SFTPGo is such an awesome project, never had any problems with it.

I’ll add Pangolin to the list, it’s a self-hosted Cloudflare tunnel alternative.

It really depends on how much you enjoy to set things up for yourself and how much it hurts you to give up control over your data with managed solutions.

If you want to do it yourself, I recommend taking a look at ZFS and its RAIDZ configurations, snapshots and replication capabilities. It’s probably the most solid setup you will achieve, but possibly also a bit complicated to wrap your head around at first.

But there are a ton of options as beautifully represented by all the comments.

Thanks for the hint to pocketID, haven’t heard of it before. That makes me think it’s time to upgrade my auth stack as well.

That sounds awesome! No issues at all so far?

Thanks for the list! Do you use Pangolin yourself?

I’ve been testing Zed for the last couple weeks for some Vue / Nuxt projects. It works great for that and seems very stable so far, but is also developed by a for-profit. Curious to see how the Zedless project works out.

I would recommed to use redundant storage, such as a RAID 1 (or 5 or 6, if you want a more advanced setup). This way your data doesn’t die with your SSD.

Did you configure port forwarding properly? Otherwise it might be that leechers can’t contact you.

“Independent” browsers. Yeah right.

That’s really helpful, thank you. I’ve ordered an AX23 which will arrive tomorrow. I’ll try to figure it out in the next few days and report back.

Thank you! I’ll evaluate and report back.

And openwrt is capable enough?

Yeah it’s insane right? Every address is reachable when I open a port range. And it’s like there are ~ 10 predefined services (HTTP/S, SMTP, …) and the category “All other ports” where also 22 is part of. So I really have the choice to either keep everything shut or leave everything wide open.

I think I can’t use my own modem but I’ll have to double check with my ISP. But yes the Wi-Fi is also provided by that router and it’s also quite crappy.

Thank you! Do you have an example for such a firewall device? Could something like the TP-Link Archer AX55 in IPv6 “pass-through” mode do the job? Or would you go for a standalone firewall? My budget is around a hundret bucks.

haha, word

That’s what’s kept me from using it, although I very much like the idea of paying for a good service. I would love to see them figure out a way to avoid accounts.

IIRC there is a plugin for Caddy that can do what you are looking for.

Edit: here you go

Your comment reminds me of that great tune by Pink Floyd.

https://www.youtube.com/watch?v=zDDzR2zSgsM

I migrated my home- and webservers from Debian to FCOS a while ago and I’m very happy with how everything works.

Troubleshooting butane/ignition was a bit of a pain in the butt but worth it imo. I suggest just reading through the FCOS docs, they guided me well while setting everything up. I use podman on my webservers and docker on the homeserver (bc nextcloud aio is not fully podman compatible). I use the installer to build a pre-configured ISO that I can deploy where I want to.

Someone in the comments mentioned Flatcar, which I think looks compelling as well, since it’s basically the same but more of a community effort.

I think this is a step in the right direction. Everyone can lose a portable device or it can get stolen, so protecting the potentially sensitive data is important.

I think what people are complaining about is not full-disk encryption itself, but the fact that people are not used to being responsible for their cryptographic keys.

I think we should educate people regarding this responsibility. We did it with regular keys we use to unlock our homes.