from the episode showing clips from previous episodes because it seems highly unlikely that the raw video streams were similar.)

I did for a few years when the network started, but it became increasingly difficult to do so from a residential IP with slow upload speeds (cable internet).

I use Storj, it’s been my favorite for years.

I’m in almost the exact same situation as OP, 8 TB of raw Blu-ray dumps except I’m on XFS. I ran duperemove and freed ~200 GB.

This is very related to the SNAT option for subnet routers on Tailscale. Though it’s enabled by default, I ran into issues with some services when I’d left it turned off by accident at one point.

In theory the “clean” way to do is to not use SNAT but then the network router needs to do some extra work to bridge the gap in the connection. Personally I was a dealing with a strict service on a device that wouldn’t accept regular non-SNAT traffic (the service was smart enough to say “no, I’m only running on 192.x.x.x and refuse to send traffic to Tailscale”).

deleted by creator

When did I say it’s open-source? And why would it need Plex? I’ve used it with Samba, S3, WebDAV but never Plex

I use Firecore Infuse, never understood the hype with Plex