

Not much to be nervous about, you can’t fuck it up anymore than it already is since the HSTS is preloaded ;) ACME/Let’sEncrypt is pretty easy to setup
Not much to be nervous about, you can’t fuck it up anymore than it already is since the HSTS is preloaded ;) ACME/Let’sEncrypt is pretty easy to setup
Google owns a could of TLDs (.app, .dev, etc) and they preloaded all of them 😒
Then yeah, VPN or not, you’re going to need to enable TLS. What’s the issue with giving your subdomains a certificate?
Give those domains their own let’s encrypt certificate?
Why is your domain HSTS preloaded?
No, a dock isnt a computer. It doesn’t have ram, doesn’t have a CPU in the sense of a general computation device. While it might have an MCU and with a lot of reverse engineering I don’t doubt you could run Doom on it, it isn’t a computer.
Yeah I see no reasons why these two wouldn’t work. You could get an FXO to to go from that to VoIP, but obviously you’re losing encryption (I know, srtp and zrtp are thing but still) unbeknownst to your interlocutor which isn’t a very nice thing to do.
Then you should really look into setting up a personal VPN. After that what you use to do calendar becomes irrelevant in terms of access.
Who do you want to have access to said calendar?
You need to setup /etc/crypttab
to unlock the disk: https://linux.die.net/man/5/crypttab
I’m good. I know very well there are uses cases for a self signed cert. LE is still far more practical for 99% of use cases, even internally.
But then you have to distribute CAs to all the devices that will reach this service, and not all devices allow that.
I’m with you, but that’s why I’m automating certificate expiry checking somewhere else (in my home assistant install to be exact).
Has Home Assistant integration as well.
I think you can do push-to-talk/drop-in at least via tts using BroswerMods on home assistant, that would be one option.
Navidrome and Gonic are very active projects yes. Why would it not be a thing anymore? Works fantastic.
Yes my answer is for use with Let’s Encrypt.
Fair, I don’t know why I read OPs post as asking for let’s encrypt certs. Internal CA is indeed an option.
They do not. See my other reply about DNS verification.
OP is asking for cases where you don’t want to allow the service (or reverse proxy) to be accessible via the web.
Yeah I use Lego, works great