ITT: lots of generic VPN advice by people who have no experience with the specific problem.

This is the only answer you need to read. It’s a non-problem if you just do this, and there’s no reason not to do it.

Possibly it’s about personality types. I was only going on my own experience. Of always being told by a chorus of experts “Oh no you don’t want to do that!” and ending up being terrified to touch anything. When I now know that I usually had nothing to be afraid of, because dangerous things tend to be locked down by design, exactly as they should be.

it depends how secure you want your network to be. Personally I think UFW is easy so you may as well set it up

IMO this attitude is problematic. It encourages people (especially newbies) to think they can’t trust anything, that software is by nature unreliable. I was one of those people once.

Personally, now I understand better how these things work, there’s no way I’m wasting my time putting up multiple firewalls. The router already has a firewall. Next.

PS: Sure, people don’t like this take - you can never have enough security, right? But take account of who you’re talking to - OP didn’t understand that their server is not even on the public internet. That fact makes all the difference here.

Immutable distros like NixOS don’t stop you from tweaking stuff, they just record every tweak centrally, so that you can undo them and do rollbacks.

Others can confirm that I’ve got that right. Haven’t tried it but the idea sounds great.

I would like to have a system when I know what I did, what is opened/installed/activated and what is not

Story of my life after 20 years on Linux. Maybe we could call it “modification anxiety”.

I believe this is the case for an immutable OS.

Isn’t this like saying “What phone numbers do you have in your address book?”

Well that puts the loss of my little VPS into perspective.

And terrible, archaic, chaotic practices such as activating your 2FA without permission and then locking you out of your account for weeks pending multiple signed paper letters. Oh, and sometimes their datacenters burn down and take your server with them. I’m sad to have to throw them under the bus like this. I want OVH to succeed but personally my patience with them definitively ran out.

Absolutely fair.

Interested in the answer too! Of course, you could get the same result from a 5-buck VPS with zero maintenance and rock-solid reliability (my solution). But sure, 5 bucks is 5 bucks. And also, encryption is optional if it’s your own device.

You could even try next going to back cloud.

OK. Given that self-hosters are maintaining two PCs already, I suppose that’s fair.

As an RSS user since the early days, there’s something I never get: why is this something that people are hosting? Are you really all consuming so much news, so much of the time, that you need to do it simultaneously on two devices? That sounds like news overload to me but what do I know.

Personally, I catch up once a day for an hour (or two). Seem more than enough and means I only ever need an RSS client. Right now: the Feedbro add-on in Firefox desktop.

As for tips and tools, RSSBox is a useful one. IMO if RSS were more popular this is the sort of thing that would be built into the client.

Your point is a bit off-topic but I for one agree with you.

Useful. I hate shorts and portrait-format video in general.

NB for those who don’t know: a server is not needed to make Youtube RSS feeds, they exist natively: https://www.youtube.com/feeds/videos.xml?channel_id=UCxxxxxxxxxx. You just have to find the channel_id buried in the page source, which admittedly is a bit of a PITA. But no native way to exclude shorts, though.

Yes yes, I know all that. The fact remains that a permanent IP associated with an individual is personally identifying information. Even the variety in browser requests counts as such according to the GDPR, and that is usually pooled with lots of other users. This is clearly a level above that. It’s why, for example, I would not use the VPS for proxy web browsing: zero privacy.

What’s the downside you see from having a static IP address?

What’s the downside to having one’s phone number in the public directory? There’s no security risk and yet plenty of people opt out. It’s personally identifying information.

I don’t know if any companies provide reverse proxies without a CDN though.

Exactly.

You still need encryption between your CDN and your origin, ideally using a proper certificate.

It can be self-signed though, that’s what I’m doing and it’s partly to outsource the TLS maintenance. But the main reason I’m doing it is to get IP privacy. WHOIS domain privacy is fine, but to me it seems pretty sub-optimal for a personal site to be publicly associated with even a permanent IP address. A VPS is meant to be private, it’s in the name. This is something that doesn’t get talked about much. I don’t see any way to achieve this without a CDN, unfortunately.

I guess it’s popular because people already use Github and don’t want to look for other services?

Yes, and the general confusion between Git and Github, and between public things and private things. It’s everywhere today. Another example: saying “my Substack” as if blogging was just invented by this private company. So it’s worse than just laziness IMO. It’s a reflexive trusting of the private over the public.

I have some static sites that I just rsync to my VPS and serve using Nginx. That’s definitely a good option.

Agree. And hard to get security wrong cos no database.

If you want to make it faster by using a CDN and don’t want it to be too hard to set up, you’re going to have to use a CDN service.

Yes but this can just be a drop-in frontend for the VPS. Point the domain to Cloudflare and tell only Cloudflare where to find the site. This provides IP privacy and also TLS without having to deal with LetsEncrypt. It’s not ideal because… Cloudflare… but at least you’re using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

Perhaps its irrational but I’m bothered by how many people seem to think that Github Pages is the only way to host a static website. I know that’s not your case.