Maybe this https://github.com/Alinto/sogo

I wouldn’t recommend putting ssh behind any vpn connection unles you have a secondary access to the machine (for example virtual tty/terminal from your provider or local network ssh). At best, ssh should be the only publicly accessible service (unless hosting other services that need to be public accessible).

I usually move the ssh port to some higher number just to get rid of the basic scanners/skiddies.

Also disable password login (only keys) and no root login.

And for extra hardening, explicitly allow ssh for only users that need it (in sshd config).

I don’t use nginx proxy manager but websocket has to be enabled for apps that use websockets (duh) - you would have to dive into docs or example infra configs to check if the service uses it.
Rule of thumb here would be to enable it for everything. Optionally you could check if the service works with/without it.

E: Websockets are used when a website needs to talk in “real-time” with the servers - live views and graphs will usually use it also notifications, generally if the website does not reload/redraw fully but data seems to change then there is a high chance it uses websockets under the hood (but there are ways to do it without ws, ex. SSE).

Example: Grafana uses websockets but qbittorrent web ui uses other means (SSE) and does not require ws.

borg backup with rsync.net

Borg does de-duplication and compression, I’ve used it for multiple things like backing up minecraft servers and it can reduce the final backup size by a lot (like 1-2 TBs to a hundred of GB, though that was with content that was highly compressible and didn’t change much over-time so the deduplication did a lot too).

There is also borgbase.com which looks a bit better and focuses only on borg repositories instead of also being compatible with just about any usual tools (eg rsync, rclone etc)

I would try momentarily replacing the defined dns servers with nameserver 1.1.1.1 and see if stuff improves, though the pull error would hint that docker did resolve the name but somehow didn’t get an answer.
Hard to guess what else could be a problem apart from some obvious stuff - check if the internet connection is healthy and stable (ping, watch for spikes in ms or drops, also any outgoing firewall filters?)

There is also FX which can do this too, additionally you can browse/download/upload files to/from the phone locally from PC through browser (the app opens up a web server).

We’ve consolidated all our code into a single repository – just clone ente-io/ente on GitHub, and you will have at your disposal a state of the art, end-to-end encrypted, full stack (mobile/web/desktop clients, the server, and a CLI to boot) alternative to Google Photos and Apple Photos.

Oh, PiAlert sure looks cool

I also use rsync.net but as direct host for my borg repos, why rclone after?

https://forgejo.org/compare/

Yeah it’s not it’s closer to paying your yearly cost but per month. L

Why is dietpi a worse choice? it’s still basically debian (11).
I’ve chosen DietPi because of their sane defaults that I would have to setup myself like vm swappiness, fs noatime, tmp journal, and some more I am not even aware of.

I rent dedicated machine so the HW I have is the limit - I pay the same rate every month, no matter the usage, so with the bit outdated but still performant Ryzen 5 3600 and 64GB of RAM I was very happy to throw minecraft/zomboid/vallheim servers at it and few more services, aye aye;)

Though the possibility of tunneling services out from the RPi is something I am aware of, but except for stuff that would benefit from video HW accel there isn’t much that would be better to run on the RPi instead of on the server directly.

Already got ssd as a nfs share in my openwrt-based router before that I did have it set up on the rpi. I did want to do offsite backup into that disk originally but I’ve got “only” ~100Mb/s up/down speed here so I didn’t want to risk slow-downs etc (but now that you remind me, borgbackup should be rather light on traffic!).

NEMS being a whole OS is a pitty, I like the possibility to have multiple different services there.But you are absolutely right I could have a offsite resource monitoring for my Hetzner setup with these, thanks!

I might have a look actually, though if any of these require publicly accessible IP then that won’t be possible because of CGNAT :(

got CGNAT here :( that’s why I am renting the hetzner machine

Luckily I already have a OpenWRT based router here (https://turris.com) and PiHole that says 22% of traffic blocked, not a small amount indeed.

Unluckily last time I wanted to do sensor stuff the ~20 euro air quality multi-sensor (co2, pm1-10, humidity, voc?) board got lost in transit and I didn’t bother since :(
The original plan was use it with my esp32 dev board (wroom32, so wifi) to have a portable sensor, this RPi was supposed to be the collection server (mqtt, influx, grafana).

I should revisit this idea soon, thanks for reminding me!

I used RTL-SDR dongle and it basically just worked! Also got some recordings of the nearby airport, really cool !

I did this for a hot second (already have RTL-SDR set here) but the current location of the RPi is just bad for reception and moving it closer to some window would mean connecting through wifi (can’t lay ethernet cables, renting) and that’s bad for other services where low response times are preffered/needed (pihole) :(