Ha. That’s my bad. I didn’t even read the firewall rules listing 22/SSH. I agree on not opening 22 to the world. It just invites bots throwing passwords at it.

I just read Minecraft in the original post which from reading runs from 25565 which I wouldn’t worry about. If OP needs 22 for admission I’d either whitelist it or use a VPN/Tailscale.

More effort than I would consider. I’d just allow all traffic incoming on that port. I’d only consider whitelist if someone was giving me grief. Even then that would be after blacklisting an IP wasn’t solving my problem.

I have a couple of services, including nginx (a website) that run though a Cloudflare Tunnel. No need to open up ports and certificates are automatically managed.

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/

I also use ddclient to update my own personal domain with my internets dynamic IP (no need for a dynamic DNS provider). I have to do this as I host Jellyfin and Cloudflare don’t support streaming through their tunnels. So yes this is exposed to the internet. It does sit behind a caddy reverse proxy though.

I also run a wireguard VPN so that I can dial in when out the home. Im in Spain next week so can use that to get BBC iPlayer etc. The wireguard uses an address that is dynamically updated by ddclient (domain is hosted by Cloudflare)

Emails I don’t bother self hosting. I actually pay for simplelogin and send emails there via aliases. They then route to a single Proton email address.

Wonder if it’s a region thing. Not there for me either (UK).

Not really helping you here. But when I started using Google Photos, I still manually downloaded files from my phone to local storage. I did this mainly to ensure I have the original copies of my photos and not some compressed image. Turns out that was a wise move as exporting photos from Google is a pretty damned awful experience.

I’ve configured my kids devices to use NextDNS, that way they are getting filtering no matter what network they use.

AdGuard does what I need internally, it’s just external is the issue. VPN’s are not a solution, my kids are old enough to know they can just disable it to work around it. They don’t know about the Private DNS option that I have configured on their devices… Yet

Jellyfin Plex (I wanted to get rid of it but I found my son’s TV has no Jellyfin client available so I have to keep Plex up for him) Nginx Caddy Ddclient to Cloudflare for my home dynamic IP Syncthing (such an underrated app) Wireguard HomeAssistant Some other stuff that isn’t all that interesting

This is what I do. Registered with Porkbun but have two domains pointing to Cloudflare NS’s for DNS. I then have a container locally that looks for IP changes on my home connection and if detected updates DNS to the new IP.

I did it a week ago and it was just a case of passing through the video card. I came across a lot of guides and they were all in the CLI. I assume things have improved or maybe it differs per card. I was just using onboard graphics from an N100 CPU.

I’ve ran multiple containers on a Pi 3 before “upgrading” to a Pi 4. Yes not even a Pi 5. Sure it’s not rapid and drags it’s heels at times but for the most part it’s great for hosting stuff for my household.

Home assistant, Plex, Syncthing, Wireguard, Ad Guard, nginx, nginx proxy manager, duckdns, mongodb and unifi network appliance. I was also running Jellyfin along side Plex but it keeps causing the Pi to lock up.

deleted by creator

Strava has ads now? I use NextDNS on my devices so assuming this is filtering out their ads.

I have a Unifi router, switch and four access points. My setup works fine. Stable.

I see other people from work say they get dropouts over the work VPN but I have no issues at all. I’m not saying the hardware is their cause but ISP provided all in one boxes are just that. An all in one solution.

Proton owns SimpleLogin

I use Bitwarden with SimpleLogin.

I just use nginx in docker. It runs from a Pi4 so needs to be lightweight. I’m sure there are lighter httpd servers to use, but it works for me. I also run nginx proxy manager to create a reverse proxy and to manage the certificate renewal that comes from Let’s Encrypt.

This is why I gave up self hosting. It’s great when it works but it just becomes an expensive second job. I still have Plex/Jellyfin etc but for emails and password vaults I just pay for external services.

Awesome info! I wasn’t overly happy with having to use CloudFlare for just this one feature. I’ll have a test with my registrar.

The CNAME flattening is not a regular feature of DNS, so I have to use Cloudflare. Maybe other providers do the same, but I haven’t looked around. It’s certainly not something namecheap offer.

I point my TLD to the dynamic DNS record and then point to other records to the TLD as CNAME records. I’m using Nginx Proxy Manager to reverse proxy traffic to different services. These all live on a Raspberry Pi 4.

Imgur

I don’t have a static IP but host services off my paid domain. I use duckdns and point host records to the duckdns address. I have to use CloudFlare to manage my DNS records for this to work.

https://developers.cloudflare.com/dns/cname-flattening/